If you want the guided path, start with my course index:

Self-hosting without panic: A calm 12-part Linux runway

This page is the other thing: single-topic playbooks. The stuff you reach for when you already have a box (or three), something feels fragile, and you want a practical pattern instead of vibes.

I’ll keep this updated as I publish.

Shelf 1: Foundations

• Self-hosting, explained: What it is, why it’s worth it, and how to start safely
  The “am I even doing this right?” primer, with the safety rails I wish were standard.
• Docker for self-hosters: What it is, what containers are, and how to start with confidence
  A beginner-friendly guide to images, containers, volumes, ports, Compose, and the small set of concepts that actually matter
• Podman for self-hosters: What it is, how it differs from Docker, and when it makes sense
  A beginner-friendly guide to rootless containers, pods, Compose compatibility, and why Podman is becoming a serious Docker alternative
• Reverse proxies for self-hosters: the front door that makes everything else make sense
  What a reverse proxy actually does, why it sits in front of your apps, and how it simplifies domains, TLS, and exposure
• DNS for self-hosters: the hidden system behind half your future outages
  Domains, records, local resolution, split DNS, and why wrong DNS looks like a broken app
• Docker storage for self-hosters: volumes, bind mounts, and why people lose data
  What survives container recreation, when to use Docker-managed volumes, and when bind mounts make more sense
• Ports and networks for self-hosters: the Docker confusion that causes half of beginner problems
  Internal ports, published ports, bridge networks, and why your app keeps failing to reach the database
• Environment variables explained for self-hosters: what they are and why every app seems to need them
  A practical guide to config, secrets, .env files, and how to stop copying random values without understanding them
• Backup, sync, snapshot, replica: Four words self-hosters keep mixing up
  A lot of backup mistakes are really vocabulary mistakes
• SSH explained for self-hosters: what it is, why it matters, and how not to fear the terminal
  Remote login, keys, encryption, and the mental model that makes SSH feel normal
• How to read logs without getting lost: troubleshooting basics for self-hosters
  Container logs, system logs, time windows, and the habits that help you find the failure faster
• HTTPS for self-hosters: certificates, ACME, and why renewals should be boring
  What certificates do, how Let’s Encrypt validation works, and when HTTP-01 vs DNS-01 matters
• What a container image actually is: OCI, registries, tags, and what Docker is really downloading
  The beginner guide to image formats, registries, tags, and why “latest” is not a deployment strategy

Shelf 2: First build and low-regret architecture

• What should you self-host first? A beginner-friendly map of the most useful self-hosted apps
  A practical guide to auth, files, photos, monitoring, notes, docs, and homelab utilities — without the usual bloated app dump
• The first hour: My 10-step Linux baseline for any self-hosted box
  A copy/paste baseline that makes a fresh machine boring enough to build on.
• Self-hosting for normal people: The two-box setup that saves your weekends
  A simple architecture that scales from “one dashboard” to “I run services for months” without turning into a second job.
• Homelab on a budget: €3.49 cloud + a tiny home box = real server power
  The same two-box idea, but costed, practical, and beginner-friendly.
• How much CPU and RAM do you really need for self-hosting? A sizing guide for normal people
  Resource “budgets” by service type, why your box feels slow, and how to pick hardware you won’t outgrow in 6 months

Shelf 3: Networking, edge, and remote access

• CGNAT for self-hosters: How to know port forwarding is not your problem
  Why inbound connections still fail, how to prove it fast, and the lowest-regret escape routes
• Expose your self-hosted services safely (no open ports): the practical pattern
  A clean alternative to port-forwarding: mesh, identity, ACLs, and tunnels, explained like an operator would.
• Nginx Proxy Manager vs Traefik vs Caddy: pick the proxy you’ll still like in 6 months
  A decision guide based on real maintenance: renewals, debugging, auth, upgrades, and how it feels at 2 AM.
• NetBird vs Tailscale for homelabs: Sharing, ACLs, and “family usability”
  Where the real differences show up in practice: inviting others, controlling access, handling new devices, and keeping the setup low-drama
• IPv6-first homelab: what broke, what worked, and a verification checklist
  Field notes from a real migration, plus the checks that tell you what’s actually working.

Shelf 4: Security, identity, and abuse control

• Reverse proxy hardening checklist: what I actually use (headers, auth, rate limits)
  Hardening the “edge” beyond TLS: access control, abuse resistance, and the headers that actually matter.
• Auth for self-hosted apps: Basic Auth vs forward-auth vs OIDC (plus a decision table)
  When Basic Auth is enough, when forward-auth is better, and when OIDC is worth the complexity — summarized in one table
• Fail2ban for self-hosters: Stop brute-force without turning your server into a security project
  A practical setup for SSH + web apps, modern nftables/systemd defaults, and a debugging checklist to prove bans actually work.
• Secrets management in Docker Compose: .env, SOPS, Bitwarden, and the “good enough” threat model
  A pragmatic ladder from “.env and permissions” to SOPS and a vault, plus a threat model that’s realistic for self-hosters
• Reverse proxy rate limiting for humans: Stop bots without breaking apps
  A practical guide to slowing down scanners, login abuse, and noisy clients — without locking out real users or fragile apps
• Wildcard certs for self-hosters: When they simplify life and when they create risk
  DNS-01, private services, rate limits, and how to stop certificate sprawl before it starts

Shelf 5: Storage, data safety, and file movement

• Btrfs vs ZFS vs ext4 for self-hosters: Choose the complexity you can maintain
  Checksums, snapshots, RAM overhead, and why the simplest filesystem is sometimes the right answer
• Docker volumes in self-hosting: 7 ways to lose data (and the safe patterns)
  The quiet failure modes that eat state over time, and the layouts that prevent them
• Backups that survive reality: 3–2–1 for self-hosters with no enterprise gear
  A backup plan that includes the part most people skip: restore tests you can do without drama.
• Rclone copy vs sync vs bisync: Choosing the one that won’t surprise you
  A practical guide to the three modes: what they change, what they delete, and how to avoid the kind of surprise that ruins a weekend
• Secure your homelab: A power outage should not become a data-loss event
  UPS basics for self-hosters, graceful shutdowns, and the first automation to add before your first blackout
• SMB vs NFS for self-hosters: which one belongs where
  File-sharing protocols without the cargo cult, plus the line between LAN sharing and remote access

Shelf 6: Operations, upgrades, and troubleshooting

• The only Docker update strategy that doesn’t rot: Tags, digests, and controlled rollouts
  How to keep containers current without blind pulls, broken weekends, or a stack full of version drift
• DNS is the hidden outage factory: Split DNS, VPN DNS, and how to make it boring
  A practical guide to the DNS mistakes that quietly break self-hosted services, plus a setup pattern that stays predictable
• Caddy 502/504 playbook: Fix upstream timeouts in 20 minutes
  A step-by-step checklist to find the slow hop (app, DNS, network, proxy) instead of guessing.
• Docker Compose for grown-ups: A boring convention that prevents chaos
  A boring, repeatable structure for stacks so upgrades don’t turn into archaeology.
• Why your homelab is “slow”: IO Wait, DNS, MTU, and the fastest way to prove it
  A step-by-step diagnosis playbook: measure IO wait, validate DNS latency, test MTU/path MTU, and confirm the real culprit.
• My operator’s postmortem template: Turn breakages into fewer future breakages
  A lightweight incident write-up format for self-hosters and small teams who want better systems, not blame rituals

Shelf 7: App and service decision guides

• Vaultwarden on Docker: Backups, admin access model, and restore test (a real setup)
  Run your own password manager: Vaultwarden (a lightweight Bitwarden-compatible server) with backups and a restore drill.
• Immich storage planning: How not to lose your photos (and not to go broke on disks)
  A sizing and layout guide: where your photos actually live, how fast storage grows, and what to back up (and what not to)
• S3 at home: Garage vs MinIO — compatibility traps and client reality
  A practical comparison for self-hosters: what works, what breaks, and which S3 clients care more about “compatible” the marketing suggests
• Syncthing vs Seafile vs Nextcloud: The “family-proof” decision guide
  A real-world look at three very different tools: file sync, cloud-like sharing, backup expectations, and the support burden you inherit
• Should you self-host email in 2026? A brutally practical answer
  SMTP is not the hard part — deliverability is, and modern sender rules made that even more obvious
• Most self-hosted stacks are desktop-first by accident: The mobile-first checklist
  If your family only uses phones, your “great setup” may still be unusable

Shelf 8: Local AI for self-hosters

• Local LLMs for self-hosters: what’s worth running at home
  A practical split between “keep local” and “don’t bother”, with hardware expectations that won’t waste your weekend.
• LLM as a log triage assistant: From 10,000 lines to 3 hypotheses (plus validation commands)
  A practical workflow for turning noisy logs into a short, testable suspect list — without outsourcing judgment to the model
• LLMs for self-hosters and sysadmins: 8 tasks where AI helps (and 5 where it’s dangerous)
  Where LLMs genuinely save time for sysadmins, where they quietly increase risk, and how to keep a human hand on the wheel

How I write these

• I bias toward checklists, patterns, and failure modes.
• I avoid cargo-cult security. If something is “best practice”, I try to explain what it protects you from.
• If a post has commands, I try to make them demo-safe and reversible.

If you want new playbooks as they come out, follow/subscribe here. If you want the full structured path, the Linux runway starts at the course index.