Overview
At the current time, all it takes to get started with Open Source I.T. is about $16-$21 per month⌠and a little love. This includes the small cost of an annual domain name subscription, as well as a server with sufficient processing power to support an abundance of productivity software, including video conferencing and document collaboration.
If you only want email and a website or some limited set of functionality described below, then you could set up Yunohost for as low as $7 per month (including a website, backups and a domain). And for those with spare computers laying around who are willing to play with their router a bit, you can still have all the goodies by offloading your more intensive remote/hosted computing to your home.
Yunohost is at the core of easy, do-it-yourself Open Source I.T. All of the other technologies described on this website presuppose a Yunohost setup. So this is where you want to start.
While setting up Yunohost is unfortunately not super easy for non-technical folks â once youâve got it up and running, youâll have access to an amazing ecosystem of open source software, automatically integrated with a single login (SSO) and user provisioning.
When youâre done following these instructions, youâll be able to set up most of the following software with ease:
- email for your domain (with web client software/access)
- calendar and meeting/attendee scheduling
- chat
- personal, marketing or e-commerce website
- document sharing and collaborative editing
- basic task/project management
- video conferencing
- file synchronization and remote storage/backup
- photo management and image/album sharing
- password management
- source code management
- read-it-later
- and much more!
A Word About Email
Sending
Email can be a bit tricky and annoying, especially thanks to Google, Apple, Microsoft and the other big tech monopolists who have seen fit to suppress minorities (self-hosted email) in favor of âthe greater goodâ (eradicate all forms of spam at all costs).
As a result, even if you set up your Yunohost email DNS properly (per the guide below) and score a 10/10 on mail-tester.com, your mail still may be rejected by contacts with Gmail addresses, because Googleâs SPAM AI is impossible to predict, and favors corporate email relays (such as themselves) or companies like Mailchimp. Your mail may also be blocked by Apple addresses such as âicloud.comâ and âmac.comâ, which still uses primitive blacklisting services like Proofpoint.1 Microsoft manages their own black-lists for hotmail.com, outloook.com, etc, as well, but I have personally had a pretty good turn-around (1-2 days) getting them to unblock my mail server IP address after filling out their online form. Comcast uses an awful service called Vade which has a broken de-listing form (at least at the time I attempted to request to be un-blacklisted).
So, if you do need to send out a bunch of emails right away (such as for a marketing campaign) and canât send a follow-up from your previous email address to âplease unspam meâ, then you may need to use a âmainstreamâ email server. Unfortunately, at this point, Iâm not sure how to guarantee that your Yunohost email will be delivered with 100% certainty to all of your contacts on the first go, but you should eventually get âblessedâ by the email overlords after several days of emailing, being unspammed, etc.
If 99.9% certainty of immediate non-spam email delivery is a critical feature for you, I can try to investigate it further. Just cast your vote on the Open Source I.T. priorities poll.
Receiving
Yunohost comes with Rspamd installed by default. I was surprised to find, however, that while the default settings were configured to be extremely tolerant (accepting of potential spam), I have never-the-less received little to no spam since setting up my mail server a few years ago. Eventually, however, I did start getting some targeted spammers (recruiters) and wanted to figure out how to apply adaptive spam filtering. Unfortunately, this isnât very straight forward with Rspamd and the supporting Web UI provided in the Yunohost app catalog. So what I wound up doing is simply configuring the âJunk Settingsâ in Thunderbird (make sure to do this under the Junk Settings for the specific account you want to apply junk filtering to, and then select a folder for âmove new junk messages toâ, otherwise your junk will just get flagged and stay in your in-box). Clearly, thatâs only useful if youâre reading all your mail with Thunderbird, though. For now, to reduce email received on my phone before Thunderbird, I use FairEmailâs spam/block feature.
Ultimately, these arenât the best solutions, and spam should be blocked on the server side. So I added a TODO item to my TO HACK list to eventually implement something like whatâs described here (under the section âLearning from user actionsâ), so that the Thunderbird mail filtering can pro-actively train Rspamd.
Get a Domain Name
The root of your name/brand identity on the internet is your domain name. This carves out a space for you on the web and should represent you or your business â not Facebook or Googleâs business.
Registering a domain name is cheap and easy. While you may not be able to find exactly what you want (because of all the sleazy domain hoarders out there), you should be able to find something suitable for around $10-$20 per year.
To start, all you have to do is create an account with a domain name registrar and buy a domain name. I like gandi.net â âNo Bullshit since 1999â.
Get a Server (VPS)
Getting a domain name is like buying a piece of land to build a house on. Now you need the house.
This guide assumes a hosted server environment, such as a Digital Ocean Droplet, but there should be no limitations for how open source applications are hosted, aside from the required application memory, CPU and space requirements. In fact, Yunohost can even be served from an old computer in your garage! While I think that is very cool, it also presents some practical challenges which get into the evil-doings of the ISP monopolists (like Comcast), who can make this type of setup more difficult.
Iâve been happy using Digital Ocean to host my VPSs and , but there seem to be folks out there who have had some bad experiences, so other good alternatives are Linode and Vultr. Just keep in mind that some of articles on this website may have instructions that are specific to Digital Ocean.
If youâre not interested in email, chat, a website, and access to all the easy one-click installable open source software that the Yunohost marketplace has to offer, then Vultr may be a good option for you since they offer âone-clickâ installs for Nextcloud and Jitsi.
You can get a Digital Ocean VPS here: https://cloud.digitalocean.com/droplets, a Linode VPS here: https://www.linode.com/products/standard-linodes, or a Vultr VPS here: https://www.vultr.com/products/cloud-compute/#pricing
Select a âDebian 10â Linux distribution as the Operating System for your VPS
This specific Operating System is currently required to run Yunohost. A server with at least 2GB of memory is recommended if you are interested in online document collaboration (simultaneous editing with other users), at least 4GB and 2 CPUs if youâre doing video conferencing.2 Cost: $15-20/mo.
Set up your serverâs authentication
It is highly recommended that you choose the SSH key method for authentication rather than password authentication.
Unfortunately, at the moment, getting set up with Open Source I.T. requires you to get a little more intimate with your computer than you may be used to, if youâre a non-technical person. The biggest initial hurdle is probably the difference between telling your computer what to do by clicking buttons, versus telling it what to do by typing. The first step is to secure your server with âkeysâ called SSH keys. Digital Ocean has documentation to help you with this as you are setting up your VPS.
Set up reverse DNS
If you are setting up a VPS with Digital Ocean, make sure you name your Droplet the same as your domain. This will automatically set up reverse DNS, which is important for making sure the email from your new mail server doesnât go to spam. If you are using a different hosting service, be sure to look into how to set up reverse DNS for that service.
Configure backups
Make sure your hosting service provides backups and that these are enabled. Pricing and options may vary depending on the VPS service you are using. Digital Oceanâs backup service is only a weekly backup, which may not be sufficient if youâre doing a lot of daily data entry. Unfortunately, daily backups (snapshots) will increase your VPS cost, and I donât think theyâre completely necessary if youâre e.g. doing a lot of data entry (such as website content). You could temporarily create more frequent snapshots if itâs a short term thing, or you could create scheduled backups of your databases which wouldnât carry any additional cost if youâve already set up File Sync and Remote Storage/Backup. (Let me know if this is a need of yours and Iâll work on a guide for it.) If you have a lot of files and data you want to upload to your server, youâll also need extra block storage and a separate backup system (described in the article linked above).
Associate your domain with your server
Most domain registrars will also provide DNS management. Just find the DNS records for your domain and make sure there is an address record (called an âAâ record) that associates your domain name with the IP address of your VPS. While youâre there, you can also add âAâ records for nextcloud.yourdomain.tld
and collabora.yourdomain.tld
, if youâre interested in remote file management, contacts, calendar, tasks and more with Nextcloud.3
Set up Yunohost
Example Setup using Linode and Google Domains (General Setup)
I recently performed another Yunohost setup using Linode and Google Domains. This setup follows the official Yunohost Setup Guide and should be generally applicable to any VPS and domain registrar.
- Set up your VPS
- Make sure your VPS label is the same as your domain name. This should enable reverse DNS which is important for email validation. For Linode, there is a separate process for this described here.
- Upload a public SSH key. You can follow the Linode instructions here, which should be generally applicable.
- Enable backups. Linode is a little more expensive than Digital Ocean ($2 instead of $1 for a 1GB VPS). Their backup plans are different, but comparable.
- Once your VPS is created, disable password access by logging into your VPS and setting SSH
PasswordAuthentication no
. E.g.ssh root@<yourvpsIPaddress>
nano /etc/ssh/sshd_config # uncomment/set PasswordAuthentication
systemctl restart ssh
- Follow the Yunohost Setup Guide
- When you get to the step for DNS configuration, Yunohost mentions several ârequiredâ settings, but youâre going to want to apply all of the extra DNS settings (except for XMPP, if youâre not using XMPP chat). Otherwise you may have issues with HTTPS and email.
- After DNS is configured, you should run a Diagnosis. A couple warnings may show up for the missing XMPP DNS records or a custom
resolv.conf
. These are safe to ignore. If youâre using Linode and other VPS hosts that block email ports, you will see errors in the email section. You will need to contact your VPS host in order to have these ports opened. - Finally, navigate to the Domain configuration page for your Yunohost domain and click âInstall a Letâs Encrypt certificate.â (The button may take several minutes to show up as enabled if you have just recently configured your DNS.) You may need to restart or open a new browser in order for the certificate cache to clear and for your browser to recognize the new valid certificate.
Example Setup using Digital Ocean and Gandi
Just follow this guide for getting started with Yunohost on Digital Ocean. (The instructions are for Debian 9 but you should choose the most recently supported Yunohost Debian version, which is currently Debian 10.) Following the instructions may be uncomfortable for non-technical people â but donât be afraid! There may be some terms you are unfamiliar with, but the directions should be clear and explicit. If they are not, let me know! This is one of the main purposes of opensourceit.org â to fill in the gaps and help regular folks take advantage of Open Source I.T. A few things to note as you are going through the guide:
- In the Debian 9 setup section, choose a username that is not one you want to log into your apps with as a regular user. You should use the Yunohost user management interface for creating regular users so they are properly set up in the system with mailboxes, single sign-on, etc. You can also skip the firewall section, as Yunohost will be managing that for you, as well.
- If you are configuring your Yunohost DNS with gandi.net, here are some additional steps and clarifications for the Digital Ocean instructions:
- Delete all the records created for you automatically by Gandi.
- The part where you need to specify âTargetâ should be
yourdomain.tld.
for theSRV
records (donât forget the period at the end!), and@
for theCNAME
records. - The
SPF TXT
record should be copy and pasted from the complete DNS configuration specified in your Yunohost administration panel, and the âletsencrypt.orgâ (with quotes) should be added to the âhostnameâ section when creating theCAA
record.
- When the Digital Ocean setup gets to âStep 4 â Installing Applicationsâ, I recommend skipping the âRainloopâ installation. While you can run most of the software you need on the web, email and calendaring is something I recommend you run on your desktop. You not only may want to have your email and calendar available when you are off-line, but also the current best-of-class software in the open source community for email, calendar and contacts is a non-web app: Thunderbird.
Enable SSL (TLS) for your domains
Just navigate to the âDomainsâ section of your Yunohost administration interface and click the âSSL certificateâ button for each domain.
- Blacklisting services like Proofpoint should send you a mail with a link to unblock your address, but Iâve heard of them not responding or de-listing even after submitting requests.
- While you might get away with only 2GB for video conferencing, if you are doing anything else that causes high memory usage you may find that some the services running for video conferencing will require manual restarts.
- The Nextcloud and Collabora apps have to be installed as subdomains in order for Collabora document collaboration to work on a Yunohost installation of Nextcloud.
I think the emails going to spam thing is the hardest piece I’ve been working through. I receive emails just fine, but its hard to get them out. I used the Digital Ocean and Yunohost method and from what I’ve researched, a lot of the spam filters work on your IP neighborhood. So even if you get un-blacklisted from all the sites, If there are other spammers with similar IP addresses it can reflect badly in your IP address.
I’ve read that DO is not very good at curtailing spammers and this is an issue for a lot of people who trying to host mail servers through them. It seems like the best options I’ve read to get around this are:
1. IP address hop until you get one “in a nice neighborhood”
2. Automate a process to send mail from yunohost to a gmail/apple/microsoft account and then be unspammed as a way to train the AI postmaster.
Any thoughts? I would love to see some ideas for working on the mail server and getting it running smoothly without getting messages sent to spam.
Thanks for the comment, Mark! The black-listing thing is definitely annoying – although, for myself, it has only been an issue with Apple and Microsoft addresses, and I seem to be sending reliably to the MS addresses, now that I’ve gotten off their black-list. Are these also the main addresses you’re having trouble with? I haven’t experienced getting re-added to a black-list due to IP range black-listing, but I imagine that could happen. I wonder if Vultr or Linode or other hosts are better at preventing spam and keeping off of black-lists? If so, I would switch to a different VPS provider – nothing special about DO. Are there any sites/services you found to determine whether an IP is in a “nice neighborhood”? If so, that might be an easy win for staying with DO. Not sure what you mean by your second suggestion. Could you elaborate and/or share a link?