Back
Case study

Home Linux Server — Lab Architecture

A deep dive into my personal self-hosted infrastructure: what broke, what I fixed, and what I'd do differently next time.

The Problem

Cloud subscriptions were stacking up — password manager, file storage, media server, dev environment. Each one a monthly bill and a privacy compromise. I wanted a single, centralized stack I owned end-to-end.

The Tech Stack

The Challenge

The hardest part was network security and reverse proxying. Exposing services to my own remote access while keeping intruders out required firewalls, SSL termination, fail2ban, and a tight authentication layer in front of every container.

System Architecture

How traffic flows from the internet through the reverse proxy to the Docker containers:

graph TD Internet((Internet)) -->|HTTPS/443| Router[Home Router] Router -->|Port Forwarding| Server[Linux Server] subgraph Server Environment Nginx[Nginx Proxy Manager] subgraph Docker Containers Plex[Plex Media Server] Nextcloud[Nextcloud Storage] Portainer[Portainer Manager] PiHole[Pi-Hole DNS] end Nginx -->|Proxy Pass| Plex Nginx -->|Proxy Pass| Nextcloud Nginx -->|Proxy Pass| Portainer Nginx -->|Proxy Pass| PiHole end style Internet fill:#0b0d12,stroke:#00f0ff,stroke-width:2px,color:#fff style Router fill:#0b0d12,stroke:#ff2bd6,stroke-width:2px,color:#fff style Server fill:#0b0d12,stroke:#39ff14,stroke-width:2px,color:#fff style Nginx fill:#0b0d12,stroke:#00f0ff,stroke-width:3px,color:#00f0ff

The Solution

I orchestrated everything with Docker Compose so dependencies start in the right order. Nginx Proxy Manager handles SSL termination via Let's Encrypt and routes traffic by subdomain. The result: plex.marios.home, cloud.marios.home, all behind HTTPS, all accessible from anywhere — and all owned by me.

What I Learned

Reverse-proxy debugging gets you intimate with HTTP. Container networking will humble you. And nothing teaches Linux faster than locking yourself out of your own server at 1am.