A Sovereign Server

by Ostatic Staff - Apr. 24, 2014
Related Blog Posts

Alex Payne, formerly a developer at Twitter and Simple, has released an interesting set of scripts he's calling "Sovereign" that help with building cloud services on your own server. I've been interested in running my own email, calendar, file sharing, and other services for a few years now, and since Alex did most of the heavy lifting already, I decided it was time to give it a shot. My experience so far has been good, but this is still rarefied air, and not for the inexperienced.

For many, the most important question to ask about building your own personal cloud is why. Running your own mail, web, chat, news, file, and git server is a significant investment of time, and although you will learn a lot doing it, it should be worth the effort. Alex succinctly describes why he started the project, when it came time for him to renew his Google Apps account:

I was about to set up another Google Apps account for a new project when I stopped to consider what I would be funding with my USD $50 per user per year:

A seriously questionable privacy track record. A dwindling commitment to open standards. A lack of long-term commitment to products. Development of Google+: a cynical and unimaginative Facebook ripoff > that’s intruding into progressively more Google products.

To each her/his own, but personally I saw little reason to continue > participating in the Google ecosystem.

For me, I'm interested in a decentralized web, personal ownership of my data, and learning a bit more about the nuts and bolts of running the different services listed:

  • IMAP over SSL via Dovecot, complete with full text search provided by Solr.
  • POP3 over SSL, also via Dovecot
  • SMTP over SSL via Postfix, including a nice set of DNSBLs to discard spam before it ever hits your filters.
  • Webmail via Roundcube.
  • Mobile push notifications via Z-Push.
  • Jabber/XMPP instant messaging via Prosody.
  • An RSS Reader via Selfoss.
  • Virtual domains for your email, backed by PostgreSQL.
  • Secure on-disk storage for email and more via EncFS.
  • Spam fighting via DSPAM and Postgrey.
  • Mail server verification via OpenDKIM, so folks know you’re legit.
  • CalDAV and CardDAV to keep your calendars and contacts in sync, via ownCloud.
  • Your own private Dropbox, also via ownCloud.
  • Your own VPN server via OpenVPN.
  • An IRC bouncer via ZNC.
  • Monit to keep everything running smoothly (and alert you when it’s not).
  • Web hosting (ex: for your blog) via Apache.
  • Firewall management via Uncomplicated Firewall (ufw).
  • Intrusion prevention via fail2ban and rootkit detection via rkhunter.
  • SSH configuration preventing root login and insecure password authentication
  • RFC6238 two-factor authentication compatible with [Google Authenticator][] and various hardware tokens
  • Nightly backups to Tarsnap.
  • Git hosting via cgit and gitolite.
  • A bunch of nice-to-have tools like mosh and htop that make life with a server a little easier.

There are a few obvious prerequisites to getting started with Sovereign. First, you need a server. I chose the $5/month Debian 7 setup with Digital Ocean, and so far it seems very fast. Secondly, you are going to need a domain. I registered my domain a while back with Hover, and they have been perfectly top-notch. The first two requirements for the setup already move this out of the realm of the everyday user; setting up Sovereign isn't hard per se, but it does get complicated.

One of the most interesting challenges I ran into was getting mail to work correctly. There are several additional DNS records that need to be added, besides the MX record, so outbound email is not marked as spam. Additionally, the mail system uses PostgreSQL as it's database back end, which I'm less familiar with than MySQL. A good part of my time was spent making sure that all the daemons were running correctly, and that they were all talking to each other like they should. For example, at one point I found that Dovecot had not automatically created a file that it was supposed to, so Postfix couldn't talk to it. Restarting Dovecot fixed the problem, but troubleshooting the issue took time, and a basic understanding for how Linux servers work. However, now that everything is working properly, and Monit is keeping an eye on things, I should be able to let it go and log in once or twice a month.

So far I have not committed to my own server completely. In the back of my mind I'm wondering if I trust both the setup to work properly and myself to maintain it for the years to come. That may be just because the system is new, at least to me, and I just need to give it some time. On a philosophical level, I think running your own online services makes sense for many of the same reasons I don't use a word processor and save all my data in open formats. I hope to be able to read these words I'm typing twenty or thirty years from now, just as I hope to be able to find and read an email I get today in 2044. Even though the personal cloud system I'm building, starting with the Sovereign scripts, may not be "best of breed" (although it's very close), it is something I control in its entirety. Not being subject to the whims of corporations is worth a little extra hassle.

Browse Other Topics

Environmentalism
Mongol Empire
Retailing
Sustainability
Opioid crisis
Cryptocurrency
North Korea
Violence in the media