[HN Gopher] Raspberry Pi as a local server for self hosting appl... ___________________________________________________________________ Raspberry Pi as a local server for self hosting applications Author : christian_fei Score : 99 points Date : 2020-09-14 19:49 UTC (3 hours ago) (HTM) web link (cri.dev) (TXT) w3m dump (cri.dev) | noncoml wrote: | My biggest gripe about Raspberry Pi, and only thing that prevents | me from using it as a home server, is that the USB cannot power | an external HD | noizejoy wrote: | Not sure, if it would make a difference to your use case, but | I've had success powering an SSD from a 4GB Pi 4 USB 3 port. | antognini wrote: | One thing to watch out for when doing something like this is that | the Raspberry Pi will by default put your file system on the SD | card it boots from. SD cards aren't meant to support a lot of | write/erase cycles, so it's easy to end up with a corrupt SD card | after a few months to a year depending on what you're doing on | your Pi. | | A workaround that can save you some headaches here is to only | boot from the SD card (which means you're effectively only ever | reading from the card), and then mount a filesystem on an | external SSD drive. There are a couple of good guides here [1] | [2]. | | [1]: https://www.stewright.me/2019/10/run-raspbian-from-a-usb- | or-... | | [2]: https://www.pragmaticlinux.com/2020/08/move-the-raspberry- | pi... | christian_fei wrote: | Good points, thanks! | | Just stumbled upon this today by coincidence, will definitely | follow the suggestion, cheers | gerdesj wrote: | Very true for a given value of true 8) You need to evaluate all | the components. The RPi itself is a decent piece of kit, well | tested and safe to use. Get a decent power supply to it - | either a RPi branded one or at least a decent mobile charger | from a brand that you trust. | | I generally use a decent USB stick nowadays. RPi 4 from about a | month or so ago onwards will do this out of the box. You can | also put a second USB stick in and clone the thing every now | and then. | | You can PXE boot them as well (citation needed) and that brings | nfs and iSCSI to bear. That's my long term plan for fleets of | them. | | For the semi casual user, I recommend the dual USB stick combo. | Quite easy to set up and you can always whip out the backup and | test it on another device. | mikenew wrote: | > RPi 4 from about a month or so ago onwards will do this out | of the box | | Are you saying you don't need an SD card at all and it will | just boot off USB? | m_t wrote: | Yes, it can do that now. | gerdesj wrote: | I buy quite a few of them as a tinkerer and recent (~two | months) ones don't need firmware/BIOS fiddling to boot | off USB. Make sure you get reasonably recent stock. | rovr138 wrote: | Latest Pi's can boot from external media. It's possible to boot | from an SSD | codetrotter wrote: | You can't just say that without including a link :P | | Anyways, I assume that the following is what you are | referring to: https://www.raspberrypi.org/documentation/hardw | are/raspberry... | | In that case, the following from the linked page might be | worth making note of: | | > To enable USB host boot mode, the Raspberry Pi needs to be | booted from an SD card with a special option to set the USB | host boot mode bit in the one-time programmable (OTP) memory. | Once this bit has been set, the SD card is no longer | required. _Note that any change you make to the OTP is | permanent and cannot be undone._ | | Not that it matters much to me but still something worth | being aware of if you later try to repurpose your RPi for | something else I think. | rovr138 wrote: | That's specific to the | | > Raspberry Pi 2B v1.2, 3A+, 3B, Compute Module 3 | | Further down, | | >Raspberry Pi 3B+, Compute Module 3+ | | > The Raspberry Pi 3B+ and Compute Module 3+ support USB | mass storage boot out of the box. The steps specific to | previous versions of Raspberry Pi do not have to be | executed. | | Then the last one, | | > Raspberry Pi 4 | | >The Raspberry Pi 4 currently requires non-default firmware | to enable USB mass storage boot: see the USB mass storage | boot section of the Pi 4 Bootloader Configuration page for | more information. | | But overall, it's possible in some way with all these | versions, | | >Available on Raspberry Pi 2B v1.2, 3A+, 3B, 3B+, and 4B | only. | kaszanka wrote: | The OTP programming doesn't prevent the Pi from booting | from an SD card, so it should be fine. | bscphil wrote: | You can also netboot them, which adds a little latency but in | terms of speed is likely even better than the SD card, now that | the Pis have real Gbit. | bhauer wrote: | For whatever it's worth, I use Samsung Endurance SD cards [1] | in all of my Raspberry Pi 4s. While I wouldn't say any of them | are subjected to heavy load, I've never had an SD failure in | the ~1 year of usage they've each seen. | | [1] https://www.samsung.com/us/computing/memory- | storage/memory-c... | jakobdabo wrote: | Most writes are the logs, I use log2ram [1], it reduces SD | writes substantially. | | [1] https://github.com/azlux/log2ram | rwbhn wrote: | Thx! Looks like just what I need. | petre wrote: | Busybox's syslog logs to RAM by default. And it can be built | with runit requiring no systemd if the distribution was built | for this. Also Alpine Linux runs out of RAM entirely by | default. Too bad RAM is constrained on these devices and I | haven't been able to make it load g_serial in Alpine for the | USB gadget console on the OTG port. I used a Pi Zero W. | ocdtrekkie wrote: | I've been using a RasPi for a Pihole for years and this is a | constant peeve. No matter how many precautions it takes, it | eventually dives. RasPi is neat for a lot of things but I'm not | convinced it's an ideal selfhosting platform. By the time you | invest in the necessary addons, you might as well have gotten a | used actual server. | rcarmo wrote: | Friendly reminder that you can use Piku (https://github.com/piku) | for Heroku-like deployments. | christian_fei wrote: | awwwww yeaaah! ty | anderspitman wrote: | The hardware is there (RPi + USB storage). The server software is | there (NextCloud, Plex, n8n, etc). What isn't there is the | plumbing. The next logical step after this blog post is making | your services accessible to your phone over the public net. | You'll immediately find yourself mired in domain name | registration, VPS management, TLS cert management, dyndns, port | forwarding, hole punching, etc etc. | | There are lots of great tools that solve some of these problems. | I have yet to find one that solves all of them. | | I think we need something like Namecheap + CloudFlare + ngrok, | designed and marketed for self-hosters and federators. You simply | register a domain and run a client tool on each of your machines | that talks to a central server which tunnels HTTPS connections | securely to the clients. | | Mapping X subdomain to Y port on Z machine should take a couple | clicks from a web interface. | christian_fei wrote: | I can relate, thought about setting up a Caddy server to route | through the different services (also nginx would be fine). Have | to try it out and probably make a list of services in a HTML | document returned on port 80/443 | Aperocky wrote: | > Mapping X subdomain to Y port on Z machine should take a | couple clicks from a web interface. | | route53 can work like that, it also has a cli version. (But you | can't get the domain there). | anderspitman wrote: | Can it tunnel to local devices like a RPi or just AWS VMs? | xyzzy_plugh wrote: | Or just setup Tailscale, which takes about two minutes. | dboreham wrote: | Ime devices with a proper CPU and SSD such as Intel NUC and | Beelink are the MV solution to run server software without | constant headaches due to slowness, limited memory and flash | wearout. Ymmv of course. The Pi4 with 8G is getting close. | tonitosou wrote: | i use a pi as webserver. works like a charm | christian_fei wrote: | Nice! | codezero wrote: | I haven't been into computer hardware lately, but I decided to | pick up a NAS, and was pleased to learn that they're now just a | complete computer - I've started using VMs living on my NAS to do | this kind of thing, which is quite nice. Synology's interface is | not bad either, but I imagine others have come up with even | better ways to use these systems. | | Obviously a RPi is a way cheaper way to get a lot of the same | work done though :) | gramakri wrote: | I have tinkered with RPI a lot in my previous life, I used to | maintain the Qt eglfs QPA plugin. Back then, they were quite | under powered CPU wise. Are the recent versions powerful enough | to host websites and data for every day use? Like say, is it | powerful to host a website, couple of blogs, a | nextcloud/syncthing instance and say Emby/Jellyfin/Plex? Most | importantly, I want to hear about setups that people are using | for every day use and not just learning. | | (For context, we get a lot of requests to port Cloudron to | ARM/RPI but I am still not sure if these are just | hobbyists/tinkerers or something people use everyday.) | christian_fei wrote: | Using Emby actively right now and it's working like a charm! | Nextcloud will probably be my next experiment | fossuser wrote: | How do people access these servers off of their home network (or | do they not?). | | That seems like most of the value to me, hosting some service you | can access from anywhere without having to use Digital Ocean. | | It seems like most residential ISPs don't provide a static IP and | some block port 80? I think forcing ISPs to allow home users to | serve traffic via some standard method would go a long way to | enabling a more decentralized web. | | I know Zero Tier, and Tailscale exist - but I don't really | understand how they work (and I think they require intermediate | server access anyway so might as well use Digital Ocean?). | | I'd like a future where you could sell users a raspberry pi | running a service they can just plug into their home switch and | access it securely from anywhere. | jakobdabo wrote: | Tor hidden service. Simple to configure, just works. | christian_fei wrote: | Done! Super simple install and configuration too! | Mister_Snuggles wrote: | I've got a static-ish address, meaning that my ISP hasn't | changed my IP in many years, even with modem or router reboots. | I've been meaning to get a dynamic DNS provider, but it hasn't | been a priority. | | In terms of accessing local services, I'm using StrongSwan on a | VM with the relevant ports forwarded from my router. Ideally, | the router would run StrongSwan, but until I switch to pfSense | I'm living with this setup. | | iOS and MacOS devices get a .mobileconfig profile which | automatically connects when needed and disconnects when the | device returns to my home WiFi network. My Linux travel laptop | can also connect, but I haven't figured out how to make this | happen automatically yet. | liability wrote: | Afraid.org's dynamic DNS. I have a single port forwarded for | wireguard, since it's just for ''personal cloud'' purposes. | beervirus wrote: | Dyndns or similar. | ericd wrote: | If you have a linux box that's always on on your network, you | can throw in a simple cron entry to curl a dynamic dns provider | (entrydns.org works pretty well in my experience), which | updates their dns entry for a url you set. Set up OpenVPN on | your router, VPN to the URL, voila, access to your self-hosted | services. | | You definitely shouldn't expose most of these things directly | to the net, they're not always bulletproofed as much as one | would like. | maxmunzel wrote: | I'm using a 3$ VPS (hetzner) as a VPN server and access my | local servers that way. You also get a regular VPN for free | that way and setup is trivial if you use wireguard. | rovr138 wrote: | I use a $15/year vps for this. Acts as a bastion to all the | servers I connect to. | jjice wrote: | +1. Allows me to access my Jellyfin and file server from my | laptop no matter where I am, all for a few bucks and a good | learning experience with Wireguard. | mmm_grayons wrote: | My home IP is technically not static but doesn't change, even | with router reboots. I still have dynamic dns set up, however, | because I don't trust that to not change. My ISP threw a | warning when I forwarded port 80 (something about the TV | service) but I haven't had any issues (though I serve stuff | mostly off 443). It's actually really convenient, especially | since I have a few ten-year-old laptops I can use to host | stuff. Since I got symmetric gigabit FTTH, I can do basically | anything with it, even hosting big files. | eulenteufel wrote: | Up until recently I used dynamic DNS and it worked well for a | small website and calender server (radicale). | | For hosting an email server a static IP is all but required, so | I got the free tier VM.Standard.E2.1.Micro VPS at Oracle Cloud. | It has a static IP and I forward stuff to my rpi3 with dyndns. | All you need for this is a credit card. | antognini wrote: | I've been using DuckDNS [1]. If your IP address changes it | could take up to 5 minutes to update, but in practice I haven't | had any problems with it. | | [1]: http://www.duckdns.org/ | christian_fei wrote: | Same here! | rjsw wrote: | Switch to a better ISP. | fao_ wrote: | I don't see how this is seriously a suggestion. Not everyone | lives in Silicon Valley and earns a >20k/yr paycheck. There | are other things to consider like reliability, cost, that | force your hand. | linux2647 wrote: | Dynamic DNS and WireGuard | christian_fei wrote: | +1 | jamesfmilne wrote: | ZeroTier uses central servers to assist machines behind NATs in | finding each other. | | These central servers basically exchange the external IPs of | each machine on the virtual network. The nodes on the virtual | network then try their best to establish peer-to-peer | connections using those external IPs. | | I use it all the time with a number of colleagues working from | home and it works great! We can all join a virtual LAN and see | each others machines behind our home broadband routers. | | ZeroTier runs fine on Raspberry Pi. I use it to link machines | at home with machines at work, on AWS, Azure, etc. | boredpenguin wrote: | > How do people access these servers off of their home network | (or do they not?). | | Wireguard, listening on the public IP with port forwarding, and | using a dynamic dns client to ensure I can always connect even | if the public IP changes. | | > It seems like most residential ISPs don't provide a static IP | and some block port 80? | | Not the case here in my experience (Spain), but if you're fine | being the only one with access you only need to forward the VPN | port. | | > I know Zero Tier, and Tailscale exist - but I don't really | understand how they work | | I only used ZeroTier a bit, but IIRC it was something like: | | 1) Create a new network in the ZeroTier One website 2) Download | the ZeroTier client on your machine(s) 3) Enter the network ID | 4) (optionally) authorize the device on the web UI 5) Now the | device can connect to other ZeroTier peers on the network you | created! | | (So yeah, at least the "easy" way involves using their server, | no need to selfhost it). Also this option should work without | port forwarding. | anderspitman wrote: | Can the ZeroTier client create a tunnel without root access? | That's the biggest weakness of WireGuard IMO. One of the | things I like about ngrok is it doesn't require root. | snowwolf wrote: | Dyndns to solve the static IP issue, and if not all ports are | blocked setup WireGuard on an open port and connect via that. | To be honest I prefer to not expose a lot of these home server | type projects directly on the web as a lot aren't that secure. | You're better of going via WireGuard. | | The only place you get stuck and need an intermediary vps is if | you are behind CGNAT. I came across this recently that helps | set all that up. https://github.com/erikespinoza/v4raider | StillBored wrote: | The pi4 even overclocked isn't a great number cruncher, and I | don't think the gpu acceleration has landed yet.. | | So I might expect it to be on par with that old of a macbook but | not beat it by nearly 2x, particularly if the macbook is being | accelerated. (despite having 2x the core count) Which makes me | think the MBP may be suffering from some serious thermal | throttling, which wouldn't be uncommon on machines of that | vintage. | | I also assume the call line is: | | https://github.com/christian-fei/raspberry-pi-time-lapse/blo... | | which is noticeably missing the -hwaccel switch, which means its | probably not using the GPU on the mac.. | christian_fei wrote: | Definitely, good points. Gotta try your suggestion regarding | the missing flag on the ffmpeg side and report back, out of | interest. I'm on service battery since a long time in fact I | consider this setup only temporary, and will soon upgrade to a | modern machine | cstuder wrote: | On my Raspberry Pi 3 I'm running Hypriot OS which installs a | minimal host OS and then just runs Docker. | | Thanks to cloud-init (Old version though) you can even pre- | configure the boot image with your SSH key etc. which allows you | to automate your initial install. | | https://blog.hypriot.com/downloads/ | | https://cloudinit.readthedocs.io/en/0.7.9/topics/capabilitie... | christian_fei wrote: | that is interesting, thanks! | | sounds like a super smooth dev and deploy experience | tssva wrote: | Ubuntu for the RPi also uses cloud-init. I use it create a | default user with my username instead of the ubuntu user, | deploy ssh keys, install packages and configure the network on | newly deployed Pi's. | yegle wrote: | For anyone with a home server and has the need to remotely access | your self-hosted websites, https://pomerium.io has been a | wonderful piece of software in my stack. | | You can safely expose your self-hosted websites to the internet | and without the hassle of needing to have a VPN connection first. | liability wrote: | I recently thought about getting an RPi4 but ultimately spent | about a hundred dollars more to get a cheap NUC. It was a bit | more expensive but it seems like a more robust platform. A real | AC adapter instead of USB (apparently the RPi4 kind of botched it | in some revisions? What I read wasn't confidence inspiring), | takes normal SO-DIMM ram and a typical SSD, doesn't have a | reputation for overheating.. it seems generally more straight | forward with fewer 'gotchas.' | cptskippy wrote: | I'm torn, I don't think of Pis as traditional servers and have | two dedicated servers on my network. AND I have a half dozen | Pis that I use for hosting OctoPrint, DNS, SSH, IoT, Pi-Hole, | etc... which are traditionally Server functions. | | I tend to think of Pis in terms of single function appliances. | They're obviously capable of more but they're so cheap you can | just throw one at a single problem and forget about it. | tyingq wrote: | If you have an i5 or i7, you may also have the advantage of | remote KVM (via Intel's vPro) so that you can revive it | remotely if needed. | entropicdrifter wrote: | Not to mention the built-in advantage of Intel's much better | supported QuickSync video encode/decode if you're doing any | sort of media streaming. | Waterfall wrote: | Won't matter if your main computer does the decoding, and | for the price of one good computer that can stream to all | devices including crappy ones versus all good ones and a | cheap NAS to host, which would you choose? | rovr138 wrote: | Guess the question then becomes, do you need transcoding | on the device streaming? | Waterfall wrote: | What advantage does an NUC have over let's say your old laptop? | They seem like they're the same price as laptops with laptop | specs but are missing most critical components and are a bit | smaller. | liability wrote: | My last 'old laptop as a server' dying is actually what | prompted me to buy the NUC. It was a chromebook pixel long | out of warranty. Until it bit the dust it suited my needs. | Being a bit smaller is a nice bonus, it might be silly but I | think the NUC is kind of cute. | colordrops wrote: | Which NUC did you end up with? | liability wrote: | NUC7CJYH1. With RAM and an SSD it was about $200, while the | RPi4 kit I was considering was about $100. | mixmastamyk wrote: | + real time clock, definitely worth a few dollars. | sosborn wrote: | The USB thing, while not great, was a bit overblown. Official | power source never had a problem. | | As far as overheating, there are several passive cooling cases | that handle the heat just fine. ETA Prime is one place to look | for videos with tests. | | No doubt you get more power and flexibility from a NUC, but Pis | are pretty great for what they are. | x87678r wrote: | I like my rpi but my life got better when I bought a mini pc | instead. Its pretty common to get a 16GB mem micro for not much | more than an rpi with power supply, sd card, case. | | https://computers.woot.com/offers/lenovo-thinkcentre-m73-240... | gramakri wrote: | Yup, similar. I have a thinkcenter m600 series. Quite old but | works really well. | _lacroix wrote: | Setting up a pi-hole DNS server for my wifi network was one of | the best decisions I've ever made. Horrifying to see what | percentage of traffic is on the ad server blacklist though... | h4l0 wrote: | I wasn't aware that my Samsung Smart TV had been logging almost | my every action on the TV until I set up a PiHole server. Also, | my respect for Apple grew by the fact that only device that | wasn't doing loads of telemetry turned out to be my Macbook in | the whole household. | outworlder wrote: | > Also, my respect for Apple grew by the fact that only | device that wasn't doing loads of telemetry turned out to be | my Macbook in the whole household | | Turns out that modern electronic devices are expensive. If | you are not charged up-front, there's a good chance that you | are being charged in some other way. | _lacroix wrote: | Yes!! I was so grossed out by all the logs from my Smart TV. | I'm embarrassed to say that I worked in ad tech (as an | engineer) for years but I still didn't fully comprehend how | pervasive that kind of tracking is in literally every | environment. | Waterfall wrote: | I was going to do this, but you can usually just change the DNS | and add a hosts file to your router assuming it can run | firmware that allows it (like tomato or ddwrt). It seemed | pointless to try since the charts work for http and everything | is https now. I didn't setup specs for traffic but the setup I | use is much lighter. Just wanted to suggest this for anyone who | might want to block on their home network. I also use it as a | NAS with USB3.0 to SATA with An SSD. | _lacroix wrote: | You can set up DNS over https with pi-hole btw, I did that | for mine. It's definitely not the only way to achieve this | kind of ad blocking but if you're like me and have several | old raspberry pi's laying around from abandoned projects then | it's a nice way to put one to good use. | christian_fei wrote: | Definitely! | KingFelix wrote: | I have a RP4 on my desk collecting dust, need to get it up and | running for something useful. This post has got me motivated to | find a use for it. | chrisdalke wrote: | My favorite use of a Raspberry Pi has been to run a Jenkins | instance. | | I use it for CI/CD on projects, but also for automating other | tasks -- You can use Jenkins to wrap any arbitrary script with | more higher-level logic and extensibility than a cron job. | | For example, I use Jenkins to automate multiplatform builds for | some side projects, to periodically ingest data into a | database, perform cleanup jobs, etc. | christian_fei wrote: | That's nice! Trying out n8n.io right now and it's pretty | sweet | christian_fei wrote: | Glad to hear, enjoy! | | Just set up a Tor proxy that I can connect to with one command | from my PC, by connecting to the PI via SOCKs proxy, good times | Waterfall wrote: | They're great as dust collectors but not as good as arduinos. | You can always use it to run nextcloud if you want your own | services. | nicbou wrote: | I'm using my old Thinkpad T510 as a home server. It's been | running for 7+ years already. I only need to dust the vents once | in a while. | | It has PiHole, Nextcloud, my humble little Netflix clone, and a | few other things. If you use ffmpeg a lot, you ought to have more | power than the RPi offers. I often SSH into it to use it as a | SOCKS proxy in other countries. | christian_fei wrote: | Very cool 7 years is a damn loong time. Interesting seeing how | the experiment with the RPi will go | erulabs wrote: | Nice! I recently wrote a blog article about home-hosting on a | RPI4 using kubernetes (https://kubesail.com/blog/k3s-raspberry- | pi). | | Such a bright future in home-hosting - really looking forward to | seeing the movement grow! The https://www.linuxserver.io/ | community is pretty great re: home-hosting apps as well. | oarsinsync wrote: | How do I home host KubeSail? | christian_fei wrote: | That's awesome! didn't know about https://fleet.linuxserver.io/ | ! | | Gotta definitely try this, thanks | erulabs wrote: | Yeah! They have a really great community in their chatroom as | well - A lot of our Kubernetes templates are based on their | excellent Docker images :) | j1elo wrote: | Wow linuxserver.io looks amazing! But the sheer number of | images available make me wish the table had a column with short | descriptions to know at a glance _what_ is each thing. Most of | the items (at least those I clicked) don 't even have a | description or link to home page, so it's difficult to have a | quick overview. ___________________________________________________________________ (page generated 2020-09-14 23:00 UTC)