Home router, media server and lab in one HP Microserver (part 2)
The second part is a brief but informative story about the Komsomol way of installing and setting up a home server for various needs.
The first part is here .
')
When I was googling on the topic of methods used by other citizens of this sample of server construction and, in particular, the placement of virtual locks on it, I remembered that HP has its own Xen server build with its own useful utilities, and, most importantly, with good, proven firewood under its iron. Decided to take a look. My disappointment was great when it turned out that, firstly, my server is not in HCL for this build, and secondly, which is logical, it is not installed normally on the microserver. He starts to spoil the logs with the inability to launch Xs (who needs them for Xena?), And secondly, nothing has changed with the support of other hardware. Therefore, I downloaded fresh 5.6fp1 and installed it. Wound up with a half kick.
I put it only on the USB screw, I did not touch the rest. After installing on the mana from the wiki, Citrix added screws to the system.
After that, the smartctl was configured for this mana. And since my mail server just does not accept the letter, I have corrected the authorization for this manual.
Of course, because The server will look on the Internet, it was screwed fail2ban . I did not make a notice about the bath by mail, because I do not want to receive half a thousand letters a day. I’m pretty much three-page listing iptables. But he increased the ban time to 1800 seconds.
On this, I found the initial configuration of XenServer complete.
First, the router.
I painfully pondered on what should I put in a router for my home network. There were several options:
1. Configure the router directly in Xen.
2. Set up a router on the fra, where there will be a web-dev-lab.
3. Set up a specialized soft-router in a separate virtual machine, something like PFSense or a stand-alone framework.
4. Buy a piece of hardware with a router function and several gigabit ports.
The first option was rejected before the first glass of Jameson. Substituting the entire system by placing the router on the hypervisor is completely non-comfy.
The second option drowned between the third and fourth. Laba - she is a lab to ruin it. And the Internet in the house is always needed.
The third option died on the test setup stage. Just did not start - “panek-panek-panek!” At the start with iso. Obviously, BSD in the PFSense image is not aware of the existence of the Athlon Neo. The blood relative - m0n0wall - got up, however, without a bitch without a hitch. However, his total wretchedness turned me away from him further to Google. It was boring and greedy to set up a separate fr only for routing - memory is already limited, and it was a pity to allocate a quarter of gigabytes to the router.
Somewhere in the third quarter of the bottle, a Lithuanian creation called Mikrotik was discovered. And then I regretted not knowing about them before. Severe Baltic guys do beautiful things on hardware and they also sell their RouterOS to everyone.
Since in the open spaces of the default city no one from the warehouse offers the piece of metal I need, I decided to try RouterOS in action. I downloaded a demo that lives without a key for a day, and began to tweak it for mana ( 0 , 1 , 2 , 3 ), I will smoke a mana over a multicast for another week and I will have a normal, bug-free IGMP-Proxy and, accordingly, a TV without a damned Corbin box . In general, I marked the demise of Mr. Jameson by sending an order for a Level 4 RouterOS license.
For an initial setup for Corbin / Beeline, I recommend this amazing roadmap. Do not forget to remove the “add default route” checkbox for the DHCP-Client - without this, the Internet on this roadmap does not work, and do not forget to remove the default route from 0.0.0.0 to 192.168.0.1.
The next day, an 8-port gigabit piece of hardware from Linksys was bought to provide a truly fast Ethernet home network, which for two years at a comrade in the office has been regularly discussing the video editing department. A switch stupid like a stump, but honest gigabit on at least 4 ports at once, does not heat up and is not buggy. I do not need such speeds in 4 ports, I bought into a “reliable” one.
VPN for access to the Internet through any McDonald's
Every sane person knows that in order to not steal anything from you, you just need not be given an opportunity to steal.
Therefore, a simple PPTP server was raised on a fresh and deliciously smelling fair license of microtic. It is adjusted on mana in five minutes, there is nothing to go deep into. Routing do not forget to register, and then the Internet will not be at vpn-client.
Secure Windows for remote access
While I was laying the wires for fast Ethernet, Windows XP got into Microserver, three licenses for which I have stored from one funny case when I was given a salary by Windows. I need a wind on this device for remote access from some beautiful far to everything that may be necessary for me in a situation, if both money and documents, and currency - everything is left at the guide. Well, it turned out ... Send for a second, and lost in the sands. .
Here it is necessary to clarify one important point: since the beautiful can be far some Internet cafes in India, where a greedy admin collects all passwords with keyloggers and sniffers, the Swivel PinSafe system, which is unmatched in its elegance, protects Windows from the most striking representatives of sexual minorities. These wonderful people invented and implemented an authorization system for one-time passwords, with which you don’t need to carry any stupid key fobs with dials and watches. You just have to remember your pin. This beauty works like this:
Moreover, authorization using this product is available for a very wide range of systems. And for paranoids there you can set up tsiferki, letters, so that they jump and run and, of course, case sensitive, and also it can SMS. But the best part is that up to five users this system is free. Strongly recommend to read. Especially to people who are responsible for security in banks and force customers to wear stupid scratch cards with one-time passwords.
I warn you right away, putting an animated screensaver on a windows-logon is a bad idea. MSGina hangs himself to death from such wealth.
In general, in Windows I have a fire set of all communications and access to all the necessary data. There are 3 gigabytes of RAM left. We will spend further.
Web laba
Two systems were installed. Both are FreeBSD with Apache, MySQL, PHP web kit and prilady to them. The difference is that I gave one to two cores and a memory gig, and the second to one core and 256. So to say, the “poor relative” assembled. To test projects under load in conditions as close as possible to hosting. Everything went as usual and was not clouded by panic.
For each system, immediately after installation, a snapshot was made, to which they would be reversed after the testing of the project was completed and it would be necessary to release the system for the next one. Very comfortably. I love snapshots.
Media Center
I always wanted something “like”. So that there is a system that can be accessed through the browser and get everything your heart desires downloaded from the Internet. However, the harsh reality quickly brought me back from dreams to earth; No tru media server works without a normal video card or at least a normal processor. Even streaming video over the network directly into the projector was too tough for this undecided. Therefore, the appetites were moderated and in the last virtual machine appeared the old, kind FreeNAS, to which the regular Transmission was bolted. I will not load the topic with a description of the process that is already five hundred times described in the network in any language.
So what we got in the end? It turned out a small box that distributes the Internet around the house, stores entertainment, serves the lab, provides me with a safe connection from free-WiFi, an emergency desktop, and besides, it’s convenient to fold your legs!
Event budget:
HP N36L Microserver - donated, but at retail costs ~ 12t.r.
2 * 2Gb DDR-III 10600 - rearranged from the machine where there were virtuals with labs. 1500r. retail.
4 * 500 Hitachi - Two from the old labs, two more from the dead Qnap. Retail 6t.r.
1 * 1Tb Hitachi - taken from old labs. Retail 1800r.
1 * 80Gb Toshiba 2.5 ”-“ legacy ”from laptop after upgrade. Retail ~ 500r.
1 * 14cm fan - “inheritance”. ~ 250r. in Moscow
2 metal grids - “spare parts” of dead bp. Retail 50-100r. thing.
Linksys SG 100D-08 - 3300r.
Windows XP license - not for sale, Win7 is for 4t.r. on sale.
Mikrotik RouterOS 5.2 lev4 - 1000p license.
10 liters Heineken - 900r.
1l Jameson - a gift. Retail - ~ 800r.
Total: ~ 32000r., If you buy everything. My real expenses turned out 4300r.
Time: with all the experiments and the brain with a network card - 10 nights.
PS: Asterisk PIAF is a good and well-documented PBX for small offices. Very small. Or for those who do business at home. In general, you can not imagine better.
PS2: XBMC is the hereditary name of the virtual after trying to install this great MC. Now there is FreeNAS.
The first part is here .
')
Point 2
Soft
When I was googling on the topic of methods used by other citizens of this sample of server construction and, in particular, the placement of virtual locks on it, I remembered that HP has its own Xen server build with its own useful utilities, and, most importantly, with good, proven firewood under its iron. Decided to take a look. My disappointment was great when it turned out that, firstly, my server is not in HCL for this build, and secondly, which is logical, it is not installed normally on the microserver. He starts to spoil the logs with the inability to launch Xs (who needs them for Xena?), And secondly, nothing has changed with the support of other hardware. Therefore, I downloaded fresh 5.6fp1 and installed it. Wound up with a half kick.
I put it only on the USB screw, I did not touch the rest. After installing on the mana from the wiki, Citrix added screws to the system.
After that, the smartctl was configured for this mana. And since my mail server just does not accept the letter, I have corrected the authorization for this manual.
Of course, because The server will look on the Internet, it was screwed fail2ban . I did not make a notice about the bath by mail, because I do not want to receive half a thousand letters a day. I’m pretty much three-page listing iptables. But he increased the ban time to 1800 seconds.
On this, I found the initial configuration of XenServer complete.
Point 3
Virtuals
First, the router.
I painfully pondered on what should I put in a router for my home network. There were several options:
1. Configure the router directly in Xen.
2. Set up a router on the fra, where there will be a web-dev-lab.
3. Set up a specialized soft-router in a separate virtual machine, something like PFSense or a stand-alone framework.
4. Buy a piece of hardware with a router function and several gigabit ports.
The first option was rejected before the first glass of Jameson. Substituting the entire system by placing the router on the hypervisor is completely non-comfy.
The second option drowned between the third and fourth. Laba - she is a lab to ruin it. And the Internet in the house is always needed.
The third option died on the test setup stage. Just did not start - “panek-panek-panek!” At the start with iso. Obviously, BSD in the PFSense image is not aware of the existence of the Athlon Neo. The blood relative - m0n0wall - got up, however, without a bitch without a hitch. However, his total wretchedness turned me away from him further to Google. It was boring and greedy to set up a separate fr only for routing - memory is already limited, and it was a pity to allocate a quarter of gigabytes to the router.
Somewhere in the third quarter of the bottle, a Lithuanian creation called Mikrotik was discovered. And then I regretted not knowing about them before. Severe Baltic guys do beautiful things on hardware and they also sell their RouterOS to everyone.
Since in the open spaces of the default city no one from the warehouse offers the piece of metal I need, I decided to try RouterOS in action. I downloaded a demo that lives without a key for a day, and began to tweak it for mana ( 0 , 1 , 2 , 3 ), I will smoke a mana over a multicast for another week and I will have a normal, bug-free IGMP-Proxy and, accordingly, a TV without a damned Corbin box . In general, I marked the demise of Mr. Jameson by sending an order for a Level 4 RouterOS license.
For an initial setup for Corbin / Beeline, I recommend this amazing roadmap. Do not forget to remove the “add default route” checkbox for the DHCP-Client - without this, the Internet on this roadmap does not work, and do not forget to remove the default route from 0.0.0.0 to 192.168.0.1.
The next day, an 8-port gigabit piece of hardware from Linksys was bought to provide a truly fast Ethernet home network, which for two years at a comrade in the office has been regularly discussing the video editing department. A switch stupid like a stump, but honest gigabit on at least 4 ports at once, does not heat up and is not buggy. I do not need such speeds in 4 ports, I bought into a “reliable” one.
VPN for access to the Internet through any McDonald's
Every sane person knows that in order to not steal anything from you, you just need not be given an opportunity to steal.
Therefore, a simple PPTP server was raised on a fresh and deliciously smelling fair license of microtic. It is adjusted on mana in five minutes, there is nothing to go deep into. Routing do not forget to register, and then the Internet will not be at vpn-client.
Secure Windows for remote access
While I was laying the wires for fast Ethernet, Windows XP got into Microserver, three licenses for which I have stored from one funny case when I was given a salary by Windows. I need a wind on this device for remote access from some beautiful far to everything that may be necessary for me in a situation, if both money and documents, and currency - everything is left at the guide. Well, it turned out ... Send for a second, and lost in the sands. .
Here it is necessary to clarify one important point: since the beautiful can be far some Internet cafes in India, where a greedy admin collects all passwords with keyloggers and sniffers, the Swivel PinSafe system, which is unmatched in its elegance, protects Windows from the most striking representatives of sexual minorities. These wonderful people invented and implemented an authorization system for one-time passwords, with which you don’t need to carry any stupid key fobs with dials and watches. You just have to remember your pin. This beauty works like this:
Moreover, authorization using this product is available for a very wide range of systems. And for paranoids there you can set up tsiferki, letters, so that they jump and run and, of course, case sensitive, and also it can SMS. But the best part is that up to five users this system is free. Strongly recommend to read. Especially to people who are responsible for security in banks and force customers to wear stupid scratch cards with one-time passwords.
I warn you right away, putting an animated screensaver on a windows-logon is a bad idea. MSGina hangs himself to death from such wealth.
In general, in Windows I have a fire set of all communications and access to all the necessary data. There are 3 gigabytes of RAM left. We will spend further.
Web laba
Two systems were installed. Both are FreeBSD with Apache, MySQL, PHP web kit and prilady to them. The difference is that I gave one to two cores and a memory gig, and the second to one core and 256. So to say, the “poor relative” assembled. To test projects under load in conditions as close as possible to hosting. Everything went as usual and was not clouded by panic.
For each system, immediately after installation, a snapshot was made, to which they would be reversed after the testing of the project was completed and it would be necessary to release the system for the next one. Very comfortably. I love snapshots.
Media Center
I always wanted something “like”. So that there is a system that can be accessed through the browser and get everything your heart desires downloaded from the Internet. However, the harsh reality quickly brought me back from dreams to earth; No tru media server works without a normal video card or at least a normal processor. Even streaming video over the network directly into the projector was too tough for this undecided. Therefore, the appetites were moderated and in the last virtual machine appeared the old, kind FreeNAS, to which the regular Transmission was bolted. I will not load the topic with a description of the process that is already five hundred times described in the network in any language.
Conclusion
So what we got in the end? It turned out a small box that distributes the Internet around the house, stores entertainment, serves the lab, provides me with a safe connection from free-WiFi, an emergency desktop, and besides, it’s convenient to fold your legs!
Event budget:
HP N36L Microserver - donated, but at retail costs ~ 12t.r.
2 * 2Gb DDR-III 10600 - rearranged from the machine where there were virtuals with labs. 1500r. retail.
4 * 500 Hitachi - Two from the old labs, two more from the dead Qnap. Retail 6t.r.
1 * 1Tb Hitachi - taken from old labs. Retail 1800r.
1 * 80Gb Toshiba 2.5 ”-“ legacy ”from laptop after upgrade. Retail ~ 500r.
1 * 14cm fan - “inheritance”. ~ 250r. in Moscow
2 metal grids - “spare parts” of dead bp. Retail 50-100r. thing.
Linksys SG 100D-08 - 3300r.
Windows XP license - not for sale, Win7 is for 4t.r. on sale.
Mikrotik RouterOS 5.2 lev4 - 1000p license.
10 liters Heineken - 900r.
1l Jameson - a gift. Retail - ~ 800r.
Total: ~ 32000r., If you buy everything. My real expenses turned out 4300r.
Time: with all the experiments and the brain with a network card - 10 nights.
PS: Asterisk PIAF is a good and well-documented PBX for small offices. Very small. Or for those who do business at home. In general, you can not imagine better.
PS2: XBMC is the hereditary name of the virtual after trying to install this great MC. Now there is FreeNAS.
Source: https://habr.com/ru/post/119257/
All Articles