Last year I decided to build my first server. Initially I just wanted to host my own cloud service, but I thought I could expand it into something a bit bigger. I didn’t want an ordinary server running on some VPS. It was important that I would be in total control of my own online data, meaning no one could gather any information about me without me having published it myself first.

I had a bit of experience with Linux servers from the past. Being a student, I was eligible for a 50$ Digital Ocean coupon from GitHub Education. Picking the cheapest VPS lasted me almost a year. During this time I learned the very basics of maintaining and configuring an Apache server on my own. I even managed deploying a cloud instance with Nextcloud. Digital Ocean has plenty of well-written tutorials for all of this. It’s still a resource I use today.

For my own project however, I made up a couple of rules:

  • All the hardware for the server must be owned by me.
  • Outgoing traffic needs to be hidden as much as possible.
  • The domain name information should not be traceable to me or my location.
  • The companies I would buy services from should preferably be domestic.

The setup

The setup was pretty straight forward. Since I would own the server physically, I needed to make sure that it was protected by a VPN on my network if the outgoing traffic were to remain hidden. I decided that the best way of doing this was to let my router run the VPN. This would not only lead to less tinkering on the server itself, but I would also benefit by having my whole home network protected.

Network Topology

The server would host several applications: Nextcloud for cloud storage, my personal website, as well as just being an external machine that I could access remotely. Therefore, a neat domain name would be preferable. I just had to make sure a simple whois query would not reveal any personal information.

Server

I bought myself a Raspberry Pi 3 Model B+ and two 1TB HDDs. Although the Pi isn’t the optimal solution for a NAS, it still is decent enough for my intended usage. To use the HDDs with the Pi, I needed a docking station. It was important that this docking station ran on an external power source too, since the Pi alone couldn’t output enough power. All in all, the hardware cost me around 150€. I installed Raspbian, configured the two HDDs to be used as main storage and backup, and setup a simple Apache server running Nextcloud. There are ready-made Nextcloud images for the Pi, but I felt more comfortable building my own instance from scratch since it would give me more control. After about an hour or two, I got the server up and running. I also wrote this backup bash script that keeps a maximum of three backups, which I made run every third day with a simple cron job:

#!/bin/sh
START=$(date +%s)
TODAY=$(date +"%Y%m%d")
SOURCES="/etc /var/www /var/lib /home /mnt/harddisk"
LOG="/mnt/backup/BACKUP_success.log"
RECENT="/mnt/backup/recent.*.backup"
PREVIOUS="/mnt/backup/previous.*.backup"
OLD="/mnt/backup/old.*.backup"

rm -rf ${OLD}
rename 's/previous/old/' ${PREVIOUS}
rename 's/recent/previous/' ${RECENT}
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on
rsync -avh --delete --link-dest=${PREVIOUS} ${SOURCES} /mnt/backup/recent.${TODAY}.backup/
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off
# Writes a log of successful updates
END=$(date +%s)
TIME=$(date -u -d @"$((END - START))" +'%-Mm %-Ss')
echo "${TODAY} - Backup successful. Elapsed time: ${TIME}" >> ${LOG}

# Clean exit
exit 0

I ended up ditching the power cable for the Pi and connected it directly to my router instead, via an USB port. Since the server would be heavily depended on the router configuration I figured I might as well make it hardware depended too.

Router

Setting up the router was probably the easiest part of this whole project. To install a VPN running on my ASUS router, I flashed Asuswrt-Merlin. The firmwire supports OpenVPN connections, and .ovpn files usually contain enough data that no extra setting needs tweaking. I did however find Mullvad’s Asus Merlin Guide very helpful for double checking in the end.

Router configuration

VPN

thatoneprivacysite is a great website for finding VPN’s. It has data on around 200 VPN providers worldwide, even ranking them based on ethical and privacy criteria. It doesn’t get any better than this.

I needed to find a provider that not only could offer me servers in Sweden to minimize latency, but also had to offer port forwarding on the standard HTTP/HTTPS ports. I’ve been using Mullvad for well over a year now. They’ve been providing excellent service so far and even support WireGuard. Unfortunately, they don’t offer any port forwarding on standard ports, but instead generate random port numbers. I needed to look elsewhere. After some searching I settled on AzireVPN. According to their documentation they provide public IP addresses that are assigned to only one user at a time and have all their ports opened. A minor inconvenience is that the IP addresses change every time a user reconnects. However, since my router would be running the VPN, connection drops won’t be a big problem.

Website

The one thing left to do was to find a proper domain name that wouldn’t be directly tied to me. This turned out to be the hardest part but for reasons one wouldn’t expect at first. Finding a fitting domain registrar was fairly easy. Njalla is a Swedish based “domain registrar” that I ended up going with. Njalla isn’t actually a domain name registration service. What they instead do is that they purchase the domain for you and sit in between acting as a privacy shield. In other words, my personal information is hidden in exchange for ownership of the domain name. According to their agreement however, I would still have full usage rights. Meaning I could transfer the ownership to myself (or someone else) whenever I wanted, without any extra charge. A fair deal in my opinion. The final task I did was to obtain a free TLS certificate from Let’s Encrypt and the website was ready to go.

So, the biggest reason for not being able to fully hide my location is due to the Swedish government. See, Sweden is one of the few countries in the world where civil registration (or Folkbokföring as we call it) has arguably gone a bit too far. Not only do they keep track of you from your birth to your death, but all of this information is completely free and open to the public. Yes, really. Since there aren’t many people named Adi Hrustic in Sweden, tying the server location to me would probably take less than a minute. There wasn’t much I could do about this.

Result

Every since I deployed the server last year it’s been up and running without any major problems. I migrated all my personal data to it, and even use it to sync my phone contacts and calendar thanks to Nextclouds support for CalDAV. I’m pretty satisfied with how everything turned out. Since I don’t stream anything from the server or upload any major chunks regularly, speed has not been an issue either. Running a speedtest gives me the following results:

Selecting best server based on ping...
Hosted by IPB GmbH (Berlin) [697.01 km]: 41.563 ms
Testing download speed...
Download: 12.27 Mbit/s
Testing upload speed...
Upload: 46.65 Mbit/s

Pretty decent if you ask me!