Self-Hosting Infrastructure¶
My Self-Hosting Philosophy
Take control of your digital life by running your own services on your own infrastructure. This section documents my complete self-hosting setup running from my home in Japan.
Infrastructure Overview¶
All services run on my home server, accessible to the internet through a VPS reverse proxy:
graph TB
Internet["đ Internet"] --> Vultr["âī¸ Vultr VPS<br/>HAProxy Load Balancer<br/>Tokyo Region"]
Internet --> Hetzner["âī¸ Hetzner VPS<br/>Monitoring Server<br/>US West Region"]
Vultr -->|Tailscale VPN| HomeServer["đ Home Bare-Metal Server<br/>Ubuntu 24.04 LTS<br/>64GB RAM, 2TB NVMe"]
Hetzner --> UptimeKuma["đ Uptime Kuma<br/>External Uptime Monitoring"]
UptimeKuma -.->|monitors| Vultr
HomeServer --> Incus["đĻ Incus Containers"]
Incus --> Services{{"đ¯ Self-Hosted Services"}}
Services --> AdGuard["đĄī¸ AdGuard Home<br/>DNS + Ad Blocking"]
Services --> Miniflux["đ° Miniflux<br/>RSS Feed Reader"]
Services --> Forgejo["đĻ Forgejo<br/>Git Hosting"]
Services --> Mastodon["đ Mastodon<br/>Social Media Instance"]
Services --> Scrutiny["đ Scrutiny<br/>S.M.A.R.T Monitoring"]
Services --> More["â And More..."]Architecture Components¶
âī¸ Vultr VPS (Tokyo)¶
- Role: Public-facing reverse proxy and load balancer
- Software: HAProxy for SSL termination and traffic routing
- Location: Tokyo region for optimal Japan connectivity
- Security: Only HAProxy exposed to internet, all services behind VPN
đ Tailscale VPN¶
- Purpose: Secure encrypted tunnel between VPS and home server
- Benefits: No open ports on home network, zero-trust networking
- Features: Automatic failover, mesh networking, access control
đ Home Bare-Metal Server¶
- Hardware: Fanless AMD Mini PC Ryzen 5 4500U from Topton (AliExpress)
- OS: Ubuntu 24.04 LTS on 256GB SSD
- Storage: 2TB NVMe for Incus (ZFS pool)
- Network: 1 Gbps Rakuten Hikari fiber (see Internet Connectivity for DS-Lite setup details)
- Backups: Incus persistent volumes backed up via borgmatic to BorgBase.com and TrueNAS storage
đĻ Incus Container Platform¶
- Technology: Community-driven LXD fork for container orchestration
- Benefits: Lightweight virtualization, resource isolation
- Management: Web UI + CLI + Terraform for easy service deployment
- Scalability: Easy to add new services as containers or VMs
Why This Setup?¶
-
Security First
- Zero home exposure: No ports open on home network
- VPN-only access: All communication encrypted via Tailscale
- Isolated services: Each service runs in its own container
-
Performance & Control
- Local processing: Services run on dedicated bare-metal hardware
- Low latency: Direct access from home network
- Full control: No cloud provider limitations or surprise bills
- Custom optimization: Tuned specifically for my usage patterns
-
Cost Effective
- Minimal cloud costs: Only pay for small VPS proxy
- No per-service fees: Run unlimited services on home hardware
- Long-term savings: One-time hardware investment vs monthly subscriptions
- Resource sharing: Multiple services share same powerful hardware
-
Learning & Fun
- Hands-on experience: Deep understanding of infrastructure
- Experimentation: Try new services without cloud costs
- Problem solving: Troubleshoot and optimize everything
- Community: Share knowledge with fellow self-hosters
Available Services¶
The following self-hosted services are currently running in this infrastructure:
| Service | Container | Purpose | Documentation |
|---|---|---|---|
| đĄī¸ AdGuard Home | adguard |
DNS filtering and ad blocking | Setup Guide |
| đ Beszel | beszel |
Server monitoring and metrics | Setup Guide |
| đĻ Forgejo | forgejo |
Git repository hosting | Setup Guide |
| đ Kanboard | kanboard |
Project management | Setup Guide |
| đ Mastodon | mastodon |
Federated social media | Setup Guide |
| đ° Miniflux | miniflux |
RSS feed reader | Setup Guide |
| đĩ Navidrome | navidrome |
Music streaming server | Setup Guide |
| đ¸ PhotoPrism | photoprism |
Photo management | Setup Guide |
| đ Scrutiny | scrutiny |
Hard drive monitoring | Setup Guide |
| đ Uptime Kuma | Hetzner VPS (Docker) | External uptime monitoring | Setup Guide |
| đ Vaultwarden | vaultwarden |
Password manager | Setup Guide |
Getting Started¶
Interested in building your own self-hosting infrastructure? Here's my recommended approach:
- Start Small: Begin with one service (I recommend AdGuard or Miniflux)
- Learn Containers: Master Docker or Incus for service isolation (Kubernetes is an option too, but I prefer Incus for its simplicity)
- Secure Your Setup: Implement VPN and reverse proxy early
- Document Everything: Keep notes for troubleshooting and rebuilds
- Backup Religiously: Automate backups before you need them
Pro Tips
- Monitor everything: Set up alerting before problems happen
- Version control configs: Keep infrastructure as code
- Test restores regularly: Backups are useless if you can't restore
- Join communities: r/selfhosted and homelab communities are gold mines
- Have fun: The journey is as valuable as the destination!