Server (Processing Capacity)

We are using a VPS (Virtual Private Server) for balancing cost with extendability. This approach gives us flexibility to grow while keeping expenses manageable. The VPS provider offers extra features, such as Firewall at the network level, block storages, and backup storages. It is known for using Green energy and respecting privacy. We intentionally do not choose USA based VPS providers such as Amazon, Google, Microsoft, Oracle and Digital Ocean.

We have started with the following VPS specifications: AMD EPYC Processor, 8 cores CPU (shared cores) with 16GB of dedicated RAM. As our user base grows we can easily expand the server’s capacity to higher tiers with more RAM and more CPU cores (dedicated cores) without the need for extra work on software side.

Operating System

Our servers runs on Ubuntu Linux server, but it can be easily replaced with Debian or Redhat based distros, such as Rocky or Alma Linux. Based on our experience, if I am supposed to recreate a server like this I would go with a Debian base, to reduce the number of required updates and take a more conservative route. As long as our docker + NextCloud system works well, we do not require the Ubuntu’s frequent software updates.

Server Management

We use Virtualmin, an open source control panel, to manage our server infrastructure. This tool helps us maintain security and streamline administration tasks that would otherwise require specialized knowledge. Virtualmin provides a user-friendly interface for handling complex server operations while maintaining robust security practices throughout the system.

Here are a list of some of the services that come with Virtualmin pre-packaged and configured with security in mind:

1. SSH Server for remote operations
2. Basic Linux Firewall
3. Fail2Ban security software
4. Web Server (Nginx or Apache)
5. Optimized PHP Engine
6. Database Server (MySQL or PostgreSQL)
7. FTP Server
8. Email Server
9. Anti-Virus and Spam Filtering Services
10. DNS Server
11. A sophisticated backup and restore system

and many more…

Virtualmin has been around and developed for decades by a community of developers who have a mature perspective on security and general system administration needs.

Extra Software

We’ve installed several additional tools to enhance our server management capabilities:

• Docker + Docker compose
• Tmux for session management
• Btop for live resource monitoring
• Portainer for docker container management

These tools help us maintain system stability and respond quickly when adjustments are needed.

NextCloud-AIO (All in One)

We’ve chosen NextCloud as the foundation for our community collaboration platform. NextCloud AIO brings together essential digital tools in one package, giving our members control over their data while providing alternatives to commercial services like Google Drive or Dropbox.

Nextcloud AIO (All-in-One) is designed to simplify the setup of a private cloud for communities. It combines storage, communication, and collaboration tools in a package that’s easier to maintain than setting up each component separately. This approach reduces our administrative overhead while providing a comprehensive set of features. The AIO version of NextCloud puts together a few services as one harmonious package, which otherwise need to be installed and maintained separately, therefore it reduces the time and effort needed for installation and regular updates. These packages are:

• Nextcloud: The core application for file storage, sharing, and collaboration.
• Nextcloud Office: Based on Collabora Online Development Edition (CODE), it allows real-time document editing directly in your browser.
• Nextcloud Talk: Enables audio/video calls, chat, and screen sharing for seamless communication.
• Imaginary: Handles image previews and conversions, supporting formats like HEIC, TIFF, and WebP.
• ClamAV: Provides antivirus scanning to protect against malware.
• BorgBackup: Offers backup and restore capabilities to safeguard data.
• ElasticSearch: Powers full-text search functionality across your files and documents.
• Whiteboards: Offers a collaborative whiteboard creation based on Excalidraw and similar to Miro.

Within the NextCloud itself, our community has chosen to use the following NextCloud Applications:

• Files
• Calendar
• Contacts
• Talk (Audio video conferencing and messaging)
• Notes
• Photos
• Collectives (Teamwork)
• Webmail (RoundCube)

File Storages

We have implemented an innovative approach to file storage that enhances both security and cost-effectiveness. Rather than storing files directly on our server, we provide each member with their own dedicated storage space on a separate system, which we connect to their NextCloud account Each member has an S3 storage box of 250GB on a storage provider which is different from our server provider. Then we are using the External Storage feature of NextCloud to mount each storage to each member. This way our member’s files are stored out of the server itself, which has the following benefits:

• In case the server fails, is hacked or for any reason is out of order, the files will be available and retrievable.
• In case the server is hacked, it would be more difficult for the hacker to access the files as it would need an extra layer of credentials which are saved in hashed (encoded) format.
• The cost is seriously reduced. Each storage box costs us 3€ (per member per 250GB), versus if we want to have it directly on the server it would be 11€ per month per member for the same size.

The side effect of this approach is that the storage / file transfers works slower than normal, yet it is still acceptable for general use.

Email Delivery

We’ve carefully considered the best approach for email services, balancing reliability with maintainability. While our server has email capabilities built-in, we’ve opted for a specialized service to ensure messages reliably reach their destination.

While Virtualmin comes with a complete email server solution, including spam filtering and anti-virus, we are using an external service provider for email delivery. This way we ensure maximum delivery rates of the emails and avoid many complications / efforts needed for maintaining an email delivery system. Our provider is SMTP2GO, which has been used and tested on multiple servers by our team.

Front-End Website (WordPress)

Our public face is built on familiar, reliable technology that makes updates simple for community members. Our PureGold server self-hosts a website for communicating with the public audience, offering a basic introduction to who we are and what we do, plus a gateway to engage with those who are interested to learn more or even join the community. The website uses WordPress for content management and YooTheme framework for user interface, plus a form builder software that is used for maintaining the Expression of Interest form and Request to Join form.

User Enrollment Automation (n8n)

We’ve developed an automated system to welcome new members efficiently. This reduces human error and ensures everyone receives the same smooth onboarding experience with minimal administrative effort.

Our request to join form is password protected and shared only with those who are accepted to join the community. The form is connected to an n8n automation playbook which runs the following tasks upon the request is approved:

• Sanitizing the username
• Generating a random and secure password
• Setting up the email account on the email server
• Setting up the email delivery settings (using SMTP2GO API)
• Setting up a new S3 storage box with the storage provider using API
• Retrieving the credentials for the new storage box
• Creating the new NextCloud user
• Adding the NextCloud user to the member’s group
• Attaching the external storage box to the NextCloud user as the primary storage
• Sending an email to the new user with details on how to access emails, NextCloud etc…

The automation reduced the time that is needed for initiating a user from 30 minutes to less than a minute, while making the process error proof. The software we use for automation is called n8n which is self-hosted on the same server using docker. It is a base for other automation tasks, such as automation of backing up all members’ storage boxes when needed, or automation of creating a daily backup of the server using the server provider’s API, or any other automations that might be required in the future.

CloudFlare for tunneling & DNS management

We are using CloudFlare for managing DNS records, adding extra security to the front end website, and creating private tunnels to access some of the services, such as n8n and portainer (docker management). This provides an additional layer of protection while making certain administrative tasks more accessible.

Community Forum (in the making)

We are developing a discussion space to strengthen our community connections. By integrating with our existing authentication system, this will provide a seamless experience for members to share knowledge and build relationships. The forum will serve for sharing knowledge and ideas around our server and community. We are working on a solution based on a self-hosted Discourse (docker based) as it can integrate well with NextCloud.

Conclusion

The PureGold server represents our commitment to digital sovereignty and community-driven technology. By carefully selecting open-source, sustainable, privacy-respecting solutions and integrating them thoughtfully, we’ve created a system that serves our members’ needs without compromising on our values. As our community grows, this infrastructure provides a solid foundation that can evolve with us, empowering members to collaborate freely while maintaining control of their digital lives.

Here is a general diagram with all the components:

Software Notes:

Virtualmin: An open-source web hosting control panel that simplifies server administration through a browser-based interface.

NextCloud: A self-hosted productivity platform providing file storage, collaboration tools, and communication features as an alternative to commercial cloud services.

n8n: An open-source workflow automation tool that connects different systems and automates repetitive tasks through a visual interface.

Docker: A platform that packages applications and their dependencies into containers, ensuring consistent operation across different computing environments.

Discourse: An open-source discussion platform designed for community conversations, featuring modern interfaces and comprehensive moderation tools.