Today I want to walk you through my way of setting up a new Raspberry Pi as a home server. Note that this is only one of many, many ways to setup a server. I choose this one because I find it easy and the result "good enough" to get started.
This blog post is for you if you are either new to a Raspberry Pi or of you want to copy some commands to save some time.
Operating System installation
For the initial setup you can use the Raspberry Pi Imager to install the Raspberry Pi OS on your SD card. I find the initial setup more convenient with the desktop UI. As soon as the connection via SSH works, we will disable the UI and (maybe) uninstall some of the larger packages.
After the first time boot just finish the OS configuration in the wizard. You may even configure Wifi to have less cables on your desk. We can disable it again later.
Switch from Desktop to SSH
After the initial OS setup we can start scaling down. For a server we need SSH instead of the Desktop. Open the Raspberry Pi Configuration in the start menu and adjust it as follow (do not reboot right now):
- on tab System
- set you password
- … and your hostname, eg. raspberry.lan
- boot to CLI
- no auto-login
- no waiting for network
- on tab Interfaces
- enable SSHd
Save the settings but do not reboot now as we want to change some other settings as well.
Disable Wifi and Bluetooth
Usually my Raspberry Pi Home Server resides near my router and I prefer a cable connection over Wifi. I usually switch off Wifi and Bluetooth — mostly to reduce energy consumption but also as a protection against unauthorized access.
To permanently disable Wifi and Bluetooth you can edit the boot configuration at /boot/config.txt and insert the following lines. Changes apply after the next reboot.
Assign a static IP address
The Raspberry uses the DHCP of your router per default. This is usually fine. In my case I want my home server to have a static IP which never changes. Note that your DHCP must not assign this IP to another device.
I added the following lines to /etc/dhcpcd.conf. You can read this article for more details.
Now is a good time to reboot and connect the Raspberry Pi via cable. You should be able to login with password via SSH.
Enable public key login
On our servers we always disable password authentication. It is more safe and more convenient to login via a public key. If you want to login via password, just skip the SSH configuration.
Before disabling password login and locking ourselves out we must enable login via public key. Copy your public key into ~/.ssh/authorized_keys as follows.
Disable root and password login
Now let’s disable SSH login as root user or via password. You have to adjust the /etc/ssh/sshd_config such that it contains the following two lines. There are probably some lines you can comment in and adjust.
Now make the SSHd to reload and read the new settings. Do not close the current session before you logged in via another terminal. Otherwise you can still lock yourself out.
Delete stored WiFi password
Remember the WiFi password we entered during the initial setup? It is still stored on the Raspberry. You can delete it as follows.
Enable unattended upgrades
It is just a small home server but I want to install security updates nonetheless. I would probably forget about it, so I enable auto-updates.
In theory it might cause problems which require manual attention though it rarely does. I rather have a server down before not installing security related updates. In the first case I have a problem and I know it; in the latter I have a problem and don't know about it. Feel free to have your own opinion though.
You can enable auto-update as follows:
Reclaim SD card space
The Raspberry Pi OS comes with a bunch of installed packages which I find great to get started. However if you want to free some disk space you can quickly find the largest packages and identify some to uninstall.
I decided to keep the installed packages.
Stop unneeded services
There might be some unneeded services running as well. I do this for the same reason I disabled WiFi and Bluetooth. However the reduction in energy consumption in this case is probably much, much less.
You can inspect all running services including their description with the following command.
Note that some services need to be uninstalled. Otherwise they re-activate after reboot. Just try it out.
You know best what you need or want to keep around. I disabled the following services:
After reading over the blog post, my Sandstorm college Theo hinted me to another nice little package: Log2Ram. It reduces write access to the SD card by collecting system logs in main memory for a day (per default) before writing them to the SD card.
I have no experience whatsoever with this service, but want to give it a try. So can you if you want to. You can install and configure it with the following commands. Please consult the docs for details.
After rebooting I checked for Log2Ram and it failed to start. My logs at /var/log were too large (already? how?). Without further investigation I deleted some larger log files and restarted Log2Ram. Looks fine now.