Welcome to the ultimate home server setup guide tailored for users who want powerful, secure, and remote access without opening router ports. Whether you’re running an HP DL380 or any other local server, this guide walks you through everything — from installing Proxmox, setting up Debian VMs with Docker and OpenMediaVault, to enabling secure access using Tailscale and Cloudflare Tunnel.


✅ Prerequisites

  • A local server (e.g., HP DL380)

  • A domain name (e.g., yourdomain.com)

  • Cloudflare account (free)

  • Tailscale account (free)

  • Basic Linux knowledge


1. Install Proxmox VE on Your HP Server

  1. Download Proxmox ISO from the official website.

  2. Flash it to a USB using Rufus or Balena Etcher.

  3. Install it on your HP server.

  4. Access Proxmox via https://<your-local-ip>:8006

    • Use tailscale ip to get your Proxmox IP and access from any other Tailscale-connected device (phone, laptop, etc.).

    • You can even use VS Code Remote SSH or mobile SSH apps.


2. Install and Access Proxmox Using Tailscale

Tailscale allows secure VPN-like access without exposing ports.

On Proxmox Host:

curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up

✅ Now access Proxmox from anywhere using its Tailscale IP or MagicDNS hostname.

  • Sign in with your Gmail or GitHub account and authorize the device.

  • Install Tailscale in VM (optional):

    • For each Linux VM, install Tailscale to access it directly via Tailscale IP.

    • Alternatively, just SSH or access VMs through the Proxmox shell.


3. Create a Debian VM with:

  • OpenMediaVault (OMV) for NAS management

  • Docker for apps

  • CasaOS for an easy app store experience

Debian Setup (inside VM):

sudo apt update && sudo apt upgrade -y

Install Tailscale, Docker, and Docker Compose:

curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up

sudo apt install -y docker.io docker-compose
sudo systemctl enable --now docker

Install OMV and CasaOS following official instructions or use Docker images.


4. Access OMV & CasaOS via Tailscale

  • OMV: http://<tailscale-ip>

  • CasaOS: http://<tailscale-ip>:3000 (or assigned port)

✅ No router port forwarding needed!

Add Shared Storage (NAS) to OMV

  • Mount and format your HDD/SSD/RAID drives.

  • Use OMV to create:

    • SMB/NFS shares

    • Docker volumes from storage

This is perfect for:

  • Media sharing (e.g., Jellyfin, Plex)

  • Backups

  • Nextcloud or Photoprism


Use CasaOS to Deploy Apps Easily

CasaOS is great for 1-click Docker apps like:

  • Jellyfin / Plex (Media Server)

  • Nextcloud (Cloud Storage)

  • qBittorrent / Transmission (Torrent Client)

  • FileBrowser / Syncthing

  • Nginx Proxy Manager (Reverse proxy with SSL support)

Want a list of recommended apps based on your setup?


Backup & Snapshots

You can:

  • Use Proxmox to back up the full VM

  • Or, configure Duplicati / Restic / Rsnapshot inside Debian for file-level backup

  • Store backups on:

    • External drive

    • Another VM/NAS

    • Cloud (optional, via rclone)


Enhance Docker Management

Consider adding:

  • Portainer (optional): Web-based Docker manager

    bash

    CopyEdit

    docker run -d -p 9000:9000 \ -v /var/run/docker.sock:/var/run/docker.sock \ portainer/portainer-ce

  • Watchtower: Auto-update containers

    bash

    CopyEdit

    docker run -d \ --name watchtower \ -v /var/run/docker.sock:/var/run/docker.sock \ containrrr/watchtower


🛡️ Security Tips

  • Use Tailscale ACLs to limit access to your OMV/CasaOS only from certain devices.

  • Disable unused services in OMV.

  • Keep your containers updated.


💡 Bonus Ideas

  • Turn this VM into a home automation hub (add Home Assistant).

  • Run a private media cloud (Jellyfin + Nextcloud + Photoprism).

  • Setup self-hosted Git, Gitea or Forgejo.

  • Create public-access (zero ports) services using Cloudflare Tunnel if needed.


5. External Access with Domain + SSL (No Port Forwarding)

Using Cloudflare Tunnel:

✅ Requirements:

  • A domain (e.g. yourdomain.com)

  • Free Cloudflare account

  • Cloudflare Tunnel (via cloudflared)

⚙️ Steps:

Install cloudflared inside your VM:

wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
sudo dpkg -i cloudflared-linux-amd64.deb

Login and create a tunnel:

cloudflared tunnel login
cloudflared tunnel create my-tunnel

It will open a browser where you select your domain.

Create config file:

sudo nano /etc/cloudflared/config.yml

Example for CasaOS:

tunnel: my-tunnel
credentials-file: /root/.cloudflared/my-tunnel.json

ingress:
  - hostname: casa.yourdomain.com
    service: http://localhost:3000
  - service: http_status:404

Route domain:

cloudflared tunnel route dns my-tunnel casa.yourdomain.com
cloudflared service install
sudo systemctl start cloudflared

✅ Now access CasaOS via https://casa.yourdomain.com with SSL.


6. Optional Ready-Made Ubuntu Setup Script

Use this script to create a base VM template:

#!/bin/bash
sudo apt update && sudo apt upgrade -y

# Install Tailscale
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up

# Install Docker
sudo apt install -y docker.io docker-compose
sudo systemctl enable --now docker

# Install Cockpit
sudo apt install -y cockpit
sudo systemctl enable --now cockpit.socket

✅ Cockpit Web UI: https://<tailscale-ip>:9090


7. Proxmox Monitoring via Prometheus & Grafana

Option A: Use prometheus-pve-exporter

  • Export Proxmox metrics

  • Connect to Prometheus & Grafana dashboards

Option B: Docker Stack:

version: '3'
services:
  prometheus:
    image: prom/prometheus
    ports:
      - 9090:9090

  grafana:
    image: grafana/grafana
    ports:
      - 3000:3000

Import Proxmox dashboard JSON into Grafana.


8. VM Firewalling (Tailscale ACLs or Proxmox)

Tailscale ACLs:

Edit at: https://login.tailscale.com/admin/acls

{
  "ACLs": [
    {
      "Action": "accept",
      "Users": ["[email protected]"],
      "Ports": ["debian-vm:22", "debian-vm:3000"]
    }
  ]
}

Proxmox Firewall:

Enable in Datacenter → Firewall, then configure per-VM or node-wide rules.


9. Security Checklist

  • ✅ Use Tailscale + ACLs

  • ✅ Keep Proxmox & VM OS updated

  • ✅ Isolate containers

  • ✅ Use Watchtower to keep Docker apps updated

  • ✅ Use strong passwords or SSH keys

  • ✅ Disable root SSH login (use sudo user)


🎯 What You Can Host:

  • Media Server (Jellyfin, Plex)

  • Cloud Storage (Nextcloud)

  • File Sharing (OMV, FileBrowser)

  • Automation (Home Assistant)

  • VPN Gateway (via Tailscale exit node)

  • Public Sites (Ghost, WordPress, etc.)


You now have a full-featured remote-accessible, firewalled, and secure homelab or personal server setup. Everything is done without exposing ports thanks to Tailscale and Cloudflare Tunnel.

Post your experience, share your setup screenshots, or ask for help at EngineerHow.com

Stay tuned for our upcoming guide: “Best Docker Apps for Self-Hosting in 2025”