New Home Infrastructure, including NextCloud a network build

Hello!
I’ve upgraded my ‘home infrastructure‘. Talked about the needs to upgrade and being stuck with a 100Mb/s network. Now I have managed to spend some of my summer earnings on this upgrade and this is how it looks like as of now.

My hardware setup:(Shipping included in price)
-4G dongle
Price: 75€
Link
-TW-LTE 4G/3G router
Price: 41€
Link
-I3-2120 based server bought second-hand from Huuto.net
Price: 128€
Link
-Fortigate FG-20C, the firewall
Price: 47€
Link
-Mobevo 4G antenna
Price: 18,20€
Link

-Total cost: 309,20€

In my last post on this subject I stated that I wanted a budget of 330-360€, which leaves some room to upgrade this list still if needed. Plus my brother decided to join the project, sharing the cost of the server and firewall. Thus lowering my stake significantly. We are also planning a backup server solution for later.

My software setup:
Utilizing open-source software like Ubuntu Server, SSL/TSL, LUKS et.al where all 0€. Which is really good, I’m not going to deploy any proprietary solution like Windows Server.

-Total cost: 0€

So what did I do to set it up? (NOTE: This is not an absolute guide/tutorial on how to do this, just how I did it, it might not work for you.)

1. Install ubuntu server 16.04. I followed basially all the steps here, except for only selecting “standard system utilities” in the software selection step. In this step I did set up disk encryption through selecting “guided – use entire disk and setup encrypted LVM” instead of the non encrypted option in this guide.

2. After logging into the server locally I ran sudo apt install xubuntu-desktop gedit lamp-server^

3. Because I have a separate drive for my nextcloud install I had to edit the 000-default.conf file, which is the default apache2 http configuration file. NOTE that you have to do the same to the default-ssl.conf file if you plan on running https, just substitute default-ssl.conf for 000-default.conf below.
sudo gedit etc/apache2/sites-available/000-default.conf
changed the to point to my secondary hard-drive instead of the default var/www/ location.
Then I changed the owner of that drive by
sudo chown -R www-data:www-data /media/mydrive/

Then I manually downloaded NextCloud and extracted the files into my downloads folder. Because I’m lazy and I like to have a UI I ran sudo thunar, which opens the file manager as root.
I navigated to my secondary drive, right-clicked the folder in question, selected properties, clicked the permissions tab and changed access of www-data to “Read & Write”. Then I simply copied the files over from my downloads folder to the new location on the secondary drive.

However I ran into a 403 error, after some googeling I found a solution here.

A usefull link I used in learning how to configure a web server.

4. Then I went on to install the PHP stuff that NextCloud needs. I base these instructions on linux.com’s NextCloud tutorial found here.
sudo apt-get install libxml2-dev php-zip php-dom php-xmlwriter php-xmlreader php-gd php-curl php-mbstring
a2enmod rewrite
sudo service apache2 reload

Now you should se your website if you navigate to 127.0.0.1

5. Then I went on to create a SSL certificate
I basically followed this guide to the letter

6. Web-server hardening
I to more or less followed Odd Random Thought’s guide on server hardening. The exceptions to this that I made was I used custom iptable rules and ignored all the wordpress specific stuff.

There has been a recent server weakness reported, so I decided to follow this articles guide to protecting my apache2 install
look here

I also decided to change the SSL port to custom port.

7. Employing a Hardware firewall. This is important, if you are going to host a server on the open internet you should do this. Every firewall config UI is different, but basically I told it to block everything except for a few tcp/udp ports. Remember, if you set a custom SSL port as I did, do also configure your firewall to allow traffic through it.

I basically configured my router to DMZ my public facing network to the Firewall and then from there I re-route the traffic to the server.

After this you should be good to go.

My Cloud Setup
NextCloud, since February there has been a split within OwnCloud and that said project has been forked, which now results in us having both OwnCloud and NextCloud. I like the NextCloud ideology of being more open-source and community based, in contrast to the more commercialized OwnCloud, so I went with NextCloud. Both of these platforms are still open-source, though OwnCloud has certain features locked for their commercial customers, while NextCloud has declared their intention to open-source these features. Some argue that the OwnCloud’s business model is key for running a company based on open-source technology. Only the future will tell who will succeed, hopefully both!
You can read more about it here.

Screenshot_2016-07-27_18-46-40

So the I3 based server will be utilized to host these services. The idea is for this setup to give me a Google docs, Dropbox and Spotify like service, so I can abandon them. Because I’m too stubborn to use Spotify(which I subscribed to when it still was new), so I have bought for example all my music I listen to, so I want to have a centralized place from where I can stream it, where ever in the world I am. I mean what would be the point of spending *cough* hundreds of Euros on purchasing your favorite songs and supporting the artists, if you can’t stream or sync it to your devices?

I set up some of the default apps:
Untitled

Even though I set up the default music app, there is a beta version of Ampache integrated with NextCloud. You can use this by going to personal under by clicking on your profile name up in the right corner. Then set it up and configure your music client to connect to your nextcloud. Unfortunatly it only seems to support .mp3 files for now since it is still in beta. It also seems to have difficulty working under http. NextCloud has also go an integrated video streamer, which allows you to stream .mp4 files, not anything else though. All of these features are still in the early stages and I’m utilizing NextCloud 9 and this will most likely change in future releases of NextCloud.

New network performance
The goal is to eventually reach a real speed of 65/35Mbps, though I doubt I’ll reach it where I live. When I tested the speed at my parents place, I got between 70-95/34-39Mbps. Though back home in Turku I only get 29-47/15-28Mbps on speedtest.net. This however means that outside the network the real client download speeds are around ~1.8-3.5MBps, compared to well over a stable 4MBps from my parents place. The speeds where similar at my parents place to those taken at my home in Turku With out the Mobevo antenna. The antenna had no effect in boosting the performance in Turku.

The future
I’m already planning a bunch of upgrades, though I don’t know which to go for. I want to build a custom router/firewall at some point
Collabora Office is also something I’m looking into integrating into my NextCloud in the near future. The current word editing software is not good enough and Collabora is based on the powerful LibreOffice suite.