I’ve decided to host my own servers and to do all the setup and maintenance myself for hosting this site and other services. I’ve been working up to this for years with most of that time just having thoughts in passing about it. In the past couple months I put together the infrastructure. The servers, the software, the security, the maintenance tools the development tools, the backup tools and such to get it running. I also put together a plan to hold it together.
I decided to do it because I can. I decided to do it to test my knowledge. I decided to do it to integrate it into much of what I already have.
Some of the things that I already had in place are the file server, the security, the pfsense router, the raid array, the phone system, the switches and cabling. I guess I had the domains but I wasn’t technically in control of them. So I had to secure the domains and modify the DNS records to point to my computer hardware instead of something some place out in the ether, bah. Of course then there’s integrating it and testing it all.
I don’t think my system will be under heavy load. I have a few servers in-house that perform specific tasks. I have a file server, an asterisk phone server, an email server, a custom pfsense router. Each of these computers runs a series of services. The file server runs things such as an Openssh server, samba service, apache web service, mysql service. The asterisk server runs a web service, the asterisk software, samba, fail2ban, and several others. As you can see several physical servers running several services each. You may have noticed that some of that is duplicated from server to server. It’s that way for good reason, primarily because we don’t want, say, the apache server serving the hosted websites to be interfered with by the service that is used to configure the phone system. Distributing the load also helps.
This infrastructure is designed so that if one goes off line the whole thing doesn’t drop. I guess if the power goes out everything goes out. That’s a rarity and if it becomes an issue I’ll address it. In the multiple years that I’ve had things running in house I have never encountered more than a few hours downtime due to power outages.
My asterisk phone server is my most proud achievement primarily because I’ve been using it for over 6 years in some configuration similar to what I have now and doing so has saved me so much money. I use it because I happen to like landlines — something that isn’t dependent on cell service combined with towers, and government collection of all the data that the process comprises. With asterisk I can communicate between my home 20 miles away to my business without the need to actually go through a phone system. At home I can pick up an extension and dial the work extension and the calls go through. Privacy! That’s what all businesses need and want.
My Openssh server is also a solid part of my business. I have it set up so that I can work encrypted. Data transferring between sites is secure and protected from man in the middle or any type of surveillance. If the feds want it they can decrypt it, if they can decrypt it.
Over the years I have always wanted to put together my own email servers. I really don’t have the need to have entities such as Microsoft or Google looking into my emails nor exposing my accounts to data breaches. When I host it I control it. I’m a small target compared to those bigger email providers. If they are cracked and the data is stolen I’m not part of it for purposes of my business. My email is here. It isn’t considered abandoned after 180 days and thus no one can get at it without me knowing up front. Most likely they’ll never get at it.
I do need to maintain these things. I have to keep them up and running. Dealing with software and hardware problems can take time and knowledge. In setting these up I have learned what is necessary to maintain them. It isn’t that big of a deal. I’m also not maintaining email for anyone but myself so if things go wrong and data is lost it is on me and only me. I have set up a raid 5 array to hold the data. The benefit of this is that if a drive fails the data is still safe. There’s more to it than that but I’m confident that I’m going to loose very little. I have a few drobo boxes. Over the years I’ve had about 5 drives die. In that time I’ve simply pulled out the dead drive and put in a new one and everything that was there is still there and things still work.
My Openssh has provided me with highly secure communications in conjunction with RSA keys and a powerful pfsense firewall/router, and fail2ban which is used to minimize hacking by locking hackers out after one failed attempt. With RSA keys I don’t have worry about passwords so I disallow the use of passwords as a method to log in. If I loose control of the RSA keys I can simply revoke the keys and start over. My firewall/router is pfsense which is a world famous product. With it I have locked out the whole world except the US, and then within the US, only specific IP addresses are allowed to connect. Everything else is reflected back.
All of this is done on regular computer hardware. Sometimes it is done on smaller pico computers such as the raspberry pi. The raspberry pi runs my asterisk service which runs atop Debian Linux. This too has a firewall, fail2ban, and other services to help it stay secure.
Less than a year ago I used Google for my email and Godaddy for my hosting of my website, which could put me at great risk by crackers. Now I locally host and maintain my websites and the tools to create and maintain them. I locally host my phone service. It has a very professional interactive voice system and voicemail along with blacklists that blocks telemarketers (virtually anyone that the FCC claims is violating the robocalls and do not call laws). I don’t have to pay for Godaddy nor deal with the excessive ads nor the sleazy way they do business. I’m using WordPress to build and maintain my sites. WordPress is free and open software. There are tons of plugins (which I use sparingly) and lots of themes.
So web servers, email servers, SQL servers, phone systems, and the like all handled and maintained locally in an effort to bring back my control and privacy. Should sound pretty good. I think it does. Doesn’t it?