I turned a Raspberry Pi into a fully-featured home server running 10+ Docker services — from network-wide ad blocking and real-time monitoring to a personal dashboard accessible from anywhere via my own domain.
Why a Home Server?
Working with cloud infrastructure professionally, I wanted to apply the same principles at home. The Pi sits on my desk in an aluminum heatsink case with dual fans — compact, silent under load, and always on. Despite its size, it comfortably runs a dozen containerized services simultaneously. The goal was simple: build a self-hosted environment that gives me full control over my network, eliminates ads across all devices, and provides a single pane of glass for everything running at home.
The Command Center — Homepage Dashboard
At the heart of the setup is Homepage — an open-source dashboard that aggregates data from every service into a single view. The top bar displays real-time system metrics: CPU usage, available memory, SoC temperature, and uptime. Below that, service widgets pull live data — Pi-hole query stats, container states from Portainer, internet speed from the latest Speedtest run, and uptime percentages from Uptime Kuma.
The dashboard is accessible externally at home.pavlohorniak.me through a
Cloudflare Tunnel, protected by Zero Trust access policies. Locally, it runs on port 3000
and serves as the daily starting point for checking on the server's health.
Network-Wide Ad Blocking — Pi-hole
Pi-hole was the first service I deployed, and it remains one of the most impactful. Acting as a DNS sinkhole, it intercepts DNS queries across the entire local network and blocks requests to known advertising and tracking domains. There are no per-device configurations or browser extensions needed — every device connected to the network benefits automatically.
The Pi-hole dashboard shows the numbers: over 46,000 DNS queries processed, with 7.4% blocked against a blocklist of 76,456 domains. The query log and client activity charts provide granular visibility into what's happening on the network at any given moment.
Monitoring Stack
System Metrics — Netdata
Netdata provides deep, real-time observability into the Pi's hardware and OS performance. It tracks hundreds of metrics out of the box — CPU utilization per core, memory pressure, disk I/O, network throughput, and running processes — all with per-second granularity and zero configuration.
Service Uptime — Uptime Kuma
Uptime Kuma continuously monitors every service running on the server. It pings each endpoint at regular intervals and tracks response times, HTTP status codes, and availability percentages. If a service goes down, I get notified immediately.
All 9 monitored services are showing 100% uptime with 200 - OK responses.
The heartbeat bars on the left provide a visual history — solid green across the board.
This kind of visibility is essential when running services that you depend on daily.
Terminal Monitoring — btop
For quick SSH sessions, btop gives an interactive overview of the system directly in the terminal — CPU load, memory usage, disk activity, network bandwidth, and a process tree. It's the fastest way to diagnose issues when I'm already connected via SSH.
Container Management — Portainer
With 8+ containers running simultaneously, having a proper management interface is important. Portainer provides a web UI for Docker — I can start, stop, restart, and inspect containers, view logs, manage images, and monitor resource usage without touching the command line.
The container list shows everything at a glance: names, states, source images, and creation timestamps. All containers show running or healthy status. Combined with Watchtower running automated updates every night at 4 AM, and Dozzle for real-time log streaming, container operations are effectively hands-off.
Exposing It to the Internet
Making services accessible outside the local network without exposing the Pi's IP or opening router ports was a key requirement. Cloudflare Tunnel solves this by establishing a secure outbound connection from the Pi to Cloudflare's edge network. Traffic flows through Cloudflare's infrastructure — the Pi's actual IP address is never revealed.
I pointed my domain pavlohorniak.me to Cloudflare, configured the tunnel
with Nginx as a local reverse proxy, and set up subdomain routing:
home.pavlohorniak.me— Homepage dashboardpavlohorniak.me— portfolio (GitHub Pages)
The tunnel runs as a systemd service, so it starts automatically on boot
and reconnects if the connection drops. Fully automated, no maintenance required.
Cloudflare's analytics panel shows the traffic flowing through the tunnel — unique visitors, total requests, cache hit ratio at 82%, and bandwidth served. Having this level of insight into external access patterns is a bonus of routing through Cloudflare.
Security — Cloudflare Zero Trust
To protect the dashboard from unauthorized access, I configured
Cloudflare Zero Trust Access with a one-time PIN policy. Anyone
attempting to access home.pavlohorniak.me is prompted for an email
verification — a PIN is sent to my email, and only a valid code grants access.
No VPN, no client software, no exposed credentials. Just a simple, secure
authentication layer at the edge.
The Full Service Map
| Service | Role |
|---|---|
| Pi-hole | Network-wide DNS ad blocking |
| Homepage | Central service dashboard |
| Netdata | Real-time system monitoring |
| Portainer | Docker container management UI |
| Speedtest Tracker | Automated internet speed testing |
| Uptime Kuma | Service availability monitoring |
| IT Tools | 50+ developer utilities |
| Watchtower | Automated container updates |
| Dozzle | Real-time Docker log viewer |
| What's Up Docker | Container update tracking |
| NetAlertX | Network device discovery |
| Cloudflare Tunnel | Secure external access |
| Nginx | Reverse proxy |
What's Next
The server is stable and running 24/7 with minimal intervention. But the beauty of a home server is that it's never truly "done." A few services I'm planning to add:
- Jellyfin — self-hosted media streaming
- Vaultwarden — self-hosted Bitwarden-compatible password manager
- Immich — automatic photo and video backup from mobile
- Telegram bot — daily server digest with Pi-hole stats, temperature, and uptime
This project turned out to be a great intersection of my professional DevOps experience and personal curiosity. Everything I use at work — Docker, reverse proxies, DNS, tunnels, monitoring — applied to a tangible system sitting in my apartment. If you've got a spare Raspberry Pi, I'd recommend giving it a purpose.