As a tech enthusiast, I own a small home server that serves as a personal lab for various projects and services. In this article, I will provide a detailed technical explanation of how my home server works, including the hardware and software, and the networking involved.
The hardware of my home server consists of the following:
- Host: Vostro 3650 X00
- Running since: October 2021
- CPU: Intel Pentium G4400 (2) @ 3.300GHz
- GPU: Intel HD Graphics 510
- Memory: 8GB
- Display resolution: 1920x1080
- Storage:
- 1TB HDD (data)
- 240GB SSD (OS)
- Both use LUKS full disk encryption
The server is connected to a 43 inch TV via HDMI cable and also serves as a home theater PC (HTPC). Although the server is a low-end model, it has proven to be sufficient for my personal use. The Intel® Quick Sync Video feature allows the server to stream movies and TV shows in full-HD and high bitrates smoothly, making it a capable home theater PC (HTPC). In fact, the CPU and IGPU (integrated graphics processing unit) are surprisingly good enough to make use of Jellyfin's transpiling feature, which allows for the streaming of content that would otherwise not be compatible with certain devices.
The server runs Docker containers that host a variety of self-hosted, open-source services for personal use. It also runs Flatpak applications on the DE, as I prefer to run apps in a sandboxed and isolated environment for security reasons. I have chosen Flatpak apps because they are restricted by default and pose minimal threat to the server-side of my server. In addition, I use Tailscale to securely and easily connect all devices in my home lab.
The server also serves as a HTPC, so it has a desktop environment (DE) installed, which is Gnome. I chose it because it has a number of features that make it well-suited for use on a large screen, such as high DPI support and the ability to scale the interface to make it easier to read on a large display.
The server runs various open source tools and applications in Docker containers and stacks. I run the following stacks:
-
Nginx Proxy Manager: This stack consists of an Nginx Proxy Manager container and a Tailscale container. The Nginx Proxy Manager container provides a web-based interface for managing Nginx as a reverse proxy for all of my subdomains, with each subdomain (proxy host) having a destination to the Tailscale service address/IP/hostname. I manage a domain name that is configured to be integrated with Nginx-proxy-manager by adding an A Record DNS entry with an asterisk, making the subdomains wildcard type, this allows me to securely (with the help of SSL and the Wireguard protocol) access the services I host from any of my devices with ease. The Nginx Proxy Manager also supports wildcard SSL certificates and automatically renews them for all subdomains using the DNS challenge.
-
Watchtower: This stack runs the Watchtower container, which is a tool that automatically updates the running Docker containers on my server to the latest available versions. This helps me keep my services up to date and secure.
-
Portainer: This stack runs the Portainer container, which is a web-based tool for managing Docker environments. With Portainer, I can easily view, start, stop, and manage my Docker containers and stacks.
-
Pihole: This stack runs the Pi-hole container, which is a DNS-based ad blocker, along with a Tailscale container. I have set Tailscale to override the local DNS of all devices in my home lab, so that they are forced to use the Pi-hole DNS server by default for increased security and ad-blocking.
-
Photoprism: This stack runs the Photoprism and MariaDB (database) containers, as well as a Tailscale container. Photoprism is a personal photo management tool that allows me to organize and view my photos, while the MariaDB container provides a database for Photoprism to use. The Tailscale container allows the Photoprism and database containers to securely communicate with each other.
-
Downbox: This stack runs the Aria2 and Ariang containers, as well as a Tailscale container. Aria2 is a command-line tool for downloading files, while Ariang is a web-based user interface for Aria2. Together, these tools allow me to easily download files from the internet. The Tailscale container allows the Aria2 and Ariang containers to securely communicate with each other.
-
HTPC: This stack runs the Jackett, Jellyfin, Radarr, Sonarr, and Tailscale containers. Jackett is a tool for indexing torrent trackers, while Jellyfin is a personal media server. Radarr and Sonarr are tools for automatically downloading movies and TV shows, respectively. These tools are all configured to work together, with Radarr and Sonarr using the Downbox stack to automatically download movies and shows and send them, along with their metadata, to Jellyfin where they are organized and made available for streaming. The Tailscale container allows the Jackett, Jellyfin, Radarr, and Sonarr containers to securely communicate with each other.
As for flatpak apps, I run the following on the graphical interface of my server:
- Brave Browser (com.brave.Browser): A web browser that is designed to be fast, secure, and private.
- Jellyfin Media Player (com.github.iwalton3.jellyfin-media-player): A media player that is connected to the server-side Jellyfin service, allowing me to access and stream my media collection.
- Flatseal (com.github.tchx84.Flatseal): A tool for managing Flatpak permissions and sandboxing.
- Bottles (com.usebottles.bottles): A tool for running low-spec games, such as 2D games or visual novels, in a sandboxed environment.
I also run the Visual Studio Code Server as a service on my home server, which is managed by the Remote Development extension made by Microsoft. This extension runs on Visual Studio Code clients and allows me to remotely develop on the server as if I were working directly on it. The Visual Studio Code Server relies on Docker, SSH, and Git to function properly. Docker is used to run the Visual Studio Code Server as a containerized service, providing isolation and security. SSH is used to establish a secure connection between the server and the client, allowing for remote communication between the two. Git is used to manage version control for the code being developed, allowing for easy collaboration and the ability to track changes. Overall, the combination of these technologies enables me to remotely develop on my home server in a secure and efficient manner.
In summary, my home server is a low-end machine that serves multiple purposes. It serves as a home theater system, a personal cloud, and a platform for self-hosting various open-source services. I use Docker to run several stacks, each of which consists of one or more containers that provide a specific service or function. The server also has a graphical interface, which I use to run Flatpak apps for tasks such as web browsing, media playback, and system management. Finally, I use Tailscale to securely connect all the devices in my home lab and manage my network traffic. Overall, my home server has proven to be reliable, energy-efficient, and secure, and it has met all my personal needs (as for now).