Skip to content

Self-Hosting Infrastructure

My Self-Hosting Philosophy

Take control of your digital life by running your own services on your own infrastructure. This section documents my complete self-hosting setup running from my home in Japan.

Infrastructure Overview

All services run on my home server, accessible to the internet through a VPS reverse proxy:

graph TB
    Internet["🌐 Internet"] --> Vultr["â˜ī¸ Vultr VPS<br/>HAProxy Load Balancer<br/>Tokyo Region"]
    Internet --> Hetzner["â˜ī¸ Hetzner VPS<br/>Monitoring Server<br/>US West Region"]

    Vultr -->|Tailscale VPN| HomeServer["🏠 Home Bare-Metal Server<br/>Ubuntu 24.04 LTS<br/>64GB RAM, 2TB NVMe"]

    Hetzner --> UptimeKuma["📈 Uptime Kuma<br/>External Uptime Monitoring"]
    UptimeKuma -.->|monitors| Vultr

    HomeServer --> Incus["đŸ“Ļ Incus Containers"]

    Incus --> Services{{"đŸŽ¯ Self-Hosted Services"}}

    Services --> AdGuard["đŸ›Ąī¸ AdGuard Home<br/>DNS + Ad Blocking"]
    Services --> Miniflux["📰 Miniflux<br/>RSS Feed Reader"]
    Services --> Forgejo["đŸĻŠ Forgejo<br/>Git Hosting"]
    Services --> Mastodon["🐘 Mastodon<br/>Social Media Instance"]
    Services --> Scrutiny["🔍 Scrutiny<br/>S.M.A.R.T Monitoring"]
    Services --> More["➕ And More..."]

Architecture Components

â˜ī¸ Vultr VPS (Tokyo)

  • Role: Public-facing reverse proxy and load balancer
  • Software: HAProxy for SSL termination and traffic routing
  • Location: Tokyo region for optimal Japan connectivity
  • Security: Only HAProxy exposed to internet, all services behind VPN

🔗 Tailscale VPN

  • Purpose: Secure encrypted tunnel between VPS and home server
  • Benefits: No open ports on home network, zero-trust networking
  • Features: Automatic failover, mesh networking, access control

🏠 Home Bare-Metal Server

đŸ“Ļ Incus Container Platform

  • Technology: Community-driven LXD fork for container orchestration
  • Benefits: Lightweight virtualization, resource isolation
  • Management: Web UI + CLI + Terraform for easy service deployment
  • Scalability: Easy to add new services as containers or VMs

Why This Setup?

  • Security First


    • Zero home exposure: No ports open on home network
    • VPN-only access: All communication encrypted via Tailscale
    • Isolated services: Each service runs in its own container
  • Performance & Control


    • Local processing: Services run on dedicated bare-metal hardware
    • Low latency: Direct access from home network
    • Full control: No cloud provider limitations or surprise bills
    • Custom optimization: Tuned specifically for my usage patterns
  • Cost Effective


    • Minimal cloud costs: Only pay for small VPS proxy
    • No per-service fees: Run unlimited services on home hardware
    • Long-term savings: One-time hardware investment vs monthly subscriptions
    • Resource sharing: Multiple services share same powerful hardware
  • Learning & Fun


    • Hands-on experience: Deep understanding of infrastructure
    • Experimentation: Try new services without cloud costs
    • Problem solving: Troubleshoot and optimize everything
    • Community: Share knowledge with fellow self-hosters

Available Services

The following self-hosted services are currently running in this infrastructure:

Service Container Purpose Documentation
đŸ›Ąī¸ AdGuard Home adguard DNS filtering and ad blocking Setup Guide
📊 Beszel beszel Server monitoring and metrics Setup Guide
đŸĻŠ Forgejo forgejo Git repository hosting Setup Guide
📋 Kanboard kanboard Project management Setup Guide
🐘 Mastodon mastodon Federated social media Setup Guide
📰 Miniflux miniflux RSS feed reader Setup Guide
đŸŽĩ Navidrome navidrome Music streaming server Setup Guide
📸 PhotoPrism photoprism Photo management Setup Guide
🔍 Scrutiny scrutiny Hard drive monitoring Setup Guide
📈 Uptime Kuma Hetzner VPS (Docker) External uptime monitoring Setup Guide
🔐 Vaultwarden vaultwarden Password manager Setup Guide

Getting Started

Interested in building your own self-hosting infrastructure? Here's my recommended approach:

  1. Start Small: Begin with one service (I recommend AdGuard or Miniflux)
  2. Learn Containers: Master Docker or Incus for service isolation (Kubernetes is an option too, but I prefer Incus for its simplicity)
  3. Secure Your Setup: Implement VPN and reverse proxy early
  4. Document Everything: Keep notes for troubleshooting and rebuilds
  5. Backup Religiously: Automate backups before you need them

Pro Tips

  • Monitor everything: Set up alerting before problems happen
  • Version control configs: Keep infrastructure as code
  • Test restores regularly: Backups are useless if you can't restore
  • Join communities: r/selfhosted and homelab communities are gold mines
  • Have fun: The journey is as valuable as the destination!