Wanted: Remote Server w/enclosed abilities

This is a mix of hardware and software ~ let me know if this is more appropriate for another forum.

Hello everyone! Been wanting the below set up for years now and have made moderate attempts the years yet nothing solid for day-to-day driving. Ideally wanting to set and forget (w/knowledge how to replicate/tweak as needed) and not become an admin.

Presume power users here have been using similar set ups now for years. Thank you for any input.

OBJECTIVE

  • Accomplish the following task within the next 6 months.
    — Self-hosted iCloud like server with local and remote access
    — Server plays nice w/iOS Files app ~ likely WebDav
    — Remote to headless mini from external networks (vpns on each device.)
    — Wake-on-Lan (and can reboot remotely through home automation)
    — Need Mac services such as AirDrop, Bonjour and the like to work locally w/vpn/s on.
    — Stream from Plex or Jellyfin while remote (local works)
    — lower priority - remote in to plex/sonarr/radarr as needed
    — nice-to-have - local & remote time-machine-ish backup

ENVIRONMENT
• Devices are a mix of iOS and Macs.
• Headless MacMini 2019 at home (can be used as server)
• Broadband w/respectable up/down speeds
• Apple Time Capsule
• Variety of external drives
• Independent VPN’s on each device; one VPN provides port forward access.
• Xcode is installed for Homebridge and Media Server; would love to kick Xcode

HISTORY
Researched, watched and followed tutorials, made several efforts over the years, partially successful in bits and drabs yet not sustainable. Efforts included using MacMini as server w/MountainLion server, Hamachi, Western Digital MyCloud, hunting for various solutions. Closest file management for iOS to date is Relios Sync (works pretty well, yet limited.)

Key background items to note include:
• Cloud servers hosted by third party companies (including Apple) are NOT used.
• Open to purchasing new hardware/software as needed.
• Cool purchasing software, and avoid subscription based services/software.
• Technical knowledge (ie command line) is light
(following tutorials is about as complicated as it gets.) ~ bit of docker.

STRATEGY
Imagine the most practical minimal maintenance strategy would be a NAS drive that plays equally well w/iOS and Mac that can be accessed locally and remote, then address the server topic separately. That or put everything on the Mini and set up webdav to handle all the file management.

That or put everything on the Mini and set up webdav to handle all the file management.

At first glance, this seems like the best way. With a NAS, you won’t have any of the specific Apple services such as Bonjour or AirDrop. You need an all-Apple solution for this.

Also, NASes are usually underpowered for any kind of remotely serious Plex transcoding.

1 Like

As I read through this, I’m confused as to “independent VPN’s
on each device, one VPN provides port forward address”

Do you mean VLAN?

Or are you connecting to X number of EXTernal networks?

AFAIK AirDrop doesn’t work if any device is using a VPN so that wouldn’t be a reason for not using a NAS

Yes, with a NAS (I’m thinking Synology) you DO have
Bonjour service. However neither Bonjour or AirDrop
are routable protocols.

Curious if their mention here is to ensure local
function is not disabled with remote access?

Pretty sure AirDrop is reserved to Apple gear only, so if this a requirement for OP, that immediately rules NASes out.

1 Like

NAS would generally be intended for file management only.
Server for Apple services and Media server.

Mind you I am not pitching for NAS or no NAS…kicking ideas around on strategy to get the digital life together and easier.

You need Apple services → you need a Mac server.
You need file management → you need something that manages files, and NASes are also servers, which seems kinds of wasted if the Mac server does that job.

Looks to me that it points you towards a Mac server + directly attached storage (DAS). (Would also provide great CPU power for media transcoding) But as has been pointed out in the thread, using VPNs would apparently forbid AirDrop, Bonjour and the like so it would seem you can’t have it all with your list of requirements.

Agreed, Apple Services = Apple Gear, but I am unclear as
to the mention of (multiple) VPNs. If you VPN into a site then
“typically” all your local resources are unavailable, i.e., you
can’t print.

Depending on the VPN, your local addresses can be whitelisted
and now you can print (and access local resources)

However, you can certainly transfer files after VPN connection
INto your network, just not with AirDrop, You can certainly also
discover local resources, just not with Bonjour. So if it is indeed
multiple VPNs, it’s a different item that perhaps we can help with.

C’mon @pixr a little more info please :slight_smile:

This:

and this:

don’t mix well.

Building a secure internet-facing service is something that professionals have a hard time doing correctly. Anything directly accessible from the Internet requires a lot of care and feeding. I don’t want to dissuade you from doing cool stuff, but I think it’s important that, before you put your data at risk, you should understand that DYI servers are work-intensive or very risky (and to be honest, frequently both).

5 Likes

Hi, i’d like to suggest taking a look at a product called Nextcloud. This product is an open-source file hosting and collaboration platform, if you are like me you can disable everything and just use the file hosting bit.

The easiest way to host this would be using a VM with Ubuntu and the Snap package. Once you have this up and running you can get clients for iOS/Windows/Mac and all (or selected files would sync locally) - similar to Dropbox. PS - also supports WebDav.

It depends on your technical ability a little, you need to be able to use basic command line to get this up and running and you’d need the hardware to run the VM, however I would say that once you have it up and running maintenance is pretty light (although as with any web-facing server) you’d have to do it to keep it up to date and secure.

My suggestion - NAS (I have been using synology since 2012 and highly recommend their products) along with Tailscale (remote access/VPN to NAS/machines). I have a DS1019+ which hosts my Plex server along with sonarr/radarr etc.

I hope the op comes back to give us some more information…

I don’t fully understand all of your requirements but I tried a few solutions over the years with varying success. First I went with one of Synology’s cheaper NAS options and immediately regretted it as it was way underpowered (it even choked loading it’s own admin pages over local lan). Sold it and just used an old laptop with an external drive connected to it and ran Ubuntu server. It ran great but you would need to be comfortable with linux and it does require maintenance.

A couple of years ago I looked into NextCloud and FreeNAS and then stumbled onto unRAID. Been running unRAID ever since and it’s been rock solid and flawless. Aside from getting an email every few days letting me know that there is a new updated version of my Plex docker container available (which I could disable that notification if I wanted to), it just runs. Never have to do anything to it. It just works and works very well with the Mac Files app.

More information. Here we go.

BACKGROUND
Technical skill set somewhere around novice. I am not that technical, avoid command lines.
That said w/tutorials and tips from good netizens, I have HomeBridge stood up and running on a Mini…and on same Mini inside Dockr have Sonarr/Radarr/Jellyfin stood up and running (w/plex as a backup.) VPN on for everything. VPN open IP to access services while remote (this is spotty…last I checked this was working.)

CURRENT ENVIRONMENT

  • Multiple desktops all using 3rd party vpns (not always the same)
  • Multiple iOS devices (terms of network access mainly just consuming media w/jellyfin +)
  • 3rd Party VPNs on every device (no ability to use blanket vpn w/current setup of time capsule.)
  • Time capsule as the primary router (routes traffic, time machine, occasional back up storage)
  • Chopped full of IoT, split between Apple Home Kit & Wink (Homebridge)
  • Webdav stood up and running, can access remotely through vpns. Turned out not to help.
  • Remote control app or two
  • Reslio Sync for document transfers.
  • Sensitive docs stored on encrypted .dmgs.

ISSUES

  • Server is set to auto log into account to run autonomously. Not safe, need this to be protected.
  • Encrypted .DMG requires manually mounting (often removing in to open while away)
  • Server chokes when out of space (need to add an external drive, change pointers just haven’t yet.)
  • Disabling VPN when needing to use AirDrop and such (not a biggie as I rarely have that need.)
  • Time capsule old-in-the-tooth, slow. Upgrade is daunting w/everything attached & working.
  • Content Management (separate yet related topic) Overhead involved w/manually moving files
    (mainly photos/screen grabs etc) via Sync, then manually deleting them from iOS device…then having to organize the content later…then actually accessing the content as needed in the future.

FUTURE

  • Services running w/o auto login after server reboot (resilio sync, remote apps)
  • Centalized notes/digital scrap database self-hosted on webdav, personal cloud. other.
    (sync would not be keeping updated ‘copies’ on each device, rather all using the same source.)
  • More secure manner to remote control server.

@csf111 What is the term or meaning behind ‘op?’

I’m not csf111, but op in this context means original poster, the person who started topic, so in this case, you :slight_smile:

1 Like

:+1:t3:

1 Like

Given that I don’t fully understand what you are trying to accomplish, here’s my $0.02. A novice should never expose anything on his network to the public internet without the use of professional services. So, IMO, opening up ports on your router and setting up your own VPNs, etc. will not end well.

If you need a personal file server any computer will do. File servers need storage and a good network. Even the ones I used to manage for 200 users didn’t need more processing power or ram than an Intel MacBook Air could provide. But if they are running applications like a database, etc. that’s a different story. If you want Mac services like Airdrop, use a Mac. Otherwise a Windows computer works fine. Size the “server” based on what Plex will need for transcoding, etc.

A simple solution would be to set up a computer in your home to act as a file server. The select a cloud provider like Dropbox, iCloud, or Google Drive to host those files you may need while offsite. Use a remote access program/service like RemotePC to add/remove files to your cloud service while away from home. Then keep everything synced to your home server so it can be backed up by Backblaze, Arqbackup, etc.

My main computer is an iPad Pro and I ran a similar setup on a 2018 Mac mini, minus the remote access, until it recently died. Since I rarely use Plex these days, I replaced the mini with a brand new $275 PC running Win10 Pro. I use FileJuggler as a replacement for Hazel and the Windows version of Arqbackup. That allowed me to adopt my Backblaze B2 backups, set up rules for file processing, and be back to business as usual in short order.

And if I’ve totally missed the point, please disregard the above. :grinning:

1 Like

Yes. Here are a few of the key points:

No 3rd party cloud services.
Seeking to replicate the file access convenience of iCloud of Dropbox on a personal self hosted model for file management. Mostly to access a digital archive of information (pdfs, digital scraps etc.)

Runs on its own
If there is reboot that ever happens (and it does happen from time-to-time such as a power failure) I need the services to run without having to be at the terminal (or remoting) to log into account. Currently it auto logs in just to keep it running - not good and want to disable th auto log in.

  • file sync. (update ~ the app can run as a service in the background…more to explore)
  • media apps radarr/sonarr/jellyfin/plex etc. ~ these are dockr and expect can run as service (tbd)

Ability to remotely access server while VPNs are engaged
When out of town, need to access any of the services remotely…and variety of vpns engaged on all devices.

File Management
Would prefer the location for the files to be encrypted and protected from both physical access and content in transit. Currently have information stored on encrypted .dmgs ~ and that alone can be a pain when removing in as the file needs to be manually mounted.

Honestly, I think you need to find a local expert to build and maintain this for you. And even doing that, IMO, there is no system exposed to the internet that is “set and forget”. Years before I retired I had to hire a security company to monitor systems that decades earlier I normally only needed to briefly review each day.

Most large corporations have moved, or are moving, to cloud services in part because they are unable to handle the threats that are now common on the Internet. Good luck.