Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Help about MediaWiki
FUTO
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Introduction to a Self Managed Life: a 13 hour & 28 minute presentation by FUTO software
(section)
Main Page
Discussion
English
Read
Edit
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
Edit source
View history
General
What links here
Related changes
Special pages
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
= Installing Ubuntu Server with RAID 1, LVM, and LUKS Encryption = Now it’s time to install the operating system on our host server. I’ll walk you through the process of installing Ubuntu Server with a nice configuration including RAID 1 for boot drive redundancy, encrypted LVM for flexibility in expanding storage if we move this setup to a larger set of drives, and LUKS encryption for security. This setup makes sure your server can boot even if one drive fails, while keeping your data secure. Even if someone breaks into your house & steals all of your stuff, all they have is encrypted crap. Unless they’re the NSA, in which case you’re screwed, but if you’re reading this guide, you’re probably not that important. <span id="installing-ubuntu-linux"></span> == Installing Ubuntu Linux == For our server’s operating system, we’re going with Ubuntu Linux. Why Ubuntu? If you’re watching this, you’re probably more of a newbie than an expert. Ubuntu is user-friendly, has good documentation, and has a huge community ready to help. It’s widely renowned as the first “newbie friendly” GNU/Linux distribution, dating back to 2006 when it was one of the few distros that ''[https://distrowatch.com/dwres.php?resource=review-ubuntu didn’t require torturing yourself with ndiswrapper to get wifi working]''. Robert Storey put it best: “''The huge collection of Linux/BSD systems listed on DistroWatch is a testimonial to how difficult it is to make a decision. However, after spending weeks trying to get XYZ distro to recognize your wireless card, it’s really nice to have an OS that just works.”'' Imagine having a laptop as your only computer, before smartphones with tethering were widely available. You don’t have access to a wired connection. Where were you getting your drivers from? Maybe you do have access to a wireless connection, but your only CAT5 cable is 5 feet long. And your router is in an un-air-conditioned garage. In the middle of summer. So you go to your 98°F garage, sit on the floor, googling only to find a plethora of threads where elitist douchebags tell you to RTFM to get wifi to work. And they wonder why people used closed source operating systems… In 2005, the concept of anything in GNU/Linux ''“just working”'' was a joke. If you wanted to burn a CD you had to set up something called [https://forums.justlinux.com/showthread.php?29773-ide-scsi-emulation-isn-t-working SCSI emulation] to use the optical drive on your computer. From the ground up, GNU/Linux was fundamentally not designed for normal people. Ubuntu changed that in a radical way and continues to have a reputation for being a newbie-friendly ''“gateway drug”'' to GNU/Linux. It’s not the best and it has its flaws, but it is designed and developed with ease of use for normal people in mind. For a beginner’s guide, that matters. <span id="why-not-arch-or-gentoo"></span> === Why Not Arch or Gentoo? === I use Arch Linux now, SuSE from 2002-2004, and Gentoo from 2004-2015. I enjoy making my life difficult for no good reason. In my 30s, I’ve come to realize that I derive sick pleasure from making my life difficult for no good reason; but I wouldn’t recommend that for beginners ''(or anyone)''. With Ubuntu, you get a system that’s easy to set up and maintain without the extra hassle, designed to be as idiot-proof as possible, and designed for normal humans to use. If you wish to use another distro, '''''GO FOR IT!''''' There is NO one ''“right way”'' to do any of what I am doing here! <span id="installing-with-raid-1-choosing-your-os-drive"></span> === Installing with RAID 1: Choosing Your OS Drive === We are going to be using RAID 1. RAID 1 is a mirroring setup, where we use two drives for the operating system instead of one. This means one of the drives can completely fail and the server continues running. I would suggest that you find not one, but TWO SSDs for this purpose. We will be using <code>MDADM</code> for RAID. Ubuntu allows you to do this upon install without having to edit configuration files. <span id="why-software-raid-using-mdadm-instead-of-hardware-raid-with-a-raid-controller-card"></span> ==== Why software RAID using MDADM instead of hardware RAID with a RAID controller card? ==== RAID controller cards are for people with datacenters that have hundreds of drives and need maximum performance/resilience for specific applications, that want the task of managing these drives separate from the software running the computer. This was also very useful back when machines were powered by Pentium 1 processors. <blockquote>'''NOTE:''' Some hardware RAID controllers will give you improvements in performance, but it’s not worth the downside. There are controllers where when they fail, you have to replace it with the exact same controller for your setup to work again - aka, digiorno all over again. Using software RAID like MDADM means you can take drives out of a pentium 4 and put them into a macbook and it’ll just detect it & work. </blockquote> It is 2024, and even a ten-year-old computer will do software RAID just fine with no perceivable penalty in performance. <span id="why-not-use-raid-built-into-my-motherboard"></span> ==== Why not use RAID built into my motherboard? ==== That is called ''“fake RAID.”'' Fake RAID is cancer. It is not “hardware” RAID, it is just software RAID by another name. When you create a RAID array using the garbage built into your motherboard, the RAID configuration is sometimes stored in a proprietary format that is only readable by that specific manufacturer’s RAID implementation. I used the word ''“sometimes”'' because it depends on your system. I have no idea what system you have. I want ALL of the people reading this to have a system that works if they transfer these drives to another system, not ''“some”'' of you. It costs you nothing to use <code>mdadm</code>, which offers certainty of compatibility when you transfer these drives to other hardware. When certainty & uncertainty have the same price, all other things being equal, I’ll take the certainty! MDADM software RAID is a standardized system that transfers across computers – I am not using hardware RAID, I am not using whatever RAID is in the BIOS of your computer, because I have no idea what they are using or whether it is something standard or something that will be aggravating later. If you have to take these drives and put them in another computer, there will be less hassle using software RAID than there is using hardware RAID, it’s literally plug and play ''(well, you may have to use a liveCD to run <code>grub-install</code> to register the bootloader with the new machine’s UEFI, but… The RAID part will work at least!).'' <span id="drive-recommendation-for-os"></span> ==== Drive recommendation for OS: ==== We’re going to have two drives in RAID 1. '''''You can use more if you like – RAID 1 need not be two drives!''''' I like Micron SSDs; they have always had consistently lower failure rates than Samsung’s budget “EVO” line for me with regards to NVME devices. I’ve RMA’d the same 2 TB Samsung EVO 970 five times now… Five… Times. You can get two budget 4 TB SSDs for under $500 now – I recommend ''[https://www.crucial.com/ssd/p3/CT4000P3SSD8 these]''. We are going to be using these SSDs for virtual machines that perform many tasks. Here are some of the storage-intensive ones: * Self-hosted mail. Your inbox may be 50+ GB like mine. * Complete phone backup of everything – can easily eclipse 2 terabytes. Mine is 1.4. * FreePBX phone system – call recordings over time can go over 50 GB easily. I suggest buying drives for your operating system disk that are considerably fast and have enough space to store all of this. With regards to security camera recordings, and the backup of your 40 terabytes of recipes stored as .mkv files – that, we’ll do on an array of hard drives. You don’t need to get SSDs. <span id="raid-is-not-a-backup"></span> == RAID IS NOT A BACKUP! == <blockquote>'''IMPORTANT NOTICE: RAID 1 IS NOT A BACKUP!''' Many people incorrectly believe that RAID 1 is a “backup.” It is not! RAID 1 sets up your machine so that the operating system is installed on TWO drives rather than one, with each drive being an exact mirror of the other. This way, if one drive fails while you’re using your server, it will still run. Think of RAID 1 like the green goo you can put in your tire to plug up a hole, or a spare wheel, allowing you to limp to a service center for repairs. </blockquote> Here are a few reasons why RAID 1 is not a backup: # Backups allow you to restore your system if you accidentally mess something up. RAID 1 is a perfect mirror, so it applies to everything you break. # RAID 1 means you’re attaching two hard drives to your computer to install the operating system on instead of one. These drives are both connected to the same computer. If your computer’s power supply fails and sends incorrect voltages to the drives, both get fried. # When one drive in a RAID 1 array fails, the other often fails soon after, especially if they’re the same brand and were purchased at the same time. # RAID 1 works so well that you might not notice when one drive fails until the second one also fails, leaving you with no data. <blockquote>'''NOTE:''' MDADM does work well enough that you won’t tell when a drive fails. Later in this guide we’re going to set it up so that your machine is constantly checking & emails you the moment there is any issue with your drive using mdadm’s monitor command. </blockquote> <span id="step-by-step-installation-guide"></span> == Step-by-Step Installation Guide == '''What you should have''' * Two identical SSDs (e.g., Samsung 870 EVO 250GB), but bigger will be better here since we’ll be using this to backup everything on your phone + many other things. * A USB drive to put the Ubuntu installation image on * An old computer to use as a server (even a 10-year-old desktop or laptop can work) <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:lu55028jxc7f_tmp_c21a542a.png File:lu55028jxc7f_tmp_133ad038.png File:lu55028jxc7f_tmp_c5e0db26.png File:lu55028jxc7f_tmp_1eafd48e.png File:lu55028jxc7f_tmp_6c5ec0f7.png File:lu55028jxc7f_tmp_51afdc6d.png File:lu55028jxc7f_tmp_bd4536d.png File:lu55028jxc7f_tmp_f70b5843.png </gallery> <span id="prepare-the-installation-disk"></span> === 1. Prepare the Installation Disk === ''Warning: This process will erase everything on the USB drive.'' # Insert a USB flash drive (at least 4GB in size) into your computer. # Go to [https://ubuntu.com/server ubuntu.com] and download the LTS (Long Term Support) version of Ubuntu Server. # Use one of the following methods to write the Ubuntu image to the USB drive: '''Windows:''' # Download and install Rufus. # Open Rufus and select your USB drive. # Click the '''“SELECT”''' button and choose the unzipped .img file you downloaded. # Click '''“Start”''' and let Rufus create the bootable USB. '''GNU/Linux or macOS:''' <ol style="list-style-type: decimal;"> <li><p>Open the terminal and type the following command:</p> <pre>sudo fdisk -l</pre></li> <li><p>Make note of drives in the system.</p></li> <li><p>Plug in the flash drive.</p></li> <li><p>Open the terminal and type the following command again:</p> <pre>sudo fdisk -l</pre></li> <li><p>Make note of the drive that was not present before.</p></li> <li><p>Double-check size/brand/model to make sure this new device is the device you plugged in.</p></li> <li><p>Run the following, replacing <code>/dev/sdX</code> with your drive, and replace the <code>ubuntu-server.iso</code> file with the filename of your image file. Make sure you use the right PATH, that is the directory your image is in.</p> <pre>sudo dd if=/path/to/ubuntu-server.iso of=/dev/sdX bs=4M status=progress</pre></li></ol> Your bootable USB drive with Ubuntu Server Linux is now ready for use! <span id="boot-from-the-usb-drive"></span> === 2. Boot from the USB Drive === <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:lu55028jxc7f_tmp_911d702.png File:lu55028jxc7f_tmp_a33d9a7f.png </gallery> # Insert the USB drive into your server. # Power on the server and enter the boot menu (usually by pressing '''F12''' or another function key). # Select the '''UEFI option''' for your USB drive. <span id="begin-the-ubuntu-server-installation"></span> === 3. Begin the Ubuntu Server Installation === <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:lu55028jxc7f_tmp_5d0eeccb.png File:lu55028jxc7f_tmp_c5b32782.png File:lu55028jxc7f_tmp_14d81229.png </gallery> # Choose '''“Try or Install Ubuntu Server”''' from the boot menu. # Select your language and keyboard layout. # Choose '''“Install Ubuntu Server”''' (not the minimized version). # Select '''“Search for third-party drivers”''' for better hardware support. Don’t check this box if you want to ''[https://stallman.org/stallman-computing.html live Richard Stallman’s ethics]''. Check this box if you want to reduce the chances of random things in your computer not working. I check the box. I’m going to hell, I know…. <span id="configure-network"></span> === 4. Configure Network === <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:lu55028jxc7f_tmp_b1e98c52.png </gallery> <span id="why-a-static-ip"></span> ==== 4.1 Why a Static IP? ==== We are going to set up a server that we are going to consistently access. This means we always want it to be at the same place. Imagine trying to deliver mail to someone who lives on 20 Main Street today, and 90 Chandler Avenue tomorrow. Imagine trying to frequent a restaurant whose address changes every week. It would be annoying, inconvenient, and perhaps downright impossible. We want our server to always be at the same address. The “D” in “DHCP” means “dynamic” – as in, changing. We don’t want that. We want a “static” IP, meaning it does NOT change. When setting up your server, we need to give it a static IP, so we always know where to find it, and it never changes. How do we know what IP to give it? Go back to '''pfSense'''’s DHCP server configuration page & you can find it by going to '''Services —> DHCP Server'''. The ''“subnet range”'' tells you the list of available IPs. Keep in mind that you cannot use the IP address of your '''pfSense''' router here. * '''Router Gateway''': My router’s IP is 192.168.5.1. This is the gateway address. * '''Address Pool Range''': My address pool range is from .15 to .245, leaving .246 to .254 and .2 to .14 available. This setup provides a buffer of IPs for servers and other devices. '''Why the Buffer?''' I don’t want any conflicts where someone plugs in their computer while mine is rebooting and steals my IP. We will be setting up STATIC MAPPINGS so that nobody else can grab the IP address of my server – the IP we choose for our server will be reserved for our server’s specific network interface card and not some hated brother in law that thinks he’ll play games when your spouse has him over. However, this is still good practice. <span id="choosing-a-static-ip"></span> ==== 4.2 Choosing a Static IP ==== <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:lu55028jxc7f_tmp_44432cac.png File:lu55028jxc7f_tmp_feed77f5.png File:lu55028jxc7f_tmp_93f4316.png File:lu55028jxc7f_tmp_bda461e0.png File:lu55028jxc7f_tmp_4d5798a7.png File:lu55028jxc7f_tmp_c59fcb59.png </gallery> For my servers, I pick an IP between 192.168.5.2 and 192.168.5.14. This ensures no one else can sneakily take my server’s IP while it’s rebooting. # In your '''pfSense''' router, go to '''Services > DHCP Server'''. # Understand your subnet. For example, <code>192.168.5.0/24</code> covers IPs from <code>192.168.5.1</code> to <code>192.168.5.254</code> # Your router’s IP is typically <code>192.168.5.1</code>. We can’t use that. Since we made the address DHCP pool range <code>192.168.5.15</code> <code>192.168.5.245</code>, this means that we have <code>192.168.5.2</code> through <code>192.168.5.14</code> free – no computer connecting with DHCP (which is the default for 99.9999% of all network devices in your home) will be using these, so they’re free for the taking. # Choose the network interface that’s connected (usually the one that has already received an IP via DHCP). # Change the configuration from DHCP to Manual: * '''IP Address:''' Choose an address outside your DHCP pool (e.g., <code>192.168.5.2</code>) * '''Subnet:''' Usually <code>255.255.255.0</code> (or /24 in CIDR notation) * '''Gateway:''' Your router’s IP (e.g., <code>192.168.5.1</code>) * '''Name servers:''' Use your router’s IP as the DNS server '''''Please note: if you skip step 4 by choosing Continue without network, you not be able to set up your internet connection later.''''' <span id="prepare-the-drives"></span> === 5. Prepare the Drives === <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:lu55028jxc7f_tmp_90d50cc3.png File:lu55028jxc7f_tmp_ae1aab84.png File:lu55028jxc7f_tmp_6fb6a48d.png File:lu55028jxc7f_tmp_fc776e25.png File:lu55028jxc7f_tmp_e4bd6c3a.png File:lu55028jxc7f_tmp_41dc80bd.png File:lu55028jxc7f_tmp_31ba1cbc.png </gallery> <span id="format-the-drives"></span> ==== 5.1 Format the drives ==== # In the installer, locate your two SSDs (ignore the USB installer drive). # For each SSD: #* Select the drive and choose '''“Reformat”'''. #* Select '''“Use as boot device”''' – this will create an EFI partition on each. <span id="configure-efi-partitions"></span> ==== 5.2 Configure EFI Partitions ==== <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:lu55028jxc7f_tmp_be3ce88b.png File:lu55028jxc7f_tmp_4b9aaa78.png File:lu55028jxc7f_tmp_5086d648.png File:lu55028jxc7f_tmp_8d8ec28c.png File:lu55028jxc7f_tmp_8f536396.png File:lu55028jxc7f_tmp_ee4b3eb0.png File:lu55028jxc7f_tmp_84fae9c1.png </gallery> For each SSD: * Locate the automatically created EFI partition (usually 1GB). * Edit the size to '''512M'''. * Make sure it’s set to mount at <code>/boot/efi</code>. <span id="create-boot-partitions-for-raid"></span> ==== 5.3 Create Boot Partitions for RAID ==== <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:lu55028jxc7f_tmp_5080ad97.png File:lu55028jxc7f_tmp_5f9b3efa.png File:lu55028jxc7f_tmp_c834b835.png File:lu55028jxc7f_tmp_d73e5ee8.png File:lu55028jxc7f_tmp_8ace6542.png </gallery> # On each SSD: #* Create a new '''1GB''' partition. #* DO NOT FORMAT IT. CHOOSE '''"Leave unformatted"'''. #* '''DO NOT CHOOSE A MOUNT POINT.''' This is important for setting up RAID 1 later. # Set Up RAID 1 for <code>/boot</code> <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:lu55028jxckj_tmp_23af8abb.png File:lu55028jxckj_tmp_f4ef2715.png </gallery> # Select '''“Create software RAID (md)”'''. # Choose both 1GB partitions you just created (one from each SSD). # Set RAID Level to '''“RAID 1 (mirrored)”'''. # Name it '''“bootraid”''' or something meaningful to you. # Select '''“Create”''', hit enter. <span id="create-root-partitions-for-raid"></span> ==== 5.4 Create Root Partitions for RAID ==== <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:lu55028jxckj_tmp_d09fc3d7.png File:lu55028jxckj_tmp_972a066a.png File:lu55028jxckj_tmp_4a9745c7.png File:lu55028jxckj_tmp_7f935e0e.png </gallery> # On each SSD: #* Create a partition using all remaining space. Don’t fill in the “size” text box; it will automatically use the rest of the space on the drive. #* '''DO NOT FORMAT IT. CHOOSE '''"Leave unformatted"'''.''' #* '''DO NOT CHOOSE A MOUNT POINT.''' This is important for setting up RAID 1 later. <span id="set-up-raid-1-for-root"></span> ==== 5.5 Set Up RAID 1 for Root ==== <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:lu55028jxckj_tmp_a4a5a576.png File:lu55028jxckj_tmp_40dcb02f.png </gallery> # Select '''“Create software RAID (md)”''' again. # Choose both large partitions you just created. # Make sure RAID Level is set to '''“RAID 1 (mirrored)”'''. # Name it '''“osdriveraid”''' or something meaningful to you. # Go to '''“Create”''' & hit enter. <span id="configure-the-boot-partition"></span> ==== 5.6 Configure the /boot Partition ==== <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:lu55028jxckj_tmp_664f6137.png File:lu55028jxckj_tmp_10955270.png </gallery> # Select the '''“bootraid”''' you created. # Format it as '''ext4'''. # Set mount point to <code>/boot</code>. <span id="set-up-lvm-on-root-raid"></span> ==== 5.7 Set Up LVM on Root RAID ==== <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:lu55028jxckj_tmp_83c21b25.png File:lu55028jxckj_tmp_1514c051.png </gallery> # Select the '''“osdriveraid”''' you created. # Choose '''“Create volume group”'''. # Name it '''“ubuntuvolumegroup”''' or something meaningful to you. # When selecting the device for the LVM, you’ll encounter [https://bugs.launchpad.net/subiquity/+bug/2062102 a bug in the installer]: > ''The installer will show multiple devices without clear identifiers. This is a known issue that persists in the non-beta release of a stable, mission very important server operating system. Welcome to the world of open source software; this is part of the fun of using open source! Remember: '''it wouldn’t be open source if it worked!''''' # To select the correct device: #* Look for the option that’s around the size of your install (e.g., 231 GB for 250 GB SSDs). #* Choose the largest option, which should correspond to your RAID 1 array for the root partition. #* Ignore the smaller sizes, as they likely represent other partitions or devices. #* Pray. # After selecting the correct device, proceed with creating the volume group. <span id="create-encrypted-volume"></span> ==== 5.8 Create Encrypted Volume ==== # With the LVM volume group selected, choose '''“Create encrypted volume”'''. # Set a strong password. Consider using a password manager. # It’s recommended not to create a recovery key, as this could be a potential security risk. # Optionally, create a recovery key. If you do this, realize '''the recovery key can be used to decrypt your volume'''. ''Don’t do this unless you have a place to hide it that not even your cat can get to!'' <span id="create-logical-volume-for-root"></span> ==== 5.9. Create Logical Volume for Root ==== # Select the encrypted volume you just created. # Choose '''“Create logical volume”'''. # Name it '''“ubunturootvolume”''' or something meaningful to you. # Use the maximum available size. # Format it as '''ext4'''. # Set the mount point to <code>/</code> (root). <span id="review-and-confirm"></span> ==== 5.10 Review and Confirm ==== # Double-check your configuration. For two 250 GB SSDs, it should look like this: #* Root (<code>/</code>): ~231GB on encrypted LVM which is on RAID 1 #* <code>/boot</code>: ~1GB on RAID 1 #* <code>/boot/efi</code>: 512MB on each SSD # If everything looks correct, click '''“Done”'''. <span id="complete-the-installation"></span> ==== 5.11 Complete the Installation ==== # Carefully review the summary one last time. ''Remember we are erasing everything on these drives, to a point where even Rossmann Repair can’t recover it. If you create an encrypted volume, write over it, and then want the data back… good luck with that one.'' # If you’re sure you want to proceed, click '''“Continue”'''. # Follow the remaining Ubuntu Server installation prompts. # Set up your username. # Install OpenSSH server. <blockquote>'''NOTE:''' Installing OpenSSH allows you to remotely access your machine to install things, use it, mess with it, etc, rather than sit in front of your server in your unairconditioned garage when it’s 117f outside. When you see me on video installing things via terminal, I am almost never in front of the actual machine(or vm) I am using, I am remoting in using ssh. </blockquote> <blockquote>'''NOTE''': Do not install Docker via Snap in the next menu when it asks you to. We will install Docker later, and it won’t be the [https://www.reddit.com/r/docker/comments/shztqs/wow_docker_works_a_lot_better_when_you_dont_have/ miserable snap version of DOCKER]_. If you install Docker using Snap accidentally, this is understandable. If you install docker via snap by CHOICE, you’ll be in hell, & you’ll have earned it. </blockquote> <span id="reboot-log-in"></span> ==== 5.12 Reboot & log in ==== # Click reboot now at the end. # Once it is done shutting down Ubuntu Linux, unplug the installation USB. # When it boots up, it will ask for the encryption password to unlock the root partition, type this in. <div class="figure"> <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:image-20241106140227789.png </gallery> </div> <div class="figure"> <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:image-20241106140354651.png </gallery> </div> <div class="figure"> <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:image-20241106140427599.png </gallery> </div> <div class="figure"> <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:image-20241106140457610.png </gallery> </div> <div class="figure"> <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:image-20241106140554944.png </gallery> </div> <span id="set-up-static-ip-mapping-in-pfsense-post-installation"></span> ==== 5.13 Set Up Static IP Mapping in pfSense (Post-Installation) ==== <span id="set-up-static-ip-mapping-in-pfsense"></span> ==== Set Up Static IP Mapping in pfSense ==== # Log into your pfSense router. # Go to '''Diagnostics > ARP Table'''. # Find the MAC address associated with your server’s IP (e.g., <code>192.168.5.2</code>). Mine was <code>e0:d5:5e:a8:7f:b5</code>. # Go to '''Services > DHCP Server'''. # Scroll to the bottom and click '''“Add static mapping”'''. # Enter the MAC address and IP address of your server. ''Figure 17: This is what my setup looks like when I’m done configuring my partition structure. Yours should resemble mine. Ubuntu makes it as difficult as possible to use encrypted LVM with RAID 1 on boot devices, but we can beat their interface with some good ol’ ingenuity.'' # Give it a descriptive name (e.g., “Happy cloud server static IP”). # Save and apply changes. <span id="identifying-devices-on-your-network"></span> == Identifying Devices on Your Network == Let’s take a quick break to discuss the importance of '''static mappings''', '''hostnames,''' and the '''DNS resolver.''' What you type into the <code>hostname</code> field when setting the '''DHCP static mapping''' in '''DHCP server settings''' is what you can use to connect to the device instead of the IP address. For instance, if you set the hostname to <code>happycloud</code>, instead of having to type <code>192.168.5.2</code> to connect to this device, you can type <code>happycloud.home.arpa</code>. By default, on pfSense installations, the '''default domain''' is <code>home.arpa</code>. When you combine the <code>hostname</code> of <code>happycloud</code> with the <code>domain</code> of <code>home.arpa</code>, you get <code>happycloud.home.arpa</code>. This is more convenient for connecting to devices because it is easier to remember <code>happycloud</code> than it is to remember <code>192.168.5.2</code> for sane people, who reserve their brains for useful data rather than [https://www.youtube.com/watch?v=Z0DF-MOkotA&t=874s useless macbook trivia]. Further, similar to dynamic DNS, if you change the IP address of this server later, all of your services & bookmarks that point to this server do not have to be changed! '''You can name your servers however you want! You can choose IP addresses for your servers however you want! I will be using the same IP addresses & hostnames/domains throughout this guide so it is easy to follow, but you don’t HAVE to follow mine!''' <div class="figure"> <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:image-20241106141247324.png </gallery> </div> <div class="figure"> <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:image-20241106141458662.png </gallery> </div> <div class="figure"> <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:image-20241106141624092.png </gallery> </div> <div class="figure"> <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:image-20241106141726132.png </gallery> </div> <span id="why-isc-dhcp-matters-in-pfsense-and-how-to-set-it-up"></span>
Summary:
Please note that all contributions to FUTO may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
FUTO:Copyrights
for details).
Do not submit copyrighted work without permission!
To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:
Cancel
Editing help
(opens in new window)