[HN Gopher] Raspberry Pi as a local server for self hosting appl...
___________________________________________________________________
Raspberry Pi as a local server for self hosting applications
Author : christian_fei
Score : 99 points
Date : 2020-09-14 19:49 UTC (3 hours ago)
(HTM) web link (cri.dev)
(TXT) w3m dump (cri.dev)
| noncoml wrote:
| My biggest gripe about Raspberry Pi, and only thing that prevents
| me from using it as a home server, is that the USB cannot power
| an external HD
| noizejoy wrote:
| Not sure, if it would make a difference to your use case, but
| I've had success powering an SSD from a 4GB Pi 4 USB 3 port.
| antognini wrote:
| One thing to watch out for when doing something like this is that
| the Raspberry Pi will by default put your file system on the SD
| card it boots from. SD cards aren't meant to support a lot of
| write/erase cycles, so it's easy to end up with a corrupt SD card
| after a few months to a year depending on what you're doing on
| your Pi.
|
| A workaround that can save you some headaches here is to only
| boot from the SD card (which means you're effectively only ever
| reading from the card), and then mount a filesystem on an
| external SSD drive. There are a couple of good guides here [1]
| [2].
|
| [1]: https://www.stewright.me/2019/10/run-raspbian-from-a-usb-
| or-...
|
| [2]: https://www.pragmaticlinux.com/2020/08/move-the-raspberry-
| pi...
| christian_fei wrote:
| Good points, thanks!
|
| Just stumbled upon this today by coincidence, will definitely
| follow the suggestion, cheers
| gerdesj wrote:
| Very true for a given value of true 8) You need to evaluate all
| the components. The RPi itself is a decent piece of kit, well
| tested and safe to use. Get a decent power supply to it -
| either a RPi branded one or at least a decent mobile charger
| from a brand that you trust.
|
| I generally use a decent USB stick nowadays. RPi 4 from about a
| month or so ago onwards will do this out of the box. You can
| also put a second USB stick in and clone the thing every now
| and then.
|
| You can PXE boot them as well (citation needed) and that brings
| nfs and iSCSI to bear. That's my long term plan for fleets of
| them.
|
| For the semi casual user, I recommend the dual USB stick combo.
| Quite easy to set up and you can always whip out the backup and
| test it on another device.
| mikenew wrote:
| > RPi 4 from about a month or so ago onwards will do this out
| of the box
|
| Are you saying you don't need an SD card at all and it will
| just boot off USB?
| m_t wrote:
| Yes, it can do that now.
| gerdesj wrote:
| I buy quite a few of them as a tinkerer and recent (~two
| months) ones don't need firmware/BIOS fiddling to boot
| off USB. Make sure you get reasonably recent stock.
| rovr138 wrote:
| Latest Pi's can boot from external media. It's possible to boot
| from an SSD
| codetrotter wrote:
| You can't just say that without including a link :P
|
| Anyways, I assume that the following is what you are
| referring to: https://www.raspberrypi.org/documentation/hardw
| are/raspberry...
|
| In that case, the following from the linked page might be
| worth making note of:
|
| > To enable USB host boot mode, the Raspberry Pi needs to be
| booted from an SD card with a special option to set the USB
| host boot mode bit in the one-time programmable (OTP) memory.
| Once this bit has been set, the SD card is no longer
| required. _Note that any change you make to the OTP is
| permanent and cannot be undone._
|
| Not that it matters much to me but still something worth
| being aware of if you later try to repurpose your RPi for
| something else I think.
| rovr138 wrote:
| That's specific to the
|
| > Raspberry Pi 2B v1.2, 3A+, 3B, Compute Module 3
|
| Further down,
|
| >Raspberry Pi 3B+, Compute Module 3+
|
| > The Raspberry Pi 3B+ and Compute Module 3+ support USB
| mass storage boot out of the box. The steps specific to
| previous versions of Raspberry Pi do not have to be
| executed.
|
| Then the last one,
|
| > Raspberry Pi 4
|
| >The Raspberry Pi 4 currently requires non-default firmware
| to enable USB mass storage boot: see the USB mass storage
| boot section of the Pi 4 Bootloader Configuration page for
| more information.
|
| But overall, it's possible in some way with all these
| versions,
|
| >Available on Raspberry Pi 2B v1.2, 3A+, 3B, 3B+, and 4B
| only.
| kaszanka wrote:
| The OTP programming doesn't prevent the Pi from booting
| from an SD card, so it should be fine.
| bscphil wrote:
| You can also netboot them, which adds a little latency but in
| terms of speed is likely even better than the SD card, now that
| the Pis have real Gbit.
| bhauer wrote:
| For whatever it's worth, I use Samsung Endurance SD cards [1]
| in all of my Raspberry Pi 4s. While I wouldn't say any of them
| are subjected to heavy load, I've never had an SD failure in
| the ~1 year of usage they've each seen.
|
| [1] https://www.samsung.com/us/computing/memory-
| storage/memory-c...
| jakobdabo wrote:
| Most writes are the logs, I use log2ram [1], it reduces SD
| writes substantially.
|
| [1] https://github.com/azlux/log2ram
| rwbhn wrote:
| Thx! Looks like just what I need.
| petre wrote:
| Busybox's syslog logs to RAM by default. And it can be built
| with runit requiring no systemd if the distribution was built
| for this. Also Alpine Linux runs out of RAM entirely by
| default. Too bad RAM is constrained on these devices and I
| haven't been able to make it load g_serial in Alpine for the
| USB gadget console on the OTG port. I used a Pi Zero W.
| ocdtrekkie wrote:
| I've been using a RasPi for a Pihole for years and this is a
| constant peeve. No matter how many precautions it takes, it
| eventually dives. RasPi is neat for a lot of things but I'm not
| convinced it's an ideal selfhosting platform. By the time you
| invest in the necessary addons, you might as well have gotten a
| used actual server.
| rcarmo wrote:
| Friendly reminder that you can use Piku (https://github.com/piku)
| for Heroku-like deployments.
| christian_fei wrote:
| awwwww yeaaah! ty
| anderspitman wrote:
| The hardware is there (RPi + USB storage). The server software is
| there (NextCloud, Plex, n8n, etc). What isn't there is the
| plumbing. The next logical step after this blog post is making
| your services accessible to your phone over the public net.
| You'll immediately find yourself mired in domain name
| registration, VPS management, TLS cert management, dyndns, port
| forwarding, hole punching, etc etc.
|
| There are lots of great tools that solve some of these problems.
| I have yet to find one that solves all of them.
|
| I think we need something like Namecheap + CloudFlare + ngrok,
| designed and marketed for self-hosters and federators. You simply
| register a domain and run a client tool on each of your machines
| that talks to a central server which tunnels HTTPS connections
| securely to the clients.
|
| Mapping X subdomain to Y port on Z machine should take a couple
| clicks from a web interface.
| christian_fei wrote:
| I can relate, thought about setting up a Caddy server to route
| through the different services (also nginx would be fine). Have
| to try it out and probably make a list of services in a HTML
| document returned on port 80/443
| Aperocky wrote:
| > Mapping X subdomain to Y port on Z machine should take a
| couple clicks from a web interface.
|
| route53 can work like that, it also has a cli version. (But you
| can't get the domain there).
| anderspitman wrote:
| Can it tunnel to local devices like a RPi or just AWS VMs?
| xyzzy_plugh wrote:
| Or just setup Tailscale, which takes about two minutes.
| dboreham wrote:
| Ime devices with a proper CPU and SSD such as Intel NUC and
| Beelink are the MV solution to run server software without
| constant headaches due to slowness, limited memory and flash
| wearout. Ymmv of course. The Pi4 with 8G is getting close.
| tonitosou wrote:
| i use a pi as webserver. works like a charm
| christian_fei wrote:
| Nice!
| codezero wrote:
| I haven't been into computer hardware lately, but I decided to
| pick up a NAS, and was pleased to learn that they're now just a
| complete computer - I've started using VMs living on my NAS to do
| this kind of thing, which is quite nice. Synology's interface is
| not bad either, but I imagine others have come up with even
| better ways to use these systems.
|
| Obviously a RPi is a way cheaper way to get a lot of the same
| work done though :)
| gramakri wrote:
| I have tinkered with RPI a lot in my previous life, I used to
| maintain the Qt eglfs QPA plugin. Back then, they were quite
| under powered CPU wise. Are the recent versions powerful enough
| to host websites and data for every day use? Like say, is it
| powerful to host a website, couple of blogs, a
| nextcloud/syncthing instance and say Emby/Jellyfin/Plex? Most
| importantly, I want to hear about setups that people are using
| for every day use and not just learning.
|
| (For context, we get a lot of requests to port Cloudron to
| ARM/RPI but I am still not sure if these are just
| hobbyists/tinkerers or something people use everyday.)
| christian_fei wrote:
| Using Emby actively right now and it's working like a charm!
| Nextcloud will probably be my next experiment
| fossuser wrote:
| How do people access these servers off of their home network (or
| do they not?).
|
| That seems like most of the value to me, hosting some service you
| can access from anywhere without having to use Digital Ocean.
|
| It seems like most residential ISPs don't provide a static IP and
| some block port 80? I think forcing ISPs to allow home users to
| serve traffic via some standard method would go a long way to
| enabling a more decentralized web.
|
| I know Zero Tier, and Tailscale exist - but I don't really
| understand how they work (and I think they require intermediate
| server access anyway so might as well use Digital Ocean?).
|
| I'd like a future where you could sell users a raspberry pi
| running a service they can just plug into their home switch and
| access it securely from anywhere.
| jakobdabo wrote:
| Tor hidden service. Simple to configure, just works.
| christian_fei wrote:
| Done! Super simple install and configuration too!
| Mister_Snuggles wrote:
| I've got a static-ish address, meaning that my ISP hasn't
| changed my IP in many years, even with modem or router reboots.
| I've been meaning to get a dynamic DNS provider, but it hasn't
| been a priority.
|
| In terms of accessing local services, I'm using StrongSwan on a
| VM with the relevant ports forwarded from my router. Ideally,
| the router would run StrongSwan, but until I switch to pfSense
| I'm living with this setup.
|
| iOS and MacOS devices get a .mobileconfig profile which
| automatically connects when needed and disconnects when the
| device returns to my home WiFi network. My Linux travel laptop
| can also connect, but I haven't figured out how to make this
| happen automatically yet.
| liability wrote:
| Afraid.org's dynamic DNS. I have a single port forwarded for
| wireguard, since it's just for ''personal cloud'' purposes.
| beervirus wrote:
| Dyndns or similar.
| ericd wrote:
| If you have a linux box that's always on on your network, you
| can throw in a simple cron entry to curl a dynamic dns provider
| (entrydns.org works pretty well in my experience), which
| updates their dns entry for a url you set. Set up OpenVPN on
| your router, VPN to the URL, voila, access to your self-hosted
| services.
|
| You definitely shouldn't expose most of these things directly
| to the net, they're not always bulletproofed as much as one
| would like.
| maxmunzel wrote:
| I'm using a 3$ VPS (hetzner) as a VPN server and access my
| local servers that way. You also get a regular VPN for free
| that way and setup is trivial if you use wireguard.
| rovr138 wrote:
| I use a $15/year vps for this. Acts as a bastion to all the
| servers I connect to.
| jjice wrote:
| +1. Allows me to access my Jellyfin and file server from my
| laptop no matter where I am, all for a few bucks and a good
| learning experience with Wireguard.
| mmm_grayons wrote:
| My home IP is technically not static but doesn't change, even
| with router reboots. I still have dynamic dns set up, however,
| because I don't trust that to not change. My ISP threw a
| warning when I forwarded port 80 (something about the TV
| service) but I haven't had any issues (though I serve stuff
| mostly off 443). It's actually really convenient, especially
| since I have a few ten-year-old laptops I can use to host
| stuff. Since I got symmetric gigabit FTTH, I can do basically
| anything with it, even hosting big files.
| eulenteufel wrote:
| Up until recently I used dynamic DNS and it worked well for a
| small website and calender server (radicale).
|
| For hosting an email server a static IP is all but required, so
| I got the free tier VM.Standard.E2.1.Micro VPS at Oracle Cloud.
| It has a static IP and I forward stuff to my rpi3 with dyndns.
| All you need for this is a credit card.
| antognini wrote:
| I've been using DuckDNS [1]. If your IP address changes it
| could take up to 5 minutes to update, but in practice I haven't
| had any problems with it.
|
| [1]: http://www.duckdns.org/
| christian_fei wrote:
| Same here!
| rjsw wrote:
| Switch to a better ISP.
| fao_ wrote:
| I don't see how this is seriously a suggestion. Not everyone
| lives in Silicon Valley and earns a >20k/yr paycheck. There
| are other things to consider like reliability, cost, that
| force your hand.
| linux2647 wrote:
| Dynamic DNS and WireGuard
| christian_fei wrote:
| +1
| jamesfmilne wrote:
| ZeroTier uses central servers to assist machines behind NATs in
| finding each other.
|
| These central servers basically exchange the external IPs of
| each machine on the virtual network. The nodes on the virtual
| network then try their best to establish peer-to-peer
| connections using those external IPs.
|
| I use it all the time with a number of colleagues working from
| home and it works great! We can all join a virtual LAN and see
| each others machines behind our home broadband routers.
|
| ZeroTier runs fine on Raspberry Pi. I use it to link machines
| at home with machines at work, on AWS, Azure, etc.
| boredpenguin wrote:
| > How do people access these servers off of their home network
| (or do they not?).
|
| Wireguard, listening on the public IP with port forwarding, and
| using a dynamic dns client to ensure I can always connect even
| if the public IP changes.
|
| > It seems like most residential ISPs don't provide a static IP
| and some block port 80?
|
| Not the case here in my experience (Spain), but if you're fine
| being the only one with access you only need to forward the VPN
| port.
|
| > I know Zero Tier, and Tailscale exist - but I don't really
| understand how they work
|
| I only used ZeroTier a bit, but IIRC it was something like:
|
| 1) Create a new network in the ZeroTier One website 2) Download
| the ZeroTier client on your machine(s) 3) Enter the network ID
| 4) (optionally) authorize the device on the web UI 5) Now the
| device can connect to other ZeroTier peers on the network you
| created!
|
| (So yeah, at least the "easy" way involves using their server,
| no need to selfhost it). Also this option should work without
| port forwarding.
| anderspitman wrote:
| Can the ZeroTier client create a tunnel without root access?
| That's the biggest weakness of WireGuard IMO. One of the
| things I like about ngrok is it doesn't require root.
| snowwolf wrote:
| Dyndns to solve the static IP issue, and if not all ports are
| blocked setup WireGuard on an open port and connect via that.
| To be honest I prefer to not expose a lot of these home server
| type projects directly on the web as a lot aren't that secure.
| You're better of going via WireGuard.
|
| The only place you get stuck and need an intermediary vps is if
| you are behind CGNAT. I came across this recently that helps
| set all that up. https://github.com/erikespinoza/v4raider
| StillBored wrote:
| The pi4 even overclocked isn't a great number cruncher, and I
| don't think the gpu acceleration has landed yet..
|
| So I might expect it to be on par with that old of a macbook but
| not beat it by nearly 2x, particularly if the macbook is being
| accelerated. (despite having 2x the core count) Which makes me
| think the MBP may be suffering from some serious thermal
| throttling, which wouldn't be uncommon on machines of that
| vintage.
|
| I also assume the call line is:
|
| https://github.com/christian-fei/raspberry-pi-time-lapse/blo...
|
| which is noticeably missing the -hwaccel switch, which means its
| probably not using the GPU on the mac..
| christian_fei wrote:
| Definitely, good points. Gotta try your suggestion regarding
| the missing flag on the ffmpeg side and report back, out of
| interest. I'm on service battery since a long time in fact I
| consider this setup only temporary, and will soon upgrade to a
| modern machine
| cstuder wrote:
| On my Raspberry Pi 3 I'm running Hypriot OS which installs a
| minimal host OS and then just runs Docker.
|
| Thanks to cloud-init (Old version though) you can even pre-
| configure the boot image with your SSH key etc. which allows you
| to automate your initial install.
|
| https://blog.hypriot.com/downloads/
|
| https://cloudinit.readthedocs.io/en/0.7.9/topics/capabilitie...
| christian_fei wrote:
| that is interesting, thanks!
|
| sounds like a super smooth dev and deploy experience
| tssva wrote:
| Ubuntu for the RPi also uses cloud-init. I use it create a
| default user with my username instead of the ubuntu user,
| deploy ssh keys, install packages and configure the network on
| newly deployed Pi's.
| yegle wrote:
| For anyone with a home server and has the need to remotely access
| your self-hosted websites, https://pomerium.io has been a
| wonderful piece of software in my stack.
|
| You can safely expose your self-hosted websites to the internet
| and without the hassle of needing to have a VPN connection first.
| liability wrote:
| I recently thought about getting an RPi4 but ultimately spent
| about a hundred dollars more to get a cheap NUC. It was a bit
| more expensive but it seems like a more robust platform. A real
| AC adapter instead of USB (apparently the RPi4 kind of botched it
| in some revisions? What I read wasn't confidence inspiring),
| takes normal SO-DIMM ram and a typical SSD, doesn't have a
| reputation for overheating.. it seems generally more straight
| forward with fewer 'gotchas.'
| cptskippy wrote:
| I'm torn, I don't think of Pis as traditional servers and have
| two dedicated servers on my network. AND I have a half dozen
| Pis that I use for hosting OctoPrint, DNS, SSH, IoT, Pi-Hole,
| etc... which are traditionally Server functions.
|
| I tend to think of Pis in terms of single function appliances.
| They're obviously capable of more but they're so cheap you can
| just throw one at a single problem and forget about it.
| tyingq wrote:
| If you have an i5 or i7, you may also have the advantage of
| remote KVM (via Intel's vPro) so that you can revive it
| remotely if needed.
| entropicdrifter wrote:
| Not to mention the built-in advantage of Intel's much better
| supported QuickSync video encode/decode if you're doing any
| sort of media streaming.
| Waterfall wrote:
| Won't matter if your main computer does the decoding, and
| for the price of one good computer that can stream to all
| devices including crappy ones versus all good ones and a
| cheap NAS to host, which would you choose?
| rovr138 wrote:
| Guess the question then becomes, do you need transcoding
| on the device streaming?
| Waterfall wrote:
| What advantage does an NUC have over let's say your old laptop?
| They seem like they're the same price as laptops with laptop
| specs but are missing most critical components and are a bit
| smaller.
| liability wrote:
| My last 'old laptop as a server' dying is actually what
| prompted me to buy the NUC. It was a chromebook pixel long
| out of warranty. Until it bit the dust it suited my needs.
| Being a bit smaller is a nice bonus, it might be silly but I
| think the NUC is kind of cute.
| colordrops wrote:
| Which NUC did you end up with?
| liability wrote:
| NUC7CJYH1. With RAM and an SSD it was about $200, while the
| RPi4 kit I was considering was about $100.
| mixmastamyk wrote:
| + real time clock, definitely worth a few dollars.
| sosborn wrote:
| The USB thing, while not great, was a bit overblown. Official
| power source never had a problem.
|
| As far as overheating, there are several passive cooling cases
| that handle the heat just fine. ETA Prime is one place to look
| for videos with tests.
|
| No doubt you get more power and flexibility from a NUC, but Pis
| are pretty great for what they are.
| x87678r wrote:
| I like my rpi but my life got better when I bought a mini pc
| instead. Its pretty common to get a 16GB mem micro for not much
| more than an rpi with power supply, sd card, case.
|
| https://computers.woot.com/offers/lenovo-thinkcentre-m73-240...
| gramakri wrote:
| Yup, similar. I have a thinkcenter m600 series. Quite old but
| works really well.
| _lacroix wrote:
| Setting up a pi-hole DNS server for my wifi network was one of
| the best decisions I've ever made. Horrifying to see what
| percentage of traffic is on the ad server blacklist though...
| h4l0 wrote:
| I wasn't aware that my Samsung Smart TV had been logging almost
| my every action on the TV until I set up a PiHole server. Also,
| my respect for Apple grew by the fact that only device that
| wasn't doing loads of telemetry turned out to be my Macbook in
| the whole household.
| outworlder wrote:
| > Also, my respect for Apple grew by the fact that only
| device that wasn't doing loads of telemetry turned out to be
| my Macbook in the whole household
|
| Turns out that modern electronic devices are expensive. If
| you are not charged up-front, there's a good chance that you
| are being charged in some other way.
| _lacroix wrote:
| Yes!! I was so grossed out by all the logs from my Smart TV.
| I'm embarrassed to say that I worked in ad tech (as an
| engineer) for years but I still didn't fully comprehend how
| pervasive that kind of tracking is in literally every
| environment.
| Waterfall wrote:
| I was going to do this, but you can usually just change the DNS
| and add a hosts file to your router assuming it can run
| firmware that allows it (like tomato or ddwrt). It seemed
| pointless to try since the charts work for http and everything
| is https now. I didn't setup specs for traffic but the setup I
| use is much lighter. Just wanted to suggest this for anyone who
| might want to block on their home network. I also use it as a
| NAS with USB3.0 to SATA with An SSD.
| _lacroix wrote:
| You can set up DNS over https with pi-hole btw, I did that
| for mine. It's definitely not the only way to achieve this
| kind of ad blocking but if you're like me and have several
| old raspberry pi's laying around from abandoned projects then
| it's a nice way to put one to good use.
| christian_fei wrote:
| Definitely!
| KingFelix wrote:
| I have a RP4 on my desk collecting dust, need to get it up and
| running for something useful. This post has got me motivated to
| find a use for it.
| chrisdalke wrote:
| My favorite use of a Raspberry Pi has been to run a Jenkins
| instance.
|
| I use it for CI/CD on projects, but also for automating other
| tasks -- You can use Jenkins to wrap any arbitrary script with
| more higher-level logic and extensibility than a cron job.
|
| For example, I use Jenkins to automate multiplatform builds for
| some side projects, to periodically ingest data into a
| database, perform cleanup jobs, etc.
| christian_fei wrote:
| That's nice! Trying out n8n.io right now and it's pretty
| sweet
| christian_fei wrote:
| Glad to hear, enjoy!
|
| Just set up a Tor proxy that I can connect to with one command
| from my PC, by connecting to the PI via SOCKs proxy, good times
| Waterfall wrote:
| They're great as dust collectors but not as good as arduinos.
| You can always use it to run nextcloud if you want your own
| services.
| nicbou wrote:
| I'm using my old Thinkpad T510 as a home server. It's been
| running for 7+ years already. I only need to dust the vents once
| in a while.
|
| It has PiHole, Nextcloud, my humble little Netflix clone, and a
| few other things. If you use ffmpeg a lot, you ought to have more
| power than the RPi offers. I often SSH into it to use it as a
| SOCKS proxy in other countries.
| christian_fei wrote:
| Very cool 7 years is a damn loong time. Interesting seeing how
| the experiment with the RPi will go
| erulabs wrote:
| Nice! I recently wrote a blog article about home-hosting on a
| RPI4 using kubernetes (https://kubesail.com/blog/k3s-raspberry-
| pi).
|
| Such a bright future in home-hosting - really looking forward to
| seeing the movement grow! The https://www.linuxserver.io/
| community is pretty great re: home-hosting apps as well.
| oarsinsync wrote:
| How do I home host KubeSail?
| christian_fei wrote:
| That's awesome! didn't know about https://fleet.linuxserver.io/
| !
|
| Gotta definitely try this, thanks
| erulabs wrote:
| Yeah! They have a really great community in their chatroom as
| well - A lot of our Kubernetes templates are based on their
| excellent Docker images :)
| j1elo wrote:
| Wow linuxserver.io looks amazing! But the sheer number of
| images available make me wish the table had a column with short
| descriptions to know at a glance _what_ is each thing. Most of
| the items (at least those I clicked) don 't even have a
| description or link to home page, so it's difficult to have a
| quick overview.
___________________________________________________________________
(page generated 2020-09-14 23:00 UTC)