Home Server 101: My Setup & Recommendations
I’m excited to share the first installment of a three-part series that I originally published on my LinkedIn profile. Since this blog also explores a variety of tech topics relevant to anyone – like me – who needs to deliver IT projects, I wanted to bring these insights to a broader audience beyond my LinkedIn network. I hope you enjoy this first chapter, and if you do, stay tuned for the next ones!
Greetings! I’ve been curious about how many home server enthusiasts are in my network, so I decided to share some details about my own setup, hoping it might resonate with some of you. And even if you’ve never worked with home servers before, I hope my experience inspires you to consider setting one up yourself. One important disclaimer though: since I don’t know what you might try to achieve – self-host a web app, experiment with AI locally, centralize your smart home devices? – it will be difficult for me to tailor advice to your exact needs. Still, I hope this post provides some helpful general guidance!
My Use Case and General Considerations
Before jumping into recommendations, let me then share a bit of context about my own use case. Accessing and sharing files across all the devices on my network was a top priority for me, as this is especially useful for my project studio. This means my home server also acts as a media center. Beyond this use case, I sometimes use my home server to spin up services for small, temporary development projects, but this is more for experimentation than anything else. That’s also why I don’t actually need to expose my home server to the public Internet. Doing so would dramatically increase security risks and require more effort to harden security at every level. Of course, keeping your server private doesn’t mean security is any less important but if you also need to expose your server to the public Internet, you should carefully consider whether the additional administrative burden is worth it, especially if you’re not a cybersecurity specialist. After all, you could achieve similar results by running your setup in the cloud, avoiding the risk of compromising your home network.
Picking the Right Hardware
Let’s start with hardware. The key is to choose what best fits your personal needs – in my case, for example, storage was a top priority, but that doesn’t mean it has to be for everyone. If there’s one universal recommendation I’d make, it’s this: choose a machine with low power consumption, especially at idle. Since your home server will likely be running 24/7, it will spend most of its time in idle mode. Prioritizing energy efficiency will reduce the impact on your electricity bills, so be sure to factor this in alongside your other requirements.
Picking the Right Operating System
Proprietary Unix would be too expensive and unnecessarily complex for a home server and, as someone who would never choose the Windows ecosystem (call me biased, I’ll take it), I can only recommend Linux. The real question is: which Linux distribution? Personally, I chose a Debian-based distro, but you could go with whatever you prefer. There are two main aspects I recommend prioritizing when choosing a distro:
- Minimal / Lightweight: You want your server to run efficiently and only what’s essential.
- Hardware Compatibility: Make sure your chosen distro works well with your hardware. For example, I went with a Debian-based distribution because they’re generally well-supported and perform very well on Intel processors.
Docker, Portainer & Watchtower
Most of the services running on my machine are containerized. Docker simplifies everything and brings the added benefit of isolation. For more advanced use cases, you might consider a Kubernetes cluster, but for most home server scenarios, Docker is more than sufficient to handle whatever you need to set up. Important security note: Docker makes container ports accessible even if your firewall is enabled and restrictive: this will require additional configuration efforts on your side but in my opinion this is not a reason to avoid using Docker altogether. Coming to Portainer, I would consider it an optional component of my setup, but it’s an effective tool for managing containerized applications. Finally, there’s Watchtower, which automates container updates and helps keep your services up to date.
Nginx Proxy Manager
Nginx Proxy Manager plays a central role in my home server setup. It manages all reverse proxy configurations, allowing me to assign custom domain names to my services and, even more importantly, to easily obtain a valid SSL certificate for my applications. I mention it after Docker not only because I typically deploy it using Docker Compose, but also because it serves as an ideal central hub for managing self-hosted applications in a dockerized environment.
Samba & Jellyfin
Samba is a robust solution for sharing files across devices within your local network – I’d even say it’s the standard for home servers. I chose Jellyfin over Plex for my media streaming because Jellyfin is open-source (and open-source is sexy). I’m mentioning Samba and Jellyfin together because Jellyfin read media directly from the filesystem. Once you’ve mounted your Samba share, you simply point Jellyfin to that folder, and it will scan and serve the media files stored there.
Tailscale
As I mentioned earlier, my home server isn’t exposed to the public Internet but that doesn’t mean I can’t access its services remotely. While I don’t do so often, there are times when remote access is necessary. So, how do I manage it? The answer is a VPN. By using a VPN, I can connect to my home network from my other devices when I’m away from home, without exposing all my services to the Internet. For my setup, I chose Tailscale. All traffic is encrypted (Tailscale uses WireGuard for end-to-end encryption) and routed through their secure overlay network. This means there’s no need for port forwarding or exposing a public IP address. It’s simple to set up and quite effective.
Fail2Ban
I wasn’t sure whether to include Fail2Ban, since it is not directly related to my main use case and security would actually require an entire, dedicated post. On the other hand, I cannot list all these services, without mentioning the tool that helps protect them from brute-force attacks. As I mentioned earlier, keeping your home server off the public internet is a good first step to reduce exposure to external threats, but it’s not enough to guarantee overall security. For example, malware could infect a device on your local network and attempt to move laterally within it. Fail2Ban automatically scans logs and blocks IP addresses showing suspicious behavior. All you need to do is ensure that authentication attempts for your services are logged. Then, set up the appropriate Fail2Ban filters and jails. Fail2Ban is especially effective for protocols and services that allow remote authentication – SSH, web logins – but can also provide benefits for services exposed to login attempts within your local network. While Fail2Ban doesn’t eliminate the risk of lateral movement entirely, it provides an additional layer of security against brute-force attacks. Of course, you will still need to integrate additional security measures and keep an eye on your services – regular monitoring is still a must – but if this sounds like your kind of fun, then welcome to the club! 😄
But tell me more about you! What do you use your home server for or what use case are you considering if you don’t have a home server yet? Feel free to share your thoughts in the comments or ask any questions – your input might even inspire a potential “Part II” of this post! Cheers!
Italian-German cloud computing professional with a strong background in project management & several years of international work experience in IT & business consulting. His expertise lies in bridging the gap between business stakeholders & developers, ensuring seamless project delivery.
Related posts
Join Us
