Self-hosting Raspberry Pi Security-first Plain language

Run a home server that stays up

This site is a small knowledge base for a Raspberry Pi based home server: what to install, how to expose it safely, and how to keep it maintainable over time. It also includes a separate tools page for quick browser utilities.

Read the guides Read articles Open tools What is this?

What you will find here

A home server can be simple or it can turn into a pile of fragile services. The goal here is to keep things boring: predictable updates, clear backups, and a network setup that fails safely. Each guide is written as a checklist you can follow, with notes on why a setting exists and what can break if it is skipped.

If you are using a dynamic DNS hostname, the two biggest sources of trouble are (1) accidentally exposing an admin screen to the internet, and (2) leaving default credentials or unpatched software online. The guides focus on reducing that risk: authentication, minimal public surface area, and logs that make it obvious when something is wrong.

Quick start checklist

  • Decide what is public and what must stay private (admin pages should not be public).
  • Put everything behind HTTPS and keep the TLS termination in one place (reverse proxy).
  • Use strong passwords and prefer passkeys / SSH keys where possible.
  • Enable basic monitoring: disk space, memory, and service health checks.
  • Backups: verify restore, not just backup creation.

Minimal “good enough” layout

Internet
  |
[Reverse Proxy: HTTPS]
  |
  +-- Public site (content pages)
  +-- Private apps (auth + allowlist/VPN)
  +-- Admin endpoints (never public)

Featured guides

Start with these if you are publishing a Raspberry Pi service to the internet.

1) DDNS and port exposure: what to open, what to hide

A common failure mode is to forward ports directly to different services. The safer approach is to expose one HTTPS entry point, route internally, and require authentication for anything that changes settings or touches files.

2) Reverse proxy basics (one front door)

A reverse proxy lets you keep certificates, redirects, security headers, and rate limits in one spot. It also makes it much easier to see what is actually receiving traffic.

3) Backups that can be restored

Backups are only useful if you can restore to a clean state quickly. The guide covers folder selection, retention, and a simple restore drill you can run every month.

Featured articles

Longer reads that explain the “why”, not just the “how”.

One front door: why a reverse proxy is worth it

A reverse proxy is the easiest way to reduce the number of internet-facing services, centralize logs, and keep HTTPS and access rules consistent.

SSH hardening basics for home servers

Keys, disabling passwords, limiting users, and reducing exposure so automated attacks stay harmless.

Backups that restore: a simple monthly drill

A small restore drill is the difference between “I think I have backups” and “I know I can recover”.