How I Set Up a Home Server That I Can Access from Anywhere
Ever since I started learning programming, I’ve had one consistent problem: I had to actually be in my room to do anything. Back in the day, I was on a hand-me-down Windows XP machine, which probably had more owners than a used car. Then came my first laptop — a mid-range gaming beast that weighed as much as a kettlebell, had a battery life shorter than a cat’s attention span, and was just about as portable as a concrete block.
Fast forward to my second year of university, and I was deep into building user-facing apps. That’s when it hit me — what if I could access my work from anywhere? Not just my room. But, of course, this wasn’t financially feasible, and convincing my parents that I needed a rack server in my room to get passing grades was, well, a hard sell.
So, now that I’m actually earning a paycheck, I could finally justify spending it on something useful: a refurbished mini PC to kick off my home lab. It’s not the fastest or the flashiest, but it’s what I could afford without breaking the bank (or my back). This is the beginning of my home server journey — and I’m taking you along for the ride.
DISCLAIMER: I don’t have prior hands-on experience with any of the following, aside from theoretical knowledge. So, if you spot any inconsistencies, please let me know. It’ll not only help me improve my setup but also benefit other readers.
1. Why I Did This (And What’s in It for Me)
So, why bother with setting up a home server in the first place? For me, it’s about freedom.
- Ability to work from anywhere, not just in my room.
- Control over the services that I use.
Then, there’s the whole learning aspect. It’s one thing to build apps on your laptop, but setting up and maintaining a server is a whole different ball game. The self-hosting side of things was equally tempting: I could have control over my apps, run personal services like media servers, and — most importantly — avoid paying for cloud hosting.
Since I build a lot of internal apps that help me streamline processes in writing, social media, and learning, I depend upon a few tools and services that needs to be deployed or worst require a subscription. Having a home server lets me eradicate that whole dependency.
Plus, let’s be honest: it felt like the ultimate tech flex. I could finally tell my friends, “Yeah, I have a server… no big deal”.
2. Specs of the budget beast
- Intel Core i7–8550U @ 8x 4GHz
- 16 GB DDR4 RAM
- 512 GB SSD
- Comes with Windows 11 activated (IDC, I wiped and installed Ubuntu Server edition)
3. The Problems I Faced
Since I live away from home, I had to convince my wealthy friend to host the mini PC at their place — and, no, she wasn’t held at gunpoint, I promise.
Once the security and uptime issues were sorted, I ran into a whole new set of challenges.
Getting started
Since my friend had no experience installing an OS, we hopped on a call, and I guided her through the entire setup. Despite a few hiccups with me explaining things and her navigating the Ubuntu installation via the terminal, we somehow managed to get the server up and running in just half a day. Surprising, right?
CG-NAT / private IP issues
If you have basic networking knowledge, you’ll know that I can’t just type in an IP address from my friend’s laptop while we’re both in different locations. All devices in a network get a private IP, and the only way to access my server would be if I were connected to her home network. And if you’re still with me, you’ll see how this completely ruins the whole “access from anywhere” goal.
When I mean access my server, I have two particular goals:
- Get remote access to the machine to manage (System updates, general development).
- Access the service hosted in it (Photoprism, n8n, LLMs).
To achieve remote access, there are several options:
- Static IP with Port Forwarding — solves both access and hosting needs
- Reverse SSH — but still requires port forwarding
- Bastion Host — mainly for SSH access
- DDNS — dynamic domain resolution for changing IPs
- VPN — secure, full network access
I’ve listed them in order from least secure to most secure. As you’d expect, the less secure the option, the easier it is to set up. But since this server is running on my friend’s network, I didn’t want to cut corners on security.
Plus, her ISP wouldn’t provide a static IP anyway — so option one was ruled out immediately.
Reverse SSH was also off the table because it still needed port forwarding.
That left the bastion host, which seemed like the sweet spot between security and simplicity. If you’re unfamiliar, a bastion host is just another machine on a public network that can securely access your private network — like a jump box that bridges the two.
I got a free VM on OCI forever free tier offering. The VM is totally fine for this workload in terms of the network bandwidth it offers and the processing power.
With this setup, anyone with the private key (in this case, just me) could access the Bastion host. Sounds great, right? Except… it didn’t actually solve the problem — the bastion host still couldn’t reach my friend’s home network because it doesn’t know where it is. 😞
But then I had a thought: what if I flipped the setup?
Instead of connecting to the server, what if the server initiated a reverse SSH tunnel to the bastion host? That way, I could still reach it via the tunnel — without needing my friend to touch a thing.
So, reverse SSH it was. Not because I loved the complexity and not to mention the latency, but because it was the only way I could manage the setup myself without constantly pinging my friend for help.
Once the basics were in place — system updates, creating users and groups, installing a few utilities — I started exploring ways to improve access to my server. That’s when I stumbled upon Tailscale. I was already using it to run my own private VPN, so integrating it into my server setup felt like the perfect next step.
3. How I Access My Home Server
It’s been about a month now, and I can confidently say I have a much better — and more secure — way to access my server.
I installed Tailscale on all my devices and the server. Now, any device on my tailnet (Tailscale’s private mesh network) can securely access any other device. The setup was surprisingly simple, and the out-of-the-box security it offers is honestly impressive.
Using Tailscale has drastically reduced complexity and improves security since I don’t have any ports opened or any kind of direct access to the server or to my friends network.
What really stood out for me:
- MagicDNS — No more remembering IPs; I just type something like
myserver.tailnet-name.ts.net. - Device sharing — I can temporarily give access to specific devices if needed, without exposing the whole network.
- Cross-platform support — Whether it’s my phone, laptop, or tablet, everything just works.
Tailscale basically gave me the VPN I always wanted — private, fast, and dead simple to manage.
One issue I had was that to access any node on the tailnet, that device needs to be in the mesh network. This was a issue because, my work laptop has policies that prevent installing tailscale agent. But thankfully, tailscale also offers a web based SSH interface to access the nodes.
With this setup, I was able to finally put the reverse SSH to sleep.
BTW, The above image is not an actual representation of a mesh network. But the idea is once a node is added to the network, you can access each other as if they were on the same network.
4. How I Access Services Hosted on Server
Now that server access was sorted, the next question was: how do I access the services I want to host on it?
Initially, I thought of setting up individual tunnels for each service. While that would’ve worked, managing and remembering a bunch of random subdomains sounded like a headache I didn’t want.
Luckily, I already had a Cloudflare account — so I turned to Cloudflare Tunnels, part of their Zero Trust offering that’s free on the standard plan.
Why Cloudflare Tunnels?
Sure, there are other tunneling services out there, but most free tiers come with annoying limitations: single sessions, weird auto-generated subdomains, limited configs, security walls, etc. Instead of paying for another service, I decided to get the most out of something I already use.
With Cloudflare Tunnels, I set up a single tunnel and routed multiple apps through it using custom subdomains wired into my reverse proxy. Not only is it free, secure, and reliable — it also gives me features like built-in authentication. One-click, and boom — now all access to my self-hosted services goes through a login screen.
Simple, secure, and no weird sub-domains.
I’ve finally done it! What was once a dream is now a reality. Not only that, but I also received a certificate from a highly reliable source:
5. Future Plans & Improvements
So far, I’ve set up monitoring, alerts, and a handful of open-source applications on my server. With this setup, I’ve already ditched tools like my old password manager and automation platforms like Power Automate (which honestly felt more like a struggle than a solution) and Relay.
If you’ve read my previous article, Learn Smarter, Not Harder: My Personal Learning Blueprint, you might remember that I used Relay’s Notion integration for automations. Now, I’ve fully migrated to a self-hosted instance of n8n, and it’s been a game-changer.
That said, there’s still plenty left on my to-do list — setting up proper backups, improving monitoring, and hardening the system’s security. I’ll definitely share more write-ups as I discover cool things along the way.
BTW, that rich friend is . She writes about distributed systems, scala, spark and other cool stuff.
Stay Curious. Adios 👋
