After about a year with my first ARM computer — Raspberry Pi 3B, I found that it is not powerful enough for some of the services I run on it. Nextcloud feels sluggish, and any serious processing (imagick processing or file upload) is likely to bring it above 75 °C in the summer heat of Hong Kong.
I dug around online and finally bought an Odroid XU4, along with an SD card, a plastic case, and a power adaptor, for about US$100 (from ameriDroid). Though with fewer USB ports than the Raspberry Pi and no built-in WiFi function, the Odroid is more powerful with an 8-core CPU, 2 GB of RAM, and a cooling fan (heat sink option available, too). The specs can be found here.
I've been running Raspbian on my Raspberry Pi, which is rather bloated. The GUI is useless for a headless server setup, and there are a bunch of redundant packages (Mathematica, really?) I decided to experiment with Arch Linux. The basic setup for Odroid XU4 can be found here.
Firewall: fail2ban
I use fail2ban as my SSH firewall. The config file is [cci]/etc/fail2ban/jail.local[/cci]:
[cc]
[DEFAULT]
ignoreip = 127.0.0.1/8 192.168.1.123/16 winstonyin.com
[sshd]
enabled = true
backend = systemd
maxretry = 6
findtime = 1d
bantime = -1
banaction = iptables-allports
[/cc]
This bans permanently any IP that makes 6 failed SSH connections within the span of 1 day, except for IPs in the [cci]ignoreip[/cci] option. It's been racking up about 10 bans per day.
With the new version of fail2ban, permanent bans are stored in the database [cci]/var/lib/fail2ban/fail2ban.sqlite3[/cci] and are persistent even when fail2ban or the machine is restarted.
Web Server: nginx + php-fpm + mariadb
I decided to give nginx a go for web server. I had to do quite a bit of learning and digging myself to get things to work. I host a couple of personal websites (including this WordPress site) with it, as well as a Nextcloud home cloud storage server.
Home media box: Kodi
The HDMI port on the Odroid is connected to a TV. Kodi serves as a home media box that plays photos, music, and videos stored on a local hard drive onto the TV. With add-ons such as Exodus (apparently replaced by Covenant), you can even directly stream online movies and TV shows. To control Kodi in the comfort of your sofa, I installed the official Kodi Remote app on iOS, which is only one of several available mobile remote apps for Kodi.
Monitoring and alarm: netdata
To monitor the web traffic, RAM, CPU, and disk usage, temperature, as well as the number of IPs banned by fail2ban, I use the amazingly easy-to-setup netdata. It works pretty much out of the box, with a clean and modern web interface. After some configuring, it also monitors php-fpm, MySQL, nginx, and redis.
To monitor the various Odroid temperature sensors, I had to write a custom script. See this post.
In order for the built-in fail2ban monitor to correctly display the number of permanent bans, we need to edit the [cci]/usr/lib/netdata/python.d/fail2ban.chart.py[/cci] to also recognise [cci]Restore Ban xx.xx.xx.xx[/cci] in the fail2ban log as a ban. See this post.
Home file hosting and network drive: Nextcloud
I have always been slightly skeptical of commercial file hosting services like Dropbox and Google Drive (relevant XKCD). Nextcloud is the perfect solution if you want to store all your files locally in a hard drive, as well as serve them over the internet and share with your friends and family. In fact, Nextcloud is the main motivation behind my original Raspberry Pi.
I have two 2 TB hard drive filled with photos, videos, and old documents that Nextcloud sees as "external storage", available for all users to see. In addition, each user can host their own files, share with other users, or share with anyone using a URL.
Global internet, everywhere: Shadowsocks
The Great Firewall (GFW) is something I used to dread over every time I visit Mainland China. As commercial VPN services are increasingly cracked down, it became more and more difficult to visit and edit Wikipedia, watch YouTube videos, or even send and receive emails.
After learning about Shadowsocks, this is no longer the case. Shadowsocks is designed with the GFW in mind, and allows high-speed internet connection to be routed through a server. Clients exist for any desktop and mobile system.