Home Server Bound

The marrin.com site (and friends) is currently hosted at ESecureData. We have a dedicated server box with an Atom processor, up in Vancouver. It’s a great little server and has been working for several years. But it’s not without its quirks, sometimes going down for no apparent reason. And about a year ago I had to get entirely new hardware. But the folks at ESecureData have always been great and were willing to give me that new server at my old, very attractive price.

But even at the great price I am getting, it’s still pretty expensive. But my needs are pretty specific and no VPS or other hosting solution has ever come close to giving me the capabilities of a dedicated box at the price I’m paying.

Long ago I tried hosting marrin.com on my own home server, but that experience was a dismal failure. I got hacked multiple times and getting (and keeping) everything working was extremely painful. But that was about 10 years ago and times change. I have more experience now, so I know what is needed to run a server. And there are way more services available, so things like backup MX and DNS can be farmed out at a reasonable cost.

On the Road Again

So I’ve decided to experiment again with a home server. Oh, and one other thing has changed. I work for Apple now and so I know way more about Mac OSX and that OS has come a long way in the realm of easy-to-use servers.

Here are my needs:

  1. Serve email for me and my family (wife, 2 kids, and a couple of other family members)
  2. Redirect mail for most of my family, so they can all have an @marrin.com address.
  3. Handle a couple of small mailing lists
  4. Really, really good spam filtering.
  5. Host git repositories, along with gitweb
  6. Host several websites (videomonkey.org, mermaidtoes.com, marrin.org and avr.marrin.org) using WordPress
  7. Generally be a repository for making random files available to me or other I choose

Spam, spam, spam, spam, spam

I get lots of spam. I’ve had my @marrin.com email address for 17 years and I’ve never been careful about “letting it get out”. I have friends who will carefully use an alternate email address whenever they register at an online site, and have changed their email address completely every few years, just stay ahead of the spammers. I refuse to do that and instead rely on really good spam software.

So good spam software is really important to me and has been the showstopper issue that has kept me from using any managed hosting service to date. Spam software is either too hard to configure, not nearly good enough at stopping spam, or gets way too many false positives (I’m looking at you, gmail).

But there is really great spam software out there call SpamAssassin. It’s very configurable, constantly updated with new rules to detect spam, and ties into all the blacklisting and other techniques for thwarting spam. I literally get several hundred spams per day and I only ever see about 10. That’s well below my pain threshold and allows me to not worry about how spammers get my email address. And I can configure SpamAssassin to automatically discard spam above a threshold at which I’m confident it’s really spam, and put spam that’s just slightly spammy into a separate folder. I can look there from time to time to see if there are any false positives. But false positives are so rare that I only look at that folder every couple of months and then only when there’s some reason to believe I might have missed an email (which is never the case). I’ve gotten about 3 false positives in the last 5 years. SpamAssassin is just about perfect.

Most hosting services don’t use SpamAssassin and those that do don’t give you nearly enough control, so I have my own server.

Bringing it Home

A server at home is almost everything a dedicated remote server is, except for three things:

  1. They’re “on the backbone” (theoretically have higher bandwidth)
  2. They are located in a temperature controlled, uninterruptable power environment.
  3. They have a dedicated (static) IP address.

My home isn’t air conditioned, but here in the Bay Area that’s rarely an issue, and I can buy a UPS for power outages, which is a rare occurance here. As far as bandwidth goes, my needs are not great. And measurements of my ESecureData server shows that it is really no faster than my home internet connection. I’m sure this is a combination of my excellent connection and the necessary bandwidth limiting ESecureData must do. Either way, I don’t see the disadvantage.

There was a day when a static IP address was essential for a server if you ever wanted it to be universally accessible. But these days dynamic IP services can be had for free, or for $30/year if you want good support and convenience. So that should not be an issue.

OSX Lion Server

So I embarked on setting up a server. I have a decent dual-core iMac available, so I’m using that for initial experiments. I’ve installed Lion as well as OSX Lion Server, which is a $50 add-on from the app store. I’ve also installed Server Admin Tools on my personal Mac, which is how you remote configure the server. This is all sooooo much easier to use than WebMin on Linux. But what do I have available?

Well, first I was pleasantly surprised that Lion Server uses SpamAssassin as it’s built-in spam software. It even has a GUI for configuration. It’s not quite powerful enough (bug posted) but I can break into the config file when needed. Postfix is the mail server used, along with dovecot for imap clients. I’m very familiar with dovecot, but I’ve always used SendMail, so Postfix was something new. The good news there is that, so far, it’s been easy to setup mail accounts with Postfix and to get them working with SSL and everything. I still have some experimentation to do in order to find out how to do mail aliasing and mailing lists, but all looks promising right now.

Git is well supported on OSX (we use it every day at work), as is ssh, scp and all the other usual suspects for server access, so all that should be simple.

What About WordPress

WordPress is the only sticking point. OSX has always come with MySQL, which is needed by WordPress. But Lion dropped that, apparently due to some licensing issues with Oracle. Installing MySQL is possible but this little snag got me thinking. What about trying to work without MySQL? Lion ships with Postgresql and some of the alternatives to WordPress can run on that. Even WordPress has the ability to use Postgresql is you work at it. So I went down that road.

Fortunately I only burned up a day on this. I read several scary posts about how Postgresql on WordPress is not really ready for prime time, so I didn’t even try going there. Then I looked at Plone, Joomla, and Drupal, 3 very popular alternatives to WordPress. I read many horror stories about how hard it is to work with and customize Joomla, so I looked no further in that direction. Then I installed and got Plone running. But compared to WordPress I found it confusing and lacking in good support. Drupal didn’t seem very friendly either (although I never did install it), so I went back to trying to install MySQL.

It turns out not to be that hard. You just need to glean info from a few places and go through some rigamarole to get the passwords and permissions right. That’s done now and I now have a working installation of MySQL. I even found Sequel Pro, a GUI tool for interacting with MySQL.

As an experiment, I made a tarball of the videomonkey.org site on marrin.com and put that on my home server. Then I used Sequel Pro to¬†export the database for videomonkey.org on marrin.com, and import that into my home server. With some apache, SQL and htaccess magic (which I’ll explain later) I was able to get videomonkey.org fully up and running at http://marr.in.

To be continued…