Ubuntu Server Foundation

The entire system runs on Ubuntu Server, providing a stable and secure Linux environment. This choice offers excellent package management, strong community support, and robust performance for server workloads.

Docker & Containerization

Docker serves as the containerization platform, allowing me to run isolated services with ease. Currently running a Minecraft server in a Docker container, this setup provides portability, easy updates, and consistent environments across deployments. Docker Compose files are stored on the network drive for version control and easy management.

WireGuard VPN with DuckDNS

WireGuard, paired with DuckDNS dynamic DNS, enables this computer to host its own VPN that I can connect to from anywhere in the world. This provides secure access to my home network remotely, allowing me to manage the server, access files, and utilize local services as if I were physically at home. The VPN uses modern cryptography and is significantly faster than traditional VPN protocols.

Samba Network Drive

Samba provides a shared file directory accessible from Windows machines, creating a seamless network drive experience. This centralized storage houses media files, Docker Compose configurations, website builds, code repositories, and other important data. It's the backbone of my file management system, making files accessible across all devices on the network.

Cloudflare Zero Trust Tunnel & Nginx

One of the most crucial aspects of my setup is the web hosting infrastructure. By running a Cloudflare Zero Trust tunnel alongside an Nginx reverse proxy, I can host websites and expose them publicly to the internet without port forwarding. This architecture provides multiple security benefits:

• The server's real IP address remains hidden from attackers
• DDoS protection is handled by Cloudflare's network
• No open ports on the router for web traffic, preventing direct attacks
• SSL/TLS encryption is managed automatically
• Protection against common web attacks (SQL injection, XSS, etc.)

This setup allows me to host multiple websites and services securely, with Nginx handling the routing and Cloudflare managing the public-facing security layer. It's a production-grade solution that keeps my home network safe from malicious actors while still providing public access to hosted services.

Minecraft Server

A Minecraft server runs in a Docker container with its port forwarded to allow friends to connect directly without needing VPN access. While this means the server is publicly exposed, it's a calculated trade-off for accessibility. The Minecraft server protocol itself handles authentication, and UFW firewall rules ensure only the necessary port is accessible.

Uncomplicated Firewall (UFW)

Security is paramount when running a home server, especially one with public-facing services. UFW (Uncomplicated Firewall) is configured to manage which ports are allowed and control network traffic. This is a precautionary measure to prevent attacks or malicious code from spreading throughout my home network. Only essential ports are open, and all other traffic is blocked by default, following the principle of least privilege.

The firewall configuration ensures that even if one service is compromised, attackers cannot easily pivot to other devices on the network or access sensitive services.

Plex Media Server

Plex Media Server handles all my media needs, providing a Netflix-like interface for movies, TV shows, and music stored on the Samba network drive. Plex automatically organizes content, downloads metadata, and streams to any device on the network or remotely through the internet.

Glances Monitoring

Glances provides real-time system monitoring accessible through a web interface on the local network. It tracks CPU usage, memory consumption, disk I/O, network traffic, and running processes. More importantly, Glances exposes a RESTful API that my ASP.NET Core Web API project fetches data from, which this frontend client then displays to show live server statistics.