Hello! I’m new to self hosting and networking stuff. I do use only Linux and have experience with Debian, Ubuntu, Mint, and have settled with Fedora and Bazzite on KDE on the home computers/laptops.
I got a GMKtec NucBox G9 Mini PC Intel® Twin Lake N150 recently and wireless keyboard with touchpad, installed Fedora Kiinoite on it and have so far only added VacuumTube. I don’t have much experience with the terminal and I’m not sure what step to do next or how.
What I want to do is set up an Arrstack, and I know I need to put Docker and maybe Portainer? I have no experience with Docker though. I also want to put some basic things I and others can access remotely like a shopping list program, photo backups, period tracker, and DnD software. But I’m very afraid of exposing the server to the internet and it being hacked or such. I know there’s something called Tailscale but I’m not sure if that’s what I need. And I don’t know what order I’m supposed to put any of this.
I’ve tried searching the internet for guides but haven’t really found anything except one that’s for Yunohost and it’s not really self hosting because they set it up on a cloud. All advice is appreciated. Thank you!
edit: I wanted to add I also want to use this as a htpc and it’s connected to the TV, so that’s why I want a GUI mostly - because it makes it easier to control from the couch
As everyone recommends something else, I will throw in yet another suggestion and maybe a way to put it in perspective.
hardware:
What ever you have right now is enough. I would recommend something that has more than one drive, but you can upgrade lager all the time. Watch out for power consumption.
OS
my recommendation is proxmox. You can run multiple OS on it, test things, make backups and restore them. It takes out the pressure. It is a bit more advanced but you can configure most things regarding VM creation via GUI. You can run Ubuntu, Debian, nixos, whatever. What I like about it, is that you can install home assistant as its own VM and it runs independent of your are stack or immich if you like.
the purist would probably suggest plain Debian or so. You can access it via ssh and install docker or whatever. You will learn a lot, just like with proxmox, but here you can’t do backups as easily as with proxmox. You can also install Debian or so directly in proxmox.
plug and play could be yunohost, CasaOS and things like that. It is an “server app store OS”, so you install things you want to run from their app store. Its mostly one click and it runs. Its nice if you don’t want to learn all that crap, but you are also limited in what you can do. You could install this on proxmox. Some don’t allow good storage management, best you’d o your own research if you are interested in this route.
the storage
If you want to store all you data and images on there, you propably want to go with 2 hdds mirrored, so you don’t loose your local data if one fails. I would go with no less than, 1tb, but data usage depends I guess. To run the os, definetly use ssd or nvme for their speed.
There is the 321 backup rule.
- 3 copies
- 2 different media (hdd, ssd, magnetic tape, whatever)
- 1 offsite storage.
I have a 4 1 1.5 set up:
- mirrored local storage
- 1 media (hdds)
- 1.5 offsite ad I have a mirrored offsite storage
321 is ideal but 211 would also be ok for a home lab. Some run 110 and hope for the best.
how to access it
There are multiple ways to get to your data.
The headache free one for me is a vpn mesh (tailscale, pangolin, netbird), so all your devices are in a mesh and you can access your stiff from everywhere. pro:
- very secure as it relies on the wireguard protocol and is not exposing anything. Its also pretty fast, the cap is you own internet connection. It uses smart routing, so if you are in the same network, it tries to find the fastest way. cons:
- you can’t share your story as easily without others having a vpn connection.
You can also use a wireguard connection to your home router and expose you complete home network to your vpn. Also secure, my router (Fritz! Box from avm) offers this natively, but I would argue the vpn mesh solution is easier.
There is the cloud flared tunnel which some recommend, I cant say anything about it, did not use it yet.
You could also do port forwarding on your network. That way you can expose a reverse proxy for example through your home router, and access it from the outside. That way you rely on the services you run to be secure, not have a zero day and to do the authentication well. For me the risk that I forgot to update a service and there being a security risk to my data is too high, so I use the vpn route.
services to run
What ever route you choose, here are suggestions I found nice:
- docker makes it easy and fun to start and stop stuff. I use compose files as they allow you to copy that config file as a backup.
- traefik as a reverse proxy. That way you can reach your services via a domain (like shoppinglist.hezaethos.lol or so). It allows to do port mapping as well, so you could run game severs as well. Its a nice trade off between ease of use and features. Caddy is easier but can’t do dns-01 certificate requests.
- immich for hosting you images. Has phone apps, is pretty much just google photos self hosted.
- paperless to uplaod all your PDFs. It does machine learning to sort your files. Its just a convenient way to store all you documdnts in one place. Its not a google drive Alternative
- nextcloud or truenas to store files
Have fun! Do what ever feels fun and don’t put your goals too high, it will burn you out :)
What I want to do is set up an Arrstack, and I know I need to put Docker and maybe Portainer? I have no experience with Docker though.
I used DockSTARTer and TraSH Guides to set up a docker instance running the arr stack in a Debian VM. I still should take the time to learn more about it though.
I also want to put some basic things I and others can access remotely like a shopping list program, photo backups, period tracker, and DnD software. But I’m very afraid of exposing the server to the internet and it being hacked or such. I know there’s something called Tailscale but I’m not sure if that’s what I need.
As of now, it’s pretty much just me accessing my services, but I did use Netbird (similar to Tailscale) to make a VPN to my home network for my friends to access my minecraft server. My setup is jank though, a shared account for all my friends while I have my own. I definitely need to just use another method to host stuff so no account login sharing is being done.
I picked Tailscale to avoid major provider login (Google) and I plan to selfhost it one day…
But I’m very afraid of exposing the server to the internet and it being hacked or such.
I see this sentiment a lot… and I don’t get it.
Your server is going to be secure almost by default. Add the firewall and only open the ports you actually serve, and the majority of your work is done.
But if you follow a decent hardening guide you’ll find many of those other little ways people can exploit the services you do leave open, and you’ll lock those down too.
Then at that point, you have dealt with 99.99% of the script kiddie / bot threats that will ever find you.
What is the source of the fear when regular Joe’s discounts themselves and say no I won’t expose my hardware? You know the cloud is just someone else’s computer, right?
I’ve been self hosting a publicly exposed domain which serves http, mail, etc for literally more than a decade. My logs are filled with background noise but my stuff is fine.
No tail scale, no cloud flare, my cloud is mine
Moral of my story - Don’t be scared, try to be smart and keep your stuff updated via automation
Same probably more then a decade. I geo block so like 99% of the traffic never FETs past my firewall. Then I go though a ton of lists and crowdsec IPS and only keep the ones for my country and then block those. I know its not perfect and if someone wants to hack me they well but that is true of anybody.
I know everyone hates ai but Claude helpped me setup my homelab a few weeks back. A full arr stack, pihole, immich and tailscale. I was a fun weekend project that I would have take months on my own.
Man, that’s the kind of AI usage of really want to do locally
If my server was capable of running ai locally I would be doing so.
If I had equipment that would run AI locally, I’d be on it.
The AI buttle is deflating right now, CPUs are getting cheaper by about 20%, as well as ram and storage, as old boy Sammy can’t hold up his exaggerations and had to admit he can only spend half as much in the next 5 years. I really hope to get a gpu with 16-24g in the next 2 years, running AI locally will only get better
I used Kimi K2 to start learning the Nix language. It really cut down time when trying to understand what I did wrong when switching configurations threw errors.
Kimi K2
Kimi K2 & Claude both want to tie your account to a phone number and I really don’t like that.
I used it via Kagi. I’m not sure how they handle it on their end but I can swich between any model that is included in my subscription.
I don’t think the mini pc can run an AI 😅
I know mine can’t.
wait how did Claude help set things up then?
I think the person you’re responding to is saying they just chatted with Claude on a separate device about how to set up their server.
I will suggest CasaOS. It installs easily, then essentially has an app store (you can add other store sources too). For me it was a gentle way of getting used to the ideas around Docker and how to work with containers. After a bit, you’ll get to where you can set up containers for apps not in the store. Then you might create a whole stack for your Arrs suite. And then maybe you outgrow it entirely. It’s just an app, unlike Yuno, which is a whole distro if I recall correctly.
For public exposure, I use Cloudflare tunnels. Pretty easy to set up (there is a CasaOS package for cloudflared), though the Cloudflare side can get confusing depending on what you want to do.
I tried Zima (because someone said that’s the new Casa?) but I couldn’t get certain things to work on it, and somehow even though I can see it’s made to be easier to use, was harder for me to figure out what to do than even Dietpi. I might revisit it again though
Yeah, I didn’t need anything more than the Docker features, so I didn’t bother with Zima. Like with Yuno, Zima is a whole distro on its own instead of an app that can be easily uninstalled.
Was it issues with installing apps or something else?
So I’ve been looking more into it, as well as what others have said, and currently trying to learn how to use the podman desktop (because immutable distros apparently work different so can’t just dnf docker).
As for Zima, the Arr stack wasn’t really working for some reason, and I couldn’t figure out why
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol NAT Network Address Translation VPN Virtual Private Network nginx Popular HTTP server
4 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.
[Thread #218 for this comm, first seen 6th Apr 2026, 23:30] [FAQ] [Full list] [Contact] [Source code]
Welcome to the club! Gates are open. Come on in!!
FWIW, if you want to learn how to use the command line, docker, and how to manage and secure your services, I’d recommend installing Ubuntu server or Fedora server on the NucBox; and then install docker and learn how to get your services stood up using the docker cli.
This is the route I went specifically because I wanted to learn more about Linux, and how to manage a server and services.
The tools being offered as suggestions (unraid, truenas, yunohost) are abstraction layers meant to make hosting easier. And to be clear, there is nothing at all wrong with these tools or using them. What they’ll do is give you a GUI to manage your system and services, making using the command line mostly unnecessary. Again, nothing at all wrong with that. Just depends on what you want.
Regarding exposing the services, it’s good to be cautious. I went with Pangolin, which is like a self hosted version of tailscale/cloudflare tunnels (I’m simplifying a bit).
Pangolin allows you to access your services over a VPN tunnel, and, to set your desired level of authorization needed to access that service. I really like it and have found it to be very reliable.
Also, FWIW, I’m not in IT or an expert. Just a person who wanted to learn about Linux and self hosting to take back control from big tech.
Nobody is addressing tailscale so far, so I’ll throw my two cents in: I have tailscale on my phone and my laptop, and I have a bunch of stuff running at home, and they all act like they’re on the same network as long as I’m logged in. There are a lot of alternatives out there, but I find it quite useful. I have immich for my pictures and pihole for ad blocking using docker. The basic docker tutorials are worth following. All I really use is docker ps, docker image docker compose up (-d), docker pull. Nano to edit the yaml files I find online. Unhacked so far!
So is Tailscale the first thing I should set up next? or do I figure out the Arr stack and other software first and then set up Tailscale?
If tailscale is your preferred method to access your network from outside your home it’s one of the most important parts of your setup, in terms of both security and functionality.
Luckily, overlay VPNs like tailscale are pretty easy to set up without glaring security problems, but you definitely want to triple-check you aren’t messing things up. The thing is, you don’t know what you don’t know, so you might not realize if you make a mistake. But like I said, it’s pretty hard with those types of setups.
To actually answer your question though, I recommend you get one or two containers working locally and then figure out how to access them from your tailnet before you dive in and set up your entire stack. Docker adds another layer of complexity when it comes to accessing things so I recommend you get it right and then deploy and test each container individually.
Don’t set up 10 containers and then try to see if they all work, go steadily and deliberately, checking to make sure each works, and then snapshot your functional setup before you start using it heavily.
Don’t forget to plan for backups and updates.
thank you! I’ll try to set up a shopping list program first then to test it. If anyone has any to recommend, I’m willing to hear suggestions!
You mentioned immich somewhere, I think that’s a good one to set up. Don’t throw your entire life’s photo album at it at first, but it’s really good to test a variety of functions and transfer speeds.
Oh yeah… And TAKE NOTES about your setup. Like, for each container, make notes of how you set it up and why. Trust me this is REALLY important for maintaining your stuff. If you go down a rabbit hole for two days and find a couple forum threads that lead you to how you need to modify the configs for your use case, a year from now you will have forgotten everything.
Document, document, document.
Yeah running all the services in docker is good. A lot easier than managing stuff installed directly.
I recommend not exposing anything to the Internet except your VPN, to minimize risk. I recently set up Netbird and found it very simple.
Did you mean to say you recommend against exposing services?
Oops, yes. I think halfway through the sentence I forgot where I was putting the negative.
