Introduction

I started this project because I needed more control over how I store and consume media on my computer.

🔗 View on GitHub

I often ran out of storage space on my laptop, and using third-party cloud services like Dropbox and Google Drive felt limiting in terms of privacy and control, in addition to being financially wasteful. I also found it increasingly annoying because ads were always popping up on sites like YouTube and Spotify.

Meanwhile, I had an old desktop computer lying around, and instead of throwing the hardware away, I saw an opportunity to put it to new use. I aimed to address several issues with a single, affordable solution by establishing a personal home lab that would serve as a self-hosted environment for secure data storage and ad-free media streaming.

Hardware Used

• 500 GB HDD

• Ethernet Cable

Software Stack

• Ubuntu 20.04.6 LTS

• (SMB)Samba

• Jellyfin

• Cloudflare

• Docker

Installation and Configuration Steps

Ubuntu Server Installation

Download

Download Ubuntu Server LTS here:

https://ubuntu.com/download/server

Flash the ISO to a USB Stick using Balena Etcher or a disk imaging program of your choice:

https://etcher.balena.io/

Installation

Enter the Boot Selection Menu during PC startup and choose your Ubuntu USB to boot from your USB stick. Once you see the GRUB boot menu, pick the first option to Try or Install Ubuntu Server. To install Ubuntu, follow the instructions displayed on the screen.

• After it is configured, leave the OpenSSH Server checked to allow remote access to your computer.

• When prompted to partition your drive, be sure to uncheck the box next to "Set up this drive as an LVM group." If you left it selected, your drive would be divided into several volumes, utilizing just a portion of your disk, and you would have to resize it by hand afterwards, making things more difficult.

Accessing your server

Assigning a static IP address

Once the installation is complete, you will need to assign a static IP address for your computer on the network. This ensures that you always know what address your computer is on for connecting over SSH. How i achieved that is by configuring a .yaml file in the ubuntu server.

• I first navigated to the path /etc/netplans then i removed any existing network configuration file there and created a new file named static.yaml

• Then after that i edit the static .yaml file with sudo nano static.yaml then i paste the following config settings

network:
  version: 2
  renderer: networkd
  ethernets:
    ensXX:
      addresses:
        - 192.168.1.XXX/24
      gateway4: 192.168.X.X
      nameservers:
        addresses:
          - 1.1.1.1
          - 1.0.0.1

💡Tip The yaml format is very sensitive so make sure you DO NOT change any other thing aside from the X'es

• You can change the config setting according to the IP of your network device. To find out what it is just use ip a command you will be able to see a list of your network devices. |

  

  Here, the name of my device is ens33

SSH Access

Once your computer has a static IP address, you can use SSH to connect and remotely execute the commands in this guide. Open a command prompt on your daily use computer then type:

ssh username@server_ip

For example, if your username on your server is kpoli and your IP is 192.168.0.101, this would be:

ssh kpoli@192.168.0.101

Enter your password. Simply type your password and hit Enter; most Linux utility password prompts don't display it while you're typing it, so just type your password and press Enter.

SMB - Samba

SMB (Server Message Block) is a network protocol used for sharing files, printers, and other resources between computers on a local network. Windows file and printer sharing is based on SMB, which was first created by IBM and then embraced and expanded by Microsoft. Samba is an open-source implementation of the SMB protocol for Unix-like systems (Linux, macOS, etc.). It allows these systems to communicate with Windows clients and servers seamlessly

installation

Use the following command to install the SMB daemon on your server:

sudo apt install samba

After that, you will need a directory to hold the files you plan to share over the network. I decided to create mine in /media/ directory and named it myfiles.

sudo mkdir /media/myfiles

To prevent problems later, it is preferable to provide your user full permissions to this folder since other tools, such as Jellyfin, will probably need to access it.

sudo chown $USER: /media/myfiles

Configuration on your Server

To display the folder, the Samba settings needs to be changed. You can do that with sudo nano /etc/samba/smb.conf

Any attempts to log in with incorrect credentials will be handled by Samba as guest users by default. If you unintentionally connect with the incorrect password, this can cause problems on Windows because your shares won't show up.

• Scroll down with your down arrow keys until you find and modify the line:

map to guest = bad user

To

map to guest = never

Put these lines at the end of the file to add the newly formed folder to the shares:

[myfiles]
  path = /media/myfiles
  writeable=yes
  public=no

Here’s what the above lines mean:

• myfiles is your share name, and will be used when connecting over the network

• path is the folder that you shared from your server

• writable=yes allows creation and editing of files

• public=no hides the share if the user isn't authenticated After this is done, save the file by pressing Ctrl+X, then Y and Enter.

Finally, create a Samba password by running

sudo smbpasswd -a youruser

On client computers, you will use this password to gain access to the network storage. Run

sudo systemctl restart smbd

to restart Samba and ensure the changes take effect.

configure on your client- Windows

On your Windows PC, you can right-click This PC in the Explorer, and select Map network drive.

Enter your server's IP address after two backslashes, then click "Browse" to confirm that it is genuine and check that your files are present as they should be.

Jellyfin

Jellyfin is a utility for managing media, including music, movies, and television shows. To install it, run:

curl https://repo.jellyfin.org/install-debuntu.sh | sudo bash

After it has been installed, launch a browser and navigate to `<your_ip>:8096. You are free to configure your directories there. You can use your SMB Share to create directories and upload files, and then use the Jellyfin web interface to choose these folders.

Making Jellyfin Accessible Over the Internet (Cloudflare Tunnel + Custom Domain)

At this point, my media server was fully functional, but only accessible on my local network. I wanted to get over this restriction. However, the standard approach of exposing services using public IPs and router setup was not possible because my Internet Service Provider (ISP) does not permit port forwarding. I searched for a method to safely connect my local Jellyfin server to the internet without depending on open ports or a static IP address, as opposed to being limited to a LAN-only media configuration. I then used Cloudflare Tunnel, a safe and cost-free way to tunnel local services to the internet.

What is Cloudflare Tunnel?

Applications running on your private network, such as a self-hosted server, can be made publicly accessible with Cloudflare Tunnel (formerly known as Argo Tunnel) without requiring you to open any ports on your router or firewall. Since it makes use of outgoing connections, it is perfect in circumstances like mine, where port forwarding is not allowed.

Benefits of Using Cloudflare Tunnel

• No port forwarding or static IP required

• Secure, HTTPS-encrypted access to your local apps

• Works behind CG-NAT or ISP firewalls

• Free tier is more than enough for personal use

• Pairs easily with a custom domain name

Prerequisites

I am just going to assume you already have these prerequisites before moving on towards cloudflare tunnel

• Jellyfin media server running locally

• A Cloudflare account

• A custom domain added to Cloudflare (e.g., media.example.com)

• Docker and docker compose installed in your server

Setting up a Cloudflare tunnel

First, visit the Cloudflare website and log in to the dashboard

The Cloudflare tunnel settings are located in a different dashboard called Zero Trust so navigate towards it on the left hand side.

Now we can start setting up a new tunnel after navigating to /Networks/Tunnels and pressing Create a tunnel.

After clicking that you have to provide a name to your tunnel. You can give it any name you want.

After giving the tunnel the name and clicking next, it will give you instructions on how to install a small program called Cloudflare connector in your server(This is the part that initializes the secure remote tunnel from your local environment to the Cloudflare servers). I am going with the Docker version.

• also, it will give you a token for the tunnel, which should not be shared and kept secure. You will also need that token later while creating a Docker Compose file.

Creating the Docker Compose File

I will create a file named docker-compose.yml inside a directory in my server. And paste the following code inside the file using sudo nano docker-compose.yaml.

version: "3.9"
services:
  tunnel:
    container_name: cloudflared-tunnel
    image: cloudflare/cloudflared
    restart: unless-stopped
    command: tunnel run
    environment:
      - TUNNEL_TOKEN=[ paste the tunnel token provided by Cloudflare when you created the tunnel here]

Starting the docker container

Now just start the docker container by navigating to the path where you created the docker compose file and executing the following command

docker compose up -d

This should now pull the container image and start up the container you can further check if the container is running or not by executing the following command

docker compose ps

You should see something like this , with CONTAINER ID and other details to verify that the container is actually running.

Now switch back to the Cloudflare tunnel dashboard. If the status shows healthy, it means the tunnel is successfully connected to your home network and it is ready to be configured

Setup public hostname

Now that your Cloudflare Tunnel is live and showing as "Healthy", the final step is to expose your local service to the internet using a public hostname like:

https://media.yourdomain.com

To do that, go back to Cloudflare’s Zero Trust dashboard and edit your Cloudflare tunnel

After that, you can head over to public hostnames and click on add a public hostname. This is where you can expose multiple local services on the public internet by using a hostname on your public domain on Cloudflare.

So, if we want to access our local host container ( here Jellyfyn which hosts music ) we have to add a subdomain for it, like music on my public domain called suwaas.xyz.

After this, we just need to tell the tunnel which target URL it needs to connect to in this case my Jellyfyn server, hosted locally it would look something like 192.168.x.x:*port number*

Now, you should have noticed in the picture above that I have used the HTTP protocol, and HTTP traffic is always known to be unencrypted. However, in this case, the connection is only unencrypted between the Cloudflare tunnel container and the target URL in this case, the 192.168.0.206:6969. Everything else that is facing the public internet is covered by a trusted SSL certificate and proxied through Cloudflare with a encrypted HTTPS connection and that is all managed by Cloudflare servers.

CONGRATULATIONS!!!

After this, you should be able to access your container from anywhere.

📦 Get the Full Setup on GitHub

You can find the complete docker-compose.yml, static.yaml, sample configuration files, and a README in the GitHub repository:

👉 https://github.com/horayaar/selfhostedAF

Don't forget to ⭐ star the repo if you found it helpful!