A year with my own private cloud

More than a year ago, I decided to roll up my sleeves and create my own private cloud. I wrote extensively about it here.

Now, it has become my whole personal infrastructure and it works very well (to my standards, at least), so let's look at the changes that it underwent in that time and how I improved it to be more resilient, robust, and fit my needs.

New services & replacements

Over the course of the year, I got to know better the services I used and some of them I was not perfectly fond of.

I've updated the repository continuously, check out https://github.com/tchapi/own-private-cloud.

๐Ÿ—“ Spinning my own CalDAV backend

I had chosen Baikal in my first instance and it worked OK, but it proved quite cumbersome to configure and hard to maintain or evolve due to the legacy codebase.

I thus created my own backend, Davis, based on Symfony 5 and Bootstrap 4, that follows best practices, is easy to configure and dockerize thanks a pretty standard .env workflow.

I also added some nice features such as delegation and sharing (directly in the management section), IMAP authentification, etc ...

It's completely backward-compatible with Baรฏkal so you can use the exact same MySQL database you used before if you're migrating from it (that's what I did).

Grab the latest release here.

๐Ÿ“ Cryptpad

What was missing in the infrastructure was a document editor, in the like of Google Docs. I had tested OnlyOffice but it seems a bit too complete and not suited for a simpler, personal use.

I settled on Cryptpad: https://cryptpad.fr/what-is-cryptpad.html

The team behind it strongly advocates security and privacy, and although the interface has rough edges, it works quite well.

I have adapted a quite simple and robust Dockerfile for it (you can have more details on the repository itself), that does not allow new registrations and configures a few things:

๐Ÿ‘‹ Wekan โ†’ Planka

Eventhough Wekan looked promising on the surface, I never got to enjoy using it. The UI is functional but not on par with what Trello, for instance, can offer.

I went on a quest to find another "task" / kanban software and found Planka, which is still in heavy development, but looks really promising:

https://github.com/plankanban/planka

I installed it and I was right away convinced by how snappy it felt. It still lacks a lot of things but I decided to try it anyway (and contribute if I can).

It's actually a work in progress that you can find in the services/planka branch on the repo here.

๐Ÿ”€ Reverse proxy

I started with an Nginx + Certbot combo, only to realize that it was quite cumbersome and hard to maintain (especially the certificates).

I chose to replace both of them with Traefik: https://doc.traefik.io/traefik/

It's an edge router that is quite used in the Docker world, and is easy to configure (via labels), while being quite opinionated.

It has its own certificate resolvers / endpoints compliant with ACME, so you can use Let's Encrypt and get certificates in a breeze.

Moreover, you can have a very nice dashboard listing all your routes and endpoints, quite practical for debugging purposes:

๐Ÿ“ฌ Mails

I have had in mind to switch to a more privacy-respectful email provider but I never actually did it and kept using my {insert any mainstream provider here} address.

But then I read this: https://poolp.org/posts/2019-08-30/you-should-not-run-your-mail-server-because-mail-is-hard โ€” a blog post from Gilles Chehade who is an OpenBSD contributor and creator of OpenSMTPD, and it convinced me right away that I had to try to set up my own mail server.

And so I did.

I grabbed a supplementary IPv4 address for my mail server that I attached to the same OVH cloud instance, and created two containers:

  • one for OpenSMTPd (SMTP service)
  • one for Dovecot (IMAP service)

That would provide me with the bare minimum for my mail server to work. I followed all the security best practices and made sure that I had a clean, standard installation, and just as described in the blog post that I linked above, it worked quite well from the beginning !

I spent quite a lot of time improving the two Dockerfiles but my mail server has been running flawlessly for about 8 months now, never losing a single mail โ€” and generally being more responsive than the other services that I used.

Dovecot, moreover, is robust and standard software and I can access my mails from any Apple or Android phone, and any mac OS computer, which is all I need (I guess it works well on Linux and Windows, too).

Next steps

I'm updating the containers quite regularly, and I'm always looking out for new types of services to self-host.

To date, I have not had another need but I might install a private git server sometime soon to host all my code.