Running a Home Server with RunTipi - kyc3.life
Running a Home Server with RunTipi - kyc3.life
Guides

Running a Home Server with RunTipi

𝕂𝕐ℂ𝟛
𝕂𝕐ℂ𝟛

Table of Contents

For many, operating a home server is considered a complex project, out of reach for those without a deep understanding of home networking. This may have once been true; however, with the right tools, it is not that difficult for anybody to accomplish with only a basic understanding of networks.

Tipi is a personal homeserver orchestrator. It is running docker containers under the hood and provides a simple web interface to manage them. Every service comes with an opinionated configuration in order to remove the need for manual configuration and network setup.

Prerequisites

  • A reliable broadband connection.
  • A dedicated computer to use as the server.
  • A domain name.
  • A keyboard & monitor (or TV).
  • A personal computer on the same network.
  • A USB flash drive.

You can use any computer as a server, but my preference is microcomputers, for example, the Dell Optiplex or Lenovo ThinkCentre "micro" ranges. These small, silent & efficient devices take up next to no space. If you don't have a monitor and intend to use your TV, you must ensure your device has an HDMI port. The monitor and keyboard are only required temporarily while we install Ubuntu on the machine, after which they can both be removed.

Dell Optiplex 7060 M

Installing Ubuntu

  • On your PC, first, download Ubuntu Server LTS.
  • Download Balena Etcher & flash the Ubuntu image to the flash drive.
  • Insert the flash drive into your server & attach the keyboard & monitor.
  • Turn on the server & boot the flash drive (often F12).
  • Follow the steps, selecting your language & keyboard layout.
  • Select Ubuntu Server as your install type.
  • Make a note of the internal IP address shown in the following step.
  • Skip the proxy & mirror steps unless you need to change them.
  • Select "use an entire disk, "ensuring the correct SSD is selected.
  • Uncheck "set up as an LVM group" & continue to the next step.
  • Select "done, "and when warned about a "destructive action, "select continue.
  • Enter a username, server name & password to create a user profile.
  • Check the box to "install OpenSSH server. "
  • Skip the "featured server snaps" step, leaving everything unchecked.
  • The installation will start. Select "reboot now" once complete.
  • When complete, you will be asked to remove the flash drive & press enter.
  • The server will reboot. Once booted, unplug the monitor & keyboard.

SSH

We no longer need a keyboard or monitor connected to the server, thanks to OpenSSH. Instead, we can maintain the server from any other computer connected to the same network or even remotely if you have a VPN tunnel to your home network.

If you are using Linux or macOS, you will have a native terminal program; however, if you are running Windows, you must download one. The most popular terminal package recommended by Windows users is PuTTY. I will be using Linux, so your steps may differ slightly; however, the details remain the same.

Open up a terminal and access the server via SSH using the username you created earlier & the internal IP address you noted down. You do not need to use the /24 at the end of the address.

For example;

ssh [email protected]

Enter the password you specified for the user & if asked to verify the connection, select yes. If you have previously connected to this device from the same computer, you may also be asked to delete the previous host entry.


Updating Server

The first step is to update your server with the latest package versions by running the following command.

sudo apt update && sudo apt upgrade -y

The sudo command will prompt you to enter your password again before the update continues.


Obtain Public IP

We already have our internal IP address accessible through our local network; however, depending on which features of Tipi you intend on using, you will likely want to access them from outside your home network. You can run a DNS lookup with the following command if you do not know your public IP address.

host myip.opendns.com resolver1.opendns.com

Your public IP will now be displayed next to where it says "myip.opendns.com has address. "Make a note of this for future reference.


Port Forwarding

You will next need to forward ports 80/TCP & 443/TCP through your router for this specific device. This step varies depending on the brand of your router, but an excellent repository of brand-specific guides can be found at portforward.com.

Note that if the same ports are also forwarded for any other devices on the same network, you may encounter conflicts, preventing the port from opening on the server. If a VPN covers your network, you must consider this if you experience issues or disable it for the server. There may be workarounds to both these issues; however, more advanced networking problems are outside the scope of this guide.

Once Tipi has been installed on your server & you have added some applications, you can check the status of your ports at dnschecker.org.


UFW Hardening

Next, we want to enable the server's firewall and configure it only to allow access to the necessary ports.

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

Using a Domain

Next, you will want to get yourself a domain. The top-level domain will be used to access the Tipi dashboard remotely & individual subdomains will be used for each specific application you want to expose externally. For example, 'yourdomain.com 'could land you on your Tipi dashboard & 'nitter.yourdomain.com 'could land visitors on your Nitter instance.

On the DNS settings page of your host, you will need to ensure that the domain has an 'A record 'pointing towards your external (public) IP address that you noted previously. This same step also needs to be followed for each subdomain you specify when installing applications, or if your host allows, you could instead create a wildcard to the IP for all following subdomains.


Installing RunTipi

From the prompt, run the following command to download the RunTipi package.

git clone https://github.com/meienberger/runtipi.git

Next, create a configuration file to add your top-level domain as the landing page for your Tipi dashboard.

sudo nano /runtipi/state/settings.json

Paste the following code in the file, editing with your top-level domain. Exit with control+X, press Y followed by enter to save the file.

{
  "domain": "yourdomainhere.com"
}

Return to the "runtipi" folder.

cd ..

Execute the start script.

sudo ./scripts/start.sh

Once the start script is complete, you will be presented with the local IP address for your Tipi dashboard; however, we need to create our Tipi account using the public domain name configured in the settings.json file.

Open up a web browser and enter your domain into the address bar. You will find your own Tipi server's admin account creation screen if everything has been configured correctly. Enter an email address & password to create your account & gain access to the dashboard.

runtipi login screen - kyc3.life

You can run the stop command from the "runtipi" folder if you need to stop the server.

cd runtipi
sudo ./scripts/stop.sh

If you ever need to uninstall Tipi, you can delete the runtipi folder; however, ensuring that the stop script above has been run before deleting is vital.

cd ~
sudo rm -rf runtipi

Installing applications

Installing services is incredibly simple with Tipi's single-click package installations. New services are being added with each new update & already include many popular applications, such as Ghost, Vaultwarden, PiHole, Immich, Monerod, Plex, Invidious & PrivateBin.

Select "App Store" from the main menu on the left, and you will find a list of all currently available applications. Selecting an application will give you a brief overview of the package, which I recommend reading before installing.

Installing the package is as easy as pressing the green install button, and the application will be installed within seconds. Yes, it is that easy.

Depending on the application you are installing, you may also be asked to enter an app-specific administration username & password. Make sure to back up any credentials you use securely.

Many applications also offer an "expose app" option to access that service outside your home network. This is where you can specify a unique sub-domain that can be used to access the app from any location. As mentioned above, you must ensure that any sub-domains you use have 'A records' pointing towards your public address. You must visit your domain host's DNS settings page to add, remove, or edit DNS records.

Before you know it, you will have a whole arsenal of self-hosted tools, exponentially increasing the privacy & security of your data. Your files are at constant risk of surveillance, censorship & hacks when hosted on the servers of large centralized companies, so personal hosting is always something I recommend whenever possible.


Updating Tipi

Updating Tipi couldn't possibly be any easier. From the main menu, select "Settings, "& if a new version is available, it will show here. If an update is reported, select the green update button, & Tipi will handle the rest.

Thanks to Docker, it's also easy to update Tipi manually from the command line. Stop Tipi, pull the update & fire it up again.

cd runtipi
sudo ./scripts/stop.sh
git pull origin master
sudo ./scripts/start.sh

Information

For more detailed information on Tipi, visit the GitHub repository. You can contact the community on Telegram, Matrix, or Discord for any support-related questions or on Twitter for the latest news.


Support Kyc3.life with a donation ❤️