advice on making old laptop into home server
June 19, 2007 10:56 AM Subscribe
Converting an old laptop into my first home server - what should I know?
I've acquired an old thinkpad with a bad integrated graphics card - getting video out only works by going in via RDP. So I figure I'll turn it into a headless home server for media, sharing, something to control from work when I realize I need to start a torrent so it'll be ready when I get home, etc.
I've done some reading, but this is all pretty new to me.
I'll do something with DYNDNS, etc. to get at it from outside. The other computers at home are Macs and an Ubuntu desktop, so I imagine it's only a matter of setting up the shared files on it in a format and sharing scheme that OSX and Ubuntu can read.
Three questions I'm querying the hive mind for experience/advice on:
1) Security: Since I'll be opening it up so I can access it remotely, what should I think about for securing it? I'm not so worried about anyone getting access to the contents of this PC, but I want to isolate it from the other computers at home in such a way that it doesn't make them more vulnerable to badness.
2) OS: I'd like to use a GUI to work with it. I've got the choice of using MS Server2003, XP Pro or Ubuntu. Do I really need to use server software, or can I just use a desktop/workstation install on it if I'm just going to treat it like the one computer I can remotely administer, that happens to have an external HD with shared music, etc on it? Meaning it doesn't have to be a "server" per se as far as I know. I'm new to DYNDNS, but I don't think that I'm required to set the laptop up as a domain controller, etc. What's my least-hassle option?
3) Hardware: It's a laptop, meaning it wasn't designed to be running 24/7 like a server. What, if anything, should/can I do to keep it from burning out? Do I need to mod the case or even remove the guts from the case and put them in some other kind of enclosure? It's a ThinkPad, which have a reputation for durablility, but the person I got it from thinks that the graphics problems came about because it got overheated and this burned out the graphics components on the MB. I bet there's more than one meFite who's turned an old laptop into an always-on device. What did you learn?
Thanks all for your knowledge.
I've acquired an old thinkpad with a bad integrated graphics card - getting video out only works by going in via RDP. So I figure I'll turn it into a headless home server for media, sharing, something to control from work when I realize I need to start a torrent so it'll be ready when I get home, etc.
I've done some reading, but this is all pretty new to me.
I'll do something with DYNDNS, etc. to get at it from outside. The other computers at home are Macs and an Ubuntu desktop, so I imagine it's only a matter of setting up the shared files on it in a format and sharing scheme that OSX and Ubuntu can read.
Three questions I'm querying the hive mind for experience/advice on:
1) Security: Since I'll be opening it up so I can access it remotely, what should I think about for securing it? I'm not so worried about anyone getting access to the contents of this PC, but I want to isolate it from the other computers at home in such a way that it doesn't make them more vulnerable to badness.
2) OS: I'd like to use a GUI to work with it. I've got the choice of using MS Server2003, XP Pro or Ubuntu. Do I really need to use server software, or can I just use a desktop/workstation install on it if I'm just going to treat it like the one computer I can remotely administer, that happens to have an external HD with shared music, etc on it? Meaning it doesn't have to be a "server" per se as far as I know. I'm new to DYNDNS, but I don't think that I'm required to set the laptop up as a domain controller, etc. What's my least-hassle option?
3) Hardware: It's a laptop, meaning it wasn't designed to be running 24/7 like a server. What, if anything, should/can I do to keep it from burning out? Do I need to mod the case or even remove the guts from the case and put them in some other kind of enclosure? It's a ThinkPad, which have a reputation for durablility, but the person I got it from thinks that the graphics problems came about because it got overheated and this burned out the graphics components on the MB. I bet there's more than one meFite who's turned an old laptop into an always-on device. What did you learn?
Thanks all for your knowledge.
Personally, I'd put a very basic install of Debian on it. Ubuntu is a nice desktop distro, but I still prefer Debian for servers. I'd think about going with Debian Stable, if you can live with using software that's 12-18 mos behind the curve.
Installing Debian onto a server without any local graphics may be a little challenging. You have a bunch of possible approaches:
-Probably the simplest option is to take the laptop's drive out, connect it to a machine with working graphics, and install your OS there. You don't need to get it 100% set up, just to the point where SSH works. Then you put it into the laptop, reboot it, and SSH in to finish everything up. You administer the server from then on using SSH. (So you don't install any GUI on the server at all ... and why would you? It's a waste of resources on a headless system.)
-An option that *might* work is to use a Linux bootdisc like Knoppix (maybe the regular Debian installs are like this also?), that you can put in the CD drive and reboot the laptop with, and will automatically start a SSH server and let you perform the installation remotely. Never tried this personally, but in theory it should work.
-The most *elegant* way, IMO, is to set the laptop up to use a serial console. Basically, instead of using a raster display, it just sends all of its output (from a text-only interface) to the serial port. Then you connect another computer to the serial port with a null modem cable, and 'talk' to it using a terminal emulation program. This is a little more complex, but it's nice because it gives you a recovery interface for the future. It's all the goodness of a real physical display, without having to run a GUI, or even having a working graphics subsystem. No VNC or RDP required. Here's a HOWTO.
At any rate, once you get Debian on there, I'd recommend installing samba (for sharing files to Windows PCs), netatalk (for sharing files to Macs -- modern Macs will use Samba, but AFP is a much more robust protocol for clients that can use it), apache2 (if you want WebDAV or other HTTP stuff), and maybe a RTSP server to share music to iTunes on your whole network. All your admin is over SSH (again, no VNC required, and I'd avoid it because there's no reason to run a GUI on a headless server).
I have a server set up like this, and it's handy to have around. I use it for testing out web stuff, and also use it as a backup server (once you get it going, look into rsync, it will change your life). The only thing you have to remember when working on a headless server ... THINK TWICE, TYPE ONCE. If you get stupid and bring down the ethernet interface, you're pretty hosed. (In your case you'd have to reboot from a CD to recover.)
posted by Kadin2048 at 11:27 AM on June 19, 2007
Installing Debian onto a server without any local graphics may be a little challenging. You have a bunch of possible approaches:
-Probably the simplest option is to take the laptop's drive out, connect it to a machine with working graphics, and install your OS there. You don't need to get it 100% set up, just to the point where SSH works. Then you put it into the laptop, reboot it, and SSH in to finish everything up. You administer the server from then on using SSH. (So you don't install any GUI on the server at all ... and why would you? It's a waste of resources on a headless system.)
-An option that *might* work is to use a Linux bootdisc like Knoppix (maybe the regular Debian installs are like this also?), that you can put in the CD drive and reboot the laptop with, and will automatically start a SSH server and let you perform the installation remotely. Never tried this personally, but in theory it should work.
-The most *elegant* way, IMO, is to set the laptop up to use a serial console. Basically, instead of using a raster display, it just sends all of its output (from a text-only interface) to the serial port. Then you connect another computer to the serial port with a null modem cable, and 'talk' to it using a terminal emulation program. This is a little more complex, but it's nice because it gives you a recovery interface for the future. It's all the goodness of a real physical display, without having to run a GUI, or even having a working graphics subsystem. No VNC or RDP required. Here's a HOWTO.
At any rate, once you get Debian on there, I'd recommend installing samba (for sharing files to Windows PCs), netatalk (for sharing files to Macs -- modern Macs will use Samba, but AFP is a much more robust protocol for clients that can use it), apache2 (if you want WebDAV or other HTTP stuff), and maybe a RTSP server to share music to iTunes on your whole network. All your admin is over SSH (again, no VNC required, and I'd avoid it because there's no reason to run a GUI on a headless server).
I have a server set up like this, and it's handy to have around. I use it for testing out web stuff, and also use it as a backup server (once you get it going, look into rsync, it will change your life). The only thing you have to remember when working on a headless server ... THINK TWICE, TYPE ONCE. If you get stupid and bring down the ethernet interface, you're pretty hosed. (In your case you'd have to reboot from a CD to recover.)
posted by Kadin2048 at 11:27 AM on June 19, 2007
Oh, security-wise, if you're going to run on WinXP/2k3, disable RDP for all users except the one you'll be logging in with, including Administrator. Don't run things as admin or root that don't need to be run - there is incredibly little software in unixland these days that actually needs root privs, and its a good idea to get as little as possible on your Windows box to run under Admin as well (2003 does an infinitely better job of this than XP, but it still sucks).
posted by devilsbrigade at 11:29 AM on June 19, 2007
posted by devilsbrigade at 11:29 AM on June 19, 2007
If you decide to go Kadin's route, you can make a null modem cable out of an ethernet cord and two serial ends without having to pony up the money for an expensive one. Its surprisingly easy, & ended up being under $8. I went through an entire install of Solaris 10 this way, and it was surprisingly comfortable.
posted by devilsbrigade at 11:33 AM on June 19, 2007
posted by devilsbrigade at 11:33 AM on June 19, 2007
Part out the laptop on ebay and buy an old desktop PC to use as a server with the proceeds.
posted by mendel at 11:50 AM on June 19, 2007
posted by mendel at 11:50 AM on June 19, 2007
Here's an easy solution:
1. Use windows xp pro mainly for ease of use and for RDP. RDP is much more effiecient at low-bandwidth connections and does file transfers. There are clients for your mac and unix boxen too.
2. Setup RDP like you normally would. Edit the registry to put it on a different port. By default its on 3389. Well, you can fight off the script kiddies and future exploits if you move it to 7773 or something. Google for instructions for this.
3. Its always good to have FTP access to a box. Filezilla server is a dead simple ftp GUI-based server for windows. Use an FTP client that supports FTPS to encrypt your session and username/pass. Only use plain vanilla FTP when you absolurtly have to. (of course theres SSH under cygwin for SFTP but its overkil, sshwindows is a good alternative )
4. Enable the local windows firewall. Make exceptions for FTP/FTPS and RDP. Do the same thing on your router. Forward the ports on your router to this box.
5. Does your router have a built-in DDNS client? If so register a dyndns name and use it. Your RDP connection string will look like myhouse.dyndns.org:7773
Lastly, have you tried the VGA port with an external monitor? It may be that the built-in LCD is fried but the video card is still OK.
posted by damn dirty ape at 12:06 PM on June 19, 2007
1. Use windows xp pro mainly for ease of use and for RDP. RDP is much more effiecient at low-bandwidth connections and does file transfers. There are clients for your mac and unix boxen too.
2. Setup RDP like you normally would. Edit the registry to put it on a different port. By default its on 3389. Well, you can fight off the script kiddies and future exploits if you move it to 7773 or something. Google for instructions for this.
3. Its always good to have FTP access to a box. Filezilla server is a dead simple ftp GUI-based server for windows. Use an FTP client that supports FTPS to encrypt your session and username/pass. Only use plain vanilla FTP when you absolurtly have to. (of course theres SSH under cygwin for SFTP but its overkil, sshwindows is a good alternative )
4. Enable the local windows firewall. Make exceptions for FTP/FTPS and RDP. Do the same thing on your router. Forward the ports on your router to this box.
5. Does your router have a built-in DDNS client? If so register a dyndns name and use it. Your RDP connection string will look like myhouse.dyndns.org:7773
Lastly, have you tried the VGA port with an external monitor? It may be that the built-in LCD is fried but the video card is still OK.
posted by damn dirty ape at 12:06 PM on June 19, 2007
There are two basic directions you can take here:
1) Build a regular desktop writ small. XP Home, RDP, GUI, do everything as if you were sitting at it.
Pros: Easy, cheap [if you're not paying for XP :) ], and zero learning curve.
Cons: From a technical and security POV, this is a disaster waiting to happen. It's a server, not a desktop, and you should run it as such.
2) Kadin2048's way. Build a server. Run Linux or a BSD, learn to use the shell and set it up as a proper headless server.
Pros: Technical superiority, security, robustness. You can do so much more. As an example, I have Azureus running on my home server and I can administer most common functions (starting, stopping, opening new torrents) from a web interface from anywhere, even if there's no RDP client.
Cons: Learning curve.
If this is anything but a stop-gap solution, I'd go with #2, but a full examination is way beyond the scope of ask mefi.
Some things you will have to consider.
1) Your firewall will block external RDP by default, as well it should. Opening up RDP (which uses weak MS authentication by default) to the internet is something that should be done carefully. Changing the port is a good first step.
2) God don't use plain FTP, ever. Sending your login password over plaintext is a Very Bad Idea (TM).
posted by Skorgu at 12:23 PM on June 19, 2007
1) Build a regular desktop writ small. XP Home, RDP, GUI, do everything as if you were sitting at it.
Pros: Easy, cheap [if you're not paying for XP :) ], and zero learning curve.
Cons: From a technical and security POV, this is a disaster waiting to happen. It's a server, not a desktop, and you should run it as such.
2) Kadin2048's way. Build a server. Run Linux or a BSD, learn to use the shell and set it up as a proper headless server.
Pros: Technical superiority, security, robustness. You can do so much more. As an example, I have Azureus running on my home server and I can administer most common functions (starting, stopping, opening new torrents) from a web interface from anywhere, even if there's no RDP client.
Cons: Learning curve.
If this is anything but a stop-gap solution, I'd go with #2, but a full examination is way beyond the scope of ask mefi.
Some things you will have to consider.
1) Your firewall will block external RDP by default, as well it should. Opening up RDP (which uses weak MS authentication by default) to the internet is something that should be done carefully. Changing the port is a good first step.
2) God don't use plain FTP, ever. Sending your login password over plaintext is a Very Bad Idea (TM).
posted by Skorgu at 12:23 PM on June 19, 2007
I think you'll be disappointed in the results, although it's certainly possible. I'd do what mendel said if I were in your position. Laptops run hot and don't generally respond well to being on for extended periods. Unless you're using it just for an occasional external hard drive, and you spin it down all the time, you'll burn out that puppy before you know it.
You could use the hard drive in another machine, but again, laptop drives are just plain optimized for shorter lifespans. Better to sell it to someone who can put it in a working machine and buy a full-size on that you can rely on, or better yet, a box that you can put two drives in and stripe. Because the day that your drive dies with all your media on it will not be a happy one.
posted by dhartung at 12:42 PM on June 19, 2007
You could use the hard drive in another machine, but again, laptop drives are just plain optimized for shorter lifespans. Better to sell it to someone who can put it in a working machine and buy a full-size on that you can rely on, or better yet, a box that you can put two drives in and stripe. Because the day that your drive dies with all your media on it will not be a happy one.
posted by dhartung at 12:42 PM on June 19, 2007
Response by poster: OK, lots of good stuff coming in - thanks and keep it coming.
Some things to dispel/reiterate:
1) The VGA video out is bad too. It's not the screen, but the graphics-out chip itself, which is why RDP from the system board works but no other video/monitor solution (VGA port, docking station ports, VNC) works. All video just comes out as the expected screen turned to a lovely undeadable plaid/houndstooth pattern. BUT...
2) Configuring/setup/recovering from oopsies won't be too bad of a problem, even with no video. I picked this up because I already owned a working model of the same machine type - I can swap HD's and set it all up on the working model and then drop that drive into the headless one and go. The laptop's small HD will just be for the system itself, and I'll use the FW/USB ports for attached storage of all that media, etc.
3) I agree that using the standard ports and plain FTP is too weak, so I'll be reassigning ports and using FTPS. But I'd really like to keep a GUI instead of text-based control like over SSH if I can, especially if I go with a desktop setup instead of server. Any suggestions for some kind of GUI over SSH, like a secured VNC or something like that? RDP should be OK if I use XP Pro, but what's the Ubuntu/*nix equivalent? I know that Ubuntu comes with a RDP-compatible Client, but what would I use to Serve a remote GUI interface from Ubuntu?
4) I agree that I might get better performance if I just bought a cheap tower for this instead of using this laptop. But I wanted small, quiet, and free, which I can't get more than two of from a tower. I got all three with the thinkpad.
OK, back to reading responses...
posted by penciltopper at 12:57 PM on June 19, 2007
Some things to dispel/reiterate:
1) The VGA video out is bad too. It's not the screen, but the graphics-out chip itself, which is why RDP from the system board works but no other video/monitor solution (VGA port, docking station ports, VNC) works. All video just comes out as the expected screen turned to a lovely undeadable plaid/houndstooth pattern. BUT...
2) Configuring/setup/recovering from oopsies won't be too bad of a problem, even with no video. I picked this up because I already owned a working model of the same machine type - I can swap HD's and set it all up on the working model and then drop that drive into the headless one and go. The laptop's small HD will just be for the system itself, and I'll use the FW/USB ports for attached storage of all that media, etc.
3) I agree that using the standard ports and plain FTP is too weak, so I'll be reassigning ports and using FTPS. But I'd really like to keep a GUI instead of text-based control like over SSH if I can, especially if I go with a desktop setup instead of server. Any suggestions for some kind of GUI over SSH, like a secured VNC or something like that? RDP should be OK if I use XP Pro, but what's the Ubuntu/*nix equivalent? I know that Ubuntu comes with a RDP-compatible Client, but what would I use to Serve a remote GUI interface from Ubuntu?
4) I agree that I might get better performance if I just bought a cheap tower for this instead of using this laptop. But I wanted small, quiet, and free, which I can't get more than two of from a tower. I got all three with the thinkpad.
OK, back to reading responses...
posted by penciltopper at 12:57 PM on June 19, 2007
Response by poster: Oh, I also wanted to say that I preferred a GUI because my Terminal-fu is weak. Even thought the box itself is headless, a GUI window would be the only way I'd be able to use it. But maybe this will force me to learn? Anyone know a HOWTO on relatively painless transition from enduser GUI usage to driving by CLI?
posted by penciltopper at 1:07 PM on June 19, 2007
posted by penciltopper at 1:07 PM on June 19, 2007
you'll burn out that puppy before you know it
I have a 1999-era Compaq XP lappy that has been running 24x7 since 2001 as a p2p and file server. It's got a few external disks hanging off it. Its monthly torrent downloads range between 600 and 900 GB, and it serves up a lot of files. It does fine, stuck away in a closet with no extra ventilation. My plan was to run it until something died, but it has been holding out on me for several years now. Don't underestimate laptops!
posted by meehawl at 1:15 PM on June 19, 2007
I have a 1999-era Compaq XP lappy that has been running 24x7 since 2001 as a p2p and file server. It's got a few external disks hanging off it. Its monthly torrent downloads range between 600 and 900 GB, and it serves up a lot of files. It does fine, stuck away in a closet with no extra ventilation. My plan was to run it until something died, but it has been holding out on me for several years now. Don't underestimate laptops!
posted by meehawl at 1:15 PM on June 19, 2007
>RDP should be OK if I use XP Pro, but what's the Ubuntu/*nix equivalent?
VNC going through an SSH tunnel. The performance is till pretty bad unless you have a whole heck of a lot of bandwidth to spare. RDP on XPSP2 is encrypted by default btw.
posted by damn dirty ape at 1:25 PM on June 19, 2007
VNC going through an SSH tunnel. The performance is till pretty bad unless you have a whole heck of a lot of bandwidth to spare. RDP on XPSP2 is encrypted by default btw.
posted by damn dirty ape at 1:25 PM on June 19, 2007
The *nix equivalent of RDP is remote X, which is a better solution. VNC just pipes video to a different machine, while remote X, like RDP, actually draws the windows locally, which makes a huge difference in speed. There are a handful of X servers for windows (Cygwin/X is one, Hummingbird has a very popular one, there are a couple others), and OSX ships with it on a seperate CD iirc.
posted by devilsbrigade at 2:50 PM on June 19, 2007
posted by devilsbrigade at 2:50 PM on June 19, 2007
I know that Ubuntu comes with a RDP-compatible Client, but what would I use to Serve a remote GUI interface from Ubuntu?
I'd suggest you take a look at NoMachine's NX System. It's an SSH-secured X Terminal client/server system.
My home server is a headless Kubuntu 6.10 desktop, complete with desktop install, that I occasionally use NX to connect to from my WinXP clients. I did have to set it up using a connected monitor/keyboard/mouse, but once configured I moved it into my loft, connected it up, hit the power button and haven't needed to access it physically since.
posted by Nice Guy Mike at 3:08 PM on June 19, 2007 [1 favorite]
I'd suggest you take a look at NoMachine's NX System. It's an SSH-secured X Terminal client/server system.
My home server is a headless Kubuntu 6.10 desktop, complete with desktop install, that I occasionally use NX to connect to from my WinXP clients. I did have to set it up using a connected monitor/keyboard/mouse, but once configured I moved it into my loft, connected it up, hit the power button and haven't needed to access it physically since.
posted by Nice Guy Mike at 3:08 PM on June 19, 2007 [1 favorite]
If you can boot USB, I'd suggest going with an external drive. It'll be slower but given that you can't use the video console at all, it will make debugging easier. Be warning that some Linux distros are difficult to run on an external drive. XP is more than difficult to install and boot externally though it can be done.
posted by chairface at 3:56 PM on June 19, 2007
posted by chairface at 3:56 PM on June 19, 2007
This thread is closed to new comments.
2) The server software you need depends on what you'll be doing with it. Honestly, if you're just going to RDP into it and treat it like a desktop, and maybe use it for file sharing, XP Pro would be fine. Most of the server software is for domain administration, error reporting, running/administrating (absolutely) headless, and web stuff.
3) Put it in a cool place with lots of ventilation. I leave my T41 thinkpad on nearly 24/7, & it (knock on wood) hasn't had problems yet. If you're worried, it has temperature sensors onboard which you can check periodically, or set up warnings if it gets too hot.
posted by devilsbrigade at 11:27 AM on June 19, 2007