Home Server

• 8 Aug 2025
• ⌘
• 3 min read

Table Contents

• 0. Intro
• 1. Preparation
• 2. Hardware
• 2.1 My PC
• 2.2 Drive
• File System
• 4. OS
• Virtualization
• 3. Security
• 3.0 Accessing from outside
• 3.0.1 Using Caddy
• 3.0.2 Cloudflare tunnel
• 3.0.3 Set Up a VPN
• 3.0.4 Recommendations
• 4. Applications
• 4.1 Types
• 3.4 References
• Conclusion

0. Intro

This is not really a tutorial as I will not explain all the details from toe to head, but can give you ideas if you will want to set up, what to avoid, which are my personal recommendations. I am not an expert in this area, so if you think something is not correct, please feel free to contact me.

My aim to do my homelab is not only to do a challenge and learn a lot, but also a necessity because of the nature to have really customized software and not depend on external servers and the will of the companies doing whatever they want with my information or deciding for me the UI and how their services should work.

1. Preparation

Questions I should ask myself before getting my hands dirty:

• What’s on my server?
• What applications do I run on my home server?
• What OS am I using?
• How do I automate deploying and provisioning?
• How do I secure my services from unauthorized access?

Here is a video found intesting about homelab:

2. Hardware

2.1 My PC

I got a 6W low TDP mini PC with Proxmox. For the applications I will use it, I prepared for it with 8GB of RAM. For storage, I went minimal, with an SSD with 240GB for the OS and apps and 1TB old HDD for media files.

2.2 Drive

When choosing a drive, consider the following factors:

1. 3.5” vs 2.5”: 3.5” is more reliable in general, can have more capacity, but consumes more power, more heat, and may be more noisy.
2. CMR drives are better (no matter whether they are 2.5 or 3.5 ones)
3. Warranty: May check for drives that have a 5-year warranty or more
4. Prefer drives with TLC or better NAND for endurance.
5. Check for support of TRIM, garbage collection, and ECC features.
6. Brands: It seems that people on the internet recommend these brands quite often –Seagate IronWolf, WD Red, Hitachi HGST
7. External Bay: In a mini PC, you may need an external bay because there is not space inside the case. Affordable external bays usually may have one or two slots. I got the Sabrent 2 bay
8. RAID: You may take into account setting up a redundant array of independent disks (RAID), for example, there are RAID 0, RAID 1, or unRAID.

File System

Zfs is much more complicated for beginners. You need to do a lot of reading and while the out of box solution is fine, you need to modify some things for performance (such as a time). I would recommend using LVMs as they’re a lot easier to grasp and seem to work great out of the box.

Xpenology (synology clone) and Truenas (formerly Freenas), are 2 good options and both run on Proxmox.

4. OS

For the OS in my homelab computer, I choose Proxmox as it is a tailored version of Debian specifically doing server stuff. It is like Docker virtualization really efficient, is free. Also, it is easier to do backups.

There is also a website with some scripts for Proxmox, called ProxmoxVE (GitHub) that will make installing and setting up Proxmox and the applications you want much smoother.

Virtualization

The fundamental OS in many homelabs is a hypervisor. They allow budding sysadmins to set up nested, throwaway environments starting on just one piece of hardware (it doesn’t even need to be an enterprise-grade server). - Docker - ESXi - unRAID - Hyper-V - Proxmox - Linux KVM

3. Security

Something really crucial about home labbing is security. By default, the services from Google, Microsoft, and other big companies should do it for you, but here you should set up your own security measures. Fortunately, Proxmox and many apps have some security applied by default.

[!info] for more info about each of the software refer to 4.3 Networking and Security

3.0 Accessing from outside

3.0.1 Using Caddy

Optionally combine with VPN or additional authentication for safer external access.

3.0.2 Cloudflare tunnel

I found this short video from NetworkChuck quite informative:

There is another video from Lawrence Systems called Using Cloudflare Tunnels For Hosting & Certificates Without Exposing Ports On Your Firewall:

3.0.3 Set Up a VPN

There are many options for setting up a VPN for accessing your home server. One of the most popular is WireGuard, OpenVPN, or Tailscale.

• WireGuard: Secure, fast, and lightweight. Run it on a dedicated VM, container, or router. Only the VPN port is exposed, and all Proxmox management traffic is encrypted.
• OpenVPN: Robust, widely supported, and secure, but slightly more complex to set up than WireGuard.
• Tailscale: Easy for beginners, uses WireGuard under the hood, and securely accesses your home network from anywhere without complex port forwarding. Many recommend running it in a container or on a separate device for stability and easier recovery.

3.0.4 Recommendations

• Do NOT Expose Proxmox Web GUI Directly: Never forward port 8006 (Proxmox web interface) directly to the internet. This port should only be accessible from within your secure VPN connection.

• Use SSH with Strong Authentication (Optional): If you need CLI access, use SSH over the VPN. Enable key-based authentication and disable password logins for extra security.

• Dynamic DNS (DDNS): If your home IP address changes, set up a DDNS service. This gives you a consistent hostname to connect to your VPN endpoint.

• Firewall Rules: Restrict access to the Proxmox management ports to VPN clients only. Block all other external access attempts.

• Change the subnet: Alter default network subnets to reduce predictability.

• Block countries you don’t live in: Geo-blocking to limit access from high-risk regions. But not really useful.

• DNS protection: Use a 3rd party service like Cloudflare for DNS and DDoS protection. It provides DNS management, free SSL certificates, and firewall rules to block malicious traffic.

4. Applications

For fast and easy installation, you can use Proxmox scripts to install it. After running the script, you can also make changes to customize your installation and allocate how many resources you want for it.

4.1 Types

You can install an application like an VM (a complete OS inside Proxmox), as a Docker container, or as an LXC (Linux Container). Containers usually require much less RAM and CPU as they share resources, but some applications work better or need to be in their own OS, like Home Assistant. Most of the apps can easily be in containers.

…

---

3.4 References

1. Security Tips
2. Self-Hosting Security Guide by Techno Tim

Conclusion

← Previous Project

Making of toko.re

Next Project →

Wallah CLI