AuraCloud Wiki

About AuraCloud

AuraCloud is an experimental self-hosted cloud infrastructure built on the principles of privacy, transparency, and user sovereignty.

What is Self-Hosting?

Self-hosting means running your own services on hardware you control, rather than relying on third-party cloud providers. This gives you:

Complete Control - You own your data and infrastructure
Privacy - No third parties can access your information
Transparency - You know exactly what's running and how
Learning - Hands-on experience with real infrastructure

The Experiment

AuraCloud is a living experiment in building a complete, privacy-focused alternative to commercial cloud services. Every service is carefully chosen to align with open source values while providing real utility.

Open Source & Privacy Ethos

Why Open Source Matters

Open source software is more than just free code - it's a philosophy of transparency and collaboration:

Transparency - Anyone can inspect the code for security or privacy issues
Community - Developed and maintained by users, for users
Freedom - No vendor lock-in or proprietary restrictions
Security - More eyes reviewing code means fewer vulnerabilities
Longevity - Projects can't be "sunset" by a corporation

Privacy by Design

Every service in AuraCloud is selected with privacy as a core requirement:

No Tracking - Your activity is never monitored or sold
Encryption - Data is encrypted at rest and in transit
VPN-Only Access - Services are isolated from the public internet
Minimal Data - Only essential information is collected
User Control - You decide what data exists and who can access it

Self-Sovereignty

AuraCloud embodies the principle of digital self-sovereignty - the idea that you should control your own digital life without intermediaries.

AuraCloud Services

Each service is chosen for its alignment with our ethos and practical utility.

💬 AuraChat (Prosody XMPP)

Purpose: Decentralized, encrypted instant messaging

Why It Fits: Prosody is a lightweight, open-source XMPP server. XMPP is a proven, decentralized protocol that's been around since 1999. No corporate control, true federation, and end-to-end encryption via OMEMO.

Utility: Secure communication with anyone on the XMPP network worldwide. Full control over your messages and metadata.

Official Site: https://prosody.im

Donate: Via their website - supports independent development

💾 AuraDrive (FileBrowser + LUKS)

Purpose: Encrypted file storage and sharing

Why It Fits: FileBrowser is open source and runs entirely on your infrastructure. Files are encrypted at rest using LUKS full-disk encryption, meaning even if the drive is stolen, data remains secure.

Utility: Store sensitive documents, backups, and files without trusting cloud providers. Access from anywhere via VPN.

Official Site: https://filebrowser.org

Donate: GitHub Sponsors - support the maintainer

🛡️ AuraGuard (AdGuard Home)

Purpose: Network-wide ad blocking and DNS-level protection

Why It Fits: AdGuard Home is open-source software that blocks ads, trackers, and malicious domains at the DNS level. No browser extensions needed - protection for every device on your network.

Utility: Block ads and tracking across all devices (phones, tablets, smart TVs, IoT). Protect your entire network from malware, phishing, and tracking domains. Full control over DNS queries and filtering rules.

Official Site: https://adguard.com/adguard-home

Donate: Support via their website

⚙️ AuraPanel (Custom Dashboard)

Purpose: System administration and control

Why It Fits: Custom-built for AuraCloud with no external dependencies. Complete transparency in what data is collected and how the system operates.

Utility: Centralized control over services, monitoring, and system state. Quick access to critical operations like AuraDrive lock/unlock.

Source: Custom-built - no external dependencies

🔐 WireGuard VPN

Purpose: Secure, encrypted network access

Why It Fits: WireGuard is a modern, extremely fast VPN protocol with minimal attack surface. It's been audited, is built into the Linux kernel, and uses state-of-the-art cryptography.

Utility: All AuraCloud services are VPN-only, ensuring they're never exposed to the public internet. WireGuard provides the secure tunnel for accessing your infrastructure from anywhere.

Official Site: https://wireguard.com

Donate (Bitcoin): 3Jsk6BuNkzW22RaCS1UaJy8w4bCwtVCkUF

🚫 Fail2ban

Purpose: Intrusion prevention and brute-force protection

Why It Fits: Fail2ban is a proven, open-source tool that monitors logs and automatically bans IPs showing malicious behavior. It's been protecting servers since 2004.

Utility: Automatically blocks brute-force attacks on SSH, web services, and other exposed ports. Reduces attack surface and protects against automated threats.

Official Site: https://github.com/fail2ban/fail2ban

Donate: GitHub Sponsors - support the maintainers

Security Model

Defense in Depth

AuraCloud uses multiple layers of security:

VPN-Only Access - Services only accessible through WireGuard VPN
Encryption at Rest - LUKS full-disk encryption for sensitive data
Encryption in Transit - TLS/SSL for all network communication
Minimal Attack Surface - Only essential services exposed
Regular Updates - Security patches applied promptly

Threat Model

AuraCloud is designed to protect against:

Corporate Surveillance - No third-party access to your data
Data Breaches - Encryption protects data even if hardware is compromised
Network Attacks - VPN requirement prevents unauthorized access
Service Shutdown - You control when services run, not a corporation

What AuraCloud Doesn't Protect Against

It's important to understand the limitations:

Compromised client devices (your laptop/phone)
Physical access to unlocked systems
State-level adversaries with significant resources
User error (weak passwords, sharing credentials)

Best Practices

Use strong, unique passwords for each service
Keep VPN credentials secure
Regularly update client software
Enable 2FA where available
Monitor AuraGuard for unusual activity