Tuesday, June 18, 2019

Bonsamatic Dot Com

This is a long and slightly geeky post about refreshing my home server. But I also add in a bunch of mostly irrelevant Osaka photographs, so feel free to scroll past the text and look at the pictures. They are, by the way, taken with the excellent Fuji GF670 folding camera on Kodak Ektar 100 (color); and with the Pentax 67 on Ilford delta 100 (black and white).

Nagai station, Midosuji line, Osaka.

I've had a small server at home for some years now, first only using my desktop for an RSS reader, then setting up a dedicated machine with its own public IP address. I've upgraded it once since then, but kept the installation pretty much the same. I never got around to getting a proper hostname, so I always accessed it directly through the IP address.

In March, the drive suddenly developed an issue ("suddenly" - it was five years old already) and the server went offline. I couldn't do anything about it from here in Naha, but as we planned to spend the Golden Week holiday in Osaka I decided to rebuild the whole thing when I got there. I would have to replace the failed disk, and I wanted to add more storage. Also, while the software worked it felt unreliable and difficult to maintain.

Sleepy. Amemura, Osaka.

Set up the Hardware

I got an SSD to replace the faulty drive, and an external USB hard drive for bulk storage. The computer itself - a six year old Intel NUC with 8GB of ram - is still fine, and more than fast enough for a server like this.

I installed Ubuntu server (using our TV as a monitor). The only tweak I had to do was to use NetworkManager instead of Systemd to set up my network; Systemd lacks support for PPPoE connections that I use to get my public IP address. plug in and format the external drive, and the hardware was ready.

Connecting. Shinsaibashi, Osaka.

The Web Server

I didn't want to keep the messy server set-up I used previously. To set up a real web server with a proper domain and secure connections we need the following things:

  1. A web server. I'll use Nginx.
  2. a fixed IP address. I already buy one from our internet provider.
  3. A domain name. This is the name we want for our server; something like "google.com", "docomo.jp" and so on.
  4. Set up encryption with SSL. The internet is a dangerous place these days, and we want all communication to be encrypted.

I installed Nginx from the Ubuntu repos as the main web server. It's fast, light on resources and straightforward to set up. Also, it's really well suited for redirecting requests to other applications, which is exactly what we'll want to do. I created a quick web page just to have something to look at.

Up until now I had used the IP address. I was the only one using the server so that worked, sort of, but it's ugly and clumsy, and I can't get a real SSL certificate (used to encrypt the communication between server and clients) without a domain name. Domain names are cheap, so there's really no reason not to get one for myself.

Crepe L'Oriant. Minamisenba, Osaka.

Domain Name

There are many, many domain name sellers around. They range from expensive business oriented full-stack providers to cheap sellers with hideous websites, sketchy business practices and lousy reputations. In the end I went with Namecheap, for no better reason than that they're on the FSF recommend list and their website doesn't make me want to gouge out my eyes with a fork.

Buying a domain name is very simple, and the setup is, again, fairly straightforward after a bit of googling. I got bonsamatic.com after my plant watering project a few years back. I point the "cloud.bonsamatic.com" subdomain and "bonsamatic.com" to the server, redirect "www.bonsamatic.com" to "bonsamatic.com" and everything else to an error page.

For the SSL certificate I use the amazing (and free!) "Let's Encrypt" provider. It's, again, recommend by the FSF, and let's you set up a reliable and secure certificate for your site with very little pain. You add the "certbot" repository, install the script for your webserver (so "python-certbot-nginx" in my case) and run the script with parameters for the domain names you want to use ("bonsamatic.com" and "www.bonsamatic.com"). The script then automatically configures your web server to use SSL encryption properly.

Let's Encrypt does another, clever, thing: It is set to expire in only 90 days. Sounds like a bad thing, I know, but it also let's you renew very easily by just running that script. The script sets up a periodic job that automatically checks if it's time to renew every so often. The clever thing about it is that the short expiration period forces you to set up automatic renewal, and to make sure it actually works. With a long expiration date it would be easy to neglect setting up automatic renewal, and to forget renewing it at all.

We have everything we need: a web server, a way to reach it (as https://bonsamatic.com ) and proper encryption to keep the conenction secure. We even have a small place-holder website, just to have something to look at.

HEP5, Umeda. Osaka.


I'm using my server for a few different things. It is the backup target for my other computers, but this is very simple: I run "rsync" on the machines to the external disk on the server. All I need for that is a working SSH connection. I also use it for my git repositories. But again, a working SSH server - included by default in any linux distro - and git is all I need. Trivial.

Neat architecture. Nagai, Osaka.


Nextcloud is a very useful "personal cloud"-type application. It gives you remote storage on the server that you can synchronise to your desktop and smartphone (there's apps for both Android and iOS), and you can share data with others using a browser or an app, very much like Dropbox. You can use it to upload pictures from your phone and share with others. But it's much more than that.

It has a large selection of "apps" you can install that add more functionality. The "Notes" application, for instance, lets you write and synchronise notes anywhere; I can work on blog posts like this one from my work computer, my desktop, and my smartphone (I'm using it right now). There's also calendar apps, email clients, image gallery viewers, collaborative editing tools and lots of other stuff.

One thing that's particularly interesting is "Nextcloud Talk". It's a full chat and video call application (using WebRTC) in your browser or using a dedicated Android app. On the Google app store it's cheap and will support the developers; but it's open source so you can also download it from F-Droid for free if you like. I haven't tested it a lot, but it seems to work well enough so far.

Complicated! Nagahori, Osaka.

Installing Nextcloud is intimidating. Like most web apps it is a complex beast with many moving parts. If you get something wrong it may refuse to work; or worse, will leave gaping security holes open to the internet. Fortunately Ubuntu has "snaps", self-contained packages with all the programs and configurations an app needs.

The Nextcloud snap contains nextcloud itself, along with PHP, MySQL and all the other bits and bobs it needs. Installing nextcloud becomes as easy as "snap install nextcloud", then edit the Nginx config so "https://cloud.bonsamatic.com" points at the nextcloud app.

I have one minor issue: Snaps are sandboxed and secure — this is a good thing — but it means that I can't give the Nextcloud snap access to the external drive. That's still OK, as I'm not storing any large data sets in Nextcloud, but I would have preferred to use the external drive for storage.

Very retro. Kobe.


I still use RSS to follow blogs, news and comics. You can simply use a standalone RSS reader without a server if you want, but then you can't synchronize the feeds across different devices. You can also use an online service (Feedly looks nice) if you like. For various reasons I prefer to host my own. Up until now I've been using "Tiny Tiny RSS" as an RSS server. I used the web client on my computers, and the TT-RSS app on my phone. It worked well enough.

But the Tiny Tiny RSS developer doesn't inspire confidence. He doesn't do releases at all, and is actively hostile to people packaging it for distributions. Instead you clone his repository whenever you want to update and trust that it doesn't break anything. The developer himself is rather abrasive and the forums are unfriendly. I really don't want to continue to rely on this software.

Fortunately Nextcloud has come a long way, and one of the apps is "News", a full-fledged RSS server and webapp, with an Android mobile client. The app itself is trivial to install: look for "News" from the list of available apps, click "install" and you're done. If you have a list of feeds in OPML format from another reader, you can import them from the settings. It works quite well on both web and mobile, and I'm not missing anything from TT-RSS. I do wish there was a "recently read" category, but that's just a quibble.

Midosuji line, Osaka.

And From Here

Setting up this server was fairly painless; much easier than the last time I did this. It took perhaps one full day in total, and that included a lot of googling and playing around. A lot of my time was spent figuring out the right domain name settings, and even that wasn't difficult, just time consuming. I also spent a lot of time double-checking that I really understand what all the Nginx and Let's Encrypt configuration settings actually do.

Next I want add some actual content to the website (I don't need a site, but now that I have one I might as well use it for something). Also, I want to test the Nextcloud Talk service a bit more; as Google is killing Hangouts this fall it might be a decent alternative for keeping in touch with family and friends.

If you have any ideas of what else I could use this server or the website for, please tell me! I feel this has a lot more potential for use.

Work is over. Relax. Nagai park, Osaka.

No comments:

Post a Comment

Comment away. Be nice. I no longer allow anonymous posts to reduce the spam.