Sovereignty, Privacy & Economic Freedom.

Guides

Running a Home Server with Tipi.

For many, operating a home server is considered a complex project, out of reach for those without a deep understanding of home networking. This may have once been true; however, with the right tools, it is not that difficult for anybody to accomplish with only a basic understanding of networks.

Tipi is a personal homeserver orchestrator. It is running docker containers under the hood and provides a simple web interface to manage them. Every service comes with an opinionated configuration in order to remove the need for manual configuration and network setup.

Tipi

You can try a demo instance of Tipi using username ‘[email protected]‘ & password ‘runtipi‘.

You will need.

  • A reliable broadband connection.
  • A dedicated computer to use as the server.
  • A domain name.
  • A keyboard & monitor (or TV).
  • A personal computer on the same network.
  • A USB flash drive.

You can use any computer as a server, but my preference is microcomputers, for example, the Dell Optiplex or Lenovo ThinkCentre “micro” ranges. These are small, silent & efficient devices that take up next to no space. If you don’t have a monitor and intend to use your TV, you must ensure that your device has an HDMI port. The monitor and keyboard are only required temporarily whilst we install Ubuntu on the machine, after which they can both be removed.

Installing Ubuntu.

  1. On your PC, first, download Ubuntu Server 22.04 LTS.
  2. Download Balena Etcher & flash the Ubuntu image to the flash drive.
  3. Insert the flash drive into your server & attach the keyboard & monitor.
  4. Turn on the server & boot the flash drive (often F12).
  5. Follow the steps, selecting your language & keyboard layout.
  6. Select Ubuntu Server as your install type.
  7. Make a note of the internal IP address shown in the following step.
  8. Skip the proxy & mirror steps unless you have a specific need to change them.
  9. Select “use an entire disk“, ensuring the correct SSD is selected.
  10. Uncheck “set up as an LVM group” & continue to the next step.
  11. Select “done“, and when warned about a “destructive action“, select continue.
  12. Enter a username, server name & password to create a user profile.
  13. Check the box to “install OpenSSH server“.
  14. Skip the “featured server snaps” step, leaving everything unchecked.
  15. The installation will start. Select “reboot now” once complete.
  16. When complete, you will be asked to remove the flash drive & press enter.
  17. The server will reboot. Once booted, unplug the monitor & keyboard.

Operating the server via SSH.

Thanks to OpenSSH, we no longer need a keyboard or monitor connected to the server. Instead, we can maintain the server from any other computer connected to the same network or even remotely if you have a VPN tunnel to your home network.

If you are using Linux or macOS, you will have a native terminal programme; however, if you are running Windows, you will need to download one. The most popular terminal package recommended by Windows users is PuTTY. I will be using Linux, so your steps may differ slightly; however, the details remain the same.

Open up a terminal and access the server via SSH using the username you created earlier & the internal IP address you noted down. You do not need to use the /24 at the end of the address.

ssh [email protected]

Enter the password you specified for the user & if asked to verify the connection, select yes. If you have previously connected to this device from the same computer, you may also be asked to delete the previous host entry.

You will now find yourself at the server’s command prompt, waiting for your instructions. It is easy to verify this as the prompt will be a combination of the username & server name that you created when installing Ubuntu.

[email protected]:$

Updating the server.

The first step is to get your server up to date with the latest package versions by running the following command.

sudo apt update && sudo apt upgrade -y

The Sudo command will prompt you to enter your password again before the update continues.

Obtaining your external (public) IP.

We already have our internal IP address accessible through our local network; however, depending on which features of Tipi you intend on using, you will likely want to access them from outside your home network. You can run a DNS lookup with the following command if you do not know your public IP address.

host myip.opendns.com resolver1.opendns.com

Your public IP will now be displayed next to where it says “myip.opendns.com has address“. Make a note of this for future reference.

Port forwarding.

You will next need to forward ports 80/tcp & 443/tcp through your router for this specific device. This step varies depending on the brand of your router, but an excellent repository of brand-specific guides can be found at portforward.com.

Note that if the same ports are also forwarded for any other devices on the same network, you may encounter conflicts, preventing the port from opening on the server. If a VPN covers your network, you also need to consider this if you experience issues or disable it for the server. There may be workarounds to both these issues; however, more advanced networking problems are outside the scope of this guide.

Once Tipi has been installed on your server & you have added some applications, you can check the status of your ports at dnschecker.org.

UFW hardening.

Next, we want to enable the server’s firewall and configure it only to allow access to the necessary ports.

sudo ufw default deny incoming

sudo ufw default allow outgoing

sudo ufw allow ssh

sudo ufw allow 80/tcp

sudo ufw allow 443/tcp

sudo ufw enable

Using a domain name.

Next, you will want to get yourself a domain. The top-level domain will be used to access the Tipi dashboard remotely & individual subdomains will be used for each specific application you want to expose externally. For example, ‘yourdomain.com‘ could land you on your Tipi dashboard & ‘nitter.yourdomain.com‘ could be used to land visitors on your Nitter instance.

On the DNS settings page of your host, you will need to ensure that the domain has an ‘A record‘ pointing towards your external (public) IP address that you made a note of previously. This same step also needs to be followed for each subdomain you specify when installing applications, or if your host allows, you could instead create a wildcard to the IP for all following subdomains.

Installing Tipi.

From the prompt, run the following command to download the RunTipi package.

git clone https://github.com/meienberger/runtipi.git

Next, create a configuration file to add your top-level domain as the landing page for your Tipi dashboard.

sudo nano /runtipi/state/settings.json

In the file, paste the following code, editing with your top-level domain. Exit with control+X, press Y followed by enter to save the file.

{
  "domain": "yourdomain.com"
}

Now return to the runtipi folder & run the start script.

cd ..

sudo ./scripts/start.sh

Once the start script is complete, you will be presented with the local IP address for your Tipi dashboard; however, we need to create our Tipi account using the public domain name configured in the settings.json file.

Open up a web browser and enter your domain into the address bar. If everything has been configured correctly, you will be presented with your own Tipi server’s admin account creation screen. Enter an email address & password to create your account & gain access to the dashboard.

If you ever need to stop the server, you can run the stop command from the runtipi folder.

cd runtipi

sudo ./scripts/stop.sh

If you ever need to uninstall Tipi, you can delete the runtipi folder; however, ensuring that the stop script above has been run before deleting is vital.

cd ~

sudo rm -rf runtipi

Installing applications.

Installing services is incredibly simple with Tipi’s single-click package installations. New services are being added with each new update & already include many popular applications, such as Ghost, Vaultwarden, PiHole, Immich, Monerod, Plex, Invidious & PrivateBin.

Select “App Store” from the main menu on the left, and you will find a list of all currently available applications. Selecting an application will give you a brief overview of the package, which I recommend reading before installing.

Installing the package is as easy as pressing the green install button, and the application will be installed within seconds. Yes, it is that easy.

Depending on the application you are installing, you may also be asked be enter an app-specific administration username & password. Make sure to back up any credentials you use securely.

Many applications also offer an “expose app” option allowing you to access that service from outside your home network. This is where you can specify a unique sub-domain that can be used to access the app from any location. As mentioned above, you must ensure that any sub-domains you use have ‘A records‘ pointing towards your public address. You must visit your domain host’s DNS settings page to add, remove or edit DNS records.

Before you know it, you will have a whole arsenal of self-hosted tools, exponentially increasing the privacy & security of your data. Your files are at constant risk of surveillance, censorship & hacks when hosted on the servers of large centralised companies, so personal hosting is always something I recommend whenever possible.

Updating Tipi.

Updating Tipi couldn’t possibly be any easier. From the main menu, select “Settings“, & if a new version is available, it will show here. If an update is reported, select the green update button, & Tipi will handle the rest.

Thanks to Docker, it’s also easy to update Tipi manually from the command line. Simply stop Tipi, pull the update & fire it up again.

cd runtipi

sudo ./scripts/stop.sh

git pull origin master

sudo ./scripts/start.sh

Information.

For more detailed information on Tipi, visit the GitHub repository. You can reach out to the community on Telegram, Matrix or Discord for any support-related questions or on Twitter for the latest news.