Software: First and foremost: must be unix-like, must be able to communicate in both ways with an open-wrt router firmware distro and the devices on the local network (android, windows, linux, ipadOS systems). Must be very secure, like enterprise-grade or almost like that. Must be free and open-source. Must be somewhat fault-tolerant (so no Arch or gentoo or anything like that, i don’t feel like recompiling the server’s system daily). Must have these in base repos or easily installed in other methods: secure ssh client (like openSSH or such caliber), a software that enables me to securely control and see the gui of the server from android (Rustdesk? or such), (optionally i2p, dnscrypt, vpn clients, not needed if the router has them, just in case of emergency), ip camera management software, high-security intrusion-detection system, https server with css and js support (preferably command-line). Window manager: must support a very easy to use and lightweight tiling window manager (like i3wm) or if not, its installation and configuration needs to be possible and documented.
Hardware: affordable, x86_64 architecture, should be able to handle all of these at the same time, without freezing or overheating (i live in Hungary, so should be able to handle up to 40°C air temperature with stock fans or there should be space for more fans. liquid cooling is no-go).
I have considered these operating systems. Are any of these bad ideas? What you recommend that is not here?
AlmaLinux Alpine Linux Ubuntu Server Rhino Linux (unofficial ubuntu rolling) Debian Testing Void Linux FreeBSD
ps: I want to avoid debian. I need more recent software than that. Maybe debian testing can get into consideration, but certainly not the main build
can you give examples of what you need more recent versions of?
anything that has even a little to do with security. Not like a live release enviroment where i grab packages almost instantly, but i don’t think my server could be secure with 5 months - 2-3 years old packages
I’m quite sure Debian’s server-related packages are kept patched against security issues in a timely manner
if debian, i’d still go with testing
for what kind of software? also, do you maybe also have exact features on your mimd?
survallience, ids, vpn, dnscrypt, i2p, and all of their depencies
I run all of these or their equivalents in docker containers and have up to date versions of them. to me it makes management easy and the system clean from random files at random places. just one example: fortunately it does not need babysitting but i2p keeps its files in a very disorganized way inside the container, and I would never want to install it directly to the system (maybe unless the system would be dedicated to that)
Ubuntu is debian-based, and their repositories are kept pretty up-to-date. They offer a server config.
what about Rhino (it is Ubuntu’s unofficial rolling distro)?
I’m confused. Your OP seems to describe wanting something stable and “fault-tolerant,” but then you go and ask about an unofficial rolling distro? I think you should figure out what your priorities are first.
i have priorities. And fresh software is higher priority that being ultra stable and fault tolerant. I used Tumbleweed which is a rolling release and it was perfectly stable. I would use SUSE server in no question, if it was free
I didn’t mean to imply you didn’t have priorities, just that a couple of them seemed to be conflicting. To me, what you described called more for reliability than cutting edge. I understand your concern with getting security updates expediently, but you can get those with less system stability risk using a more standard distro.
I haven’t used a SUSE in a very long time, but as I recall Tumbleweed is an official product of theirs. I’ve not heard of Rhino until now, which gives me pause in considering it - let alone the fact it’s not backed by a known significant team. There’s nothing wrong with that, but when setting up a server like you’re describing I’d rather it not require a significant amount of time at random once I’ve got it up and running, which is what can happen when relying upon less vetted software.
It’s your choice, obviously. Rhino looks like it might make a nice desktop to play with, but I personally would really be hesitant to use it for a server because I just don’t have the time to deal with problems at random - I’ve got enough of those already in my life. Your priorities are obviously different, and there’s no denying the fact that even things going awry on your server can be a plus from a learning perspective. I would really be concerned with the project being abandoned since it’s just a year old, tho.
Good luck whichever way you choose to go.
I run Slackware on all my servers
i heard it is extremely hard to use. is it true?
Preface: Not the person you responded to.
I’ve never used Slackware myself, but it’s probably the oldest distribution out there. It’s supposed to be stable AF, doesn’t “fix” what ain’t broken, and is very old school in its efficiency mindset. This means it’s indeed not likely to hold your hand through things, but it’s also very thoroughly documented at this point, and any help you find online is much more likely to still (mostly) work regardless of it’s age - unlike most other more frequently updated distros. It’s meant to be reliable, not fancy.
I have considered these operating systems. Are any of these bad ideas? What you recommend that is not here?
why not Debian? Perhaps Proxmox (but only if you are interested in virtualization based separation)?
If they want to run all those services, they will absolutely need some kind of separation like VMs or containers, else it will very quickly become a mess.
Proxmox has been pretty good to me. I have an ancient office PC that has proxmox installed as the hypervisor. It’s based on debian but everything is done via a web interface (you can ssh or whatever into it too if you needed to). Then I have debian with docker containers, TrueNAS, and home assistant all installed as VMs. Benefits to this means you can put mission critical stuff on the “boring” debian and then have fun with whatever you want to tinker with on an entirely different os/Virtual Machine. I also use wireguard easy which is stupid simple to setup a VPN with. I would strongly recommend keeping all management of the server on the local network and use a VPN to connect. This will get you the “enterprise grade” security. Anything public should go through a reverse proxy/DMZ VM if you host something on the Internet. Use cloudflare or similar as an extra layer if you need a domain name and want a buffer between users and your network. Keep that device and software up to date and you should have a great defense.
IDS wise, it’s a lot of work. You’re better off spending that time working on building security by design by doing the above and ensuring anything that touches the public Internet has as little permissions as possible (no running the web server as root/user account), firewall management, etc. If you do want the challenge, or are Interested in learning something like security onion, wazuah or whatnot, don’t let it stop you.
Hardware wise, affordable and uptime could mean it might be cheaper to have a backup machine. Proxmox has features to support high availability where if one of your physical servers go down, another can take over (2 physical servers that are copies of each other). You could have a decent workstation and then a used PC or whatnot as the backup. More important is probably a UPS and some workstation gear unless you want a screaming server jet in whatever room it goes in. Nothing you’ve mentioned seems too performance heavy so technical PC recommendations are going to vary based on expected traffic or use cases. My 2014 DDR3 office PC manages just fine but it’s for very few people and in air conditioned space. You could probably price out mid grade consumer equipment for the main server and a used office PC for redundancy.
is it a big problem if i don’t use virtualization? And i think if i ever need a public website, i will use an another machine to host that, or a docker. Also, what kind of cpu is needed and how much ram? i don’t want a headless server, since survallience stuff needs graphical enviroment, my best bet would be a lightweight x11 window manager
Virtualization can be nice in that you can tinker and not worry about dependencies. Plus you can have one resource that’s stable on FreeBSD, another that works well on Unix, etc.
Headless servers can run surveillance stuff via web interfaces or API/app integrations. Plus you can use the GUI via vnc, spice or another service to get to your x11 environment. I find proxmox easier than docker/containers as most of my troubleshooting is there. I’ve got security cameras linked to home assistant and it’s all headless. You could plug a monitor in and pass that to a virtual machine to get the desktop experience.
Hardware recommendations are going to need more information. Number of users? Number of cameras/tasks the server is expected to do concurrently, will you have media/NAS hosting and if so, how much space and how fast do you want that to be?
Your use case in the OP for less than 4 users could probably be run on a potato (my potato is bottlenecked by wifi @ 10MBps). 10-15 users streaming media or 20 cameras constantly streaming to a monitor could easily eat up a decent chunk of resources.
If you’re not exposing anything to the Internet, you probably don’t need an IDS. It’s a lot of effort to reduce false positives/tune it and the benefits are probably not worth it unless this is a business use case. Enterprise IDS/SIEMS used by actual companies is typically not FOSS because it needs that support provided by the vendor.
it will be around 5-15 users at the same time (end devices), 5-10 cameras (720p, 25fps, with lightweight motion detection), it will surely host that, and some ids like Snort or Suricata (not actual enterprise software, only something that is open-source and tries to imitate such security), maybe 1-5 static websites. In emergency, it will take the file server, i2p, dnscrypt, vpn hosting as well. And there should be still some resources free, for stability and performance. I have 15-20 mb/s wi-fi, according to ookla speedtests and torrent downloads (i’m living next to a forest). oh and i would like to mitigate ddos attacks, at least with the basic blackholing method (redirecting excess traffic to localhost). However, if i can configure a more reliable method, then i will use that
Based on your description, your exposing something to the Internet. You absolutely should have things virtualized/containers and use a reverse proxy. Use cloudflare for the domain name registration and take advantage of their ddos protection. Keeping everything virtualized/separated would also give an IDS a fighting chance since they’d have to pivot if you bothered to setup firewalls between the devices.
If you have the space for some used servers, you can find something affordable. Any enterprise server will be loud and electricity costs should be factored.
If you don’t have the space for a noisy server, an old workstation on the used market can be affordable. Otherwise you can build something yourself using consumer parts. Ryzen 5 (Ryzen will allow you to use ECC RAM which is something you might want) or an i7/Xeon from the previous generation or two should be more than enough. Add 32-64Gb of RAM and a SSD boot drive. I’d probably get HDDs designed for surveillance to save cost and put your file server storage on an SSD separate from the OS. Backups on VMs are stupid easy too which means you’re more likely to bother using and testing them.
Edit: forgot about GPU. If you’re using as a media server and need transcoding or another reason, an external GPU like the Nvidia p600 m4000 will work. Use this link to figure out what you need (you don’t have to use Plex it’s just a guideline)
i really need such strong hardware for hosting these basic things? my dream gaming pc isn’t that powerful. This seems very unrealistic, what you mentioned is top-tier hardware
All of those components should be used and a few generations behind to save cost. A used Quadro m4000 is about $100 usd in the US. A used Xeon based office PC all in should be ~$400-600 USD max stateside and you can find whichever drives you need to add. I don’t know what your local economy is like or what you can expect. If you’re able to find a used office PC or and older device, give that a try and see if it works. If you have 15 users all hitting a computer it’s going to take resources. Those resources are going to depend on what they’re doing. If you want enterprise fault tolerance, ECC may be worth the extra cost. If you want to budget it out you can probably get everything you want running on something 4-5 generations behind for around $100 USD + drives cost.
Consider if you’re going media streaming like a Plex/jellyfin server. It would be kinda similar to playing 15 YouTube videos on your desktop.
If it’s 15 users with maybe 2-3 hitting it at any one time then you can build cheaper and get decent performance. If you’re just hosting static pages/simple programs with low resource requirements anything post 2010 with 4 cores and 8GB RAM will probably run it fine and work as file storage for cameras.
any quadro cards are very rare in my country, it is hard to find one, especially on the used market. And around 4-5 users will go on the network at the same time, plus the cameras. 400$ would be too much, but 100$ is pretty good. currently i’m browsing used PCs from 2012-2016 around the 100$ category