Switched to Linux and built my own cloud, media, and game servers in 48 hours
Posted by I666l@reddit | linux | View on Reddit | 94 comments
TLDR:
Just ditched Windows for Linux. In two days I set up Vaultwarden, a public Jellyfin server, and Minecraft servers. Automated my music library, solved configs and port conflicts, and now I can access everything anywhere. Linux finally lets me run my projects my way. If there is anything else any of you would recommend me looking into let me know! I do alot of data transfer, game / server hosting and a bit more.
The past day and a half on Linux has been amazing. I was dreading the switch because I didn’t want to risk losing all my data from Windows 10 Pro, which I’d accumulated over time. I decided to bite the bullet and zipped up everything I wanted to keep. After zipping, it was only about 1TB of data.
I was on a call with my friend, who’s a native Linux user and very eager to help me switch. He said he would be with me the whole time, and we started setting up Vaultwarden. We ran into a lot of configuration issues, and then he just said goodnight about an hour in. We started around 10:40 PM, and he left around 11:30 PM. I stayed up until the next day at 5 PM finally getting Vaultwarden fully setup. I’m pretty technical, so I’m not sure why it took me so long, but eventually, I got Nginx working after fixing a config issue 19 hours later.
After that, I set up my Minecraft servers and was feeling accomplished. The next night, about 24 hours after initially installing Linux, I wanted to set up my own cloud service to avoid paying for subscriptions. I started with Jellyfin, but ran into a port conflict with Vaultwarden. Luckily, I’ve had my own domain for years, mainly for Minecraft servers, so I managed to route both services properly and solved that issue.
Next came the music setup. I didn’t want to do everything manually, so I grabbed SoundCloud links from my account and a friend’s, since we have the same music taste. I downloaded the songs, but the file names were a mess with numbers and brackets. They were in M4A format, which works on PC, but I wanted MP3 for my phone. I found a script that converts all M4A files to MP3, deletes the originals, and keeps the MP3s. I put everything into Jellyfin, and it worked perfectly, I can stream, download, and listen on iOS.
The only problem was access outside my network, so I had to research how to make Jellyfin fully public. That was tricky, but it’s done now. I also started thinking about setting up a home VPN. I’m still deciding between WireGuard and OpenVPN, WireGuard uses keys, while OpenVPN uses username and password but I got halfway through setting up WireGuard before taking a break to play CS2 and hop on my Minecraft server.
Overall, I just wanted to say how much I’ve been enjoying Linux so far. It’s allowed me to bring my hobbies and projects to life in ways that weren’t possible on Windows.
ang-p@reddit
Can you TL;DR your TL;DR ?
I666l@reddit (OP)
-Windows +Linux 2days = vault = host = media library = data center = done
ang-p@reddit
K
I666l@reddit (OP)
😅🤣
Fresco2022@reddit
Great achievement. Congrats. But not something for the average user like myself, let alone a newbie linux user. I couldn't do this without a massive amount of help.
I666l@reddit (OP)
i did have alot of help from my buddy whos a linux nerd for the past 6 years or so, just was lost the first night after he left the vc an hour in lol
Benke01@reddit
Just a thought; MP3 has worse sound quality compared to M4A. Doesn't matter of its 320kbps. I'd recommend you to convert them to .OPUS instead. If you still have the backup of the M4A that is. 😬
SynchronousMantle@reddit
Get yourself a copy of Tailscale for your vpn. Much easier to set up and configure.
I666l@reddit (OP)
went with tailscale and now have a vps running back through to me at home
SynchronousMantle@reddit
Nice! Tailscale is by far the easiest way to set up a wireguard vpn. Enjoy.
Hurri1cane1@reddit
You definitely need a VPN if your are streaming over the internet. Just fyi.
UnLeashDemon@reddit
Beware of the pipeline
thenoobone-999@reddit
Damn that was fast, homelab speedrun any%. I also want to setup similar things but I'm inept on homelab and troubleshooting stuff. Mainly: 1. I want to keep all the large video files and music then stream it thorugh Jellyfin. 2. Having ad-block on home network so I can avoid installing adblocker on browser 3. Able to access all the files from outside home network using Tailscale
I666l@reddit (OP)
i had my buddy with me for the majority of the next night following his absence the first night he ‘planned’ on doing it with me and then used some ai assistance in a few scripts for downloading all music to jellyfin and creating a single script to run 2 vanilla 1 modded server and a proxy server (velocity) all at once, and connected those to my vps that tunnels to my tailscale. so now i can keep my public ip hidden while still being able to keep the original custom ips from my domain (which is under an aws) and my vault is also under my vps
Affectionate-Pickle0@reddit
Zerotier is another VPN alternative. If you're considering options to choose from.
rjyo@reddit
Go with WireGuard over OpenVPN. Way faster, simpler config, and the iOS app works great. Once its running, your Jellyfin/Vaultwarden/everything is accessible from your phone like youre on your home wifi.
One thing that was a game changer for me with a similar setup - SSH from your phone. Being able to restart a crashed server or tweak a config from the couch saves a ton of trips back to the desk. I ended up building an iOS terminal app called Moshi for exactly this, it uses the Mosh protocol so your session survives wifi-to-cellular handoffs without dropping. WireGuard + a good terminal on your phone is an underrated combo for managing self-hosted stuff.
Nice speedrun btw, 48 hours to a full stack is solid.
ZCTMO@reddit
Linux speed run into the next best chapter of your life. Well done!
Mrtylf@reddit
Neat. 🎻
donut4ever21@reddit
Just wanted to let you know about two apps that I use religiously for my music (navidrome is great), fre:ac to convert music. It's blazing fast. And Kid3 to tag your music.
Normal_Usual7367@reddit
That’s the best Linux homelab speedrun I ever seen
I666l@reddit (OP)
mind you, ive already had the mc servers and whatnot made from when i was on windows so that cut alot of time just switching from .bat to .sh took about 20 mins or so for my proxy server then my hub and vanilla server and then dedicated modded ATM10 server, everything else felt like forever lol
The_Brovo@reddit
Not to dampen your enthusiasm, but hopefully you know about security when you are self-hosting and opening ports. For example, you can set your reverse proxy to tunnel to say CF and avoid opening ports, or use tailscale to make a vpn that everyone can log into that needs your services
arahman81@reddit
You can use wg-easy with Docker, and then create new keys from the web UI.
J2MES@reddit
That’s incredible. I have a mini pc coming can you share your configuration? It sounds like you got some reverse proxies going on. I’m extremely new so I’m not sure how a lot works
I666l@reddit (OP)
yeah just add me on discord and id love to pick your brain with you lmao! im still a baby myself lmao so we can learn together! i am doing this all off my daily driver, its a powerhouse of a machine 👀 i get 140+ fps while hosting 3 servers taking up 80+GB of RAM while having my mc client use another 20 and then still being able to play cs2 all at the same time 👌🏻 mind you i only have 64GB in my rig 😎
J2MES@reddit
Yeah what’s your discord name man. I got some questions about my setup I wanna ask.
RyeonToast@reddit
I like the feeling when you make that change that makes the thing that is inexplicably inoperative start working.
Regarding WireGuard vs OpenVPN, WG is considered more modern and leaner, so that's a nice default choice. Also, keys are generally a better authenticator than username/password. You should be able to create a config file for wireguard that you can copy to the endpoints you want to connect.
Speaking of keys, make sure you setup SSH keys and disable SSH password auth on those public servers. If you didn't do something like Fail2Ban to limit the Internet's ability to try brute forcing your system, do so. Safety first.
PredictiveFrame@reddit
Welcome! Now that you're free of microslop, and have mostly gotten set up, what comes next? I reccomend spending the next 6 months obsessively optimizing your OS, before realizing you've made this far too overcomplicated, simplify your setup down, and start over. Rinse, repeat.
EuCaue@reddit
linux speed run wr?
Azazeldaprinceofwar@reddit
For a vpn solution I recommend tailscale. It’s a good and easy to set up/use way to find and connect your machines securely from anywhere. It’s what I use
I666l@reddit (OP)
what perks / user auths does it have that you like about it?
dragofers@reddit
For me one of the main ones is that it quickly adapts if your public IP is dynamic.
309_Electronics@reddit
Easy setup and full control and its built on wireguard. There are apps for mobile that allow you to authenticate into your tailscale network and its mostly one account to setup. If you log in with that same account on other devices you will also have access to the tailscale network you setup.
Azazeldaprinceofwar@reddit
30 second set up for a new machine, fully control form the web admin console, compatible with all nature of devices real and virtual. Allows all my machines to communicate peer to peer end to end encrypted without ever exposing a domain or something to the public, just peer to peer key exchange (ips are fetched from the Tailscale server but all communication is peer to peer). Additionally you can choose to route traffic through “exit nodes” so machines in your tail net can be isolated from ever seeing the outside web. You can even use Mullvads vpn servers as exit nodes to keep all your traffic fully private.
J2MES@reddit
How easy is it to set up for users? Friends and family and such
Azazeldaprinceofwar@reddit
I admit I’ve never actually tried but there is a big add user button on the admin console which I assume does just that
xxCorsicoxx@reddit
Great speedrun and love your excitement
I think the things I'd do next honestly are: - figure out using borg backup with herzner storage box just to make sure the more important media stays safe - move the jellyfin and nginx stuff that you have and ddclient and certbot if you're using that (dns and https certificate respectively), in a docker do you can easily recreate it if ever you need to, and it's nice and sandboxed so you won't have cross contamination in configs and shit
And if you're into any of the following - you could add an immich server to be your own Google photos - add an nextcloud to be your own Google drive - add a qbittorrent+ gluetun (in a docker) for your p2p needs - add a home-assistant to be your own ok google/alexa/whatever And more optionally - you could run your own llms locally if you're using them, handy for coding, there's decent open source models and it shouldn't be too crazy demanding but would eat up ram for sure. Image generation ones need hella GPU and def isn't something worth running 24/7
Enjoy your stay. Linux is ridiculously empowering. I also loved how easy it was to setup my jellyfin stuff and the torrent both in their own containers just running so nicely and smoothly, and how much kinder on resources it all is within Linux. Ain't looking back.
I666l@reddit (OP)
im currently using KDE Connect//Local Send for p2p idk which one i like more yet lol the llms sounds neat! i am def gonna get into that either tonight through the early morning or take a power nap and get right into it! the immich/nextcloud server would also be really good especially for my wife since her 128gb 16 pro is being filled up by 21k photos/videos and is taking about 80gb worth of storage on her phone 💀 idfk how but yeah. a home assistant would be shnazzy too tbf
xxCorsicoxx@reddit
My photos take up about 1.2tb on my drive and I fill up the 128gb on my Samsung every 3-6 months lol (sure maybe like 50g s tops is photos and videos and shit). I am a bit of a data hoarder but it's a lot easier than to think to use up a ton of space lol
As for my p2p joke I meant torrenting, i think local send is just for sending shit around between your devices on the local network
julioqc@reddit
Tomorrow, he gets hacked 😅
Wartz@reddit
This doesn't seem likely.
I666l@reddit (OP)
and why is that lol? ive been on pc for about 15+ years always been into programming and working with tech just never made the switch. ive built my own pcs helped others build theirs, done alot of pc repairs and troubleshooting via in person or over the net. designed my own website and published that a few years back and now redoing it. ive had someone who knows linux be there for the questions i needed answered not in vc with me perse like he said he was gonna be but still there lol
Wartz@reddit
You sound like you’re trying too hard?
The whole thing sounds fake.
TheG0AT0fAllTime@reddit
Reads like they vibed their way there
Bulky-Bad-9153@reddit
This is hilarious, please make sure they know about it
amir_s89@reddit
People have different backgrounds, skills & knowledge. So expect tasks being completed in various results & length.
I666l@reddit (OP)
I can very much assure you none of it is fake buddy
bapfelbaum@reddit
I would not recommend hosting anything publicly unless you know what you are doing. VPN is your friend.
I666l@reddit (OP)
i have my mc servers under cloudflare and my domain so my ip isnt public but the media sharing and home-cloud storage im waiting to setup the vpn aspect of things to release to friends. my gf and i are using everything else locally as of now
Journeyj012@reddit
under cloudflare? how so? I thought they didn't proxy TCP
Last_Bad_2687@reddit
Your domain makes your IP public. Open a terminal and type dig +short A
I666l@reddit (OP)
just did, and it came back as Amazon Technologies Inc. for both IP's it pulled doing that :D
Last_Bad_2687@reddit
Ah you have a VPS not just a domain. Makes sense. You can point a domain to anything so I wanted to be sure
TheG0AT0fAllTime@reddit
Looks like a residential IP to me. Just checked.
Last_Bad_2687@reddit
FYI I use tailscale and I set the domain A record to my tailscale IP
I666l@reddit (OP)
may i get ahold of you via discord? i would love to get that all setup if possible :D sounds like youve been through the pain lmao
Last_Bad_2687@reddit
Yep. I have homeassistsnt and a bunch of stuff. Just DM me.
Tailscale is pretty easy. Install tailscale via package manager , enable tailscaled service,
sudo tailscale upand login via Google, githubThen download phone app and do the same.
Use
tailscale statusif you need to check on pcWhenever you need to access your network use the Tailscale IP of your PC.
for example 192.168.1.23:8080 Becomes 100.33.38.123:8080
Thats it!
Oh and make a subdomain point to the Tailscale IP.
So tshomeassist.mydomain.com points to 100.33.38.123 (made up Tailscale IP obv).
Lastly look into caddy. I used ChatGPT for the config.
Basically caddy sees which domain is connecting and reroutes to the port
TheG0AT0fAllTime@reddit
Yep their personal public IP is visible, just checked.
bapfelbaum@reddit
Security by obscurity is not security, automated scanners and script kiddies will find you and throw cves at you. In general hosting something which is easily accessable to the public requires either close monitoring or a very restricted blast radius so that a compromise does not expose your whole datacenter to the attacker.
That said, its not black magic and you will manage, just dont take security lightly. Wireguard is really easy to set up btw with wg-quick. Openvpn has more features but is also kind of a hassle for a private usecase.
I666l@reddit (OP)
i was looking into both wireguard and openvpn more or so openvpn though for the user|pass side of things and having that (once its all done) be available for my close friends and family but thank you for the headsup!
DrFlameSax@reddit
A middle ground could be headscale with tailscale clients. It is based on wireguard and has advanced features, such as acces rights (especially if you start inviting externals to your network), local dns, relay servers (when a client is not able to connect directly to you network). The tailscale client is available on lots of platforms. linux, macos, android, windows,...
twitterfluechtling@reddit
Came hete to read this (or comment myself similarly)..
The long post and the plentitude of achievements smells to me of heavy ai support. Which isn't a problem in itself, I recently used Amazon kiro to setup my semi-public cicd system (jenkins, forgejo, ldap, phpldapadmin, all via docker-compose, with some tweaks).
But AI is terrible at maintaining security-considerations. You get something that works, quickly, but unless you have some understanding of the risks and guide the AI to avoid them, and keep track that it doesn't remove the precautions you already implemented, you might end up with a security nightmare. And if you happen to use some scaleable components (AWS access keys for an S3 backend, not tied down via IAM roles), you might end up bankrupted when someone invades your server, gets the keys and starts scaling ec2 instances on your behalf to crypto-mine or something.
My cicd system is behind a reverse proxy with client-certificate authentication, and kiro did at some point weaken the nginx config to bypass the cert-check to work around a bug in firefox. So it actively disabled security measures I already put in place, without warning me explicitly.
Run public servers all you want, use AI support all you want, but learn about security and be careful what you do / what AI does on your behalf (this is more for OP than for the comment I'm replying to).
TheG0AT0fAllTime@reddit
I felt the same way and think our suspicions are correct. OP might be blindly walking into a dangerous configuration if this really was vibed.
MezBert@reddit
Impressive. I'm a non-technical user running Linux for over 20 years and I couldn't do half of this!
Now, what's a native Linux user? Was it born on Linux userland? Is it someone born with a silver penguin in one's mouth? 😅
Sorry, but this way of presenting it really cracked me up, haha.
danieldogeanu@reddit
Bro, forget WireGuard and OpenVPN! You need NetBird for your network! You'll thank me later!
DisasterBeautiful444@reddit
You or ai coders? 😅
BlackMarketUpgrade@reddit
I have about 100gb of music that I want to make my own server with. I think for summer break I’ll mess with that and try it.
hadrabap@reddit
Linux is a great platform. It has its own dark sides as well, but it's miles away from the others.
Enjoy the stability and deterministic behavior! 👍
I666l@reddit (OP)
thank you man, i will be advancing my way into linux with open eyes the whole time! the stability is phenomenal 🤩
DotJaded996@reddit
Welcome to the beginning of the rest of your life lol. I've been using Linux for just over a decade now
I666l@reddit (OP)
thanks man! im looking forward to all the crazy shit i can do LOL im sure it was hell many years back. what are your takes and key suggestions from your experience
DotJaded996@reddit
You're welcome! The most important part of homelabbing ia learning and having fun.
Don't waste your time distrohopping or falling into what distro is better than the other. Pick a distro and stick with it. After a couple years you won't notice the (minor) differences between distros. At the end of the day, Linux is Linux lol.
Documentation is everything. You have no idea how many issues I've had that I eventually solved by just reading man pages.
Backups, backups, and more backups! Follow 3-2-1 method to back up config files, personal documents, and any other sensitive data you can't afford to lose. I've been burned a couple times by neglecting regular, automated backups in my earlier days.
twitterfluechtling@reddit
Not sure I agree. Maybe it got better nowadays, but the different package managers used to have significantly different levels of robustness, and with Ubuntu-based distributions I had to set up from scratch a couple of times. (Which was still way less painful than I remember it from Windows, since in Linux, I have my home-partition which didn't change, and only had to re-install the base system, which runs more or less autonomously.)
I666l@reddit (OP)
backups and docs are one thing im a big advocate for!!! the distro end of things was on my buddy, he asked what i wanted to do i told him and he picked the best choice for me from what my needs are its been fun though, no burnout good increase in resources (ram cpu) usage and being able to utilize all of my pc that i paid for
twitterfluechtling@reddit
10 years ago, Linux was already quite mature as a desktop system :-) I use it more or less exclusively at home for about 25 years, and as my primary system on my work-laptop for about... 15 years? Maybe 20? Not sure. Challenges mainly arise when you have to work with proprietary file formats or services (MS Office, Exchange, Websites optimized for Internet Explorer).
In the mid-90s it was really a challenge (for me), though :-)
MBILC@reddit
And you secured it all right? right?
Separate VLANs if you can for exposed systems to keep your internal systems safer?
TheG0AT0fAllTime@reddit
It seems they have done none of that. Strong AI usage sensation.
I666l@reddit (OP)
nothing is public other than my mc servers rn under custom domain with cloudflare and vps once i get the vpn up ill push the jellyfin publicly for whichever friends and family want to use it and then same with the vpn but otherwise yes secured lol
prateeksaraswat@reddit
I cloudflare zero trust to access my Jellyfin from the web. It’s pretty good. No need to open ports or beg my ISP for a static IP.
fieldghostCode@reddit
Fine. I'll bite.
Such a long post and not a single mention of distro choice and actually how?
What's the purpose of this post?
I666l@reddit (OP)
i have cachyos with grub, and the post is just to jot my journey so far on linux :D
fieldghostCode@reddit
Cool! I have a thinkcentre m910q running Ubuntu Server. Been long thinking of hosting a Minecraft server to learn maintaining a Linux server.
Zer0CoolXI@reddit
make Jellyfin fully publicThat could turn out poorly if your not just using vague wording.Also confused as your describing setting up what is essentially a server but saying you switched from Windows…are you running all this from a desktop machine that you also use as your main computer (browsing/gaming/email/etc) or is this actually a server?
but i ran into port conflictsYou mentioned this but also talked about setting up a reverse proxy (Nginx). Setup properly for your services you shouldnt really need to deal with ports.For music you may consider looking into FLAC formats. These are lossless formats vs mp3 which is lossy, plus you converted from m4a to mp3 which probably lost some more quality. I’m not an audiophile and even I can hear a difference between mp3 and FLAC’s. Kinda blew my mind.
I666l@reddit (OP)
vague wording yes making it public so i would create an account for any of my friends and family to use and then they can access the music // videos i would have in my jellyfin
i was talking about my minecraft servers i had while on windows and switched them all over to linux just had to create the start.sh scripts rather than the .bat for windows but yes its my hosting pc and daily driver all in one!
i have vault on 443 and jellyfin also listens on 443 and nginx is on 80 which i had a problem with that for a min with a skewed config for another program its been a like couple days im tired 😭
i was looking into flac but for now im not caring about quality and changing the m4a that i get from soundcloud and changing it to mp3 isnt bad, only reason im doing it is because m4as will download alot faster being smaller in size and doing thousands of songs at once is just better and then converting them to mp3 like i said so its available to listen on ios idk if it was just a me issue or not but m4a after downloading on jellyfin and then going offlinemode didnt play any audio, i also downloaded finamp so i can have background play since jellyfin isnt doing it on ios rn (as far as my testing has gone)
if theres any other questions you have or let me know! more than happy to be knowledged :)
nlflint@reddit
If you're up for some more challenge, and benefit:
Build a ZFS mirror with datasets for your self-hosted services. ZFS self-heals. Also setup an offsite backup for it.
Self-host VPN so you can access everything when you're away via cellphone.
Register your own DNS name, and setup proper TLS certs via LetsEncrypt. Configure DNS names for all your servvices, maybe use a reverse proxy. Then no more annoying browser cert warnings every time you load a self-hosted webpage.
I666l@reddit (OP)
i have my own domain and have been setting up records to alleviate myself the headache of certs lmao i am reverse proxy-ing?!? lol to have vault and jelly run off the same port but routing through subdomains
koulourakiaAndCoffee@reddit
Cocain is a terrible drug
I666l@reddit (OP)
dont hate, i vape :D also i barely hit the fucking thing during that whole process during night/day one LOL
BFguy@reddit
That's the same with me and vibe coding lol
hammackj@reddit
Welcome.
Cold_Soft_4823@reddit
switch to navidrome instead of jellyfin for music. save yourself the headache now.
I666l@reddit (OP)
but but… i have it all setup 😭
BourneSh@reddit
I'm happy for you! If you want a cool VPN web wrapper for WireGuard, I would recommend you wireguard-webadmin, I found it very useful to connect my devices safely (I really don't like setting up WireGuard keys manually lol).
I666l@reddit (OP)
ouuu i like the sound of that, ill look into it! wanting my own vpn for myself and others to connect to and scamper the internet freely lol