I've been very busy migrating all my stuff to a new Raspberry Pi server. I've named it Octopus, it's going to be a busy little server and in my head I imagine it having all those tentacles flailing to perform all the work.
I just finished getting the blogging software running. Most of the posts that were on the previous blog has been migrated over. I had to migrate from Ghost v0.1 to v1.0 on the old server to be able to export my data before I could go to the latest version.
Octopus runs on a Raspberry Pi 4 Model B, it's a "credit card" sized computer that was originally conceived for educational purposes. It has since been applied in loads of different other projects. If you've never heard about Raspberry Pi, check out the web site here and be amazed.
I also have an X825 expansion board made by Geekworm so that I could connect a 1TB SSD drive as the main operating system drive, just having the boot files on a MicroSD card. The original plan was to only run a home CCTV system on this, but after I'd set that up I realised there is lots of spare capacity. I decided to migrate all my stuff from my old Raspberry Pi 3 Model B to the new one, at the same time I can upgrade everything, get rid of a few things and change a few things I've been meaning to.
I am security conscious, I prefer if my data and information isn't strewn about the web or passing through other people's servers needlessly. If there's communications happening, I want them to be secured, encrypted and controlled by myself. I want all of this to happen on open source software so that the code can be reviewed by anyone, it keeps the coders honest. I'm also an IT guy by day and keeping up and learning about security related things helps with the work I do. A bit of practice and extra research every now and then is a good thing.
In its current form Octopus runs Ubuntu Server 20.04 LTS (Linux). This is the long term service release which means it will be supported with updates for a few years.
Octopus runs the following:
- Apache web server for serving the various web front ends
- MySQL server, used by many of the other services
- BIND, a local caching DNS server, only accessible by devices on my network
- Postfix, Dovecot, SpamAssassin & Clam Anti-virus make up a secure email server
- Roundcube webmail as a front end to the email services
- Nextcloud, my own private cloud storage sync server
- Bitwarden(RS) a secure open source password database server
- Ghost, my favourite blogging platform
- ZoneMinder for my home CCTV monitoring
Everything was setup with security in mind, from website certificates to exactly which protocol versions I allow and which cipher suites I allow to be use with those protocols.
The email services are setup with SPF, DKIM & DMARC, all technologies to stop spoofing and to ensure my emails are shown to be authentic and not spam. I have a static IP, but the range that it's in was listed by Spamhaus.org as a public range so I had to get it removed from their list. An easy automated process where you tell them that your IP is static and they get you to verify it.
As you can tell, Octopus is indeed a very busy little server. I've learned a lot doing this and I think I might even write up a few of the tricky things for the blog.
Before I do that though, I've been working on a multi part series related to setting up a CCTV monitoring server on a Raspberry Pi, it will be ready soon.