Beginner Homelab on a Raspberry Pi

Raspberry Pi
Self-Hosting
Tailscale
Docker
Networking
A beginner-friendly, build-one-job-at-a-time guide to a private Raspberry Pi homelab on Tailscale: media streaming, network-wide ad blocking, pretty HTTPS URLs, a one-URL dashboard, phone access, and a VPN — with no port forwarding and nothing exposed to the public internet.

View on GitHub

This is a beginner-friendly guide to building a real homelab on a Raspberry Pi from scratch. Along the way you’ll learn how to self-host services, block ads across your network, securely access your Pi from anywhere, create HTTPS URLs for local services, and understand the networking concepts that make it all work.

My goal wasn’t to get a bunch of containers running. It was to understand what each piece does, why it’s there, and how everything fits together. I made this guide for similarly-minded people. Every chapter focuses on a single job, helps you to verif that it works, and then builds on top of it.

The homelab is private by default. Services are accessed through Tailscale rather than being exposed to the public internet, so there is no port forwarding, no dynamic DNS, and no need to open ports on your router.

By the end you’ll have a Raspberry Pi that can host your media, block ads across your network, provide a centralized dashboard for managing services, securely connect to your devices from anywhere, and optionally route traffic through a privacy-focused VPN.

Current stack:

  • A Raspberry Pi foundation with Ubuntu Server, SSH, Docker, and Tailscale.
  • Audiobookshelf for self-hosting audiobooks, podcasts, language courses, and other spoken audio.
  • Pi-hole for network-wide ad and tracker blocking.
  • Caddy for HTTPS reverse proxies and memorable URLs like https://pihole.home and https://abs.home.
  • Homepage and Portainer for a centralized dashboard and service management interface.
  • Remote access from phones, laptops, and other devices without exposing anything to the public internet.
  • VPN integration using Mullvad, Tailscale exit nodes, and an exploration of the privacy, security, and usability tradeoffs involved.

How the guide is written

  • Build one thing at a time. Each chapter has a single objective and verifies that it works before moving on.
  • Manual steps come first. Helper scripts are included where useful, but you always see what they’re doing.
  • Safe for public repositories. Secrets live in git-ignored files and every example uses placeholders.
  • Fully reproducible. The Quarto source generates the chapter READMEs, individual PDFs, and the complete guide.

Along the way you’ll also pick up practical knowledge about Docker, DNS, VPNs, TLS certificates, reverse proxies, local networking, and the tradeoffs involved in modern self-hosting.

Built with: Raspberry Pi · Ubuntu Server · Docker Compose · Tailscale · Pi-hole · Caddy · Audiobookshelf · Homepage · Portainer · Quarto