The idea came up because I have deployed a lot of applications at home, and the broadband at home has a dynamic public IP address, so sometimes when friends need to access it, they can only usehttp://dynamic domain name:portThe original http method is plain text, and it is not the standard port 80, so the mobile browser or WeChat internal browser will prompt that it is not safe, which seems very low-end.
So I thought I could use this opportunity to sort out the applications at home (it would be best if the deployment method could be unified), and then publish them to the public through reverse proxy using https. However, the Internet is not safe. Since the applications have been officially released to the public, do I have to consider security? Then I thought, if security is taken into consideration, then should operation and maintenance also be taken into consideration? ... In the end, I thought that since I had considered so many things, I might as well just build a home data center as the ultimate goal.
Another advantage of home data centers is that you can use civilian electricity bills to exchange for performance: the performance of low-end cloud servers (CPU 1 core, 2 cores; memory 1G, 2G) is generally not very good, and may not be comparable to the performance of your own home devices (or even far behind). For example, my two main devices now: M1 macmini beggar version and inter 13th generation cpu + 64G memory mini host priced at more than 3,000 yuan, if converted into a cloud server with the same performance, how much would it cost per month? ? I dare not even think about it, but now I only need a few dozen yuan of electricity bills per month to own it, isn’t it great?
As for the stability issue...the failure rates of Alibaba and Tencent Cloud are not low now.
Of course, the most feared situation of a home data center is power outage, which I can't do anything about. I solve this problem by building a disaster recovery site on a cloud server (the cheapest one will do, mainly for record keeping). The cloud server runs a detection script regularly (every few minutes) to detect the availability of the home WordPress main site. Once the main site is found to be interrupted (whether it is a power outage or a network outage), the disaster recovery site automatically becomes the main site and starts providing services.
Note: To realize the above functions, a series of underlying key technical supports are required.
As mentioned above, if you want to have a good experience when accessing applications in your home data center (with a high level of quality), you need to solve the problem of adding a port after the domain name. In this case, you must use ports 80 and 443. To use ports 80 and 443, you cannot rely solely on the public IP address of your home broadband. You need to use other methods to achieve this. There are two main methods.
1. Domain name is not registered, use cloudflare (home broadband can be used with or without a public network address)
This method is actually the service provided by Cloudflare's free plan. This method is the one I recommend, and it has many advantages:
a. No need to file
b. There are multiple ways to return to the source, regardless of whether the home broadband has a public network address or not (but try not to use the public network to return to the source, as domestic operators are now very strict about accessing non-registered domain names)
c. Cloudflare is an one-stop service provided through the edge network: website building, CDN, basic DDoS protection, WAF, so basically it is a one-stop solution for general individual webmasters, without having to worry about anything (of course, the premise is that you can make reasonable settings yourself, these functions are closed by default, and these are only the most basic).
Of course, this approach also has many disadvantages, and they are relatively large:
a. If you can’t use science or magic, you may not be able to access the Cloudflare official website (some areas can be accessed directly, mainly by luck)
b. To properly configure the many functions of CloudFlare requires a certain technical foundation, and learning it takes a long time.
c. It is not difficult to set up and access directly, but it takes some effort to optimize it for faster domestic access
Although the threshold is high, I still recommend this method, because although it requires learning and tossing, isn't building a home data center a tossing thing? Moreover, I have written a series of cloudflare tutorials. As long as you calm down and read them carefully, follow the operations, and figure it out on your own, I believe you can toss out results.
2. Domain name registration, use domestic CDN (requires home broadband with a public network address)
Compared with the first method, the advantage of this method is that it does not have a high technical threshold and anyone can do it, which saves the time cost of learning many prerequisite technologies, and the access experience is the best for domestic visitors. However, the disadvantage is that it requires a time cost: filing, and more money cost: purchasing a cloud host (because filing requires that the resources you publish be located in a controllable domestic institution).
a. Record keeping
For individuals, the most convenient way to register is to purchase a cloud host (Tencent Cloud, Alibaba Cloud, and others), and then register through the registration system provided by the cloud host provider. The advantage of this method is that the registration department of the cloud host provider will help you review the registration information, tell you what needs to be modified, and tell you if there are any problems during regular inspections, and even tell you how to deal with them.
b. Purchase a cloud host
The cloud hosts I usually buy are Tencent Cloud and Alibaba Cloud. Of course, there are others. However, these two are the largest and the mainstream choices. It is also very convenient to register after purchasing hosts from these two cloud providers, so I bought the cheapest lightweight server on Tencent Cloud (2 cores, 2G memory, 50G hard drive, 4M bandwidth, 300G traffic per month, with a new user discount, cheap~, about 9 yuan per month after the discount, I can barely afford it). This server has average performance and is unlikely to be used to run applications and databases that consume too many resources, but it can be used to run some lightweight applications and demonstration content.
c. Choose a suitable domestic CDN
As long as the domain name is registered, you can choose any domestic CDN supplier, instead of having to choose the supplier from which you purchased the cloud host.
The key criterion for selecting a CDN is the type of home broadband public network address: if it is an IPv4 public network address, you can choose any one, depending on which one has the lowest traffic price; if it is an IPv6 address, you can only choose a CDN manufacturer that supports IPv6 back-to-source (such as Alibaba Cloud CDN).
Note: In fact, there is another tricky way to build a website, which is to use this lightweight server as the first-level reverse proxy, and the upstream server points to the second-level reverse proxy at home. However, the access experience of this method will be limited by the upstream bandwidth of the server, and the home broadband must have a public network address.
However, there are also variant solutions: the upstream server points to the home device through a virtual networking address, so it is okay if the home broadband does not have a public network address; then the CDN service of the lightweight server provider (for example, I use Tencent Cloud's lightweight server, so I use Tencent Cloud's CDN) is used to accelerate access to websites on the lightweight server. This method is not limited by the server's upstream bandwidth (because it is the same supplier's CDN going back and forth to the source server, it is internal traffic and has no bandwidth and traffic restrictions), but it is affected by the server's downstream bandwidth (because the secondary reverse generation at home is accessed through a virtual networking address, and the corresponding content obtained is the downstream bandwidth for the server, but generally the server's downstream bandwidth is at least 10 megabits, which is enough to return to the source). It is suitable for friends who want to build a home data center but do not have a public IP and want to use a domestic CDN.
Then it is recommended to prepare at least 2 second-level domain names:
1. Domain name registration
It is used for external (domestic) release of home data center applications (domain name resolution is placed on Tencent Cloud). It is recommended that all application releases be made through CDN unless absolutely necessary. The home data center is only used as the source station. This can hide the real IP address of the home broadband. After all, domestic CDN can also achieve a certain degree of security through some simple settings (high-frequency access restrictions, TLS version restrictions, etc.).
2. Unregistered domain name
Prepare another domain name to be hosted on cloudflare to enjoy cloudflare's one-stop service. At the same time, you can also allow the registered domain name to use cloudflare's services through a customized host name.
Note: When an unregistered domain name is hosted on cloudflare, the third-level domain name of the registered domain name can also be connected to cloudflare through the "custom host name" method and enjoy cloudflare's services. However, cloudflare only gives a 3-month validity period to the domain name connected in this way by default. After the expiration, cloudflare will check whether the SSL certificate of the connected domain name itself is still valid. If it is valid, it will automatically extend the validity period by 3 months, and then repeat the cycle.
Another advantage of preparing two domain names is that the home data center can have two entrances: one for domestic use (registered domain name, domestic CDN), and the other for foreign use (unregistered domain name, cloudflare). At the same time, if the domestic domain name cannot be used due to force majeure (registration invalid?), the domain name used in China can be easily migrated to cloudflare to continue to take effect (the speed may be slower but at least it can be guaranteed to be accessible. Of course, the bigger the device, the more trouble it will cause, but the speed will not be too much slower~).
Finally, the core part of the home data center is the data center with home broadband as the export. This part involves soft routing, virtual machines, LXC (linux containers), the construction of various docker applications, the configuration of bastion hosts, the construction of web application firewalls, application health checks and fault alarms, application load balancing, databases, self-built game platforms, self-built audio and video libraries, operation and maintenance, troubleshooting, and many other aspects. A key point in this part is: don’t spend any money! After all, it’s my own interest, and I’m a flexible employee, so I don’t have money, but I have a life! The purchase of domain names, cloud hosts, and CDNs are all necessary expenses, and I have no way to control them. The internal home data center is completely controllable, so all the options are free. But free does not mean no quality. We should use technical investment instead of money investment, and we can still have a good experience in the end!
This series together constitutes the solution for the entire home data center (there is too much content, I will write it later). Then I thought that it is also important to summarize and organize project documents, otherwise it will be very troublesome to troubleshoot operations in the future, so I just created a blog to organize and record all the technologies and operation steps involved, so I created this blog.
