Hello! I’m new to self hosting and networking stuff. I do use only Linux and have experience with Debian, Ubuntu, Mint, and have settled with Fedora and Bazzite on KDE on the home computers/laptops.
I got a GMKtec NucBox G9 Mini PC Intel® Twin Lake N150 recently and wireless keyboard with touchpad, installed Fedora Kiinoite on it and have so far only added VacuumTube. I don’t have much experience with the terminal and I’m not sure what step to do next or how.
What I want to do is set up an Arrstack, and I know I need to put Docker and maybe Portainer? I have no experience with Docker though. I also want to put some basic things I and others can access remotely like a shopping list program, photo backups, period tracker, and DnD software. But I’m very afraid of exposing the server to the internet and it being hacked or such. I know there’s something called Tailscale but I’m not sure if that’s what I need. And I don’t know what order I’m supposed to put any of this.
I’ve tried searching the internet for guides but haven’t really found anything except one that’s for Yunohost and it’s not really self hosting because they set it up on a cloud. All advice is appreciated. Thank you!
edit: I wanted to add I also want to use this as a htpc and it’s connected to the TV, so that’s why I want a GUI mostly - because it makes it easier to control from the couch
As everyone recommends something else, I will throw in yet another suggestion and maybe a way to put it in perspective.
hardware:
What ever you have right now is enough. I would recommend something that has more than one drive, but you can upgrade lager all the time. Watch out for power consumption.
OS
my recommendation is proxmox. You can run multiple OS on it, test things, make backups and restore them. It takes out the pressure. It is a bit more advanced but you can configure most things regarding VM creation via GUI. You can run Ubuntu, Debian, nixos, whatever. What I like about it, is that you can install home assistant as its own VM and it runs independent of your are stack or immich if you like.
the purist would probably suggest plain Debian or so. You can access it via ssh and install docker or whatever. You will learn a lot, just like with proxmox, but here you can’t do backups as easily as with proxmox. You can also install Debian or so directly in proxmox.
plug and play could be yunohost, CasaOS and things like that. It is an “server app store OS”, so you install things you want to run from their app store. Its mostly one click and it runs. Its nice if you don’t want to learn all that crap, but you are also limited in what you can do. You could install this on proxmox. Some don’t allow good storage management, best you’d o your own research if you are interested in this route.
the storage
If you want to store all you data and images on there, you propably want to go with 2 hdds mirrored, so you don’t loose your local data if one fails. I would go with no less than, 1tb, but data usage depends I guess. To run the os, definetly use ssd or nvme for their speed.
There is the 321 backup rule.
- 3 copies
- 2 different media (hdd, ssd, magnetic tape, whatever)
- 1 offsite storage.
I have a 4 1 1.5 set up:
- mirrored local storage
- 1 media (hdds)
- 1.5 offsite ad I have a mirrored offsite storage
321 is ideal but 211 would also be ok for a home lab. Some run 110 and hope for the best.
how to access it
There are multiple ways to get to your data.
The headache free one for me is a vpn mesh (tailscale, pangolin, netbird), so all your devices are in a mesh and you can access your stiff from everywhere. pro:
- very secure as it relies on the wireguard protocol and is not exposing anything. Its also pretty fast, the cap is you own internet connection. It uses smart routing, so if you are in the same network, it tries to find the fastest way. cons:
- you can’t share your story as easily without others having a vpn connection.
You can also use a wireguard connection to your home router and expose you complete home network to your vpn. Also secure, my router (Fritz! Box from avm) offers this natively, but I would argue the vpn mesh solution is easier.
There is the cloud flared tunnel which some recommend, I cant say anything about it, did not use it yet.
You could also do port forwarding on your network. That way you can expose a reverse proxy for example through your home router, and access it from the outside. That way you rely on the services you run to be secure, not have a zero day and to do the authentication well. For me the risk that I forgot to update a service and there being a security risk to my data is too high, so I use the vpn route.
services to run
What ever route you choose, here are suggestions I found nice:
- docker makes it easy and fun to start and stop stuff. I use compose files as they allow you to copy that config file as a backup.
- traefik as a reverse proxy. That way you can reach your services via a domain (like shoppinglist.hezaethos.lol or so). It allows to do port mapping as well, so you could run game severs as well. Its a nice trade off between ease of use and features. Caddy is easier but can’t do dns-01 certificate requests.
- immich for hosting you images. Has phone apps, is pretty much just google photos self hosted.
- paperless to uplaod all your PDFs. It does machine learning to sort your files. Its just a convenient way to store all you documdnts in one place. Its not a google drive Alternative
- nextcloud or truenas to store files
Have fun! Do what ever feels fun and don’t put your goals too high, it will burn you out :)
What I want to do is set up an Arrstack, and I know I need to put Docker and maybe Portainer? I have no experience with Docker though.
I used DockSTARTer and TraSH Guides to set up a docker instance running the arr stack in a Debian VM. I still should take the time to learn more about it though.
I also want to put some basic things I and others can access remotely like a shopping list program, photo backups, period tracker, and DnD software. But I’m very afraid of exposing the server to the internet and it being hacked or such. I know there’s something called Tailscale but I’m not sure if that’s what I need.
As of now, it’s pretty much just me accessing my services, but I did use Netbird (similar to Tailscale) to make a VPN to my home network for my friends to access my minecraft server. My setup is jank though, a shared account for all my friends while I have my own. I definitely need to just use another method to host stuff so no account login sharing is being done.
I picked Tailscale to avoid major provider login (Google) and I plan to selfhost it one day…
I know everyone hates ai but Claude helpped me setup my homelab a few weeks back. A full arr stack, pihole, immich and tailscale. I was a fun weekend project that I would have take months on my own.
Man, that’s the kind of AI usage of really want to do locally
If my server was capable of running ai locally I would be doing so.
If I had equipment that would run AI locally, I’d be on it.
The AI buttle is deflating right now, CPUs are getting cheaper by about 20%, as well as ram and storage, as old boy Sammy can’t hold up his exaggerations and had to admit he can only spend half as much in the next 5 years. I really hope to get a gpu with 16-24g in the next 2 years, running AI locally will only get better
I used Kimi K2 to start learning the Nix language. It really cut down time when trying to understand what I did wrong when switching configurations threw errors.
Kimi K2
Kimi K2 & Claude both want to tie your account to a phone number and I really don’t like that.
I used it via Kagi. I’m not sure how they handle it on their end but I can swich between any model that is included in my subscription.
Very cool. That’s the good part of AI. It increases access to existing solutions.
I don’t think the mini pc can run an AI 😅
I know mine can’t.
wait how did Claude help set things up then?
I think the person you’re responding to is saying they just chatted with Claude on a separate device about how to set up their server.
Welcome to the club! Gates are open. Come on in!!
FWIW, if you want to learn how to use the command line, docker, and how to manage and secure your services, I’d recommend installing Ubuntu server or Fedora server on the NucBox; and then install docker and learn how to get your services stood up using the docker cli.
This is the route I went specifically because I wanted to learn more about Linux, and how to manage a server and services.
The tools being offered as suggestions (unraid, truenas, yunohost) are abstraction layers meant to make hosting easier. And to be clear, there is nothing at all wrong with these tools or using them. What they’ll do is give you a GUI to manage your system and services, making using the command line mostly unnecessary. Again, nothing at all wrong with that. Just depends on what you want.
Regarding exposing the services, it’s good to be cautious. I went with Pangolin, which is like a self hosted version of tailscale/cloudflare tunnels (I’m simplifying a bit).
Pangolin allows you to access your services over a VPN tunnel, and, to set your desired level of authorization needed to access that service. I really like it and have found it to be very reliable.
Also, FWIW, I’m not in IT or an expert. Just a person who wanted to learn about Linux and self hosting to take back control from big tech.
I do want to learn the command line more, but was having bad luck on it. At first I tried Fedora server but couldn’t get Bluetooth to work on it properly. Then I tried installing postmarket is but it never installed and always would fail. Next I tried dietpi but the GUI wasn’t TV friendly and Bluetooth also had issues - the keyboard/mouse combo would connect, but the mousepad didn’t work properly, with inverted controls and always drag dropping.
that’s when I finally decided to just do Fedora Kiinoite and it just worked. I can even control the tv brightness and sound from the keyboard
Ubuntu server is old as dirt and stable af. I use that, and run CasaOS as a beginner-friendly GUI interface. There is lots of trial and error, learning and some frustration, but it’s so rewarding! The Arr apps, jelly seer and qbittorret and jellyfin are all nearly out of the box ready with casaos app store. It’s a great place to start.
But I’m very afraid of exposing the server to the internet and it being hacked or such.
I see this sentiment a lot… and I don’t get it.
Your server is going to be secure almost by default. Add the firewall and only open the ports you actually serve, and the majority of your work is done.
But if you follow a decent hardening guide you’ll find many of those other little ways people can exploit the services you do leave open, and you’ll lock those down too.
Then at that point, you have dealt with 99.99% of the script kiddie / bot threats that will ever find you.
What is the source of the fear when regular Joe’s discounts themselves and say no I won’t expose my hardware? You know the cloud is just someone else’s computer, right?
I’ve been self hosting a publicly exposed domain which serves http, mail, etc for literally more than a decade. My logs are filled with background noise but my stuff is fine.
No tail scale, no cloud flare, my cloud is mine
Moral of my story - Don’t be scared, try to be smart and keep your stuff updated via automation
Same probably more then a decade. I geo block so like 99% of the traffic never FETs past my firewall. Then I go though a ton of lists and crowdsec IPS and only keep the ones for my country and then block those. I know its not perfect and if someone wants to hack me they well but that is true of anybody.
Nobody is addressing tailscale so far, so I’ll throw my two cents in: I have tailscale on my phone and my laptop, and I have a bunch of stuff running at home, and they all act like they’re on the same network as long as I’m logged in. There are a lot of alternatives out there, but I find it quite useful. I have immich for my pictures and pihole for ad blocking using docker. The basic docker tutorials are worth following. All I really use is docker ps, docker image docker compose up (-d), docker pull. Nano to edit the yaml files I find online. Unhacked so far!
So is Tailscale the first thing I should set up next? or do I figure out the Arr stack and other software first and then set up Tailscale?
If tailscale is your preferred method to access your network from outside your home it’s one of the most important parts of your setup, in terms of both security and functionality.
Luckily, overlay VPNs like tailscale are pretty easy to set up without glaring security problems, but you definitely want to triple-check you aren’t messing things up. The thing is, you don’t know what you don’t know, so you might not realize if you make a mistake. But like I said, it’s pretty hard with those types of setups.
To actually answer your question though, I recommend you get one or two containers working locally and then figure out how to access them from your tailnet before you dive in and set up your entire stack. Docker adds another layer of complexity when it comes to accessing things so I recommend you get it right and then deploy and test each container individually.
Don’t set up 10 containers and then try to see if they all work, go steadily and deliberately, checking to make sure each works, and then snapshot your functional setup before you start using it heavily.
Don’t forget to plan for backups and updates.
thank you! I’ll try to set up a shopping list program first then to test it. If anyone has any to recommend, I’m willing to hear suggestions!
You mentioned immich somewhere, I think that’s a good one to set up. Don’t throw your entire life’s photo album at it at first, but it’s really good to test a variety of functions and transfer speeds.
Oh yeah… And TAKE NOTES about your setup. Like, for each container, make notes of how you set it up and why. Trust me this is REALLY important for maintaining your stuff. If you go down a rabbit hole for two days and find a couple forum threads that lead you to how you need to modify the configs for your use case, a year from now you will have forgotten everything.
Document, document, document.
I don’t actually use the arr stack, but if you set up Tailscale it won’t hurt anything else by being set up. I just know that it’s pretty straightforward to use, so I thought I’d throw in a good word for it.
Hello! I’m new to self hosting and networking stuff.
Welcome to the club! Explore, learn, have fun on your selfhosting journey.
But I’m very afraid of exposing the server to the internet and it being hacked or such. I know there’s something called Tailscale but I’m not sure if that’s what I need.
What I have done is use Cloudflare Tunnels/Zero Trust free tier and Tailscale as an overlay on the server. With Cloudflare Tunnels/Zero Trust, you don’t need to fiddle with NAT, UFW, or any of that. You install it on your server and it punches through all of that and creates a tunnel between your server and endpoint. You will need a FQDN that you can change the nameservers on to the ones Cloudflare will assign you. Cloudflare will sell you a domain name, but I know a lot of folks use NamesCheap or Pork Bun.
As far as consulting AI for help, and at the risk of being down voted, I would utilize it for basic things you might need some clarification on. I would be very cautious of copying and pasting code generated with AI as sometimes it can be in error. Plus, you should really never rip code from the internet and deploy it on a production server until you really get some experience and time under your belt in order to be able to spot problems with AI code. Claude is good, Grok and Lumo are decent.
As far as the arr stack, I’ll leave that to others.
ETA: Get in the habit of documenting everything you do on your server. All the commands, everything. It will save your butt in the long run. I usually open Notepad ++ and write everything there. Afterwards, I clean up the notes and transfer them to Obsidian for archival and future reference. Do not get suckered into the idea that you will remember everything you’ve done 6 months down the road. You probably won’t and it will be frustrating troubleshooting.
Hi and welcome to the club.
First of all a disclosure I am not an IT guy and or programmer and barely know what I am doing myself :D
My first question is: Is your Nuc dedicated hosting hardware?
If so i would maybe suggest an OS that is more hosting focused, I personally use unraid, a friend of mine already used it at the time and helped me set everything up so I just went with it. TrueNAS is the real og and workhorse of the selfhosting world and also big in the professional space. Unraid is pretty simple but more heavy on sytem useage while truenas is more light weight but needs a bit more work beeing done manually. TrueNAS is free, undraid you pay a one time license. Those are the big 2 I know about.
Both of these options have an insane ammount of documentation. And ready to go docker for basically anything you could want.
There is of course much more, for example Debian server comes to mind. If this is not dedicated hosting hardware and you need a normal desktop environment I can’t help much there.
As far as I understand: Never expose anything directly to the internet. Tailscale is a good option, I personally use nginx proxy manager as reverse proxy. Both should be fine but Tailscale is more secure tho. I also only have 3 things exposed: Nextcloud, Immich and foundry vtt. And keep your shit up to date :D
Hope this helps for now. If you have any additional questions or I missed an important part for you just ask :)
Proxmox as another option
Unraid is pretty beginner-friendly, so it’s what I’d recommend too.
I use it too. I have over 20 years experience running Debian servers and can write a docker-compose.yml file and Nginx config from scratch, but sometimes it’s nice to have a decent web UI that mostly “just works”.
But with unRAID do I have to pay for updates as well? Also confused on what it is exactly - is it a whole OS, or something you run on an OS? If so, how would I run services on it that I can also watch locally, like on the TV?
Unraid is a full os You install it on a usb, plug it in and it should just run. Then you get a ui you can access locally over the network.
I just saw they changed their licences :(
Apparently you only get one year of updates EXCEPT you buy the most expensive license (I would actually recomend that) then it’s unlimited updates
Essentially how it works on unraid: You install a docker, the docker gets a local IP and you can access any service on your network by entering the IP of the docker. This will be yourserverIP:dockerIP
I run jellyfin locally I just installed the jellyfin app on my tv and entered the jellyfin IP when connecting to a server. That’s it
When connecting from outside your network stuff gets a bit more complicated but all doable.
SpaceinvaderOne on youtube has great videos on how to set up a reverse proxy and tailscale if you want to get an idea what both does and how much work it is. He also uses Unraid.
Since Unraid got so dam expensive I feel like it’s worth mentioning hexOS. It’s around the same pricepoint like unraid and is essentially a wrapper over true nas. So you get all the documentation and power of trunas but also a nice and easy to use UI. Never used it my self tho.
Nice! I’ll check those out and especially the YouTube channel
I suggest giving NixOS a try. I recommend it because it makes it easy to add or remove stuff. Changing names on containers, removing installed application etc is just changing your configuration. And if you mess something up and it does not boot, you can just boot from the last working configuration.
Containers are also really easy to manage. Convert a
docker runcommand with https://www.composerize.com/ and then use https://github.com/aksiksi/compose2nix to convert theyamlfile to anixfile. Configure as needed.give NixOS a go if you’re cool with configuration files
it has a GUI installer and can install gnome or whatever if you’re not comfortable with ssh only
I will suggest CasaOS. It installs easily, then essentially has an app store (you can add other store sources too). For me it was a gentle way of getting used to the ideas around Docker and how to work with containers. After a bit, you’ll get to where you can set up containers for apps not in the store. Then you might create a whole stack for your Arrs suite. And then maybe you outgrow it entirely. It’s just an app, unlike Yuno, which is a whole distro if I recall correctly.
For public exposure, I use Cloudflare tunnels. Pretty easy to set up (there is a CasaOS package for cloudflared), though the Cloudflare side can get confusing depending on what you want to do.
I tried Zima (because someone said that’s the new Casa?) but I couldn’t get certain things to work on it, and somehow even though I can see it’s made to be easier to use, was harder for me to figure out what to do than even Dietpi. I might revisit it again though
Yeah, I didn’t need anything more than the Docker features, so I didn’t bother with Zima. Like with Yuno, Zima is a whole distro on its own instead of an app that can be easily uninstalled.
Was it issues with installing apps or something else?
So I’ve been looking more into it, as well as what others have said, and currently trying to learn how to use the podman desktop (because immutable distros apparently work different so can’t just dnf docker).
As for Zima, the Arr stack wasn’t really working for some reason, and I couldn’t figure out why
you can selfHost Yuno.
you don’t need cloud for it unless you want to.
I know, but the guide I found only covered for hosting on the cloud, and apparently there’s extra steps for doing it locally I didn’t understand. also apparently I need to buy a domain to self host locally as well? I’m unsure - the guide on Yunohost itself seems outdated, since the set up looked different my screen than what their example showed.
You can install Yunohost on your home server. I’ve been running it that way on various machines for years. It’s just built on Debian Linux. I love it, and find it way easier than Docker. That said, you will be limited to the apps available (have a look at their catalog) in comparison to Docker. If you vibe with Docker then power to you. It has some good features. One more option I’d like to mention, specifically for the *arr stack/media server is Swizzin Community Edition. It’s another non-Docker, super easy setup. Also, don’t be fooled: you can install it locally too :)
I tried to install tipi.io but the arrs wouldn’t talk to each other and I couldn’t figure out docker networking. Does yunohost work mostly ootb?
I don’t run my *arr stack on Yunohost, but I’m sure it will make them all accessible ootb. You will probably need to point them to one another where necessary from within their web config. For example, sonarr will need to know where your torrent client is. So in your sonarr config you’ll tell it that qbittorrent (or whatever) is at localhost:1243 (or whatever port qbittorrent is running on.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol NAT Network Address Translation VPN Virtual Private Network nginx Popular HTTP server
4 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.
[Thread #218 for this comm, first seen 6th Apr 2026, 23:30] [FAQ] [Full list] [Contact] [Source code]
Yeah running all the services in docker is good. A lot easier than managing stuff installed directly.
I recommend not exposing anything to the Internet except your VPN, to minimize risk. I recently set up Netbird and found it very simple.
Did you mean to say you recommend against exposing services?
Oops, yes. I think halfway through the sentence I forgot where I was putting the negative.
