Server

Posted on 6 2026

The source material this page replaces is two sentences. The server section deserves considerably more than that, because the server is where most of the self-hosted infrastructure actually lives.

The router handles packet routing, firewall, and VPN. The desktop handles day-to-day work. The server handles everything in between: DNS, mail, web services, file synchronisation, media streaming, database hosting, monitoring, backups, LoRaWAN network management, MQTT brokering, and every other service that needs to run continuously regardless of whether anyone is sitting at a desk.

The February server

The server for this network is the February homelab build documented in the February Server Project series. The hardware: a Ryzen 7 5700X, 64GB RAM, eight 4TB hard drives in a ZFS pool, dual SSD/NVMe for VM and container storage, a GTX 1080 for compute tasks, and an APC UPS for protection against power events. It lives in the rack at the primary site alongside the UDM-SE.

The operating system is Proxmox VE: an open source hypervisor built on Debian that manages virtual machines and LXC containers. Proxmox is the right choice for a homelab server that needs to run multiple services simultaneously in an organised, manageable way. Each service gets its own isolated environment, resources are allocated explicitly, and the whole thing is managed via a clean web interface without the overhead of a commercial virtualisation product.

The source material in the original roll.urown.net series runs all services on a single Ubuntu Server instance. This series diverges: services run in LXC containers and VMs on Proxmox. The Ubuntu Server configuration covered in the source is used within containers, not on the bare metal.

Why Proxmox and containers

Running all services on bare Ubuntu Server is simpler to explain but messier to manage. Services share a filesystem, share a package manager, share a process space, and interact with each other in ways that are difficult to predict and diagnose. A dependency conflict between two services affects everything. A misconfigured service can affect the whole server. Backups cover everything or nothing.

Proxmox with LXC containers gives each service its own isolated environment. A DNS container runs only Unbound. A mail container runs only Postfix and Dovecot. A ChirpStack container runs only the LoRaWAN stack. If one breaks, the others continue. Resources are allocated per container. Backups target individual containers. Rebuilding a service means provisioning a fresh container, not reinstalling the whole server.

The overhead is low: LXC containers share the host kernel, use almost no additional RAM compared to bare metal, and start in seconds. They are the right level of isolation for a homelab running trusted services without the full overhead of virtual machines.

Virtual machines (KVM/QEMU via Proxmox) are used for workloads that genuinely need hardware isolation: Windows VMs if needed, GPU passthrough for compute tasks, and any service that requires a different kernel than the host.

What the server section covers

The server section works through the configuration of the Proxmox host and the services running on it. The structure follows the same pattern as the router section: installation and initial configuration first, then each service as its own page.

Proxmox host:

  • Installation and initial configuration
  • Network setup: VLANs, bridges, and bonding
  • Storage: ZFS pool configuration, SSD allocation, NFS shares
  • Cluster setup (if multiple nodes are added later)
  • Backup configuration with Proxmox Backup Server

Container and VM setup:

  • Base container template creation
  • Common configuration applied to all containers (SSH, monitoring, NTP, mail relay)
  • Container networking and firewall rules

Services (each in its own container unless noted):

  • DNS: Unbound (recursive resolver) and Bind9 (authoritative)
  • Mail: Postfix (MTA), Dovecot (IMAP), rspamd (spam filtering), Roundcube (webmail)
  • Web: nginx (reverse proxy), Let’s Encrypt certificates
  • Nextcloud: file sync, calendar, contacts, tasks
  • Jellyfin: media streaming
  • Vaultwarden: self-hosted Bitwarden-compatible password manager
  • Mosquitto: MQTT broker for IoT and LoRaWAN
  • ChirpStack: LoRaWAN network server
  • InfluxDB + Grafana: time-series data and dashboards
  • Node-RED: automation and integration
  • Monitoring: Netdata or Prometheus + Grafana

Network services:

  • WireGuard VPN (if the controller moves from the UDM-SE to the server)
  • UniFi Network Controller (migrating from the UDM-SE)

Ubuntu Server within containers

Each LXC container runs Ubuntu Server 24.04 LTS. The configuration documented in the source material for Ubuntu Server applies inside containers: SSH hardening, system mail, NTP, unattended upgrades, and so on. Where the source material configures these on a single server instance, this series configures them as a base template applied consistently to every container.

The Ubuntu Server Guide referenced in the source material remains relevant reading for anyone new to Ubuntu Server administration. It covers the fundamentals that this series assumes familiarity with.

Services not covered in the source material

The source material was written between 2014 and 2023. Several services in this series did not exist or were not mature during that period:

  • ChirpStack (LoRaWAN network server)
  • Mosquitto MQTT in its current configuration
  • Vaultwarden (Bitwarden-compatible self-hosted vault)
  • Jellyfin (Emby/Plex alternative)
  • Nextcloud Hub (with integrated calendar, contacts, and office)
  • Node-RED
  • Netdata

These are covered in their own pages as part of this series, written from current documentation and experience rather than adapted from the source.

A note on the timeline

The February server was being built at the time this series was written. Some pages in the server section document planned configuration rather than fully tested configuration. Where this is the case, it is flagged. The intent is to document the build as it happens, update pages as services are deployed and tested, and maintain an honest record of what was planned versus what was actually implemented.

The server is not a single machine running a single operating system. It is a platform for running services. The difference matters when things go wrong, which they will. Understanding Proxmox, LXC containers, and the isolation model before services are deployed is worth the time investment. It makes every subsequent service deployment and every incident response faster and calmer.