Host your own Cloud Storage – /e/ OS shows the way


Photo by Taylor Vick on Unsplash

Remember the time when you felt happy that free emails services like Gmail were handing out 15 GB of free storage space? Most of us started uploaded our selfies, family photos and those ‘not-to-be-shown-in-public’ photos onto the online cloud storage folders.

As a generation, we rejoiced at this new and ‘safer’ way to store important files and document. No more worrying about the moisture in the cupboard or the water dripping from the ceiling destroying your precious wedding photos. The trick was to convert all the music CDs or photos into digital files and then upload everything onto the cloud and live happily ever after…Right?

Wrong.

Our bubble burst all to soon when we realized that our private photos and documents was not all that safe. We found out for instance that technical support staff could have a peek at our data if they wanted to. Over the years the situation has not changed much.People now are ‘slightly’ more aware of the dangers of storing their personal information online. We have realized that the storage repositories controlled by the bad boys and girls of the tech world like Google, Amazon , Microsoft or Apple to name a few are not all that safe.

All this leads to the question - Is there no way to safely store our personal information?

One option which has gained some traction in recent years is to store it in our own cloud. The team at /e/ has come out with a way for their users to host their own cloud services. For the uninitiated /e/ OS is a Google-free, privacy-focused, android smart phone Operating System. Forked from Lineage, it uses MicroG to run apps which need Google services.

On signing up for an /e/ ID, a user gets a 5 GB free storage space. This storage space is used to save user data in an encrypted form on the /e/ servers. Now the team at /e/ OS has taken the concept of user-data privacy to the next level. In addition to operating a full setup at https://ecloud.global, they have started providing users the ability to self-host their data on the cloud. In this article lets have a look at how this self-hosting actually works.

A word of caution the /e/ ‘Host-Your-Own Cloud’ project is still in its beta phase. It requires some prior Linux server administration experience to implement.

developer
The team of Thilo, Felix and Jo who worked on the project from the /e/ development team shared some inputs on how a user can set up cloud storage on his or her own.

Lets begin…

Objective of Self-Hosting

The ‘host your cloud’ project allows /e/ users to install cloud services on their own server, using a single identity. Users by self-hosting can syncing data from their smartphones on to their own cloud. As to what can be stored includes :

  1. Your Smart phone settings and customization
  2. Pictures, videos, documents
  3. Calendars
  4. Contacts
  5. Notes
  6. Tasks

the list goes on

The setup uses NextCloud, OnlyOffice, Postfix besides other open source components.


/e/ product eco-system

System Requirements

For the full setup, the following server hardware is recommended:

  • 2 core CPU (x86/x86-64 only, ARM not supported yet)
  • 4 GB RAM
  • 20 GB disk space

For the setup without OnlyOffice, requirements are a bit lower:

  • 1 core CPU (x86/x86-64 only, ARM not supported yet)
  • 2 GB RAM
  • 15 GB disk space

Please note that Disk space above only refers to the basic installation.

You will need additional space for any emails, documents and files you plan to store on the server.

Additionally you will need to have a minimum of one domain registered.

You can register a domain name from many providers.
A TLS certificates will be added automatically during setup, using Certbot.

Installation

Create an Ubuntu server instance

The project should work with any Ubuntu server (Virtual Private Server (VPS), dedicated server…) versions 18.04 (should work on 16.04).
Debian server should work as well, though the development team mentioned that they have only tested it on Ubuntu as yet.

Hosting at home is also possible in principle. That is if you know how to get you email across providers who may classify it as spam!

Create your hosting server

Follow your hoster documentation to create your server or VPS.

Set your server with proper DNS settings

  1. Point your domain DNS entries to your server
  2. Then set the reverse DNS of this server to the same domain (this is usually possible in the VPS settings on the hoster’s website).

An example :
The below example will use yourdomain.com to explain the (initial) DNS setup you need to have for this to work.

It is assumed that your VPS is up and running

This example uses IPv4 address 1.2.3.4 .

Create two A records in the zone file of your domain on your DNS server (or the corresponding webui of the domain registrar):

Then set the reverse DNS of 1.2.3.4 to mail.yourdomain.com.

(note the final dot ‘.’ at the end of our fully qualified domain name).

This is usually possible in the VPS settings on the hoster’s website.

In the following text, $DOMAIN refers to the domain (youdomain.com) that you configured for your selfhosting server.

Start bootstrap process

Login to the server via ssh as root (on Linux/macOS the ssh client is available out of the box

On Windows you need to use an ssh client like Putty for example).

Execute this command and follow its on-screen instructions:


The setup script will ask you to input some details of your setup (like your domain name) and to setup additional DNS records (the two A records plus the PTR record were set already above).

Example session for yourdomain.com:


Manual account creation

A few services can’t be configured automatically and need manual account creation to secure them:

Available Services

You can find login information for these services by running

   bash /mnt/repo-base/scripts/showInfo.sh.

Sample output of showInfo.sh:

  • $DOMAIN: File hosting with Nextcloud, email with rainloop
  • welcome.$DOMAIN: Allows users to sign up for a new account (you can create signup links with bash /mnt/repo-base/scripts/generate-signup-link.sh, account creation with this “self service” is only possible when such a link is generated)
  • office.$DOMAIN: Create and edit office documents (OnlyOffice) (only when you answered yes to the question “Install OnlyOffice?” during setup obviously)

Administration

  • spam.$DOMAIN: Email spam filter (rspamd)
  • mail.$DOMAIN: Administrate email and create accounts (postfixadmin) when not using the “self service” welcome.$DOMAIN - this requires you to set a intermediate password during account creation.

Setting up /e/ OS with /e/ self-hosting

For a new installation, enter login (email address - username@yourdomain.com), password and selfhosting domain FQDN in the fist time usage wizard.

Using login (email address - username@yourdomain.com), password, and specifying your custom server URL using the “Server URL” (https://yourdomain.com) field in “Login with another account”:

e_os_custom_server_screenshot-small

If you already have /e/ OS installed, you can add your selfhosting domain under

Settings->Users & accounts->Add account->/e/ account

Settings->Users & accounts->Add account->/e/ account

The team agrees that the setup process as it is at present is a bit ‘technical’.

The plan is to switch to Ansible to make the deployment process simpler.
We will be waiting for that update, team!!

Additional Resources for Reference :

/e/ cloud storage project source code

/e/Os Website

You can also read this post on Medium

14 Likes

Thanks Interesting article, self hosting is a great idea!

While I appreciate the work of the devs and whilst I strongly support the idea of selfhosting your own data to gain a high level of data sovereignity, I’m missing a disclaimer here to inform new users who’d like to give this a try about possible risks coming along with running your own (selfmanaged) server. The documentation right now gives the impression that you only have to follow the mentioned steps with entering a few commands in your terminal to benefit from a working and stable cloud instance. It is mentioned though that some Linux admin knowledge is required but this is very vague and does not inform in a way where a possible user can make up his own opinion if he would like to take the risks or not.

If you’ve never set up a server before in your entire life then I strongly discourage you to start learning by setting up an instance which will be publically accessible on the internet. A better approach would be to set up a server in your network at home and learn basic securing and hardening techniques in an environment which will not negatively affect you and your data if you make any mistakes.

In the EU, if you rent a VPS or Root Server, it’s you who is legally responsible for any malicious or illegal activities that are happening on your server. And if you do not know how to secure your server sufficiently against hackers then it’s an easy job for an attacker to gain access and misuse your data and the server resources while you are full liable. So please, only set up a server on the internet if you actually know what you are doing - I cannnot stress this enough.

Also, when running your own mailserver you should take into account that you could run into problems with sending mails to specific providers. Especially Microsoft is hard to handle here. They use the bad practice of banning whole IP subnets when they detect malicious activities like spam. So if one of your VPS neighbors in the same IP subnet sends spam, Microsoft will also automatically ban you. If you are lucky, mails to domains like @outlook.com or @hotmail.com will get rejected with a notice which will allow you to further take actions. But it also happens that Microsoft blackholes mails and in this scenario your mails will not arrive without you even noticing it. A solution for this would be to use a trusted SMTP-relay for specific recipients.

Please don’t misunderstand these points I mentioned. I’m not saying this with a negative attitude at all - I just want to raise awareness over this.
I would really appreciate it if you guys could update the documentation to further inform users.

7 Likes