What do you host at home?

David · October 13, 2019, 1:31am

This is what I currently have running from my home:

Discourse test forum
MineOS
NextCloud
nginx reverse proxy
Quassel
Unifi controller
Wireguard

This is on a 4C8T machine running xcp-ng and using Xen Orchestra to manage it. I also am running a FreeNAS box for all my network storage/backup needs. My freenas has a single jail that runs:

qBittorrent

This is what I am on my to do list, or have been tinkering with lately:

Bitwarden (Ended up using their cloud hosting)
A VM for learning Docker
One hour one life server that I spin up when i have people who want to play but don’t have a paid licence for the game
Windows Server/7/8/10
Zabbix monitoring

ghjlx · October 25, 2019, 11:06pm

Although I do not own real server hardware, I do play with multiple VMs on my desktop. I currently run a wireguard vpn, pihole, notrack, and a nfs server for my digital ocean vps(on which I just host mediawiki and some music). Besides my desktop host, all of the systems run debian 10. I manage the qemu/kvm VMs with virsh, virt-manager, and other lovely tools.

I have played with nextcloud in the past, but my curiosity moved on to other stuff.

I have been wanting to do some (virtual) distro hopping, but it’s much more time and resource consuming to set up a VM with a desktop environment than cloning a 4gb cli vm. And I happen to find other things to do on days off.

snorlax · October 26, 2019, 12:25am

Do all of you do sysadmin work for a living? These setups are great! I have a Nextcloud I never use and Emby for TV/movies on a old desktop running Ubuntu LTS. I am going to watch DasGeek’s PiHole video and setup that as well, not so much for ad-blocking as for Google-blocking.

stobbsm · October 26, 2019, 8:34pm

I’ve been a sysadmin/developer for over 20 years. Currently a DevOps admin for a larger company, after working for myself for 10 years.

It’s all pretty simple when you learn the basics. I’d suggest doing some of the free courses on Linux academy.

thatComputerKid · May 15, 2020, 2:06pm

I have a PineA64 Board with Docker. I run a smoke ping container and a Lounge IRC container. That’s about it. I did try nextcloud but it never really stuck. Maybe if I had a faster box. The Lounge IRC is really amazing though, if any one is looking for a IRC client/bouncer.

esbeeb · May 16, 2020, 12:24am

I host a publically-accessible (after an invite is granted) Mattermost team server on a (locally-hosted) Raspberry Pi 4. This Pi 4 runs Ubuntu 20.04 64bit. Using a combination of Wireguard and HAproxy (on a VPS server, allowing a public connection), I “punch” the firewall which I’m behind (the Internet access here is double-Natted, so port-forwarding is a very ugly prospect for me). I use a wildcard Let’s Encrypt SSL cert in front of Mattermost, on the Pi (Nginx is a proxy in front of Mattermost locally on the Pi). These SSL cert files are hand-installed, and new certs get generated on a VPS, based on a manual DNS-based challenge.

Yes, that’s proxied twice. This works, because HAproxy on my VPS merely forwards TCP packets, leaving the HTTPS traffic inside the packets unmolested. Nginx on the Pi actually works with the contents of the packets, encrypting and decrypting the SSL. My VPS sees nothing but SSL-encrypted Mattermost traffic.

This nifty networking trick I use where I first establish a Wireguard connection to my VPS server (using the “keepalive” option, on the Pi4), then use HAproxy to send TCP-forwarded packets down the Wireguard tunnel (thereby punching the firewall, and not needing port forwarding), is a trick which I have dubbed the “Subzero” firewall puncher.

Let me explain this “Subzero” analogy (the combined use of Wireguard and HAproxy) a little more. It’s sort of like in the original Mortal Kombat video game back in the day, where my favorite character Subzero would throw a hook thing on a chain at his opponent which would stick in their neck, then he would say “Come here” and would pull them close for an uppercut. That’s sort of like the periodic Wireguard keepalives holding a connection to the VPS (the “chain”), and then HAproxy is like the “hook thing”, hooking the traffic down the Wireguard connection to the Pi 4. The “uppercut” is a reference to the firewall being punched (and it’s not any end-user who gets “punched”).

I apologize that the “Subzero” analogy involves violence. My server does nothing which is of a bad or dark nature BTW. It’s used for a totally legitimate, above-the-board purpose. My motivation for posting this method is to prevent it from getting patented somehow in the future. I hereby release this method to the public (and may the ultra-rich hi-tech tycoons like Jeff Bezos not take over the world!)

Perhaps a few others have already figured out and used my “Subzero” trick (I followed no other comprehensive guide to do this all as one coherent system/solution), but I think I’m the first to put a name to it. This trick is especially ideal for me, because my heartless ISP gets to remotely update the firmware for the dodgy local wifi routers here all they want, and they won’t ruin my setup (by erasing, without warning, all port-forwarding rules, which is a huge annoyance I’ve had happen to me multiple times before, wrt other self-hosted services).

Mr_McBride · August 10, 2020, 9:33pm

I have a pie-hole ( on a rasPI ), OPNsense on a 4-NIC NUC, Ansible in a VM, Nessus and OpenVAS in docker. Docker and the VM’s ( KVM ) run on a CentOS 7 powered by Ryzen.

Strit · August 11, 2020, 6:49am

My home server setup is pretty basic these days.

I have a RockPro64 with a 2 TB USB3 external drive attached, which runs these in docker containers:

Jellyfin
Homeassistant

rwaltr · August 11, 2020, 1:47pm

I have a one node Ovirt cluster and a ZFS storage node.

ZNC, Vyos, Emby, Jellyfin, and a few future projects.

BertN45 · August 11, 2020, 2:29pm

UPDATE from Oct 2019
I have a $20 backup server a 2003 Pentium 4 HT (3.0 Ghz), 1.25 GB DDR (400 MHz), 4 HDDs in total 1.2 TB running FreeBSD-12.1 on ZFS with XFCE; XRDP and Conky. The leftover HDDs are: 2 x 3.5" IDE (250 + 320GB) and 2 x 2.5" SATA-1 (2 x 320GB). The system has two external cables; Power and 1 Gbps Ethernet. The PC is controlled by by Remmina from my Ryzen desktop. The system is in use for more than a year and is powered on for less than 1 hour/week for the backups. The $20 is for a new iTech 600W power-supply and a 3rd-hand Compaq Evo Tower with two stickers:

I backup my Ryzen desktop to both laptop and backup-server. All back-ups use ZFS “send | ssh receive”. The incremental backup to the backup server runs at ~200 Mbps instead of 1 Gbps with one of the Pentium CPU-threads at a 95% load. The load is caused by the network process and not by ZFS. Taking snapshots is less than a second and afterwards those last snapshots are sent to the backup server. Because of the snapshots the desktop can be used normally during the backup, so I don’t care whether it takes 1 or 60 minutes. Only the modified records are sent and they are sent compressed, because on both sides they are stored lz4 compressed (compression-ratio 1.8).

This backup is a miracle of the compatibility of modern software, because it is:

from 2019 AMD Ryzen to a 2003 Intel Pentium
64-bits to 32-bits
Ubuntu 20.04 LTS to FreeBSD 12.1
Linux to Unix/BSD
nvme-SSD to IDE-HDD

A.K · August 17, 2020, 5:33am

I have a dell optiplex laying around.
Following services are hosted on it.

Bitwarden (Password Manger )
Nextcloud
Syncthing
qBittorrent
Guacamole ( VNC, SSH, RDP )
Codeserver
Searx ( Meta search engine )
Adguard Home ( DNS adblocker / Pihole)
Mariadb
Adminer ( To manage db via webui )
Authelia ( SSO with 2FA )
Heimdall ( Dashboard to launch services from one location )
Traefik ( Reverse Proxy )
Jellyfin ( Media Server )

All of these are running in containers with docker, i have a dynamic dns setup with dnyu.com and personal domain, secured with ssl from Letsencrypt and all services are behing sso with 2FA.

Mr_McBride · August 17, 2020, 11:11am

Anyone running FreeIPA or OpenLDAP? I’m curious to hear your thoughts.

PatPlusLinux · August 17, 2020, 8:10pm

I’m self hosting for either family or myself

On a Raspberry Pi 1 B+ (Single-core 700 MHz ARM1176JZF-S, 512 MB RAM)

Pi-Hole - network wide advertisement blocker. (I forgot this originally because it is one of the few services I host not running in a container.)

On a Raspberry Pi 3 B (Quad-core 1.2 GHz ARM Cortex-A53, 1024 MB RAM)

Gitea - git based collaborative version control
Homebrewery - Dungeons & Dragons focused markdown renderer for producing homebrew content.
A popular and beautifully crafted repository of fifth-edition D&D information which is of questionable legality - a master index of Dungeons & Dragons sources.
5edmscreen - Dungeons & Dragons DM screen in one single HTML page and JS glue.
Shairport Sync - AirPlay audio player. (I totally forgot this originally because it isn’t really the same as the others. The Raspberry Pi 3 sits close by and so I got a cord and plugged it into the stereo in my room and I’m running this in a container.)

On a Gateway SX2370-UR10P (Quad-core 2.5 GHz x86-64, 6144 MB RAM)

Jellyfin - media server similar to Netflix. (I previously just had Kodi pointed to a SMB share, Jellyfin rocks so hard.)
PaperMC - as light weight and low resource intensive as a Java-based Minecraft server can be.
Caddy - reverse proxy https server

On a custom AMD E1-2100 APU (Dual-core 1 GHz x86-64, 4096 MB RAM)

Nextcloud - google apps & drive-like app.
Bitwarden - obscure password manager
Dungeon Master’s Vault - Dungeons & Dragons character generation suite.

I use Caddy to reverse proxy everything and plan on having a Matrix and Element server up and running this weekend.

I also want to self host a federated microblogging service but am not sure which one to use.

Edited for clarity.

snorlax · August 17, 2020, 9:20pm

I would love to learn how you did all this in Docker. I have a few Pis that started off as single-use projects, but now I really should put them in dockers and get a reverse proxy, but I don’t know how to do that part of it. The docker’s I roughly understand, and most of the deployment documentation is good. But reverse proxy part is confusing.

A.K · August 19, 2020, 5:11am

Hello @snorlax
I have uploaded docker-compose files for all the services.

You can find them here

For traefik, authelia and searx i have also included the config files which you can mount directly in the containers and you will be good to go. just need to change a few values which are indicated in config.

There is some extra work needed for nextcloud but the rest is good to go.

A.K · August 19, 2020, 5:30am

Hello @PatPlusLinux
I have not tried caddy as reverse proxy yet , I am curious about your setup can you share your config for caddy.
Thanks

PatPlusLinux · August 19, 2020, 6:03am

Sure. Let me summarize my Caddyfile.

subdomain.domain.tld {
reverse_proxy hostname:port
}

I’m sorry if this isn’t the type of information you’re looking for. My use case is narrow.

I’m running it fresh from the docker.

docker run --name caddy -v /srv/caddy/config:/config -v /srv/caddy/data:/data -v /srv/caddy/caddyfiles/Caddyfile:/etc/caddy/Caddyfile -p 443:443 -p 80:80 -d caddy

A.K · August 19, 2020, 8:03am

Thank you for sharing.
I assumed you had configured caddy to acquire the certs from letsencrypt

jeffrey · August 19, 2020, 10:31am

Apart from my nas I don’t host anything at home.
I have the advantage of working at a hosting company so I just spin up a vps as needed in one of the datacenters.
Mostly it’s just mail, git, nextcloud and a test install of grav.

PatPlusLinux · August 19, 2020, 11:25am

It does that automatically from what I can tell. Browsing each sub domain has the little lock icon which shows a valid let’s encrypt cert.