Self-Hosting Setup

My self-hosting (and homelab) setup runs on two servers. Both servers run the Proxmox Virtual Environment (PVE) bare metal hypervisor. This supports a mix of KVM fully virtualised machines and lightweight LXC containers. Two of the virtual machines are acting as docker hosts. It's amazing what you can do with a lowly quad core Intel N100 processor.

My self-hosting setup, showing two small computers on top of each other, in a cornerAn important part of self-hosting is reliability for the services that matter. The main server has a ZFS disk array of five 1TB SSDs, tolerant of a single disk failure. The second server is also an N100, but has a single 2TB SSD. It runs Proxmox Backup Server (PBS) on a VM, along with a secondary DNS server for internal queries. I also run Nagios to monitor the services on the main server. PBS provides a block-based backup of the containers and VMs running on my main server. These two servers form a cluster, of sorts, allowing me to move VMs between servers if required (subject to having enough disk space). 2.5GbE means fast communication between the two and my mesh wi-fi main node.

The final piece of the puzzle is a UPS powering my ONT (fibre terminator), router, servers and wi-fi base node. The main server will shut down if the power runs low, but there's enough to keep things running for about 30 minutes in the event of a power failure.

The photo shows the backup machine on top of the main server, with my router to the right. There is a standard sized business card, for scale. The item to the left is my sofa (the UPS is at the other end).

So what do I actually run on my main server? Here are the main things:

  • DNS (bind in a container)
  • Web reverse proxy (Caddy in a container)
  • Email server (Mailcow in docker)
  • File sharing services (Samba and Syncthing in a virtual machine)
  • Fediverse node (GoToSocial in a container)
  • CMS/website (Joomla in docker)
  • Matrix chat server (Tuwunel in docker)
  • XMPP chat server (Prosody in docker)
  • STUN/TURN relay (Coturn in a container)
  • Git source control server (Forgejo in docker)
  • Password storage (Vaultwarden in docker)

The web proxy allows me to use only one public IPv4 address (although I'm lucky to have a /29 subnet), and allows me to restrict access to certain services (such as Vaultwarden) to my LAN only. It also handles all the Let's Encrypt certificate stuff (except for the SMTP/IMAP server, which does its own thing). My broadband is 900mb/s down and 100mb/s up, and I have replaced the ISP-supplied router (a pretty good FRITZ!Box) with a Ubiquiti Unifi, to give me more control and logging.