My own private server

Over a decade ago, I wanted to set up a server of my own.

My main reason was to have a blogging and email platform whose contents didn’t depend on advertising, and wouldn’t be otherwise be subject to corporate scrutiny.

I played around with the idea for about a year before I called it quits. I recognized that no one but me would use it. None of my friends shared my concerns about privacy.

Things are a bit different now:

  • I’ve got a decade’s more sysadmin experience under my belt.
  • Privacy issues have skyrocketed. Google, my primary non-work email provider, is scanning all activity for AI. It hasn’t turned explicitly “evil” yet the way FB has, but it might head in that direction.
  • I have better financial resources than I did 10 years ago. Part of the reason is a “COVID dividend”: Because I work from home, I haven’t had the expense of a daily commute.

I now have my server.

Getting the server

I thought seriously about getting my own hardware and working with my cable provider to permit me to run a server from my home. In the end, I decided to go with a virtual private server (VPS); that is, a computer in the cloud. I didn’t want my email address to go down if I had a power outage in my apartment.

My VPS provider is Namecheap. I went with them primarily because I already used them to register the domains and certificates for my WordPress sites: argothald.com (you’re reading it now!) and acorn.garden.

While I was at it, I also moved my WordPress sites to my server as well. They used to be hosted by EasyWP. It’s a good company and I’ve been content with them, but once I had a server of my own (and the skills to maintain it) there was little point in paying them an annual fee for something I could do myself.

There’s the obvious question: What if Namecheap turns evil too?

All I can do these days is hope (and use 5calls.org daily). But Namecheap has been a decent company in the past, and it’s small enough to fall under the radar of corporate acquisitions.

Or so I hope.

An offer for my friends

Since I was going through the effort of setting this up, I decided to install a “friendly” web-mail interface so that I could offer my friends a choice of using my mail server as well. Realistically, no one is going to accept the offer, but it’s there.

I should add that my mail server is not a resource to plan clandestine events. Namecheap’s terms of service makes it clear that they can’t be used for illegal activity.

If you want to communicate with others privately over a public network, all of the folks involved have to learn about either GPG or S/MIME certificates (Actalis is the only place I know that reliably provides these at no charge).

You don’t need my server to encrypt your email, only the willingness to learn something new.

Let’s get real

There’s another practical reality: This VPS will last as long as I can pay the annual fees for the server and its certificates. If a recession wipes out my money, or (let’s be blunt) I die, the server goes away once Namecheap stops getting paid its annual fees.

The overall cost of maintaining my blogs is not much higher than it was before. I’ll save money by not having to pay EasyWP anymore. I also discovered that I’d done a bad job of configuring my SSL certificates; I’ll be able to move to less-expensive plans in the long run.

So: I’ve got a new email address! On my own server! I’m not going to announce the address in this post; I’ll send out an email to my friends to let them know.

Also, I’m not terminating my main Gmail accounts. I still need a communications backup in case my server is not available. So my old emails will continue to work indefinitely.

Unless Google turns really evil.

Mail aliases

With my own mail server, I can do something that would expensive to do with Gmail or any other email service provider:

I can have as many email address as I like.

For example, suppose my main email address is “seligman@example.com”, I can define aliases like “seligman.netflix@example.com”, “seligman.amex@example.com”, and so on.

Why is this useful? Previously, when I had only a few email addresses, if I got a notification that “purchasing@gmail.com” had been seen on the dark web, I couldn’t tell from which site the address had been harvested. If I used purchasing@gmail.com on lots of sites, it was impractical for me to change the password on all the sites.

Now I can create a custom email address for every site that I’m on. All I have to do is add one line to a file.

If I receive a notification that “seligman.netflix@example.com” has been potentially compromised, I only have to go to Netflix and change the password (or even the email address!).

I also know (in this example) that Netflix is the source of the breach. That’s always useful information to have for the future.

If you’re a mail nerd, you know that in theory this was always possible. If you put a + sign in the account part of your email address (e.g., “seligman+netflix@example.com”), a mail server is supposed to ignore the “+” and everything after it; in other words, it’s equivalent to “seligman@example.com”. Unfortunately, many mail servers don’t recognize this standard.

Sysadmin boasting

The rest of this post lists the features I’ve set up on my server. If you’re not interested in technical details, skip it.

  • The new server is running a typical Postfix/Dovecot combination for mail routing and delivery. The tricky part of setting this up was to have postfix working with two completely different domains, argothald.com and acorn.garden.
  • I use Thunderbird to read my mail. However, I also installed Roundcube. The primary reason was to create a user-friendly interface for tools like mail filtering, anti-spam rules, and even GPG keys.

    It was while setting up Roundcube I discovered that I made a configuration error in one of my certificates that caused it not to work with PHP. I’ll fix this in a year when I renew the certificates.

  • Roundcube and WordPress both require MySQL. I was vaguely familiar with MySQL before, but setting them up refined my knowledge of how to work with this database interface.

    It also reinforced my opinion of “who the heck designed this awful thing?” but that’s my prejudice.

  • Roundcube and WordPress also depend on PHP. I wasn’t familiar with PHP before this, and I’m still not (I just use others’ scripts), but I have an improved understanding of tools like composer and pecl that I did not have before.

    It also reinforced my opinion of “who the heck designed this awful thing?” but that’s my prejudice.

  • I’ve set up my own backup systems. Formerly, my WordPress blogs were backed up only when I visited the EasyWP site and initiated a manual backup. Now they’re backed up once a day. I could increase that frequency if I wished.

    The sites are backed up to my home computer, where they’re further backed up by Time Machine, Carbon Copy Cloner, Dropbox, and BackBlaze. I think I may have a decent path to disaster recovery.

    If you have some knowledge of computer security, you’ll realize that this is yet another reason not to engage in unencrypted clandestine activities on my server.

  • The Postfix configuration includes anti-spam/anti-virus tools including ClamAV, MIMEdefang, and SpamAssassin. I also implemented DKIM and SPF validation on my domains.

    I won’t claim I’m immune to spam, but these tools can’t hurt.

  • When it comes to firewall rules, I’m a bastard. I’ll block anyone who seems to be scanning my blogs too aggressively. If more than one IP address in a given domain probes my mail or web services, I’ll block the entire domain.

    To put it another way, if you’re in China and you’re trying to view this blog on a cell phone, you may be out of luck.

  • Because I’m old-fashioned, I did this all “by hand,” without tools like cPanel.

    Also, the price Namecheap charges for using cPanel is higher than the cost the server!

  • I so, so wish that when I was setting up my WordPress blog in 2017, I’d chosen the name argothald.org or argothald.net.

    Instead I’m stuck with argothald.com. It’s not a commercial site, so the name isn’t accurate.

    On the other hand, there are so many links to Amazon in so many of my blog posts that perhaps I should acknowledge my greed and folly.

This Post Has One Comment

Leave a Reply