"I been ridin on a wire just readin the sitch
Keep my signal clean with my eye on the snitch
Picking up the coins when I can on the roam
All the time thinkin that there's no place like home"
-- Robbie Bones and the Differentials
At some point, we've all run into limits to what we can do or fit on
whatever we're using in the field, and you want a server of your own.
We've all been there. You're out and about, using someone else's
network, and for whatever reason, you'd enjoy a bit of privacy.
Running a server at home can be tricky. Not only is it another computer
you have to power and maintain, but if you want to use it from outside
of your home, you're going to have to balance security with exposing
your computer to the world. Fortunately, you've got some options.
One tool we can use to help manage these issues is containers. Isolating different elements, to reduce the risk of a compromised service is nothing new. We were using chroots to do the same back in the 90s. What has changed is that things have gotten a lot more friendly, and there are frameworks that make it easy to adapt a service into a container.
We'll be installing Docker, a container platform, which is the de-facto standard
for containerization under Linux (and MacOS and Windows). This buys us a
couple of things:
We get to reuse other people's work through resources like Docker Hub, where often the container is developed by the same team that writes the software.
We aren't limited to applications that are packaged for our operating system.
We can setup the service on one system, and deploy it easily on another. Sometimes on wildly different platforms. You could install and tweak things on your PC, but run it on a Raspberry Pi (as one example).
When the services you want outgrow one system (which will happen relatively quickly if you're serving from a SBC), you can spread out onto other computers painlessly.
Depending on the distribution running on your server, you've got a
couple of options. Most major distributions either have official
packages available from Docker, or ship with their own docker packages.
For distributions that don't, there is a convienence script available at
get.docker.com that'll work (we'll be using this for the RPi install).
Static binaries and installing from source are also options that are
beyond the scope of this article.
curl -fsL https://get.docker.com -o get-docker.sh
Just to explain what that's doing - curl is a client for urls. This
particular command is set to be silent (-s) even if it gets an error
(-f) and will follow server redirects. Whatever it gets, it'll output
(-o) it to a file named get-docker.sh. It's always a good idea to take a
look at any script you've downloaded before running it, in case there's
anything that looks suspcicous.
This'll add the appropriate repositories and install the docker
One more thing you need to do, is allow the username the ability to run
sudo adduser pi docker
Which will add the user named pi to the group docker (which is allowed
to run docker commands)
Logout and back in, and you're all set. Test docker by running the
docker run --rm hello-world
That'll download the hello-world image, run it in a container, and then
remove (--rm) the i container.
While I'll be doing this on my RPi3b, it could be just about anything, some old laptops, or even a server hosted elsewhere, heck, I hear that Big Broogle has a free tier in their cloud hosting.
That's all for now choombas, next time, we'll get some actual services going. I'm thinking maybe a vpn and a pastebin. In the meantime, keep an eye out for Wilson!
I'll be over in this thread - https://www.cyberdeck.cafe/forum/software/discussion-containers-vpns-and-home-services if you've got any questions, or need any help.