Home Server Overview

Apr 2, 2024

---

My home server is a relatively simple setup comprised of a single mini PC and an external hard drive enclosure with three drives. It runs dockerized services behind a Traefik reverse proxy, obtaining SSL certificates via Cloudflare and LetsEncrypt, all secured within a Traefik VPN.

Hardware

The server is a Beelink MINI S12 Pro with 8 GB of RAM and an Intel N100 processor. This processor has proven more than adequate for my use cases. The most computationally-intensive task that I use it for is video transcoding, and it's quite capable of multiple 4k streams.

It is connected to a Yottamaster 5 Bay Hard Drive enclosure. Inside of that are three 12 TB 7200 RPM spinning disk drives, which I purchased from Amazon's refurbished offerings for about $90 each. They are heavily used enterprise grade drives, and their SMART status was acceptable. I don't know much about SMART, to be honest, but no red flags showed up, so it seems fine.

Two of the drives are combined into a single large filesystem using MergerFS. The other drive is used as a parity storage disk for SnapRAID. I intend to write another post explaining that setup.

I only connected to it directly with a keyboard and an HDMI cable once, when I was setting it up. All other operations are done via SSH.

Services

I use the server as a DNS and AdBlocking service. All of my devices are connected to it via Tailscale. This also allows me to access my sites from anywhere, so long as my device is on my tailscale network.

It runs various services, including DNS like I mentioned, but also Bookstack, Vikunja, Immich, and more. All services are dockerized, with few exceptions.

Each of these sites exists on a subdomain of my main site, so something like bookstack.mypage.com. Routing is handled by Traefik, acting as a reverse proxy. Some of these services require SSL certificates, which are generated using Traefik's Cloudflare integration and LetsEncrypt. I simply set up a DNS record in cloudflare, pointing * to the IP address of my server on my Tailscale network. If someone outside of my tailscale network tries to access the site, they receive an IP address, but it means nothing to their machine since they aren't on my VPN. This lets me get valid SSL certificates and simultaneously keep my services private.