Self-Hosting Notes

Cost Breakdown

Item
Cost (SGD)
Namecheap Domain Registration
119.80
ICANN Fee
1.80
One Time Static IP Installation
51.00
12th GEN INTEL INTEL RNUC12WSHi70000 NUC 12 PRO KIT BAREBONE
930.50
Crucial P3 2TB SSD PCIe 3.0 NVMe M.2 up to 3500MB/s
180.50
Crucial 32GB DDR4 3200MHz CL22 1.2V Non-ECC SODIMM, CT32G4SFD832A * 2
189.00
CubeCoders AMP Standard Edition
13.56
Total
1486.16

Installation & Configuration

Port Forwarding

This setup was performed using an ASUS router. You can access your router's configuration settings here. Please ensure you are on the same network as the router and not connected to a VPN.

Avoiding Double NAT (CGNAT)

Carrier-Grade NAT (CGNAT) can make it difficult to host services or access your home network from the outside world. This is because your router shares a single public IP address with many other users. One way to circumvent this is to request a static IP address from your internet service provider (ISP). A static IP address provides you with a globally unique and consistent address that isn't shared, allowing external devices to connect directly to your network. Bypassing CGNAT enables you to host servers, use port forwarding, and remotely access your home network without restrictions.

To confirm you are not behind CGNAT, ensure that your router's WAN IP address matches your external public IP address. You can easily find your external public IP address by searching "What is my IP address" on Google, or through websites like WhatIsMyIP.com.

To link your WAN (internet) IP address to an internal device, navigate to the "Virtual Server / Port Forwarding" section in your router's configuration. You will need to map the following parameters:

Service Name External Port Internal Port Internal IP Address Protocol
HTTP 80 192.168.1.100 TCP
HTTPS 443 192.168.1.100 TCP
Game Port 27015 192.168.1.100 BOTH
Steam Query Port 2214 192.168.1.100 UDP
SFTP Port 2215 192.168.1.100 TCP

For optimal results, assign a static IP address to the internal device on your local network. This prevents the device's IP address from changing, which would break the port forwarding rule. To do this, go to "LAN" -> "DHCP Server" in your router's configuration, and do the mapping.

Client Name (MAC Address) IP Address
00:1A:2B:3C:4D:5E 192.168.1.100

Rocky Linux

Install Rocky Linux

Caddy Web Server

This section details building Caddy with the Namecheap DNS module for Let's Encrypt wildcard certificates via DNS-01 challenges. Due to xcaddy's Go version requirement exceeding that available in standard dnf repositories, a manual Go installation is required. After building Caddy with xcaddy and the Namecheap module, the resulting binary will replace the dnf-installed Caddy, simplifying path management.

  1. DNS-01 challenge
  2. How To Install Golang 1.23 CentOS/RHEL 9/8
  3. Build from source using xcaddy
  4. namecheap module for Caddy

CubeCoders AMP

CubeCoders AMP - Application Management Panel

CubeCoders AMP is a paid game server management panel. The installation process involves running a script that will ask a series of configuration questions. While Docker isn't a strict dependency of AMP itself, be sure to install Docker on the system. We'll use it later to simplify the management of game servers, especially those with complex dependencies. When prompted about HTTPS configuration, select not to install it. We'll be handling SSL/TLS certificates and reverse proxy functionality using Caddy ensuring a consistent single path for certificate management.

Description
Command
Displays the IP addresses assigned to the host (typically the internal IP).
hostname -I
Lists all firewall configuration settings (zones, interfaces, services, ports, etc.) managed by `firewalld`.
sudo firewall-cmd --list-all
Audits recent SELinux Access Vector Cache (AVC) denials. These denials indicate that SELinux is blocking some operation.
sudo ausearch -m avc -ts recent
Lists network connections (TCP, UDP) that Caddy is listening on, showing the process ID and program name. Helpful for verifying Caddy is listening on the expected ports (e.g., 80, 443).
sudo netstat -tulnp | grep caddy
Opens the Caddyfile configuration file for editing using the `nano` text editor. The Caddyfile controls Caddy's behavior.
sudo nano /etc/caddy/Caddyfile
Opens the `index.html` file for the darrela.dev site for editing using the `nano` text editor. This is the main file served to visitors of the website.
sudo nano /usr/share/caddy/darrela.dev/index.html
Shows the current status of the Caddy service (whether it's running, enabled, any recent errors, etc.).
systemctl status caddy.service
Restarts the Caddy service. This is needed to apply any changes made to the Caddyfile or other configuration files.
sudo systemctl restart caddy
Shows the Caddy service logs in real-time, allowing you to monitor its activity and troubleshoot potential problems. `-u caddy` specifies the caddy service and `-f` follows the log file so you can see updates as they happen.
sudo journalctl -u caddy -f

Maintenance

Description
Command
Check for available updates
sudo dnf check-update
Apply updates
sudo dnf update