Build your own home server part 4: Build KVM virtualization and paravirtualization guests

There is 2 kind of virtualization that you can do with KVM. The paravirtualization is a kind of virtualization where the guest know that its running into a VM and thus can do optimization. The virtualization is used for system that don’t have to (or not able to) know that he is running into a VM (for example windows).

For virtualization you can optimize your VM by adding drivers after installation. I will show you in this post how to install Windows on KVM with drivers for optimization.

Continue reading

Build your own home server part 3: DMZ network and virtualization with KVM and libvirt

If you are here then you succeed to boot your new encrypted system. Now its time to configure and install some software on the host.

Network configuration

First we are going to build an ipv4 network with 3 legs. Those network will be used to isolate private services from public services. The host will have a leg in red (default with route to outsize) and a leg into the green network (to do backups). In a further article, we will install the firewall VM and I will describe more the network.

  • RED : connected to eth0, linked to the provider’s network (or provider’s private network behind the box)
  • GREEN : connected to eth1, for your private home network and less secured services
  • DMZ : virtual network that will contain public services (VM only network)

Continue reading

Script to push ssh public key to remote server

Simple script that will push the key but will also prepare the remote system if not ready to receive keys (what ssh-copy-id is not doing)

if test -z "$1"; then
    echo "USAGE : $0 username@hostname"
cat ~/.ssh/ | ssh $1 "mkdir -p .ssh; chmod 700 .ssh; cat >> .ssh/authorized_keys; chmod 0644 .ssh/authorized_keys"

Build your own home server part 2: encrypted server with Gentoo, aInitRamFs and Cryptsetup

So it’s ok for the hardware, now it’s time to install the server.

Gentoo is a fast, stable and very small footprint Linux distribution as you have to build your software with only the functionality that you need. It’s also a distrib that will teach you how linux work as you will do everything by hand (with tools helping of course).

For security reasons (and also because I’m paranoiac), I wanted to crypt everything, even the root partition of my system and to be able to do that I uses an handmade initRamFs (you can find it on github), that will be the only thing (with grub and the kernel) that will not be encrypted.

Continue reading

How to fix font problems with No Machine’s NX

If you are using No Machine’s NX remote desktop technology with the latest version of ubuntu (12.10) or mint (14), you should have problems with fonts that disappear when reconnect to the desktop. This is due to incompatibility between the latest cairo 2D library and NX. To fix this problem you have to downgrade the version of cairo to an older version :

n0rad@n0 ~ $ wget
n0rad@n0 ~ $ sudo dpkg -i libcairo2_1.10.2-6.1ubuntu2_amd64.deb

You can find other lib version and platform here :

Easy to fix, but not easy to figure out ;)

Build your own home server part 1: Hardware selection

I will start a series of blog post describing how I’m building my own home server that is used for 2 things: personal data and public service hosting, Everything in a secured way and using virtualization. I will extend this to services installed in the public and private part and describe how I’m using it and why.

Everything may not be usefull for you but it will also be used by me to remember what I did and how to rebuild it ;)

I will try to describe a maximum of things starting by the hardware and I will give you all tips that I am using for my own server for many years.

Continue reading

Apache redirections with mod_rewrite

Here is an example of mod_rewrite used in the same server as the target

Configure your different domains to point to the same server. In the conf of your apache point your different domain to the same directory.

Then in a .htaccess in this directory push :

<IfModule mod_rewrite.c>
RewriteEngine On

RewriteCond %{HTTP_HOST} ^$
RewriteRule ^(.*)$1 [QSA,L,R=301]

RewriteCond %{HTTP_HOST} ^$
RewriteRule ^(.*)$1 [QSA,L,R=301]

RewriteCond %{HTTP_HOST} ^$
RewriteRule ^(.*)$1 [QSA,L,R=301]


Make sure you installed apache with mod_rewrite enabled

This will redirect all call :

  • from to
  • from to
  • from to