I'd like to have my own server at home sorta like a home AWS.
How to set up one and make it available to anyone over the Internet? What tech specs should I buy (RAM, CPU, # of cores, operating system, etc.)?
How much does it cost to keep one running all the time?
Your basic requirements are:
Hardware coices:
Don’t get server hardware, use regular desktop/laptop machines as they’ll be more than enough for you. Server hardware is way more expensive and won’t be of any advantage. If you’re looking to buy you can even get very good 9-10th gen Intel CPUs and motherboards that are perfect to run servers (very high performance) but that people don’t want because they aren’t good to play the latest games.
This hardware is also way more power efficient and sometimes even more powerful than any server hardware that you might get for the same price. Get this hardware for cheap and enjoy.
If you don't require a TON of computer power some people might suggest ARM board, such as the Raspberry Pi, but be careful with those. ARM is great for power savings but compared to consumer hardware is it shit when it comes to performance and reliability. Also I personally like to avoid the Raspberry Pi and their stuff as much as possible. They've done good things for the community however they've some predatory tactics and shenanigans that aren't cool. Here a few examples of what people usually fail to see:
For what's worth the NanoPi M4 released in 2018 with a RK3399 already had a PCI interface, 4GB of RAM and whatnot and was cheaper than the Raspberry Pi 3 Model B+ from the same year that had Ethernet shared with the USB bus. If you still want ARM and you're about just serving a few websites, cloud service wtv pick a Chinese brand such as friendlyelec or rockpi. More computing for less money and a lot less proprietary BS.
Mini computers from big brands though, for 100€ you can get an HP Mini with an i5 8th gen + 16GB of ram + 256GB NVME that obviously has a case, a LOT of I/O, PCI (m2) comes with a power adapter and more importantly it outperforms a RPi5 in all possible ways. Note that the RPi5 8GB of ram will cost you 80€ + case + power adapter + bullshit pci adapter + sd card + whatever else money grab.
Side not on alternative brands, HP mini units are reliable the BIOS is good and things work. Now the trendy MINISFORUM is cool however their BIOS come out of the factory with wired bugs and the hardware isn't as reliable - missing ESD protection on USB in some models and whatnot.
Quick check list for outward facing servers:
Realistically speaking if you're doing this just for a few friends why not require them to access the server through WireGuard VPN? This will reduce the risk a LOT and won't probably impact the performance. This is a decent setup guide https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-debian-11 and you might use this GUI to add/remove clients easily https://github.com/ngoduykhanh/wireguard-ui
Point of order on the raspberry pi:
Here's your Debian https://raspi.debian.net/tested-images/
There multiple issues with those Debian images and while I would love to run them, they don't cut it. Generic images might underperform in your board, the GPIO and other low level components will, most likely, not work and you might burn your storage as logging and other I/O intensive operations aren’t tweaked for SD cards.
There's also Armbian (https://www.armbian.com/rpi4b/) but only Ubuntu based right now. Armbian could be a great solution however there has been not much interest in the RPi board most likely due to what I pointed before.
Also WRT telemetry: https://forums.raspberrypi.com/viewtopic.php?t=341514
The only telemetry is pertaining to what the imager is burning to the card. So if you don't use the imager there's no telemetry, if you use the imager but disable telemetry, there's no telemetry, if you don't disable it, it just sends back what you're installing.
Here the problem: they're forcing people into the Raspberry Pi Imager with shady tactics. Without it you won’t be able login via network out of the box and by default it enables telemetry. This isn't okay.
I've already spoken about the "telemetry" but here's your ssh login. Literally all the installer is doing is adding a blank file.
https://phoenixnap.com/kb/enable-ssh-raspberry-pi#:~:text=If you use your Raspberry,SD card to enable SSH.
Then if you don't want to do that every time, just create an image for it. That's your new image to flash onto the SD cards.
There's nothing stopping you from not using the imager. dd works just fine. There's no telemetry on the OS itself, so here's how you personally get what you're looking for.
Yes and why are they forcing us to go through hoops / non standard BS instead of doing it like any other SBC and just enabled by default. Armbian does it and once you login you're required to change the password for security.
I remember before the imager the RPi also had SSH enabled by default. Don't sugar coat it around security, this is bullshit to force people into their imager.
None of this forces you to use their imager though… It's barely a hoop, most people running multiple pi's as servers will have done this for a reason other than ssh anyway.
And yes one solution to this security problem is to require changing the username and password, the more effective solution is to not have the process running at all, unless specifically enabled. I'm sure that sentence sounds familiar from your company's security team.
Raspberry pi's serve a lot of purposes, many of those purposes don't need ssh. But if you enable it by default that opens the pi up to being a target, which we saw be a huge problem before this change.
Also, this is not the only distribution that has ssh disabled by default. It's just the only popular distribution I'm aware of that doesn't have a server image option 🤷♂️ it's actually standard security procedure.
For example, if you install Ubuntu desktop, it'll have ssh disabled, because it is standard. Pretty much any distro should do this as well as long as it's not their "server" ISO.
In any case it's a good practice to backup your images regardless of what hardware you're running on, especially if you're running a cluster, it allows for easy reproduction across the cluster.
The most common use case for a RPi is people who just want to hook it into some electronics and play a bit with it, very much like a modern day Arduino. The second most common is some kind of server be it simple SMB share, DLNA wtv. The 3rd case is custom images like retropi, home assistant etc… In the first tow having SSH by default greatly simplifies things.
People who deploy professionally / on scale / create customs images for other things are tech savvy enough and know how to disable SSH - no need to have it disabled by default.
I just found your comment, that was very helpful thank you!
You’re welcome.