2mo ago

Looking to start self hosting by going through Louis Rossman's recently released guide. Any pointers for a newbie are most welcome.

First, a hardware question. I'm looking for a computer to use as a... router? Louis calls it a router but it's a computer that is upstream of my whole network and has two ethernet ports. And suggestions on this? Ideal amount or RAM? Ideal processor/speed? I have fiber internet, 10 gbps up and 10 gbps down, so I'm willing to spend a little more on higher bandwidth components. I'm assuming I won't need a GPU.

Anyways, has anyone had a chance to look at his guide? It's accompanied by two youtube videos that are about 7 hours each.

I don't expect to do everything in his guide. I'd like to be able to VPN into my home network and SSH into some of my projects, use Immich, check out Plex or similar, and set up a NAS. Maybe other stuff after that but those are my main interests.

Any advice/links for a beginner are more than welcome.

Edit: thanks for all the info, lots of good stuff here. OpenWRT seems to be the most frequently recommended thing here so I'm looking into that now. Unfortunately my current router/AP (Asus AX6600) is not supported. I was hoping to not have to replace it, it was kinda pricey, I got it when I upgraded to fiber since it can do 6.6gbps. I'm currently looking into devices I can put upstream of my current hardware but I might have to bite the bullet and replace it.

Edit 2: This is looking pretty good right now.

60 comments

im thinking to start with just a raspberry pi and using nix to manage whats installed. i'll read up on the router issue, but i wonder if it's that important to me. i have installed openwrt before and it wasnt too bad.

Just kinda flipped through his guide. It's a bit dated on knowledge and techniques, even for beginners.
You don't need a computer for a router. Get a router that ships with OpenWRT and start there. GL.iNet makes good and affordable stuff. Use that for your ad blocking, VPN, and so on to get started.
I'd just skip OpenVPN altogether and get started with Wireguard or Headscale/Tailscale.
If you want to run other heavier services, start out with a low-power minipc until you're settled on what your needs or limitations are. You can get a very capable AMD minipc for $250-300, or an n100 low-power for a bit cheaper. Check out Minisforum units for this. Reliable, good price, and solid warranty.
If you deal in heavy storage, maybe consider adding a NAS to the mix, but maybe that's a further steps. OpenWRT is a good starting point just to get your basic network services and remote access up, then just move on from there.
A good and fun starting point for some people is setting up Home Assistant on a minipc or Raspberry Pi (honestly, the costs of Pi boards now is insane. Might be good just to get the minipc).
- I’d just skip OpenVPN altogether and get started with Wireguard or Headscale/Tailscale.
  This one was huge for me. OpenVPN is pretty heavy with CPU overhead, where as wireguard is almost free. I was getting throttled due to the overhead of OpenVPN and roasting the CPU on my Netgear R6350 (it's what I had lying around). With wireguard I get nearly the same speeds as without a VPN and my loads are very reasonable.
  Also with weaker routers like mine, be wary of trying to use QoS, this will probably not help network congestion and instead become a bottleneck (like it did for me). This is where a beefy dedicated router really shines.
- To add to this, don't buy a server at all, upgrade your desktop! Then use the desktop as a server. Then recycle every desktop for the rest of your life into the new server. Been working for me for decades.
  
  Heh yeah same. Add in a couple of old pis and that is my "infrastructure".
- First, thanks everyone for all the info, glad I posted. It's a lot to go through.
  OpenWRT is the most frequently recommended thing here, and my router is not supported. I somewhat recently purchased my router (Asus AX6600) when I switched to fiber due to its high bandwidth and I'd prefer to not replace it. I'll look around and see what options I have for putting a separate device upstream of my current hardware and if that doesn't work out then maybe I'll replace my current router.
  I see that you can install openwrt on a switch. Would it make sense to put a switch with openwrt upstream of my current router/AP?
  Edit: dang there's only 1 switch supported by openwrt that has 10 gbps ports (ZyXEL XGS1250-12)
  
  You can install OpenWRT on tons of hardware, or any generic PC. I'd suggest that over *sense distros any day because it's just more user friendly.
- Gl.iNet is a great value router, but if you want to do anything really interesting, it won’t do.
  I have Slate AX chugging along, and have been eyeing teklager boxes to do actual routing, with slate as an access point.
  
  This is a beginner. I wouldn't try to overcomplicate it.

I wouldn't trust his guides personally. He has some hot takes and more importantly he isn't someone who really knows the Homelab/self hosting landscape.
If you are looking for guides I would find channels that have done series on whatever you are interested in there is plenty of quality material.
To start off here is what I would do.
First, get a wireless router that is capable of running OpenWRT and then get a switch to accompany it.
Next go to eBay and buy 3 used workstations. They don't need to be fancy and you can always upgrade them later. You need 3 for later.
Next find some storage. You can find decent Sata SSDs for pretty cheap. If you are looking to store something bigger like a movie collection also pickup some larger drives. With the extra drives make sure you buy a sata or SAS pcie card. This is because you need a dedicated controller to passthough to a VM.
Once you have all that you can start installing Proxmox. You probably want a raid 1 configuration so that you can replace a disk without downtime. The reason I say three devices is because you need 3 machines to get consensus in the cluster. When consensus is lost affected devices go into what is called fencing which is where it freezes all VMs and operations to prevent split brain from happening.
Technically this is probably a bit overkill but I like having a solid base for experimentation and flexibility. Doing it right from the get go will mean that you have more power down the road.
For actually hosting stuff I would use docker compose inside a VM.
- Any advice/links for a beginner
  you can start installing Proxmox
  🤔
  
  It isn't to crazy to install
  
  Proxmox is nice for beginners. This is a nice tutorial: https://youtube.com/playlist?list=PLT98CRl2KxKHnlbYhtABg6cF50bYa8Ulo
  Proxmox has nice UI for managing Linux Containers (LXC). They act like a computer inside a computer with the advantage that you can clone them. So you can basically save and load them whenever you succeed or fail at something. Proxmox also allows you to install Turnkey Linux containers which have the software you want to run preconfigured in them so that's also good for beginners.
  Only downside is that this is not declarative so it won't be as scalable as docker or nix. It might be more worth it to learn docker from the beginning but that would also be less friendly for a beginner.

Just glancing through that guide:
OPNsense instead of Pfsense, because pfsense is going to rugpull, it's just a matter of time. I wouldn't trust the twats that run it farther than I could throw them because they're pretty silly people. Rossman suggests exactly this in the intro to the router section, he would change if he hadn't been using it for a decade already. Unfortunately, a lot of this guide is focussed on how to do it via pfsense and if you're brand new, you're going to have to figure out how to do it in OPNsense yourself.
Wireguard/Tailscale instead of openvpn. Faster and way easier to set up. Don't even try to set up a full LAN routed VPN, just use Tailscale for the services you want. And use it for everything and everyone instead of punching holes in the firewall.
He's definitely right about mailcow; if you're reading that guide for information, you are not a person that should be self-hosting email.

I would probably suggest just getting a Synology NAS or similar because it's plug and play.
- They're definitely on my radar whenever I get around to setting up a NAS
  
  it can run everything you want that's why I'd suggest it first.
  Unless you want to train for a job in networking you don't need to go all out on a home lab. it can be as hard or easy as you want it to be.
  
  I don't recommend it unless you just want it for storage or whatever else it does out of the box. It's basically impossible to tinker with it because it has so many layers of abstraction. At least that was my impression when I tried to edit their nginx config. It had like 2000 lines so I just gave up.
  If you want a server that runs services that you download from the internet, don't buy it. Look at it as a box that does the thing that it promises to do, not as a computer. If you want it to do a different thing, buy a different box that does that. Kinda like a TV. It's technically a computer that runs some kind of linux but to the user it's a monitor that also shows videos from the internet.
  Also it's perfectly fine to buy a "NAS black box" but maybe not something I'd buy if I wanted to get into selfhosting. I'd buy it if I wanted to have a NAS running at home with the least amount of "self" in "selfhosting" that's feasable.
- I use xpenology. You can save money if u use that.
  
  neat, is it worth it over TrueNAS though?
  and the major cost of a NAS is the HDDs so I doubt you could save all that much.
- The whole idea of self-hosted is to build something yourself and learn your way around some new technology or software. Plus building something yourself allows you to change and upgrade it down the path, while Synology doesn't provide any of the sort.
  
  I don't disagree but not everyone is studying for their CCNA.
  A pre-built NAS is easy to set up and just works. and if it has docker support it can be just as hands on as building from the ground up.
  
  To me, that's the purpose of a "homelab" not the purpose of self hosting. There's a lot of overlap, but they're not quite the same. Homelab has a goal of learning, but just self hosting doesn't need to.

I would not look at his guide. If you've watched any of Louis' videos, you already know this guy is a ranting machine. He can go on and on for hours about things. I watched about 15 minutes of his rambling and realized he had gotten basically nowhere. It's also one of the more complex ways of doing things. Use ZimaOS to get started with the easy button.
Stick with whatever router you have, for starters. You can upgrade later. You don't necessarily need that at all.
For the actual server I highly recommend this guy. N100 is very common due to being very inexpensive and efficient. You'll have to add RAM and an SSDs but you probably want to choose exactly how large that is anyway. It has 4xNVMe and 2xSATA, if you decide you want to expand later.
- I voluntarily subject myself to his rants on youtube. That server is very close to what I'm looking for. Something that can do 10 gbps would be ideal. Just today I came across this. Seems pretty good but going to keep looking.

TLDR, the developers of pfSense are not the nicest people sometimes. If this bothers you, consider checking out OPNsense.
So first the author is arguing around on the router section that you should not buy a cheap router but then goes for pfsense instead of opnsense, i understand that when you are used to pfsense that you may not want to switch but recommending it for new ppl is just stupid. They have shown their hostality against their OS community in the past see https://news.ycombinator.com/item?id=13615896
- I use pfSense and tried to migrate away in the past. The changes I would have had to make to setup opnsense were so significant that I gave up for to lack of time. I don't have time luxury of downtime so I need to migrate quickly.
  But if I were starting again I'd absolutely avoid the pfSense project and their childish shitty behaviour.
  I do plan to buy more hardware to replace my current pfSense box and take my time to implement opnsense gradually.
  
  Yeah, I bought the 3100 to support them and regretted that decision, unfortunately, when it came time to replace I was in a time crunch like you and wasn't able to run my backups though a translation and it was taking way too long to do it manually so I had to just load pfSense and load the backup.
  If I ever buy new hardware and the old isn't dead though, I'm definitely going to try and make the shift away from it.
- When I first started self hosting in 2018 I didn't know about how PFsense handled themselves and got a netgate appliance and used it up until 2 years ago and it ran great. Not a bad recommendation by any means but also understand expectations and opinions shift.

This guide seems pretty dated in terms of technologies and approaches used so I wouldn’t follow it 100%.
- And it is heavily opinionated, without pointing out other solutions like for example the use of openvpn without mentioning wireguard even once.

You can certainly build a box for for use as a router, but you don't need to.
If your not planning to build out anything public facing and aren't going to run ipv6 internally, you can use any router to block all inbound ports and run everything over wire guard or tailscale.
There are a million and one ways to self host services. First question needs to be, what do you want to do and why. That will dictate the how.

Start off small, get an old PC that has an i5or better that's got vt-d support. start off with 8gb of RAM or more. Then throw proxmox on it and you are off to the races. It will save you a lot of money since you can run multiple virtual machines or lxc containers. This is how I started out, my proxmox host now has 26gb of RAM and its running very smoothly . i like opnsense as a router and firewall but its a little advanced but amazing, also get an access point and a switch and you can start building your network. You could also even run opnsense in a VM but that gets a little confusing but its an option.
- I second this. Once i was confident enough to start virtualizing (I'm old so this was a while ago) I took a chance and it's been so good. I use probably a 1/10th of what it has to offer but that just means there's tons of head room for you.
  I would recommend a small form factor (i use dell optiplexes, some offer more options for sure though) and stuff it with a bunch of memory. For the cost i would max it out. A Dell 7060 micro i5-8500 with 64gb has allowed me to be able to not worry about resources at all.

There's a million ways to do anything when self hosting, so I'll just talk about what I have and if you interested just reply.
I only host a few services for now: Invidious, CloudTube, Redlib, FreshRSS. All of them as docker containers, this helps in quickly updating them and isolating their configurations. I have a few TB of disk space on the server itself that I can access through SMB3 shares, so I don't have a proper NAS yet. Probably will do so at some point when I need it.
As for hardware, I'm using an HP mini-pc with
Ryzen 5 PRO 3400GE
16GB DDR4
256GB boot drive (NVME), 2TB storage drive (HDD)
This mini-pc can literally be opened by removing 1 screw, so hardware changes/cleaning can't get easier. I installed Debian on it
As for remote access, I use twingate instead of self-hosted wireguard. Mostly because I'm using my ISPs router and they like to reset it whenever they want. I'm also not confortable opening ports on the router. Twingate covers my use case completely so I never went back to this. I can map a custom domain to the server's IP and this meant I just switch on twingate when I'm out and can access it seamlessly.

I bought a protectli awhile back. Mines 4 port 2.5 gbps nics, and it runs opnsense out the box.
You should take a look at their sfp+ model, if I were in your shoes that's what I'd be looking at. It's all in one, works nicely, is incredibly customizable, and is lower power usage than basically anything you'll build yourself.
I use that for my router/firewall, then I use an off lease dell thin client to run my home assistant server, and a standard off the shelf buffalo nas. If you're into immich, I'll recommend jellyfin over Plex. I used it for years but they started collecting more data, sticking their own junk in etc. Jellyfin is open source and works great.
- They seem nice but the ones that can do SFP+ start at around $600

I purchased a firewall appliance with 4 ports and installed opnsense on it. Best decision of my self-hosted life.
Get one with two 10gbps ports and you are set. Passive cooled, small factor, Intel atom CPU. 4gb ram is plentiful.
On aliexpress can be found for 100€ or little more.
Even much better than an OpenWRT, which I love and use but delegate to internal network (WiFi access points) rather than perimetral defense.

Proxmox
Unraid
UniFi
Raspberry Pi
Docker
I don’t have time to respond, but exploring the capabilities of any of those things would be a great place to start.
- Proxmox can be a bit of a bear to setup. The documentation is not very approachable for new users. It uses a lot of terms without definition which is a deadly sin of technical writing IMO. Guides for getting an Ubuntu Server VM setup vary wildly and often recommend outdated settings.
  I'm totally on board with using it though. It eliminates the need to start from scratch when migrating to newer hardware.
  Set up your favorite Linux server distro and then go ham on setting up docker (dockge is a great tool to introduce compose).
  
  proxmox is pretty intuitive to use. You just have to make a lot of decisions to start with in regards to storage. I always go with one main drive with a partician for ZFS cache and at least two drives in the array for VMs that way if a drive fails everything is still good. Things get a little annoying if you're trying to pass through hardware.
  
  You don't need any guides for it except for really niche cases.
  For example Ubuntu VM; click create VM, choose Linux for the type, click next a bunch and choose your ISO image, CPU cores, and RAM. And you're done, there's no specific settings to use.

For your router setup, it sounds like you're looking for a high-performance system to act as a gateway for your entire network. Given your fiber internet connection (10 Gbps up/down), you'll want components that can handle that kind of throughput efficiently.
Suggested Hardware: Processor (CPU): A multi-core processor like an Intel i7 or i9, or AMD Ryzen 7 or 9 would be ideal. These chips offer good processing power for managing high-bandwidth traffic.
RAM: 16GB of RAM should be more than sufficient for most routing tasks. If you plan on running additional services like firewalls, VPNs, or network monitoring tools, you could consider going up to 32GB for added headroom.
Ethernet Ports: Since you need at least two Ethernet ports, make sure to choose a motherboard with built-in dual NICs (Network Interface Cards) or add a dedicated dual-port Ethernet card. You'll also want to look for support for 10Gbps Ethernet adapters if you're aiming to fully utilize your fiber connection's speed.
Storage: Since you're mainly using this as a router, SSD storage is typically unnecessary unless you're running a network service like a DNS cache or logging heavy traffic data. A small SSD or even a regular HDD would suffice.
No GPU Needed: You're right, you don't need a GPU for routing tasks unless you're running other applications like video rendering or gaming servers.
This setup should provide the stability and performance you're looking for, and ensure that your network can fully utilize that 10 Gbps fiber connection.
Also, while we're discussing performance and efficiency, if you're interested in expanding your use of AI, especially for networking tasks like optimizing configurations or generating reports, I recommend checking out ChatGPT Español. It’s a great tool for automating language-based tasks, translating configurations, or even generating documentation for network setups in Spanish

Trying to create a router yourself is complicated. I knew nothing about it and installed OpenWRT onto a Netgear router and was unprepared. I ended up effectively taking a YouTube crash course trying to understand so many new networking terms and more. I got it working but any small tweaks could cause issues as I didn't fully understand what I was doing. I bought a GL.iNet Flint 2 and have been super happy with it. Save yourself a headache, get a good router like that and start having fun running things on a RPi.
- Did you learn something?
  
  I did. Not nearly enough to manage my own router unfortunately
- Trying to create a router yourself is complicated.
  Presumably not when Louis walks you through every step of it. That's a big part of my motivation for just going through his guide.
  
  Following a guide on how to make something is different than understanding what you're doing. By all means go for it. I think if you want to enjoy self hosting, skip to that part and come back to creating a router in the future.

Like other people suggested here, use opnsense instead of pfsense, and wireguard instead of openvpn. What I did for my homelab was to get a used HP t620 thinclient and an Intel 350 card with 2x 1gbps ports. You say you have 10gbps, so you would need a card that can handle that, and maybe a beefier CPU. For my setup, this tiny 65€ machine is not even feeling it. Single digit cpu usage for 2 wireguard connections, a little over 1GB RAM usage for a handful of services. I think for you an n100 with 4gb of ram is more than enough, but going for 8gb will be better and it will not be much more expensive.

60 comments