For many, operating a home server is considered a complex project, out of reach for those without a deep understanding of home networking. This may have once been true; however, with the right tools, it is not that difficult for anybody to accomplish with only a basic understanding of networks.
Tipi is a personal homeserver orchestrator. It is running docker containers under the hood and provides a simple web interface to manage them. Every service comes with an opinionated configuration in order to remove the need for manual configuration and network setup.
- A reliable broadband connection.
- A dedicated computer to use as the server.
- A domain name.
- A keyboard & monitor (or TV).
- A personal computer on the same network.
- A USB flash drive.
You can use any computer as a server, but my preference is microcomputers, for example, the Dell Optiplex or Lenovo ThinkCentre "micro" ranges. These small, silent & efficient devices take up next to no space. If you don't have a monitor and intend to use your TV, you must ensure your device has an HDMI port. The monitor and keyboard are only required temporarily while we install Ubuntu on the machine, after which they can both be removed.
- On your PC, first, download Ubuntu Server LTS.
- Download Balena Etcher & flash the Ubuntu image to the flash drive.
- Insert the flash drive into your server & attach the keyboard & monitor.
- Turn on the server & boot the flash drive (often F12).
- Follow the steps, selecting your language & keyboard layout.
- Select Ubuntu Server as your install type.
- Make a note of the internal IP address shown in the following step.
- Skip the proxy & mirror steps unless you need to change them.
- Select "use an entire disk, "ensuring the correct SSD is selected.
- Uncheck "set up as an LVM group" & continue to the next step.
- Select "done, "and when warned about a "destructive action, "select continue.
- Enter a username, server name & password to create a user profile.
- Check the box to "install OpenSSH server. "
- Skip the "featured server snaps" step, leaving everything unchecked.
- The installation will start. Select "reboot now" once complete.
- When complete, you will be asked to remove the flash drive & press enter.
- The server will reboot. Once booted, unplug the monitor & keyboard.
We no longer need a keyboard or monitor connected to the server, thanks to OpenSSH. Instead, we can maintain the server from any other computer connected to the same network or even remotely if you have a VPN tunnel to your home network.
If you are using Linux or macOS, you will have a native terminal program; however, if you are running Windows, you must download one. The most popular terminal package recommended by Windows users is PuTTY. I will be using Linux, so your steps may differ slightly; however, the details remain the same.
Open up a terminal and access the server via SSH using the username you created earlier & the internal IP address you noted down. You do not need to use the /24 at the end of the address.
Enter the password you specified for the user & if asked to verify the connection, select yes. If you have previously connected to this device from the same computer, you may also be asked to delete the previous host entry.
The first step is to update your server with the latest package versions by running the following command.
sudo apt update && sudo apt upgrade -y
The sudo command will prompt you to enter your password again before the update continues.
Obtain Public IP
We already have our internal IP address accessible through our local network; however, depending on which features of Tipi you intend on using, you will likely want to access them from outside your home network. You can run a DNS lookup with the following command if you do not know your public IP address.
host myip.opendns.com resolver1.opendns.com
Your public IP will now be displayed next to where it says "myip.opendns.com has address. "Make a note of this for future reference.
You will next need to forward ports 80/TCP & 443/TCP through your router for this specific device. This step varies depending on the brand of your router, but an excellent repository of brand-specific guides can be found at portforward.com.
Note that if the same ports are also forwarded for any other devices on the same network, you may encounter conflicts, preventing the port from opening on the server. If a VPN covers your network, you must consider this if you experience issues or disable it for the server. There may be workarounds to both these issues; however, more advanced networking problems are outside the scope of this guide.
Once Tipi has been installed on your server & you have added some applications, you can check the status of your ports at dnschecker.org.
Next, we want to enable the server's firewall and configure it only to allow access to the necessary ports.
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable
Using a Domain
Next, you will want to get yourself a domain. The top-level domain will be used to access the Tipi dashboard remotely & individual subdomains will be used for each specific application you want to expose externally. For example, 'yourdomain.com 'could land you on your Tipi dashboard & 'nitter.yourdomain.com 'could land visitors on your Nitter instance.
On the DNS settings page of your host, you will need to ensure that the domain has an 'A record 'pointing towards your external (public) IP address that you noted previously. This same step also needs to be followed for each subdomain you specify when installing applications, or if your host allows, you could instead create a wildcard to the IP for all following subdomains.
From the prompt, run the following command to download the RunTipi package.
git clone https://github.com/meienberger/runtipi.git
Next, create a configuration file to add your top-level domain as the landing page for your Tipi dashboard.
sudo nano /runtipi/state/settings.json
Paste the following code in the file, editing with your top-level domain. Exit with control+X, press Y followed by enter to save the file.
Return to the "runtipi" folder.
Execute the start script.
Once the start script is complete, you will be presented with the local IP address for your Tipi dashboard; however, we need to create our Tipi account using the public domain name configured in the settings.json file.
Open up a web browser and enter your domain into the address bar. You will find your own Tipi server's admin account creation screen if everything has been configured correctly. Enter an email address & password to create your account & gain access to the dashboard.
You can run the stop command from the "runtipi" folder if you need to stop the server.
If you ever need to uninstall Tipi, you can delete the runtipi folder; however, ensuring that the stop script above has been run before deleting is vital.
sudo rm -rf runtipi
Installing services is incredibly simple with Tipi's single-click package installations. New services are being added with each new update & already include many popular applications, such as Ghost, Vaultwarden, PiHole, Immich, Monerod, Plex, Invidious & PrivateBin.
Select "App Store" from the main menu on the left, and you will find a list of all currently available applications. Selecting an application will give you a brief overview of the package, which I recommend reading before installing.
Installing the package is as easy as pressing the green install button, and the application will be installed within seconds. Yes, it is that easy.
Depending on the application you are installing, you may also be asked to enter an app-specific administration username & password. Make sure to back up any credentials you use securely.
Many applications also offer an "expose app" option to access that service outside your home network. This is where you can specify a unique sub-domain that can be used to access the app from any location. As mentioned above, you must ensure that any sub-domains you use have 'A records' pointing towards your public address. You must visit your domain host's DNS settings page to add, remove, or edit DNS records.
Before you know it, you will have a whole arsenal of self-hosted tools, exponentially increasing the privacy & security of your data. Your files are at constant risk of surveillance, censorship & hacks when hosted on the servers of large centralized companies, so personal hosting is always something I recommend whenever possible.
Updating Tipi couldn't possibly be any easier. From the main menu, select "Settings, "& if a new version is available, it will show here. If an update is reported, select the green update button, & Tipi will handle the rest.
Thanks to Docker, it's also easy to update Tipi manually from the command line. Stop Tipi, pull the update & fire it up again.
git pull origin master