My God where do I begin…
I’ll start with my intentions for this project. Originally I only wanted to make myself a shiny online portfolio to build up some web presence. Buuut it didn’t stop there.
I ended up finding more and more cool projects that I wanted to attach to the domain, each one throwing up interesting problems to sort through. It’s been an education and a half.
The Back-Bone
Arguably the most important piece of software I used was Internet Information Services (IIS), running on windows. This was more than ideal since it was bundled and integrated with windows and came with a GUI (I really didn’t want to touch the Linux command line yet). IIS is supposedly outdated these days and is largely superseded by Apache and Nginx, however, for my purposes, it works great.
In order to secure the server I originally used the free service let’s encrypt to obtain SSL certificates and served them through IIS. The major drawback of this though, was that to renew the certificates every 60 days I would need to stop the IIS server to allow let’s encrypt to communicate with my renewal software. And although this wasn’t really a problem it never felt like a good solution.
Reverse Proxy To The Rescue
Luckily something called Nginx Proxy Manager exists and made my life slightly easier.
NPM was made for Linux and as you might have guessed, runs on Nginx using the built-in reverse proxy. The great thing about this software though is the web interface, it allowed me to manage all of the SSL certificates and even renews them automatically with no downtime. And as long as the reverse proxy is set up properly, it can make the site far more secure.
Luckily for me, the author of this software had already provided a script to get this up and running on Docker.
Unfortunately for me, I had no idea how to setup Docker on the computer I used (A Raspberry Pi)
Portainer To The Rescue?
As it turns out Docker is not too difficult to install on Linux. However, because I really like a web interface I thought I might as well complicate it by installing Portainer.
Although I make it sound like a bad thing, this piece of software is actually pretty neat in that it allows the user to manage any number of Docker containers, volumes, etc… from the comfort of a web browser instead of the dreaded terminal.
You might have noticed another program running on the Portainer server…
Guacamole To The (Remote) Rescue!
It was perfect that I set up Portainer, figured out how Docker worked, and was looking for a web-based remote access app, that I found Apache Guacamole.
This lovely piece of software was a breeze (pain) to set up on the Raspberry Pi. But once it was set up it provided a really clean and easy way to access my devices from outside my network, and being able to access the main server through RDP while out and about was a godsend on multiple ocasions.
Being made by the Apache software foundation, Guacamole is pretty secure and is kept up to date by the community, and talking of security, Guac allows users to be set up using 2-factor authentication which (when available) is essential for sensitive external-facing services.
Now hold on a second, if I was away from home and needing to use Guacamole, who’s to say I wouldn’t want to access my home media or movies?
Jellyfin Is Here Whether You Like It Or Not
At this point, the home hosting is starting to work like a charm, I can whip up an IIS instance, open up a slot on the proxy manager, and tell the domain provider to start taking customers. So this project was pretty easy to set up.
For this task I ended up going with a program called Jellyfin; it is actually a fork of the popular media server Emby which used to be open source but has unfortunately been relicensed and is now closed source. Jellyfin however, took the best from Emby and boasts some great features such as GPU transcoding, Live TV, DVR, and mobile apps.
Setting this up was super easy since the software runs on it’s own inbuilt web server and was available for windows. All I had to do was download, run, and configure the software and it was good to go. And making it available on the web was an easy next step because of NPM.
If you’re still reading then well done, but there’s a lot more to cover!
Do You Want Assistance With This Home?
I’ve already covered this software in detail in another post linked here, So I’ll make it brief.
Home Assistant is a brilliant piece of software for someone with too much time on their hands. You can effectively recreate HAL 9000 and have your house filled with smart tech and doing whatever it wants.
On a serious note though, It does have a really nice UI and great compatibility with a huge community of coders and determined hackers, getting all sorts of smart home devices to play nicely with HA. If you have a smart home with multiple different platforms and therefore different ways to control things, this might be the software for you!
You’ve Got Mail
This next one was surprisingly complicated for what it is. Now that I had the website set up and a few services under the belt I figured I should probably set up a professional email nested under the domain. I looked around for a mail server that I could deploy on Windows (since the Raspberry Pi was pretty clogged by this point) and I found hMailServer.
Now I tried to set this up many years ago on a different PC but I could never quite get it running properly, it would work perfectly fine from a client like Mozilla Thunderbird however when I tried to connect Gmail to the server it would reject the SSL certificate. I put this down to me not understanding certificates properly and moved on.
Fast forward to today and since it was the best looking option for Windows I gave it another go, I set it up and the same old issue remained. After a lot of digging and snooping around the forums, I pinpointed the issue. Turns out the certificate file used by the server needed to have the root and all subordinate certificates of the issuing authority appended onto it for Gmail to fully trust the server. … Thanks Google.
With the backend server set up and tested, I sought out a shiny web-based mailbox to access the mail directly. There wasn’t any need to do this, I just thought it was cool.
Don’t worry I don’t actually have a basement. ^^
Size Does Matter
A few weeks ago I had the completely random idea of making a public URL shortener service. I had a look to see if there were any open source projects already doing this and to my surprise, I found a system called YOURLS. So I grabbed the shortest domain I could find that still made sense and got going.
YOURLS was an ideal candidate because it was versatile, simple, and fast. And it has a pretty big backing of plugins and themes to boot. With this, I launched the service under the name of clickGo.uk and started configuring it with a few new plugins and the lovely theme by Tom Slominski. And to go with the site I linked in an email address to the hMailServer.
If you are interested in running a URL shortener take a look at YOURLS on Github here.
Last But Not Least
The last mention is a generally useful tool to have on your network. If you’ve ever used a browser extension like uBlock origin or Ad Block, you’ll know what a big difference it can make to the browsing experience. Now, what if you could apply this effect across the whole network and also block sites containing malware, and excessive tracking. This is what the Pi-hole DNS server does.
Since this software has been specifically designed for the Raspberry Pi, it is very easy to install and configure. All you have to do is issue this command in the RPi’s terminal:
curl -sSL https://install.pi-hole.net | bashFrom that point, the installer should guide you through the necessary steps to get up and running.
Pi-hole also comes with a web interface, which can give you a lot of insight into the traffic on your network. Since the server also blocks sites known to host malware or dangerous content, it helps to increase security for clients.
The End… Or Is It?
Well, that’s the list of things I’ve set up so far. Each one has contributed something useful to the network and most of all been a challenge to set up and manage. I can recommend all of these programs if not for the function then just the lessons that can be learnt about them.
Stay tuned for more projects!
Tom,