This is the complete configuration for a Linux-based multiservice secure server that you can create yourself.
- A totally open source solution.
- Big hardware selection guide and "concurrents" description. On 2018.
- Debian-based.
- ZFS is the only filesystem that is used. Root and boot on ZFS mirror.
- Full-disk encryption with a native LUKS.
- Protection against reboot. Lightweight SSH server integrated in initramfs. You can decrypt disks remotely.
- All services communicate with user via HTTPS, even if the service does not explicitly support HTTPS.
- HTTPS with a regular certificate signed by Let's Encrypt.
- Certificate auto renewal.
- One certificate for all services using reverse proxy.
- Public-available services with CloudNS.
- Docker-isolation between services and between services and host.
- Most services are well-tested and stable from Linuxserver.io initiative.
- Multiuser with one authorization provider.
- LDAP as an authorization provider.
- Service can use LDAP authorization even if it doesn't support LDAP native.
- Integration between services. I.e. the media search service can use the torrent downloader to download movie.
- Some services were patched by the author for integration with others (i.e. Nextcloud was patched for use inside iframe Organizr).
And much more...
OpenMediaVault installed as a package.
Multiagent backup service. Implemented using UrBackup.
Implemented using:
- NextCloud as a cloud provider.
- OnlyOffice as an office suite, integrated with NextCloud.
- Searchers:
- Downloaders:
- jDownloader2 for files.
- NZBGet for Usenet.
- Transmission for torrents.
- Youtube-dl with web-ui for video streams.
- Utilities:
Implemented using GitLab.
- Database with automatic synchronization, based on patched Calibre. Only console. No user interaction required.
- Calibre-web as a web-interface.
This service has an independent repository here.
Implemented using Emby
- OpenLDAP Server.
- phpLDAPAdmin as an administrative interface.
- LDAP SSP for the user password changing.
You can find here another services, such as SeaFile, but I don't use and support them inside NAS.
This is a part of my article series on building secure NAS.
You can see a copy of the documentation in the docs directory.