DietPi for a remote server

I’m looking for ways to set up a remote server for a family member, in such a way that it will mostly “manage itself”, i.e. track security updates without having to learn about using the Linux command line or performing sysadmin’ish tasks.

The main tasks for this server (Pi or NUC, with dual large HDs using BTRFS) are to act as a Nextcloud setup for locally sync’ed files and occasional sharing of some files. In addition, things like LetsEncrypt, PiHole, and Samba are probably going to be useful. I’ll also set up WireGuard to help out remotely and step in when all else fails (assuming the router’s UDP port is patched through).

There’s a “NextcloudPi” project on GitHub, but it doesn’t appear to be very active, nor is it being kept nearly as well up-to-date as DietPi.

I really like DietPi and have been using its menu-driven setup over SSH for many years. The question I have is: is there a web-based front-end which could be used to make occasional admin access easier to understand for a non-tech-savvy person using MacOS & iOS devices?

The thing with SSH is that you have to set up a few things from a laptop or mobile device, and learn about “logging in”, etc. Trivial stuff for some, but easy to forget and get lost if it’s all new and rarely needed.

I would appreciate any tips to get a robust & long-term remote setup going.

what exactly you like to do via web-based front-end?

We offer our own dashboard, but there you can manage DietPi own specific task only. Usually, each app has it’s own management UI.

Indeed, Nextcloud is all web-based, including version upgrades, so that’s covered. PiHole admin is also fine (does require CLI for updates). For LetsEncrypt and Samba, as I understand it, you need to go through the CLI menu, but that’s no big deal since it’s essentially just once for initial config.

Let me rephrase: assume I set up the server w/ NC + PH + SMB + WG, and it all works. There is no IT expertise nearby. How long can a non-tech person expect to keep a robust setup in operation without my involvement? Years? A decade?

The disks might fail (for which I’ll also set up automated remote backups), and with BTRFS a RAID-1 disk replacement is definitely non-trivial. But apart from that?

I’m trying to find a solution which does not end up in “let’s just put it all in the cloud”.

IMO this is the best solution for a non-tech person. Imagine pihole fails and the internet goes down, and you have no time to fix it. Or when something with the network config breaks it’s not even possible to remotely connect to this machine. This will become very frustrating for both sides.
Also automatic updates are a nice thing, but imagine an update was not well tested and then problems occur and nobody know what was changed bc the update was applied automatically. I wouldn’t do this. Maybe you can host this stuff at you place and the non-tech person can use it via web or use cloud services and let other care about it.

We have had users who have operated their systems for years without maintaining them. This is, of course, not recommended. Software maintenance (including operating system patching) is key for a system that is connected to the internet.

Thanks for the replies. Yup - it’s a hard problem. I’m currently hosting the server for this family member. But I’m also retired and will be moving in the near future. Having been active in IT for decades I find it odd that long-term solutions are now so rare. Or to put it differently: that we’ve all outsourced our personal data to a couple of third parties.

DietPi has a good track-record for being long-term, just like NextCloud (and Linux). And that includes security & maintenance updates. Something could still occasionally go wrong, but I don’t have an issue with having to bring in an IT person when that actually happens.

The thing is: it looks like we’re not at the level of cars yet, i.e. have a yearly check-up and that’s it. Then again, maybe that’s the best I can aim for today: set things up, with a yearly “visit” by me or someone else, to make sure it’s in good shape for another cycle. Although in this case that’s not straightforward, as the server will be in another country.

Thanks again. I’ll keep pondering on this puzzle …

The device will survive a couple of weeks without maintenance.

Maintaining the system via SSH/VPN should work without any problems. A tip: Take a look at the screen tool. It allows you to keep the session active even if your SSH breaks.

Nextcloud docker
There is also owncloud which is like nextcloud but I think opensource or better community support

either way…check out dockstarter

Most if not ALL “server” programs can easily be setup as a docker instance…and be updated separate of the main “bare metal” OS.

Also look into reverse ssh…and/or setup a DDNS service for your family’s network and then port forward their router so you can connect to it remotely

Worse comes to worse…you can always have them install a teamviewer program on their home PC/laptop…and if/when they need you to do some assistance…connect into that (with them starting the program and them watching of course) and then use putty on their PC/laptop to connect to your “server” in their home network

Also…don’t forget about CasaOS which is just an “overlay” for most 'nix type OS’s that turns a simple “server” install into something VERY powerful! (with webgui and TONS of YT howto’s)
Community-based open source software focused on delivering simple personal cloud experience around Docker ecosystem.

DietPi is a PERFECT “server” OS for something like this!

Thank you for all these tips. Looking into it now - it does look very interesting!
I like the suggestion of TeamView (or equivalent …) to overcome nethwork issues.

Are you suggesting CasaOS in combination with DietPi or with just Debian?

DietPi IS debian…

CasaOS is just an overlay for docker and many other “server” applications that would have to be manually installed/configured and whatnot…

DietPi as the “host” baremetal OS…CasaOS as the webgui overlay that handles all the applications/programs/server stuff thru a webgui

You can install DietPi {which is debian, just heavily scripted} debian server, ubuntu, xubuntu, kubuntu…any 'nix host OS…Casa is just like DietPi that is ALOT of scripting and configuration/automation that runs ON the host OS

MOST linux distros are based off like a handful of MAIN distro’s…

Also…CasaOS is just a pre-bundled setup
You really can do all this stuff individually thru docker, using portainer, CasaOS just rolls it all into one…plus it’s in it’s infancy…so not alot there

There is also homelabs os and buckets of other distros…just remember…they are running a bare metal os like debian or arch or redhat and just have alot of scripting over the top of it…DietPi is a lightweight distro based off of debian

The learning curve is pretty intense…but like I said…all these programs/apps can be run individually and configured without needing all the scripting…but having a webgui is really nice

Be careful when using Docker. Yes, it might simplify things. But it introduces you to a certain risk. Because Docker is a single point of failure. Meaning, if Docker fails, all Docker based applications are immediately unavailable. A case we had not too long ago when there was a bug in the Docker software. Most applications can be installed natively via DietPi software. Furthermore, Docker also consumes more system resources for the Docker engine.

Yeah, I remember the docker issue…it even affected other distro’s too…due to how apparmor changed things…they got on it pretty quick

I guess I am just more comfortable running stuff in docker than bare metal…but I already went thru the learning curve of figuring docker and the like out…

Ultimately docker does offer ALOT more flexibility…but yes, it does use more system resources, which unfortunately sometimes quite limited on SBC’s

Understood. DietPi and CasaOS are both wrappers with a lot of effort spent on making “apps” work out of the box, including all server/database req’s. With DietPi using CLI + menus over SSH, and CasaOS using a web front end with Docker containers.

In my context, CasaOS solves the issue of access for people who know nothing about SSH, logins, or the command-line. The risk of losing remote access if the router or VPN setup breaks remains similar in both cases. I’ve been avoiding Docker until now (being another layer of complexity), but I guess if it’s mature and mostly handled under the hood, perhaps it’s now a viable option.

Many tradeoffs. I’ve been using BTRFS on two disks with RAID1 and simple r/o snapshots + rotation as a way to overcome disk failure + quick incremental backups. With a remote backup in case of fire/theft disasters (using Duplicacy). BTRFS is not currently supported in CasaOS, AFAICT. It’s not a show-stopper, there are many alternatives for all of this.

To prepare a future server, I have a spare Pi4, a NUC i3, and an old Mac Mini (Core 2 Duo) - each with 8 GB RAM. They all work splendidly with DietPi. I don’t intend to go into an exhaustive evaluation, but my main focus will probably be on longevity: creating a setup which can be kept going and well-maintained for many years.

Lots of work ahead. I’ll explore CasaOS w/ NextCloud, and perhaps also PhotoPrism and some music server for our in-house media “consumption”.

There is a solution for that as well…however the video I found uses OMV vs DietPi. (I do believe with some development {and scripting of course} a BTRFS and RAID solution could be done…but that relies upon developers and their support)

With manual raiding of BTRFS it can be done…but it’s alot of command line setup, once setup BTRFS should be running like a boss. (however if issues arise…then command line will be the goto to fix it)

Just remember there are TONS of “home server” type setups out there…sifting thru all the clutter, finding what works for you (and the learning curve) is the hardest part

There is no “out of the box” setup (unless you want an img or iso build of someone doing all the pre-scripting and building for you {but you are now locked in on their devolopment/support} )…but with a little bit of linux skill/knowledge a working solution is easy to setup/configure/deploy.

We have published a number of blog posts on the subject of raid setup Using a RAID system with DietPi – part 1 – DietPi Blog

I’ve been trying out Debian 11 + CasaOS on a RasPi and on a NUC.

The Nextcloud setup is not a one-click thing (the app-store only offers an SQLite setup), but there is good info on the interwebs for adding a MariaDB docker app for NC.

Pi-hole, PhotoPrism, and Jellyfin all work out of the box. SMB is also built-in.

For VPN, I’ve enabled WireGuard on my router (latest FritzBox now offers a great setup for it, including QR-code based client configs, same as in PiVPN). So no need to have that installed on Linux anymore.

There’s no DietPi underneath all this in my current explorations. I will definitely keep using DietPi on the systems I use, but for this remote server setup, CasaOS might end up being more practical. There’s also a web-based terminal in the CasaOS UI, though for now I’ve been staying with good ol’ SSH.

BTRFS disks do get auto-mounted, but re-formatting appears to only support ext4. No big deal, as mentioned - this sort of configuration work is mostly fire-and-forget (I hope!). I like BTRFS because of its built-in snapshot and optional mirroring & compression capabilities.

I think that my main focus should be on keeping remote access going in the long term, i.e. clearly documenting how to keep an incoming VPN or SSH session into this box working. From there I can step in if & when things go bad, or a knowledgeable friend of mine.

As for long term support and upgrades of CasaOS and the apps I’m using: this is where some level of financial sponsoring makes good sense, IMO. But that’s for a later stage …

I’ve not looked into security and updates yet. But so far, functionality and stability look fine.

PS. I’m well-versed in Linux, and used to lots of sudo stuff. It’s a lot of new info to take in, and there are only so many hours in a day to try different approaches. Onwards

Until now … CasaOS appears to run (almost entirely?) as superuser. Most files & dirs are owned by root. SMB comes with default wide-open guest access, and manages its shares as root. Although Nextcloud seems to run and save its files as www-data.

If exposed directly on internet, the slightest breach into this setup basically gets you root access. And from there, everything on the LAN is … compromised? Yikes …

Anyway, I’ll refrain from posting anymore, as all this has nothing to do with DietPi.

100% absolutely true…ALL linux OS’s not setup with proper security or irresponsibly exposed to the internet (aka port forwarding) thru a firewall can expose any/all OS’s to potential problems…security is always paramount or a reverse proxy is imperative.

This is why arbitrarily punching holes in a firewall without properly securing/locking down an exposed OS/program is never a “good idea” (this is the beauty of a personal VPN app such as PiVPN or wireguard is a great way to get into your home network securely.

Oh cool…Techno Tim did another in depth look at CasaOS…

Yes, that’s what I’m moving towards for my own in-house setup: a home server with only WireGuard access from the outside. No more public-facing anything.

But the setup for a family member needs public Nextcloud access. Luckily, there seems to be a solution in the latest CasaOS release: Nginx Proxy Manager. With it, NC can be exposed (with LetsEncrypt for HTTPS), without anything else accessble from outside. NC has a good security check in place and is easily kept up to date via its admin page.

Man, what a rabbit hole …

What an unneeded overhead to install the NginxProxy Manager. With the simple DietPi install script you can install NC, Wireguard and LetsEncrypt certificates ootb without the need for another software title. I would recommend keeping it as simple as possible if the device is in a remote location with limited access. And not introduce another layer of complexity with Docker + CasaOS.