While ripping some old DVDs I had lying around, I realized I had no real way of cataloguing these movies. I also thought about how my photo storage system was, while fully backed up, archaic, as I had no way to access my photos outside of browsing the folder on my PC; which sucks because I often want to access my old photos while away from home.

In order to to make these things happen, and also to help me apply networking and security concepts, I undertook one of my largest projects in late 2023, the creation of my own home cloud. I also wanted to make a push towards being more private with my information, with cybersecurity attacks becoming more prevalent every day, could the cloud providers like Google and AWS we trust be the next targets?

I needed a solution that met the requirements of being reliable, accessible, and FOSS. I wanted the system to be able to: Back up and reliably store my photos and videos, serve my movies and tv shows, handle home automation tasks, and also serve as a DNS server/filter for my network.

While it is not the most beautiful piece of equipment, I took an old HP Envy tower that I had been using previously, installed 3 4TB IronWolf drives to support inexpensive RAID 5 redundant storage, a spare GTX 1060 for NVENC workloads, and an upgraded power supply for the GPU. Outside the computer, I use a APC BackUPS XS 1500 I found at Goodwill to prevent sudden power losses, which also powers all my networking equipment to keep cameras and such online.

I decided to run Ubuntu 22.04 as the foundation for the system. To run individual services, I would manage them using Docker. For media streaming, I chose Jellyfin as it would allow me to share movies with my entire household. As a drop in replacement for Google Photos, I set up Immich. To provide DNS filtering, I used Pi-Hole. Making the whole thing work is a nginx reverse proxy I have set up to allow for me to connect to each service using a subdomain instead of awkward port numbers!

By "serving" so much information to myself, I inherently am presenting a risk by opening my personal data to the internet, which leaves the burden of protecting it on me. Because of this, it's super important to worry about security, even if it is excessive.

I approached this, and still do by implementing preventative security and also responding to any potential risks as necessary. For example, early on, I noticed that when opening port 22 to the internet for SSH, immediately many overseas servers would try to log in to my box. I can fight against this by using public/private key authentication or fail2ban to counteract bruteforcing.

Because of some of the limitations my ISP places on home networks, like blocking port 80, I also purchased an AWS EC2 instance to make further magic happen with some of my services. Having this instance allows me to avoid having my backend IP indexed on anything like Google and also avoid using port numbers!