Time to build a server with old hardware.

[Phil Binner]

My home/small(very) business system stores all its information on a D-Link NAS. This is an old piece of kit using SMB1; I think I bought it about 2014 so it doesn't owe me anything. Release 20 of Ubuntu has discontinued support for SMB1, however, and although I managed a work around in XUbuntu 20.04 it's clunky at best. Last week I got a laptop back from maintenance and they had re-installed Windows. It turned out that the latest Windows 10 also has SMB1 turned off, and although it was relatively easy to turn it back on, I would say the writing is on the wall. Now is probably time to build a server.

I have an old full tower case with one of the last Intel chips before the I series. I last had it running about a couple of years ago, when it handled either Ubuntu or XUbuntu just fine.

My problem is that my knowledge of communications protocols is next to non-existent. Actually putting the thing together and loading the Linux software are things I can handle, but I have the feeling I may get into deep water shortly after that, so I have an initial list of questions:

1. Is the idea of building and running a server something that a reasonably bright but technically inept old git should be able to accomplish with help:
2. Are there people out there who are willing to help me, because I don't think it's something I would be able to do on my own:
3. Is the hardware I currently have likely to work as a server, given that demands on it will be low and I will be willing to spend money on an upgrade once it is successful;
4. Is there something I should be spending money on up-front;
5. Given that it will be accessed by both Windows and Linux, what communications protocols should I be looking at.

Thanks in advance.

Phil B

[TheFu]

1. Is the idea of building and running a server something that a reasonably bright but technically inept old git should be able to accomplish with help:

You can do anything you put your mind at. But the learning curve can be steep if you want to understand everything. There are pre-built setups designed for specific tasks, however I find they aren't really too secure by default.

2. Are there people out there who are willing to help me, because I don't think it's something I would be able to do on my own:

You can ask any questions here that you like, provided they don't tie to illegal activities. If a questions is well-asked, someone will likely answer. Nobody should be typing on your system and you shouldn't allow anyone else to do that, unless you have a written contract, for money, setup.

3. Is the hardware I currently have likely to work as a server, given that demands on it will be low and I will be willing to spend money on an upgrade once it is successful;

Old hardware will often have funny faults and failures. New stuff that is 10x-30x faster isn't very expensive. For example, I built a Ryzen 2600 system a few years ago for about $400. There have been a few times since then that similar systems could have been built for less than $250. Most 2014 laptops are crap and you'd be better off getting a $300 Core i5 off ebay. I did that 2 yrs ago - $305 shipped with 8G of RAM, 1TB HDD, and i5-8250U (That's over 7000 passmarks). The Ryzen 2600 is over 13,000 passmarks for reference. If you have a little more cash, the new Ryzen 5 5600 has over 20K passmarks for $300, but I'm looking forward to the R-2600 and R-3600 price drops myself.

Why so much CPU? So different services can be virtualized. This makes upgrading each service much easier and disconnected from other services which are likely to need conflicting libraries.

4. Is there something I should be spending money on up-front;

You haven't said what you want in a "server". There are thousands of possibilities. Which do you want?

5. Given that it will be accessed by both Windows and Linux, what communications protocols should I be looking at.

Start with ssh. That provides ssh, scp, sftp, x2go, rsync, rdiff-backup, a minimal VPN, a SOCKS proxy and a few other capabilities just with 1 service enabled.
You need to decide what you want this "server" to provide.
Do you want access from anywhere in the world or just inside the LAN?
How much do you care about security?

Many of the protocols you hear in Windows just aren't needed and don't work well. This is a chance to switch to better protocols, which greater access and greater security.

• https://github.com/sovereign/sovereign has some ideas for what you might want.
• https://medium.com/better-programmin...g-df17f0919d64 a crazy guy self-hosting using cheap raspberry pi computers. I wouldn't do this except for the smallest needs. Any x86 computer will blow away any Raspberry-pi on the compute capabilities. Plus, people don't think their r-pi servers will be hacked. Had someone here report a hack to their v1 r-pi a few days ago. Any computer can be hacked.
• Some other things you might want to self-host: https://github.com/awesome-selfhoste...ome-selfhosted

I self-host a few things:

• VPN (required to access most internal servers)
• email (most people don't want to do this)
• communications, shared calendaring, shared addressbook
• Storage via NFS (NFS is how Unix systems share storage)
• Nextcloud (private and shared storage with lots of interesting addons like photos, music, tasks, GPS tracking, video/audio conferencing)
• Wallabag (read-it-later clone)
• Calibre ebooks
• Plex DLNA (photos, videos, media)
• Desktops (can be accessed from anywhere in the world, securely)
• Multiple websites for different business and hobby needs

And don't forget that you need excellent, automatic, daily, backups. If you don't have 3 copies, in at least 2 physically different locations, then you don't have backups at all. Also, if you haven't tested a full restore onto completely different hardware, then you don't have backups. Businesses die because they don't have proper, tested, backups.

If you plan to have any remote access at all into the LAN, setup ssh using ssh-keys, block all passwords for authentication. Do that as your first step.

You'll notice that I didn't mention samba or Windows. Windows has some great ssh, scp, sftp programs - Filezilla and WinSCP come to mind. Win10 has a subsystem that supports ssh natively, so you can do most things from/to Windows that are so very easy on Linux dekstops. Accessing sftp from any Linux desktop is as easy as using any file manager with sftp:// for the URL. If you setup ssh-keys, then you won't get hassled for login credentials for that access. ssh is the only tool I know which is both more convenient AND more secure.

So - what services do you need/want on your "server?"

[SeijiSensei]

Sounds like you're basically interested in building a server to share files, not run mail or web or DNS services.

If so, I suggest installing a desktop version of Ubuntu, then adding the Samba and nfs-kernel-server packages. Use Samba to share files with Windows machines. Use NFS for Linux and MacOS clients.

Code:

sudo apt install samba nfs-kernel-server

On Ubuntu clients, you'll need nfs-common.

You can serve up the same directories via either protocol. I do that on my server here so I can see the shared directories on the rare occasions I use Windows.

[Phil Binner]

What I want is basically what SeijiSensei has suggested. I have a media machine that uses video and music, and several windows and one XUbuntu machine that share files. All that is currently supplied by the NAS. It's just that the NAS is old and D-Link are not offering any downloads to update the software. In addition secure remote access would be usefull. My options seem to be to buy a more modern NAS and continue as before, or build a server. Since I have an old computer in a full tower case I do not use, I thought loading Ubuntu-Server on it would serve 3 functions, solve my current problems, provide much wider options for the future, and increase my knowledge. The last of those is tempting.

What I have done so far is to fire up the old computer to see what state it is in. Unfortunately that fell at the first hurdle. The power comes on for about 2 seconds then cuts off. Since there are no motherboard beeps it seems to be a power supply problem to me, but it could be the motherboard. If I want to go forward with that I can look for a second hand motherboard/processor on ebay, and a new power supply. If I do that I'll look at the Ryzens; they tend to be cheaper for the power. That shouldn't set me back too much.

Alternativly I can put a couple of 3tb drives in the XUbuntu machine I'm using and follow SeijiSensei's suggestion. That will mean that my server is also a desktop machine, but i'm assuming that that won't cause too much problem with the low demand I'm putting on it.

Thanks to both of you. Any further comments will be welcome. For now I'll sleep on it and decide in the morning.

[TheFu]

Be very careful using 3TB/5TB/6TB HDDs. Those "odd" sizes have a less than great history of higher failures.
4TB, 8TB and larger seem to all have much better reliability.

If you are really hurting for cheap storage, consider buying used Enterprise HDDs - the WD-Gold (or Hitachi 310) line 4TB can be found mid-life with ZERO bad sectors for under $40. These things are built for lots of vibration in datacenter environments - probably get 10+ yrs of total life for 50% less than new consumer HDD costs which often fail in 3-5 yrs.

+1 for NFS. My LAN uses NFS for almost all storage access. It provides native Unix access and permissions - basically, network storage acts just like local storage and the client machines don't know the difference.

I love Nextcloud - it provides storage and selective sync to clients for pretty much any platform. Just be certain to have a VPN to get access over the internet. With Nextcloud, there are some great addons.

[Phil Binner]

I have decided to do both things, getting my feet wet slowly. The first thing I have done is run "sudo apt install samba nfs-kernel-server" as SeijiSensei suggested, so that is done. I now need to work out how to share the folders I have currently, before adding more storage. I have an article or two to read today, as well as starting to look for hardware.

The reason I thought about 2 3tb drives is that I already have one originally intended for backups. I don't want to get into failures while I'm still trying to work out what's going on, so I will take that advice seriously.

Thanks for your help so far. More on the next step will be appreciated.

[TheFu]

If you search for "ubuntu nfs" you'll find a how-to guide, probably at help.ubuntu.com.
Because that guide has to address almost every possible situation, it is much, much, longer than necessary.

NFS tips:

• Make storage locations the same locally and over NFS. This will prevent confusion that will happen based on which machine you happen to be on.
• Use NFS for all Unix-like OSes.
• NFS is server -to- server sharing. Not user -to- server like CIFS/Samba. User credentials have nothing to do with NFS connections.
• Make all uid/gid numbers that will be accessed using NFS (as returned by the 'id' command) the same on all the systems. userid 1000 needs to match on all the systems. Any groups or shared groups gid needs to match on all systems too. On Apple platforms, userids begin with 500. On all Linux platforms, they begin numbering at 1000. That means if you have the same user (a human) on both apple and Linux, then one or the other platforms will need to change the uid to match the other. If you have 5 apples and 1 Linux, I'd change the Linux one. IF you have 1 apple and 5 Linux, I'd change the apple. In theory, there is a mapping solution for this. I've never seen it work. In businesses, we use LDAP for all logins so all the uid/gid are centrally managed and this is a non-issue.
• usernames and groupnames mean nothing. It is all about the numbers. 1000 on the client --> 1000 on the server.
• On the server-side, there is 1 line in the /etc/exports for each "exported" file system.
• On the client-side, there is 1 line in the /etc/fstab for each "NFS" file system.
• After changing the /etc/exports file, restart the server-side NFS service to the config changes are reloaded/seen.
• Client-side changes should automatically be seen, but if they aren't, you can tell systemd to sudo systemctl daemon-reload
• The sudo or root accounts from clients don't have superuser privileges on NFS storage by default.

So, with all that in mind, here is a single NFS on the server in /etc/exports:

Code:

/TV     regulus(rw,async,root_squash) romulus(rw,root_squash,async) hadar(rw,root_squash,async) posc(rw,async,root_squash) osmc(rw,async,root_squash) pi3(rw,async,root_squash)

That's 1 line. Spacing is critical. Note were there are and aren't spaces. It matters. I share only with specific systems on this subnet. If you want to share on the entire subnet (dangerous), you can use CIDR notation instead:

Code:

/TV     192.168.1.0/24(rw,async,root_squash)

Anyone on your subnet, including guests, can mount. Often, you'll see other settings in online examples. With NFSv4, which Ubuntu has used for a decade, those other tuning numbers are automatically determined, so not useful except under really odd situations. Don't forget that sometimes you want a read-only export. I export Music as read-only to prevent accidental deletions from clients or overzealous media center software.

On the client side, besides using the /etc/fstab, you can use autofs. That's how I do it for a number of reasons. As with all mount points, the directory must already exist sudo mkdir /TV. But for now, just use the fstab.

Code:

istar:/TV   /TV  nfs    proto=tcp,noauto     0     2

istar is my NFS server. An IP address can be used, if you prefer.
sudo mount -a will mount/remount everything in the fstab.

Code:

mount |grep TV

will show that it is or isn't mounted. So will the df command.

Code:

$ df -Th
Filesystem                        Type  Size  Used Avail Use% Mounted on
...
istar:/TV                         nfs4  294G  102G  193G  35% /TV

Because my setup is using autofs, I'm not 100% certain how to get the mount live. With autofs, storage is only mounted when specifically requested. ls /TV/ is sufficient or any command that accessed anything under /TV/ will mount it. When that mount hasn't been used for a few minutes, it will be removed by autofs. This is convenient for storage that isn't always available so any connection errors don't cause problems for clients.

So, if you have the userid mapping already handled, you can see were adding NFS is pretty trivial. 2 lines, restart the NFS daemon, and mount. It is 45 seconds, maximum time, once. No screwing around with credentials after that, unless you want to get much more security. If you do, NFSv4 supports encrypted connections and Kerberos for server-to-server authentication. Settings those up **is** harder. The encryption is considered secure enough to use over the internet.

If I missed something important, hopefully someone else will post a correction.

[SeijiSensei]

I found the NFS guide way too lengthy and complex for simple applications. So I posted this in recent thread as an alternative: https://ubuntuforums.org/showthread....1#post14001094

[TheFu]

I've had problems using the systemd-automount stuff. It doesn't work as expected. x-systemd.automount is the config option in the fstab. I tested it for a few months. It never auto-dismounted, IME.

OTOH, autofs is solid and always works as expected once the initial learning curve is done.

[SeijiSensei]

I don't care about dismounting so I haven't seen this issue. The only time I dismount file systems is when rebooting.