I decided to add some monitoring to the server.
You don’t have to tell me — I already know I don’t need it. There aren’t any visitors, just an occasional bot trying to get in via SSH or RDP. I already know this from analytics and nginx/sshd logs. But now I have a bunch of dashboards that rub it in
In any case, any monitoring is better than none at all. Hard to argue with that.
I had two requirements:
- I didn’t want to spend time configuring anything
- it had to have a small CPU/RAM footprint
Netdata ticked these boxes.
Make no mistake — despite the neon green matrix aesthetic, this project wasn’t made by people behind Razer™ or Monster Energy™.
I ran a script and now I have an endpoint serving a WebUI that shows all the basic system monitors: CPU, memory, storage, plus metrics for nginx and fail2ban. No manual configuration required.
It seems to be a common pattern among monitoring tools to have dashboards that feel overwhelming at first glance. They always take some getting used to. This project is no exception.
Because I didn’t want to expose the dashboard publicly, I finally installed Tailscale on the server. I added it to my home network tailnet. I don’t recommend that you do the same. A better approach would be to make a separate tailnet, but if you decide to follow my setup me make sure that your ACL doesn’t grant the server access to any other machine on your tailnet.
If someone takes control of this server, they may still be able to get information about you and machines on your tailnet — but at least they won’t be able to gain access elsewhere. There is an open issue #11581 about it.
2025-07-29 Update: You can how many machines could be exposed this way by configuring the ACLs. Read more about it here.