Hello! I’m new to self hosting and networking stuff. I do use only Linux and have experience with Debian, Ubuntu, Mint, and have settled with Fedora and Bazzite on KDE on the home computers/laptops.
I got a GMKtec NucBox G9 Mini PC Intel® Twin Lake N150 recently and wireless keyboard with touchpad, installed Fedora Kiinoite on it and have so far only added VacuumTube. I don’t have much experience with the terminal and I’m not sure what step to do next or how.
What I want to do is set up an Arrstack, and I know I need to put Docker and maybe Portainer? I have no experience with Docker though. I also want to put some basic things I and others can access remotely like a shopping list program, photo backups, period tracker, and DnD software. But I’m very afraid of exposing the server to the internet and it being hacked or such. I know there’s something called Tailscale but I’m not sure if that’s what I need. And I don’t know what order I’m supposed to put any of this.
I’ve tried searching the internet for guides but haven’t really found anything except one that’s for Yunohost and it’s not really self hosting because they set it up on a cloud. All advice is appreciated. Thank you!
edit: I wanted to add I also want to use this as a htpc and it’s connected to the TV, so that’s why I want a GUI mostly - because it makes it easier to control from the couch
But I’m very afraid of exposing the server to the internet and it being hacked or such.
I see this sentiment a lot… and I don’t get it.
Your server is going to be secure almost by default. Add the firewall and only open the ports you actually serve, and the majority of your work is done.
But if you follow a decent gardening guide you’ll find many of those other little ways people can exploit the services you do leave open, and you’ll lock those down too.
Then at that point, you have dealt with 99.99% of the script kiddie / bot threats that will ever find you.
What is the source of the fear when regular Joe’s discounts themselves and say no I won’t expose my hardware? You know the cloud is just someone else’s computer, right?
I’ve been self hosting a publicly exposed domain which serves http, mail, etc for literally more than a decade. My logs are filled with background noise but my stuff is fine.
No tail scale, no cloud flare, my cloud is mine
Moral of my story - Don’t be scared, try to be smart and keep your stuff updated via automation
Hello! I’m new to self hosting and networking stuff.
Welcome to the club! Explore, learn, have fun on your selfhosting journey.
But I’m very afraid of exposing the server to the internet and it being hacked or such. I know there’s something called Tailscale but I’m not sure if that’s what I need.
What I have done is use Cloudflare Tunnels/Zero Trust free tier and Tailscale as an overlay on the server. With Cloudflare Tunnels/Zero Trust, you don’t need to fiddle with NAT, UFW, or any of that. You install it on your server and it punches through all of that and creates a tunnel between your server and endpoint. You will need a FQDN that you can change the nameservers on to the ones Cloudflare will assign you. Cloudflare will sell you a domain name, but I know a lot of folks use NamesCheap or Pork Bun.
As far as consulting AI for help, and at the risk of being down voted, I would utilize it for basic things you might need some clarification on. I would be very cautious of copying and pasting code generated with AI as sometimes it can be in error. Plus, you should really never rip code from the internet and deploy it on a production server until you really get some experience and time under your belt in order to be able to spot problems with AI code. Claude is good, Grok and Lumo are decent.
As far as the arr stack, I’ll leave that to others.
ETA: Get in the habit of documenting everything you do on your server. All the commands, everything. It will save your butt in the long run. I usually open Notepad ++ and write everything there. Afterwards, I clean up the notes and transfer them to Obsidian for archival and future reference. Do not get suckered into the idea that you will remember everything you’ve done 6 months down the road. You probably won’t and it will be frustrating troubleshooting.
I know everyone hates ai but Claude helpped me setup my homelab a few weeks back. A full arr stack, pihole, immich and tailscale. I was a fun weekend project that I would have take months on my own.
I don’t think the mini pc can run an AI 😅
I know mine can’t.
wait how did Claude help set things up then?
Very cool. That’s the good part of AI. It increases access to existing solutions.
I used Kimi K2 to start learning the Nix language. It really cut down time when trying to understand what I did wrong when switching configurations threw errors.
Man, that’s the kind of AI usage of really want to do locally
If my server was capable of running ai locally I would be doing so.
I suggest giving NixOS a try. I recommend it because it makes it easy to add or remove stuff. Changing names on containers, removing installed application etc is just changing your configuration. And if you mess something up and it does not boot, you can just boot from the last working configuration.
Containers are also really easy to manage. Convert a
docker runcommand with https://www.composerize.com/ and then use https://github.com/aksiksi/compose2nix to convert theyamlfile to anixfile. Configure as needed.give NixOS a go if you’re cool with configuration files
it has a GUI installer and can install gnome or whatever if you’re not comfortable with ssh only
I will suggest CasaOS. It installs easily, then essentially has an app store (you can add other store sources too). For me it was a gentle way of getting used to the ideas around Docker and how to work with containers. After a bit, you’ll get to where you can set up containers for apps not in the store. Then you might create a whole stack for your Arrs suite. And then maybe you outgrow it entirely. It’s just an app, unlike Yuno, which is a whole distro if I recall correctly.
For public exposure, I use Cloudflare tunnels. Pretty easy to set up (there is a CasaOS package for cloudflared), though the Cloudflare side can get confusing depending on what you want to do.
I tried Zima (because someone said that’s the new Casa?) but I couldn’t get certain things to work on it, and somehow even though I can see it’s made to be easier to use, was harder for me to figure out what to do than even Dietpi. I might revisit it again though
Nobody is addressing tailscale so far, so I’ll throw my two cents in: I have tailscale on my phone and my laptop, and I have a bunch of stuff running at home, and they all act like they’re on the same network as long as I’m logged in. There are a lot of alternatives out there, but I find it quite useful. I have immich for my pictures and pihole for ad blocking using docker. The basic docker tutorials are worth following. All I really use is docker ps, docker image docker compose up (-d), docker pull. Nano to edit the yaml files I find online. Unhacked so far!
So is Tailscale the first thing I should set up next? or do I figure out the Arr stack and other software first and then set up Tailscale?
If tailscale is your preferred method to access your network from outside your home it’s one of the most important parts of your setup, in terms of both security and functionality.
Luckily, overlay VPNs like tailscale are pretty easy to set up without glaring security problems, but you definitely want to triple-check you aren’t messing things up. The thing is, you don’t know what you don’t know, so you might not realize if you make a mistake. But like I said, it’s pretty hard with those types of setups.
To actually answer your question though, I recommend you get one or two containers working locally and then figure out how to access them from your tailnet before you dive in and set up your entire stack. Docker adds another layer of complexity when it comes to accessing things so I recommend you get it right and then deploy and test each container individually.
Don’t set up 10 containers and then try to see if they all work, go steadily and deliberately, checking to make sure each works, and then snapshot your functional setup before you start using it heavily.
Don’t forget to plan for backups and updates.
thank you! I’ll try to set up a shopping list program first then to test it. If anyone has any to recommend, I’m willing to hear suggestions!
I don’t actually use the arr stack, but if you set up Tailscale it won’t hurt anything else by being set up. I just know that it’s pretty straightforward to use, so I thought I’d throw in a good word for it.
Welcome to the club! Gates are open. Come on in!!
FWIW, if you want to learn how to use the command line, docker, and how to manage and secure your services, I’d recommend installing Ubuntu server or Fedora server on the NucBox; and then install docker and learn how to get your services stood up using the docker cli.
This is the route I went specifically because I wanted to learn more about Linux, and how to manage a server and services.
The tools being offered as suggestions (unraid, truenas, yunohost) are abstraction layers meant to make hosting easier. And to be clear, there is nothing at all wrong with these tools or using them. What they’ll do is give you a GUI to manage your system and services, making using the command line mostly unnecessary. Again, nothing at all wrong with that. Just depends on what you want.
Regarding exposing the services, it’s good to be cautious. I went with Pangolin, which is like a self hosted version of tailscale/cloudflare tunnels (I’m simplifying a bit).
Pangolin allows you to access your services over a VPN tunnel, and, to set your desired level of authorization needed to access that service. I really like it and have found it to be very reliable.
Also, FWIW, I’m not in IT or an expert. Just a person who wanted to learn about Linux and self hosting to take back control from big tech.
I do want to learn the command line more, but was having bad luck on it. At first I tried Fedora server but couldn’t get Bluetooth to work on it properly. Then I tried installing postmarket is but it never installed and always would fail. Next I tried dietpi but the GUI wasn’t TV friendly and Bluetooth also had issues - the keyboard/mouse combo would connect, but the mousepad didn’t work properly, with inverted controls and always drag dropping.
that’s when I finally decided to just do Fedora Kiinoite and it just worked. I can even control the tv brightness and sound from the keyboard
Ubuntu server is old as dirt and stable af. I use that, and run CasaOS as a beginner-friendly GUI interface. There is lots of trial and error, learning and some frustration, but it’s so rewarding! The Arr apps, jelly seer and qbittorret and jellyfin are all nearly out of the box ready with casaos app store. It’s a great place to start.
Hi and welcome to the club.
First of all a disclosure I am not an IT guy and or programmer and barely know what I am doing myself :D
My first question is: Is your Nuc dedicated hosting hardware?
If so i would maybe suggest an OS that is more hosting focused, I personally use unraid, a friend of mine already used it at the time and helped me set everything up so I just went with it. TrueNAS is the real og and workhorse of the selfhosting world and also big in the professional space. Unraid is pretty simple but more heavy on sytem useage while truenas is more light weight but needs a bit more work beeing done manually. TrueNAS is free, undraid you pay a one time license. Those are the big 2 I know about.
Both of these options have an insane ammount of documentation. And ready to go docker for basically anything you could want.
There is of course much more, for example Debian server comes to mind. If this is not dedicated hosting hardware and you need a normal desktop environment I can’t help much there.
As far as I understand: Never expose anything directly to the internet. Tailscale is a good option, I personally use nginx proxy manager as reverse proxy. Both should be fine but Tailscale is more secure tho. I also only have 3 things exposed: Nextcloud, Immich and foundry vtt. And keep your shit up to date :D
Hope this helps for now. If you have any additional questions or I missed an important part for you just ask :)
Proxmox as another option
But with unRAID do I have to pay for updates as well? Also confused on what it is exactly - is it a whole OS, or something you run on an OS? If so, how would I run services on it that I can also watch locally, like on the TV?
Unraid is a full os You install it on a usb, plug it in and it should just run. Then you get a ui you can access locally over the network.
I just saw they changed their licences :(
Apparently you only get one year of updates EXCEPT you buy the most expensive license (I would actually recomend that) then it’s unlimited updates
Essentially how it works on unraid: You install a docker, the docker gets a local IP and you can access any service on your network by entering the IP of the docker. This will be yourserverIP:dockerIP
I run jellyfin locally I just installed the jellyfin app on my tv and entered the jellyfin IP when connecting to a server. That’s it
When connecting from outside your network stuff gets a bit more complicated but all doable.
SpaceinvaderOne on youtube has great videos on how to set up a reverse proxy and tailscale if you want to get an idea what both does and how much work it is. He also uses Unraid.
Since Unraid got so dam expensive I feel like it’s worth mentioning hexOS. It’s around the same pricepoint like unraid and is essentially a wrapper over true nas. So you get all the documentation and power of trunas but also a nice and easy to use UI. Never used it my self tho.
Nice! I’ll check those out and especially the YouTube channel
Unraid is pretty beginner-friendly, so it’s what I’d recommend too.
I use it too. I have over 20 years experience running Debian servers and can write a docker-compose.yml file and Nginx config from scratch, but sometimes it’s nice to have a decent web UI that mostly “just works”.
you can selfHost Yuno.
you don’t need cloud for it unless you want to.
I know, but the guide I found only covered for hosting on the cloud, and apparently there’s extra steps for doing it locally I didn’t understand. also apparently I need to buy a domain to self host locally as well? I’m unsure - the guide on Yunohost itself seems outdated, since the set up looked different my screen than what their example showed.
You can install Yunohost on your home server. I’ve been running it that way on various machines for years. It’s just built on Debian Linux. I love it, and find it way easier than Docker. That said, you will be limited to the apps available (have a look at their catalog) in comparison to Docker. If you vibe with Docker then power to you. It has some good features. One more option I’d like to mention, specifically for the *arr stack/media server is Swizzin Community Edition. It’s another non-Docker, super easy setup. Also, don’t be fooled: you can install it locally too :)
I tried to install tipi.io but the arrs wouldn’t talk to each other and I couldn’t figure out docker networking. Does yunohost work mostly ootb?
I don’t run my *arr stack on Yunohost, but I’m sure it will make them all accessible ootb. You will probably need to point them to one another where necessary from within their web config. For example, sonarr will need to know where your torrent client is. So in your sonarr config you’ll tell it that qbittorrent (or whatever) is at localhost:1243 (or whatever port qbittorrent is running on.
Yeah running all the services in docker is good. A lot easier than managing stuff installed directly.
I recommend not exposing anything to the Internet except your VPN, to minimize risk. I recently set up Netbird and found it very simple.
Did you mean to say you recommend against exposing services?
Oops, yes. I think halfway through the sentence I forgot where I was putting the negative.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol NAT Network Address Translation VPN Virtual Private Network nginx Popular HTTP server
4 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.
[Thread #218 for this comm, first seen 6th Apr 2026, 23:30] [FAQ] [Full list] [Contact] [Source code]
