When the capabilities of the staff router with “openwrt” on board were completely depleted and the processor load began to affect the stability of the network, it was decided to relieve the hard worker by transferring the functionality to the home server. In view of the fact that the piece of iron will be several orders of magnitude more powerful, it was decided to provide it with a bunch of additional features that the old man never even dreamed of. The hull was also decided to do it yourself.

The list of tasks that the home server performs:

1. Virtualbox server based on virtualbox c WebGUI;
2. Firewall;
3. A torrent rocking chair based on the transmission and a file server;
4. Telephony server based on Asterisk;
5. TFTP server for network booting and configuration of various equipment;
6. Private cloud to store files based on "owncloud";
7. HTTP proxy Ace Stream for viewing TorrentTV;
8. Hosting for a home site with access via https;

Photos to attract attention:
')

Chapter 1. Build, Build

The main functionality described, proceed to the selection of iron for the whole of this economy.

After much deliberation and a couple of tests, the following components were purchased:

1. Motherboard msi j1800i format Mini-ITX;
2. 2 levels of DDR3 memory for 2 GB each;
3. 230 watt power supply;
4. 2 2.5 'hard drives for 320 GB were available;
5. The tp-link 1043ND router was available (It was a shame to throw it away);

After evaluating the dimensions, it was time to make a new house for them, I did not consider buying a case, because I don’t buy what I want in the city, and it’s interesting to do it myself.

Unfortunately, there are no photos of the process of creating the case, but I will briefly describe the process. After the creation of the drawing was completed, it was transferred to plywood 6 mm thick and cut with a cutter assembled on the knee from an old transformer and nichrome thread. How to make this yourself, you can see here .

Chapter II Customization

With the iron part sorted out, now it's time to start configuring the functionality. The 64-bit “Debian 7 netinstall” was chosen as the OS, and during the installation the disks were merged into software RAID0. Anticipating a holivar, on the topic of fault tolerance, all the important data lies in the clouds, so if a disk fails, the system can be deployed from a backup copy rather quickly.

The system is installed, proceed to the implementation of the above plan.

2.1 Virtualbox server based on virtualbox c WebGUI

To maximize the use of iron resources, you will need to install a virtualization server; in this case, the virtualbox software package is used.

2.2 Firewall

We proceed to the design of the home network, in the general concept of the network is as follows:



It is necessary to reconfigure the router a little. In the “openwrt” settings, we create the required number of VLANs and distribute the ports on them, since this motherboard has only one ethernet port, then we make it trunked and we start all VLAN with tags to it.

We re-configure network adapters on our server, before this you need to install a package to support vlan: apt-get install vlan .


As a firewall, I chose the implementation of "cisco ASA" on a virtual machine. I will not argue: the decision is strange, incredibly crutch, but due to the need to connect to the working networks of several companies via the “IPsec site to site vpn” with similar pieces of hardware, but in a normal design.

Immediately I wanted to note that it has been working stably for 4 months, there are no problems, the link is stable, the connection speed for this implementation turned out to be ~ 20 Mbit / s, which is quite good, given that the amount of data transferred is small. In my implementation, this virtual machine manages all incoming and outgoing connections in all VLANs of the home network, the total system load does not exceed 12%.

Downloading the image of the Cisco ASA 8.4 for vmware virtual machine, I will not give links since the first link in the search engine will most likely lead you to it. We load on our server, and we import our car in virtualbox. Along the way, we change all adapters to “PCnet-PCI II” and after import we distribute from in bridge mode over the created VLANs. Also in the settings of the serial port we create pipe / tmp / tts0 by means of which we will carry out the initial configuration of our undercisco .

Further configuration is quite specific and depends on your tasks; in my opinion, it is meaningless to bring the ASA configuration file, since the settings of interfaces, access lists, NAT, VPN and other things are better read separately, since this is not one or even a dozen articles. . I will describe only the basic things that I use. First of all, routing, since all networks are established in it, and it is also the default gateway for the home network, and for the guest network. Secondly, it will deploy "anyconnect" to access the home network via VPN. The “Cisco ASA” basic settings can be found in the “Hands Reached : Continuing About ASA” article of the Fedia Hubrauser , the rest can be found on the network as needed.

The first provider is the main one; the configuration implements the switching mechanism to the second provider in the event that the first is not available so that the second one does not get bored at this time, the free open guest access point is set to it. Based on the workload of the second channel, the neighbors are very pleased with this gift of fate.

2.3 transmission torrent rocking chair and file server

About the description of the settings of this functionality is not broken a small number of keyboards, but still describe the setting here for the heap, so to speak.


After configuring samba, you can install the workhorse to download torrents.

2.4 Server telephony based on Asterisk + FreePBX

Calls are not cheap, especially when working frequently and in different countries, even though there are vpn-tunnels before work — it would be strange to say, not to deploy a telephony server. Based on the above mentioned scheme, we are raising a new virtual machine and starting its network interfaces into the VLANs we need. The asterisk + freepbx installation itself will not be described as, before me, siv237 did a great job with this task and described everything in the publication Easy installation of Asterisk + FreePBX for beginners .

After installation, we start the necessary trunks in the FreePBX interface, set up a dial plan, create a user, and enjoy life. Due to a miraculous expiration of circumstances, my main provider provides a city number via sip, which in fact was the main reason for the deployment of this server.

A mobile phone, when I'm at home, is always connected to Wi-Fi, which is why it has become my main sip phone. When unavailable, the server redirects to my mobile phone via the city line. After connecting the Wi-Fi antenna located on the roof of the house, I can go for bread without any problems, without missing an important call and without paying for either the Internet or in minutes with the redirection.

In the near future we plan to buy several USB modems that support the voice transfer function and configure the output to mobile networks. Save as full.

2.5 TFTP server for network booting and configuration of various equipment;

If you honestly forgot about this very convenient function, it used to be redundant for me, and then just flew out of my head. Somehow after the next viewing of my beloved Habra I came across a publication “Boot server - like a bootable USB flash drive, only a server and over the network” , written by Romanenko_Eugene , with a description of all this. Better than him, I probably won't be able to describe, so I'll leave this part behind him. On the basis of this article, the distributives I needed were compiled and I forgot what a bootable USB flash drive is.

2.6 Private cloud for storing files based on "owncloud"

After several clients for cloud services have appeared on the phone, thoughts involuntarily begin to appear, how to unite the whole economy. As a result, it was decided to build your own cloud, create directories in it to synchronize with other clouds and enjoy life.

“Owncloud” was chosen as a platform, and I use box.com, dropbox, google drive, yandex disk, onedrive as external cloud providers. The list is extensive, but the idea is simple. To begin with, we put clients on the machine and set them up for synchronization in the directory previously created for each cloud, then put “owncloud” on top of this farm.

There is no sense to rewrite the client installation guide, they can be found on specialized sites. And all that concerns the installation of "owncloud" described BlackIce13 in the publication "Experience installing ownCloud 6 on Debian 7 wheezy . " It remains for us to think about what and where to synchronize in order to sleep peacefully, having a server with RAID 0.

2.7 HTTP proxy Ace Stream for viewing TorrentTV

After the next disconnection of cable television for the delay in payment, the search for alternatives was started, which were found very quickly - TorrentTV. The only negative is that you need the acestrem client to view.

To keep the 750 watt monster on to distribute television directly to the television is quite wasteful. After a brief search, a solution was found - a proxy that transforms the torrent stream into http. The problem was solved rather quickly, now for 60 rubles a month you can watch a mountain of channels.

The only negative is the rather slow channel switching.


That's all, it remains only to create a playlist of your own taste and enjoy watching your favorite channels.

2.8 Hosting for a home site with access via https

As for hosting, everything is ready with us. Apache is for php lovers, everything is ready too, but I love Flask, but that's not the point, but in the green lock in the address bar. Which pleases the eye so much when recruiting the cherished https: // thanks to an article written by the user SLY_G . Just a couple of minutes you can please your eyes, seeing in the address bar a green miracle, receiving a free ssl certificate.

I thought about buying a domain for a long time. And there is a static, and a desire, but to give blood for a domain that does not please, for all the good names have already been bought, or I have no imagination. But in general, it was decided to create an ssl certificate for the domain name from ddns. Free and angry, but friends will not see a terrible warning about the insecurity of my cloud when I send links to various files from my repository. Yes, and most constantly do not have to see these windows. In general, I advise you to use the freebie.

findings

Having spent on equipment about 4 thousand rubles, you can get quite a lot of functionality and use iron almost to the fullest extent. Currently, the average processor load is ~ 60% with rare peaks. RAM is used almost completely by 80%, but these are consequences of virtualization. The host and machines in the swap have not yet been.

The server covers 90% of my desires. Most pleased that such a modest iron works at 100% with low power consumption. So, the electricity bill after switching from a router to such a server has not changed significantly.

PS I ask in case of detection of errors and inaccuracies to report in the LAN. This is my first article on Habr.

PPS Dear community, this article is not a configuration guide or a benchmark for correct configurations. This is just another article about what can be done with your old iron for the benefit of home LAN.

PPPS I would be very grateful for feedback and new ideas on this topic.