Homelab Server Project Showcase

My homelab is a personal server that I built and maintain to learn real-world IT skills. It runs on Unraid OS and hosts services for myself, friends, and family - everything from media streaming and photo backup to game servers and project management tools.

The goal is simple: get hands-on experience with technologies that matter in professional IT environments. I treat this server like a production system, which means focusing on security, reliability, and proper organization. Every service I add teaches me something new about Linux, networking, Docker, or system administration - skills that directly translate to IT jobs.

Hardware Specifications

Server Components

ComponentSpecification
Case
Case
Rosewill Helium Mid-Tower ATX 10x 3.5" + 3x 2.5" drive bays
Motherboard
Motherboard
ASUS TUF B360M-PLUS GAMING S
CPU
CPU
Intel Core i5-8400 6-Core @ 2.80GHz
RAM
RAM
32GB DDR4-2666MHz
GPU
GPU
Nvidia GeForce GTX 1060 3GB For hardware transcoding
Wireless Access Point
Wireless Access Point
TP-Link EAP610 WiFi 6, WPA3, PoE+
Router
Router
ISP-provided gateway
Remote Management
Remote Management
IP KVM
Power Protection
Power Protection
UPS Surge Protector

Build Notes: This server was built primarily from spare PC parts with a few key upgrades (more RAM, GPU, storage). The GPU handles video transcoding for media services. The multi-tiered storage setup uses fast NVMe/SSD storage for frequently accessed data and Docker containers, while HDDs provide bulk storage protected by parity.

Hosted Services

All services run in Docker containers, managed through Docker Compose with automated backups via Duplicati.

Media & Content

Jellyfin

Jellyfin

Media streaming server for movies, TV shows, and music. Uses the GTX 1060 for hardware-accelerated transcoding to support multiple simultaneous streams.

MediaStreamingTranscoding
Learn More →Service Status
Audiobookshelf

Audiobookshelf

Audiobook and podcast server with progress tracking and mobile app support.

MediaAudiobooksPodcasts
Learn More →Service Status
Immich

Immich

Self-hosted photo and video backup solution. A Google Photos alternative that keeps my data under my control.

PhotosBackupPrivacy
Learn More →Service Status

Productivity & Collaboration

AFFiNE

AFFiNE

Open-source workspace for notes, docs, and project planning.

ProductivityNotesCollaboration
Learn More →Service Status
OwnCloud

OwnCloud

Personal cloud storage for file backup and sharing across devices.

Cloud StorageFile Sync
Learn More →Service Status
Peppermint

Peppermint

IT ticketing and help desk system. I use this to track family tech support requests, log server maintenance tasks, and document solutions to problems I've solved. It includes a built-in knowledge base for storing guides and manuals.

Help DeskTicketingDocumentation
Learn More →Service Status

Infrastructure & Management

Homarr

Homarr

Customizable dashboard that serves as the central hub for all my services. Displays real-time container status with start/stop/restart controls, plus live server resource monitoring.

DashboardMonitoringManagement
Learn More →Service Status
AMP (Application Management Platform)

AMP (Application Management Platform)

Manages and hosts game servers for friends.

GamingServer Management
Learn More →Service Status
Cloudflare Tunnel

Cloudflare Tunnel

Securely exposes public-facing services to the internet without opening ports on my router. Each service gets its own custom domain.

SecurityNetworkingTunnel
Learn More →Service Status
PostgreSQL & Redis

PostgreSQL & Redis

Database services that support multiple applications.

DatabaseCache
Duplicati

Duplicati

Automated backup solution for critical data and configurations.

BackupAutomation
Learn More →Service Status
Dockge

Dockge

Organized and interactive management interface for Docker Compose.

Container ManagementDockerDocker Compose
Learn More →Service Status
Uptime Kuma

Uptime Kuma

Real-time monitoring dashboard for all my services.

MonitoringDashboard
Learn More →Service Status

Security & Access

Tailscale

Tailscale

Zero-trust mesh VPN for secure remote access to the server and admin panels. All sensitive services stay behind the VPN and aren't exposed publicly.

VPNSecurityRemote Access
Learn More →
Vaultwarden

Vaultwarden

Password manager that stores encrypted credentials in a local database. Supports two-factor authentication and password generation.

Password Manager2FAEncryption
Learn More →Service Status

Storage Architecture

My server uses Unraid's flexible storage system, which combines drives of different sizes into a single protected array.

How It Works

Parity Drive (1x 20TB)

Provides fault tolerance for the entire array. If any single data drive fails, the parity drive can rebuild it. The parity drive must be equal to or larger than the biggest data drive.

Data Drives (1x 20TB, 2x 2TB)

Store all media, backups, and user files. Unlike traditional RAID, each drive contains its own filesystem and can be accessed individually if needed. Total usable storage: ~24TB.

Cache Drive (512GB NVMe)

Acts as a high-speed landing zone for new writes. Data gets written here first for speed, then moved to the array overnight. Dramatically improves performance for file transfers and application writes.

Appdata Drive (128GB SSD)

Dedicated SSD for Docker container persistent storage (databases, configurations, app data). Keeps container I/O fast and separate from the main array.

USB Boot Drive (128GB)

Unraid runs entirely from RAM but boots from USB. The USB drive stores the OS and configuration.

Benefits of This Setup

  • Mix and match drive sizes (don't need matching drives like traditional RAID)
  • Easy expansion - just add another drive to the array
  • Single drive failure protection without losing data
  • Fast performance for Docker apps and frequent file access
  • Lower power consumption (Unraid spins down idle drives)

Network & Security

Network Setup

My network is relatively simple but effective:

  • ISP Router - Handles basic routing and acts as the primary gateway
  • TP-Link EAP610 Access Point - Provides WiFi 6 coverage with WPA3 encryption, seamless roaming, and PoE+ power
  • Server - Connects via ethernet to the main network

Security Strategy

I use a modern approach to security that focuses on secure tunneling and VPN access rather than exposing services directly:

Cloudflare Tunnel

Cloud Tunneling Service

Public-facing services (like Jellyfin, Immich, AFFiNE) are accessible via custom domains that route through Cloudflare's infrastructure. This means no ports are opened on my router, and Cloudflare provides DDoS protection and SSL encryption automatically.

Tailscale VPN

Private VPN

All administrative interfaces and sensitive services are only accessible through Tailscale's mesh VPN. This includes server management panels, databases, and configuration tools. Even when I'm remote, I connect through Tailscale before accessing anything sensitive.

Separation of Access

Access Control Strategy

Public services get Cloudflare domains for convenience. Private/admin services stay VPN-only. This keeps management interfaces completely isolated from the internet.

Docker Network Isolation

Container Security

Services run in isolated Docker networks with only necessary ports exposed to the host.

Skills Demonstrated

Technical Skills

Operating Systems

  • Linux administration (Unraid OS, Ubuntu)
  • Windows and macOS experience

Containerization & Orchestration

  • Docker container deployment and management
  • Docker Compose for multi-container applications
  • Container networking and isolation

Networking

  • Network configuration and troubleshooting
  • VPN implementation (Tailscale)
  • Reverse proxy and tunnel configuration (Cloudflare)
  • Wireless network management (WiFi 6, WPA3)

Storage Management

  • Unraid parity-protected arrays
  • Multi-tiered storage architecture
  • Backup strategies and automation

Databases

  • PostgreSQL deployment and management
  • Redis caching implementation

Scripting & Development

  • Bash scripting
  • Python
  • Web technologies (HTML, CSS, JavaScript, TypeScript)

System Administration

  • Service monitoring and maintenance
  • Automated backup solutions
  • Documentation and ticketing systems
  • Remote server management

Soft Skills

  • Problem-solving - Troubleshooting complex technical issues across multiple systems
  • Self-directed learning - Continuously exploring new technologies and implementing solutions
  • Documentation - Maintaining organized records of configurations and fixes
  • Security mindset - Implementing layered security with VPNs, tunnels, and network isolation

Future Plans

Storage Upgrades

Planning to upgrade both the cache drive and appdata SSD to 1-2TB drives for increased capacity and performance as more services are added.

Home Automation

Exploring home automation technologies and integration with the homelab infrastructure.

Continuous Learning

Always looking to expand knowledge and implement new services that provide value while teaching practical IT skills.