I’ve been dabbling with selfhosting for a bit now (home assistant and nextcloud), but it’s clear that I lack a fundamental understanding of networking. For example:
- I’ve got OpenWRT on my router, but no idea what I’m doing when it comes to firewall settings, DNS, DHCP, etc.
- I’ve got a domain thru Porkbun, but no idea how to properly setup my DNS settings there to route to my local machine.
- I’ve got NGINX running in a docker container in a VM and can get to the UI on my local network, but no idea what I’m doing wrong with my attempts at a reverse proxy.
Does anyone here have links to a good in-depth tutorial series for learning about securely selfhosting?
You must log in or register to comment.
I think NetworkChuck has a good set of tutorial videos about self hosting. For the most part you can search for what you want to find info on and he probably had a video on it. E.g. Nginx: https://m.youtube.com/@NetworkChuck/search?query=Nginx
I’ll check him out, thanks!
In the past, I’ve found a lot of valuable resource at
One thing you really need to establish right from the start is the habit of taking detailed notes. It’s tedious, bothersome at times, but the ability to backtrack something that may not have deployed quite like you wanted, is invaluable. It will also save your ass in a month when you’ve forgotten everything you did before.
Take notes!
I’m a bit farther along, but it’s all been trial and error (and error, and error…) So, commenting because I would also like some of this info. My DNS is a disaster! Still using IPs to access my VMs, mostly.
I know there may be some which are better for various reasons, but look into nginx proxy manager to get those resources behind some URLs with SSL. I like it because it’s got a pretty easy to use web interface, but I know similar things can be accomplished with traefik and like a 3 line per service yaml file. I use NPM and a pihole for DNS to point to the NPM server, and it’s great for me, including automatic cert rotation with LetsEncrypt.
Check FUTO’s guide. It’s great for beginners:
- Part 1: https://youtu.be/Et5PPMYuOc8
- Part 2: https://youtu.be/3fW9TV1WQi8
Great guides https://www.simplehomelab.com/
I am relatively sophisticated on LAN/local services (been running Raspberry Pi since 2018 or so), I was never able to setup a reverse proxy to get a true self-hosted system (i.e. remote access); got roadblocked by nginx and setting up letsencrypt with reverse proxy support.
In general, true remote access is IMO exponentially more difficult and demanding than getting things running on your local network.
For anyone starting out with self-hosting, I would strongly recommend LAN/local services where you can relatively easily deploy multiple very useful and powerful services (SMB/NAS, Jellyfin, Pi-hole, Qbittorrent-Nox).
I would suggest looking into DietPi, it’s IMO the best RaspberryPi/SBC distribution there is if you want things to just work and not bug you. Very helpful developers and community too. Excellent, user friendly CLI management tools for headless operation.
You basically never want to expose your local network to the internet. The most secure and simple way are either Tailscale or WireGuard combined with a VPS that is exposed to the internet and takes all the beating.
This what I was trying to setup when I first started (with Nginx, domain and free tier version of Google Cloud). I wasn’t able to get it all running with Nginx and HTTPS.
Firstly, use caddy. Fuck nginx and the rest. Pointless complexity
I have some script or maybe it was a program in a container that checks my isp IP and uses the domain provider api to keep the DNS set to the isp IP if it changes. I’m using opnsense but I’m sure openwrt has the same thing in some form.
Sounds like you should just explore TCP, IP, subnetting, routing, and DNS on their own, not necessarily from the perspective of self-hosting.
Seems like you know what you need to study. I’d suggest searching for the topics and reading. Don’t try to skim, there is a lot to read and learn but it will be worth it, it will open many doors for you. Tutorials in this domain have usually an issue that following a track to achieve something the author can’t really explain everything on the path to the depth because, well, it would be lots of reading anyway and it would end up to be documentation rather than tutorial.
What I tend to do, it may or may not help you, depends on your individual way of learning, is I search for a topic to find some good article. Takes time, but then, usually, after the read I have more things from the article I need to understand more. This sort of branching leads to a good wholesome of a knowledge. In the past I used to skim a lot, which resulted in a lots of trial and error instances, eventually it lead to frustration from not knowing what the heck I was doing. When I realized reading and understanding should not really be skipped/skimmed, I started learning a lot.
Idk of any good series but techno Tim has a great video on using cloudflare and traefik to get wildcard letsencrypt ssls for your docker services.