
Setting up a Raspberry Pi 4 home server - wheresvic3
https://smalldata.tech/blog/2019/07/12/setting-up-a-raspberry-pi-4-home-server
======
ajphdiv
A big performance increase by putting the OS on a SSD. The read/write speed is
much better than using the SD card. It takes a little tweaking to get the SSD
to boot on the rpi 4, but can be done. Basically the SD card gets used a
bootloader.

howto:

[https://jamesachambers.com/raspberry-pi-4-usb-boot-config-
gu...](https://jamesachambers.com/raspberry-pi-4-usb-boot-config-guide-for-
ssd-flash-drives/)

~~~
rantwasp
has the disadvantage of needing the SSD (which is probably more expensive than
the pi?). here is something I ran across a while back, that if I understand
correctly, uses a ramdisk + overlayfs to make the whole thing faster:
[https://github.com/cattlepi/cattlepi](https://github.com/cattlepi/cattlepi)

~~~
hajile
Here's my build

    
    
        $55 Pi 4 (4gb)
        $8  Official USB charger
        $25 Argon One case (could also get acrylic + ICE tower)
        $10 microSD card
        $12 Sata to usb adapter
        $40 Kingston 240gb SSD (we can't do over 500mb/s anyway)
        
    
        $120 Total
    

You get a significant performance boost switching to a 64-bit OS. aarch64 has
better SIMD guarantees, hardware AES (over 10x faster), double the registers,
and generally more optimizable due to the more streamlined ISA. I haven't
tested it yet, but in-memory compression could potentially help with the 4gb
RAM limit.

~~~
AnonC
Pardon my ignorance. Does your bare SSD sit outside without any case
(connected to the Pi via the SATA to USB cable)? Does it need any kind of heat
dissipation mechanism (or cooling) at all?

~~~
hajile
That's up to you. You can find USB3 SATA enclosures on Amazon for around the
$12 mark. There's not a big heat dissipation issue in my experience and a Pi
probably isn't exactly going to be taxing the drive very much.

If you don't mind the terrible $/gb ratio, you can even get USB3 thumbdrives
that use an SSD.

------
skocznymroczny
It might not be as exciting, but I run
[https://dietpi.com/](https://dietpi.com/) on my RPi. It's basically a Debian
distro with an easy to use installer for common things. To install Apache,
Nextcloud or anything else you just select it from a long list of installers
in a console user interface.

------
ch33zer
A few insecure choices here: * fail2ban installed but no mention of actually
setting up the rules. Additionally out of the box fail2ban won't work with
docker containers * Wide open ports. Only open what you need * In the DNS
script you are putting the username and password in the URL. This means even
though you are using https anyone can see the username and password you're
sending. Pass these options some other way.

~~~
wheresvic3
You're right in that it is better to only open ports that you require - will
update :)

I'm not quite sure what you mean by "Additionally out of the box fail2ban
won't work with docker containers". fail2ban is installed locally on the pi.

~~~
rovr138
fail2ban works by monitoring logs.

If you had installed for example your web server on a container, the logs will
be on the container. Fail2ban on the host won’t be able to parse the ones
inside the container (by default, needs more work).

------
punk-coder
Nice article.

I had big plans for using a Raspberry Pi as a Plex Media Server once. The set
up was easy, I attached my external HDD and let it scan the libraries. My wife
and I watched a few movies, it worked perfectly. The next evening when we sat
down to watch a movie I saw that Plex couldn't connect to the media server. I
went upstairs and attached a monitor to my Raspberry Pi and I saw that
Wireless Internet was not working on it. I tried everything and eventually
rebooted it and everything worked again. This turned into a daily thing. I
followed all sorts of instructions I found on the internet to try and fix the
issue, but to no avail. Every day there would come a certain time where the
Raspberry Pi would just lose it's Wifi capabilities and a reboot was needed.
Sad, because I liked the idea of this small box sitting on the corner of my
desk running a media server. This was an older Raspberry Pi, maybe things have
improved.

~~~
xenorplxx
Running any server on wifi, even home plex instance, is not a great idea. It's
a shame that rPi doesn't support PoE out of the box, that'd mean you could've
only 1 cable connected, but it'd manage both network and power.

~~~
Jonnax
Really? It's not 2005. Sure something system critical use ethernet.

But the idea that it's WiFi that's unreliable is clearly not the case.

Something is wrong with the RPI WiFi chip, driver or OS configuration.

~~~
newqer
I always try to connect devices that don't move to Ethernet. It saves WiFi
bandwidth for "mobile"devices and is extremely stable and the full bandwidth
is always available.

Things like SmartTV, RPi, Solar Panels, Amplifier, etc. I hate it that
Chromecast only has a wireless option.

But more on-topic, it shouldn't drop off WiFi just like that.

~~~
Sohcahtoa82
> SmartTV

From what I've seen about Smart TV's, I'm better off not allowing them to ever
connect to the Internet. Forgo all the "smart" features and just use a Fire TV
stick, Roku, Chromecast, etc.

My current TV is an 8 year old 46-inch "dumb" TV, but I plan on upgrading to
something bigger later this year, and it looks like my only options will have
Smart features, but I already use a Fire TV stick and a RPi, so I don't think
I need the smart features.

~~~
kingosticks
Roku devices also track you, you are not much (at all?) better off.

[https://blog.acolyer.org/2020/02/10/watching-you-
watch/](https://blog.acolyer.org/2020/02/10/watching-you-watch/)

~~~
Sohcahtoa82
I'm not really _that_ concerned with tracking, but I _am_ concerned with ads.

~~~
kingosticks
In which case I suggest a Sony smart TV. It's only some manufactures that
shove ads in your face so vote accordingly.

------
freedombox
Please consider [https://freedombox.org/](https://freedombox.org/) \- it is
part of Debian.

~~~
diffeomorphism
It seems to only have images up to Raspberry 3B+, but not 4?

[https://freedombox.org/download/](https://freedombox.org/download/)

------
Legogris
I'm currently in the process of setting up a HA Hashicorp stack
(Vault/Consul/Nomad) + GlusterFS cluster in my free time at home with
Raspberrys and some other small-board computers. Completely overkill but it's
great fun. My goal is to see just how self-reliant I can be in terms of
digital services. Right now it feels completely reasonable to get to a point
where the only external services I really rely on is a CA and domain
registrar. Possibly DNS, and external endpoints to front traffic. If the HA
part works well and I can make a failover region somewhere, self-hosted e-mail
doesn't seem that unreasonable anymore.

There are several attractive alternatives to RasPi (Odroid already mentioned,
beware though as most of the small boards are 32bit only. Also Khadas VIM3,
FriendlyELEC NanoPi, Rock Pi. Many people also seem to like Orange Pi). The
earlier generation Raspis are honestly quite disappointing from a performance
perspective, mostly because of the shared bus between
Ethernet/Wifi/USB/storage. The 4B is actually the first to hold its ground,
and still does price/performance-wise compared to the above. Honestly it feels
like the market's stagnated a bit around the RK3399 and Allwinner H5/H6,
hoping there's going to be a new wave of interesting stuff during 2020.

A really nice feature of some of these ARM boards is that you can go so much
more free (as in libre) than with x86 chips. Raspberry Pi excluded,
unfortunately.

If you're open to x86 and want a bit more power, Intel NUCs have been around
for a good time and AMD is pushing out Ryzen NUCs now. First out is ASROCK.
I've also been very happy with the PC Engines APU2 router boards - they are
great as small-form-factor servers or NAS builds as well.

Note that even if Raspbian is 32-bit only, you can totally run 64-bit OS's on
the 3B+ and 4 series.

For 3B+ there's even a pretty stable UEFI bootloader:
[https://www.raspberrypi.org/forums/viewtopic.php?f=50&t=2494...](https://www.raspberrypi.org/forums/viewtopic.php?f=50&t=249449)

For Raspi 4 you can just rebuild the kernel for aarch64 and change the config
a bit. Or if you're lazy, sakaki- is providing weekly builds here:
[https://github.com/sakaki-/bcm2711-kernel](https://github.com/sakaki-/bcm2711-kernel)

I have both 3B+ and 4B running vanilla 64-bit Debian Buster.

~~~
zek
I have this exact setup (vault/consul/nomad + glusterfs and zerotier for
networking) and its pretty awesome. Still dependent on letsencrypt for SSL
certificates. It runs plex amazingly well (though I am using some machines
which are probably overkill for this purpose), even with the data coming from
a glusterfs drive. Most of my nomad tasks can just launch anywhere because of
gluster.

For internal DNS at least, you can just use consul. I set up dnsmasq to
forward to consul on all of my machines which is super convenient (esp when
that DNS just points to a docker container ipv6 address on the zerotier
network, not port remapping on networking insanity needed)

~~~
ckrailo
Any additional build details from you or Legogris?

Haven't considered using glusterfs but the rest of those pieces, absolutely.

Only piece I could find similar to the topic is
[https://www.mockingbirdconsulting.co.uk/blog/2019-01-05-hash...](https://www.mockingbirdconsulting.co.uk/blog/2019-01-05-hashicorp-
at-home/).

~~~
Legogris
After a quick scroll-through I have a very similar setup. One thing to watch
out for is that you really want to set up TLS and ACLs for Consul, Vault and
Nomad as early as possible (maybe ACLs for nomad is not as critical to have in
place from day one) - if you can avoid bootstrapping that on an already
running cluster you save yourself a lot of head-scratching.

Integrating these three systems, with Terraform on top, is pretty time-
consuming with all the policies and TLS certificates, but it seems pretty
smooth to maintain after the initial setup.

~~~
ckrailo
Nice, thank you for the TLS/ACL hint!

I'm learning terraform/consul/nomad/vault as I build this thing, so I think
the learning curve for me is extra painful compared to some of y'all.

The docs seem really good if everything is cloud-hosted and really nonexistent
if you're running it all on your own metal.

I'm thinking I'll build out my test stack with vagrant. I can use Dropbox or
Keybase or something similar to store and sync my terraform state if I need
to. Any other hints or helpful readings?

------
tyingq
Once you jump up into the 4GB model and are looking at "home server" or "media
server" type functionality, other solutions might be more attractive.

For example, used ASUS Chromeboxes are all over eBay from $50-$120 or so with
a real SSD, x86-64, nice enclosure, etc. And they are easy enough to use a
SeaBios ROM with for regular Linux instead of ChromeOS.

Edit: not disputing the Pi is king at lower memory / lower storage / lower
cost points.

~~~
johnpowell
I got a HP Compaq Elite 8200 with a i5 and 8GB of RAM for 50 bucks on Newegg
about a month ago. And shipping was free too.

I stuck in a spare ssd and 8TB drive. It is running Ubuntu.

Right now it acts as a pi hole, nextcloud server, Channels DVR server, Plex
Media Server, and runs Transmission. It barely breaks a sweat.

I used to just have a Pi 3B+ doing duty as a pihole and nextcloud box.

This works better and overall cost less than the pi once I added in the sd
card, case, fan, power supply.

~~~
tyingq
The Lenovo M72e is another USFF PC you can find with 8GB ram for $100 or less.
Comes with WiFi too.

~~~
deeblering4
Seconding this, I run a couple of these in my basement and they are great low
cost, low power servers.

------
exclusiv
I recently setup my Pi 4 with Pi-Hole and Wireguard for VPN. My first install
and config resulted in super high load. So I redid it all on a fresh card
(same brand) and it was snappy. No idea what the culprit was but I'm running
Raspbian, installed with a NOOBS formatted SD card

I disabled swap memory and overclocked it to 2ghz which was super easy.
Switched to a Flirc case because my prio case with a fan was really loud.

For Wireguard I followed this guide:
[https://www.reddit.com/r/pihole/comments/bnihyz/guide_how_to...](https://www.reddit.com/r/pihole/comments/bnihyz/guide_how_to_install_wireguard_on_a_raspberry_pi/)

------
heyflyguy
If you're into this sort of thing, I have really enjoyed tinkering with Odroid
products. Also the homelab subreddit is pretty good.

[https://www.hardkernel.com/shop/odroid-hc2-home-cloud-
two/](https://www.hardkernel.com/shop/odroid-hc2-home-cloud-two/)

~~~
Havoc
> homelab subreddit

check out homeserver too...more towards the low end of scale rather than "I've
got a xeon beast in my basement" homelab

------
nihonium
I use my Raspberry pi to proxy any cloud video to my LG Smart TV, at native
resolution, using rclone mount and Emby Media server. It's great. I can play
4K 100mbit videos from my cloud drives directly on the TV.

Side note, you can also use cloudflare free for dns, it's easy to setup.

~~~
alexfromapex
And cloud flare can block some of the mischievous web traffic too

~~~
nihonium
Yes, exactly. Despite the fact that my domain is not listed anyone online,
cloudflare dashboard says they blocked 1000s of attempts last month.

~~~
whatsmyusername
Eh, doubt. My guess is they're bumping those numbers based on people hitting
the cloudflare edge IP not your particular DNS name.

Do you have your origin whitelisted to cloudflares edge ranges? If not it can
be hilariously easy to get around cloudflare (ex: Hamas.ps is behind
cloudflare but runs on Hetzner
[https://censys.io/ipv4?q=hamas.ps](https://censys.io/ipv4?q=hamas.ps))

------
bergoid
Is there a Raspberry Pi 4 case somewhere for sale that can hold a 2.5 inch
HDD?

~~~
jsight
I've often looked for this, and there are surprisingly few options. Maybe
something like this would work?

[https://www.amazon.com/Geekworm-Raspberry-Storage-
Matching-E...](https://www.amazon.com/Geekworm-Raspberry-Storage-Matching-
Enclosure/dp/B07GRZRW7J/ref=sr_1_3?keywords=raspberry+pi+case+hard+drive&qid=1582215950&sr=8-3)

------
jlgaddis
I only skimmed this article but I didn't see any step where the default
credentials ("pi"/"raspberry", IIRC) are changed so if you follow this guide
you should expect your "home server" to be hacked and become part of a botnet
shortly after you

> _head to your router settings and port forward 80, 443, 22 and any other
> ports that you might want._

~~~
schwartzworld
in fairness, changing the password is step one on any internet connected
raspberry pi.

------
kristianp
I'm using a pi 4 with ubuntu server and plex. The Android tv Plex app works
really well with it.

It's connected to my wifi router via an ethernet cable. I used 32 bit ubuntu
as it's only a 1GB pi and 32 bit saves some ram. I had some voltage warnings
when booting up, I should probably get a better power supply for it. The Usb
drive is non-ssd.

------
threatofrain
What might people recommend for a NAS?

~~~
gempir
I personally looked into this a lot the past year. And Ended up with a
Synology NAS.

The software is just incredible on that thing. I got one with an Intel CPU and
can run Docker on it that way. This replaced my PI where i was previously
running a few things for home automation.

You can totally setup a NAS with a pi but IMO it's never gonna be as nice as a
Synology NAS and all the trouble you have to go through setting it up.

~~~
beagle3
I have a 416, and got it for the same reason - it just works, very well, easy
to administer (but hardly ever need to).

But I can't shake the feeling that they will turn to the dark side sooner or
later - the fact that the software is closed, mostly. Definitely if they get
acquired, but also all the nice features are begging to be abused once the
MBAs see they can get another $1/year/customer from selling you out.

So far, I only have excellent things to say about Synology. The feeling is
from past experience with other vendors - Synology themselves have been
amazing.

------
wheresvic3
One small point not mentioned in the article is that the is hooked on to a
wall behind the tv so it is nicely hidden.

A cheaper option would probably have been to get a proper computer (likely
secondhand), which would have been more cost effective but probably take up
more space :)

------
atum47
Now I just need to translate it to Portuguese and share it with my Dad. Thanks
a lot. =)

~~~
wheresvic3
Nice! If you publish it, do send it across and I can link it :)

------
wyclif
I enjoy this blog, but I wish it had an RSS feed.

