Hello everyone! Welcome to the second post of this blog series that aims to de-google my life as much as possible. If you haven’t read the first one, you should definitely check it out. On this delivery we’ll focus more on code and configurations so I promise you it won’t be as boring :)
As I mentioned on the previous post, I’ll be using two servers that are going to be configured almost the same, so I’m going to explain it only one time. In order to host my servers I’m using DigitalOcean because I’m very used to their UI, their prices are excelent and they accept Paypal. If you haven’t yet, you should check them out.
To start, I’m using their $5 server which at the time of this writing includes:
- Ubuntu 18.04 64 bits
- 1GB RAM
- 1 CPU
- 1000 GB of monthly transfers
On my first SSH to the server I perform basic tasks such as updating and upgrading the server:
sudo apt update && sudo apt ugrade - y
Then I install some essentials like Ubuntu Common Properties (used to add new repositories using
add-apt-repository) NGINX, HTOP, GIT and Emacs, the best text editor in this planet vim sucks
sudo apt install software-properties-common nginx htop git emacs
For SSL certificates I’m going to use Certbot because it is the most simple and usefull tool for it. This one requires some extra steps:
sudo add-apt-repository ppa:certbot/certbot -y sudo apt update sudo apt install python-certbot-nginx -y
By default DigitalOcean servers have no
swap, so I’ll add it by pasting some DigitalOcean boilerplate on to the terminal:
sudo fallocate -l 2G /swapfile sudo chmod 600 /swapfile sudo mkswap /swapfile sudo swapon /swapfile sudo cp /etc/fstab /etc/fstab.bak echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab sudo sysctl vm.swappiness=10 sudo sysctl vm.vfs_cache_pressure=50 sudo echo "vm.swappiness=10" >> /etc/sysctl.conf sudo echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf
This adds 2GB of
Then I set up my firewall with UFW:
sudo ufw allow 22 #SSH sudo ufw allow 80 #HTTP sudo ufw allow 443 #HTTPS sudo ufw allow 25 #IMAP sudo ufw allow 143 #IMAP sudo ufw allow 993 #IMAPS sudo ufw allow 110 #POP3 sudo ufw allow 995 #POP3S sudo ufw allow 587 #SMTP sudo ufw allow 465 #SMTPS sudo ufw allow 4190 #Manage Sieve sudo ufw enable
Finally, I install
docker-compose, which are going to be the main software running on both servers.
# Docker curl -sSL https://get.docker.com/ | CHANNEL=stable sh systemctl enable docker.service systemctl start docker.service # Docker compose curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose
Now that everything is done, we can continue configuring the first server!
Server #1: Mailcow
For my email I chose Mailcow. Why?
- It checks all of my “challenges list” items from last week’s post (open source and dockerized).
- The documentation is fantastic, explaining each detail one by one.
- It has a huge community behind it.
Installation & Setup
Installation was simple, first I followed the instructions on their official documentation
cd /opt git clone https://github.com/mailcow/mailcow-dockerized cd mailcow-dockerized ./generate_config.sh # The process will ask you for your FQDN to automatically configure NGINX. # Mine is mail.rogs.me, but yours might be whatever you want
I pointed my subdomain (an A record in Cloudflare) and I finally opened my browser and visited https://mail.rogs.me and there it was, beautiful as I was expecting.
What a beautiful cow
My actual score. Everything is perfect in self-hosted-mail-land
I know that sometimes that score doesn’t mean much, but at least is nice to know my email is completely configured.
Since I keep all my emails local, I didn’t want a huge backup solution for this server, so I went with the DigitalOcean backup, which costs $1 per month. Cheap, reliable and it just works.
Edit Nov 23-26 2019
As of now, I’m not using PIA anymore because they where bought by Kape Technologies, which is known for sending malware through their software and for being scummy in general.. I’m now using Mullvad, which really focuses on security. If you were using PIA, I really recommend you change providers.
With all of this my first server was done, but it was also the easiest. This one was a pretty straightforward installation with nothing fancy going on: No backups, no NGINX configuration, nothing much. On the good side, I had my email working really quick and it was a very satisfying and rewarding experience. This is when the “selfhost everything” bug bit me and this project really started ramp up in speed. On the next post we will talk about the second server, which includes fun stuff as Nextcloud, Collabora, Dokuwiki and many more.