Could Someone Give me Guidance on Setting Up a Secure FreedomBox Server for Home Use?

Hello there,

I am excited to join this forum and explore the world of decentralized and self-hosted solutions. I have recently decided to set up a FreedomBox server at home to enhance my digital privacy and control over my data. Although; as a newcomer to this technology; I could use some guidance and advice from the experienced members here.

I have a Raspberry Pi 4 with 4GB RAM and a 128GB microSD card. I also have a reliable internet connection with a static IP.
I plan to install the latest stable release of FreedomBox.

I want to ensure that my personal data is secure and accessible only to me.
I intend to use FreedomBox for hosting my own email server, file storage (Nextcloud), and possibly a VPN.
Since I am relatively new to self-hosting, I am looking for a setup that’s user-friendly and manageable.

What are the best practices for setting up FreedomBox on a Raspberry Pi 4? Are there any specific configurations or steps I should follow to optimize performance and security?

Can anyone recommend a comprehensive guide or resources for setting up a secure and reliable email server on FreedomBox? What are the common pitfalls to avoid?

How well does Nextcloud integrate with FreedomBox, and what are the recommended settings for a seamless experience?

Also, I have gone through this post: https://discuss.freedombox.org/t/how-best-to-configuring-home-network-for-freedombox-and-maintain-maximum-security-power-bi/ which definitely helped me out a lot.

What are the best VPN options to use with FreedomBox, and how can I ensure that my internet traffic is secure and private?

Thank you in advance for your help and assistance.

Welcome!

Here is some advice based on your use case.

MicroSD cards are not terribly reliable so I recommend setting up automatic backups and, when you are not short on time, trying to make a fresh install on a spare MicroSD card and practice restore (and make your own notes), so that you can repair rapidly without stress if it breaks.

The backup feature of freedombox takes care of email, but I am not sure about Nextcloud.

Nextcloud is experimental and relatively complex, if your usage is purely personal, I’d suggest using the share feature instead.

Network shares are only accessible on your local network but if you setup the VPN server, you can also access them when you are connected to your VPN server. Without the VPN server, you can also access the contents of your network shares with sftp, which is rather easy to use on computers (with FileZilla or any file manager on GNU/Linux computers) or on Android (FTPClient) or iOS (ShellFish, then access via Files).

If you use sftp (this means, you make port 22 accessible from outside), for better security, I recommend using ssh keys and disabling password based authentication. For this, on each device on which you want to have access, create a pair of private key and public key (I can explain how to do on GNU/Linux, Mac, Windows, Android and iOS) and add the public key to your freedombox via the web interface.

The backup feature of freedombox does not backup the contents of network shares so you should setup some backup by yourself, for example by a computer on your local network.

I think there is no absolute security or privacy, it really depends what you want to obtain exactly.

When you are not on your local network, if you use email or sftp to your freedombox, the local ISP can see that you are using email or sftp with your freedombox and the amount of data exchanged, but that is all since the traffic is encrypted.

In general, when you are using protocols like https to access websites, your traffic is encrypted and the local ISP (home or somewhere else) can only see with which machines you are communicating. Using a third party VPN can hide that from the local ISP but then it is visible to the third party VPN provider and I tend to find it equally difficult to trust a VPN provider or an ISP.

However, I know a clear use case for a VPN: if you want to access your employer’s network but you don’t want your employer to be able to determine your geographical location.

If you want to access websites without anyone knowing that you do, I’d suggest using Tor browser (and you should not access any personal account with it of course), for which you don’t need freedombox.

I have settled on wire guard vpn after trying open VPN. My impression is that WG is more economical with my phone battery.

They both work.

Understand that the VPN does not conceal your Internet traffic once it leaves freedom box. It is excellent for securing your home network or communication between FB and a device through the Internet, which is still good. Freedombox VPN is not a privacy panacea. Use it how it is designed and it is great.

If you want to protect your Internet use then consider using Tor on FB and routing through that. You could work out VPN to Freedombox to Tor to Internet for that purpose.