James Hendershott

Case study

Home Server Infrastructure

44 Docker containers, 4 networks, 128 TB storage, 5 database instances, 23 HTTPS subdomains, 20+ automation scripts. Self-built and self-maintained for 2+ years. This is all my work.

Home Server Infrastructure screenshot
DockerNginxLinuxUnraidBashNetworkingMariaDBPostgreSQLMongoDB

Overview

This is my strongest technical asset. I built and maintain a production homelab on enterprise hardware, running 44 Docker containers across 4 isolated networks. Everything here is my work — learned through documentation, YouTube, Google, and trial and error over 2+ years. No AI built this.

Hardware

ComponentSpec
ServerDell PowerEdge R730
CPU2x Intel Xeon E5-2690 v3 (48 threads)
RAM128 GB ECC DDR4
GPUNVIDIA Quadro P2000 (hardware transcoding)
Storage~128 TB raw across 10 data disks + dual parity
Cache1 TB NVMe (appdata, Docker, VMs)
OSUnraid 7.x

What I Built and Maintain

Nginx Reverse Proxy: Managing 23 HTTPS subdomains with automated Let's Encrypt SSL certificates, local DNS server (dnsmasq), and proper certificate chain configuration.

VPN Access: WireGuard and Tailscale for secure remote access from anywhere.

5 Database Instances: MariaDB, PostgreSQL, and MongoDB. I perform SQL queries, data cleanup, and cross-database audits.

20+ Automation Scripts: Bash and Python scripts on cron schedules for health monitoring, data pipelines, library management, and backup automation.

4 Docker Networks: Isolated bridge networks for service separation and security.

Architecture

All services run as Docker containers on isolated bridge networks, routed through Nginx Proxy Manager for TLS termination and subdomain routing. External access uses Cloudflare DNS with proxy entries for each service.

Internet → Cloudflare DNS → Router (port forward)
  → Nginx Proxy Manager (TLS + subdomain routing)
    → Container network (shottsproxy)
      → Individual services (Plex, Vaultwarden, *Arr stack, etc.)

Services (44 Containers)

Media Management (Arr Stack): Radarr, Sonarr, Lidarr, Readarr, Speakarr — automated media acquisition with hardlink-compatible mount configuration and TRaSH Guides quality profiles.

Media Servers: Plex (hardware transcoding via P2000), Audiobookshelf, Kavita, BookLore, RomM.

Download Clients: qBittorrent with VPN routing, NZBGet for Usenet.

Request Management: Seerr for user-facing media requests with approval workflows.

Infrastructure: Nginx Proxy Manager (reverse proxy + TLS), Vaultwarden (password management), Homarr (dashboard), Tailscale (VPN mesh).

Monitoring: Netdata for real-time system metrics, Tautulli for Plex analytics, Notifiarr for notifications.

Utilities: Flaresolverr (CAPTCHA solving for indexers), Recyclarr (TRaSH profile sync).

Problems I've Solved

These are real infrastructure issues I diagnosed and fixed myself:

  • Hairpin NAT: Local devices couldn't reach services through the public domain. Configured split-DNS with dnsmasq to resolve internally.
  • SSL certificate chain compatibility: Some clients rejected Let's Encrypt certs. Debugged the chain and configured proper intermediate certificate delivery.
  • ISP bridge mode: Needed to bypass ISP router for proper port forwarding. Configured bridge mode and set up my own router.
  • Docker networking: Containers on different bridge networks couldn't communicate. Set up proper network attachments and routing.
  • GPU driver configuration: Getting the Quadro P2000 working for hardware transcoding in Docker required driver installation, device passthrough, and container configuration.

Storage Design

Unraid's array provides dual-parity protection (survives 2 simultaneous disk failures). NVMe cache pool handles Docker appdata and VM storage. User shares organized for hardlink compatibility — critical for the Arr stack to avoid duplicate copies.

Key Decisions

  • Single /data mount pattern for all Arr containers to preserve hardlinks
  • Dual parity over RAID for flexibility with mixed disk sizes
  • Subdomain routing (*.shottsserver.com) instead of port-based access
  • Network isolation via Docker bridge networks rather than host networking

What I Learned

  • Linux system administration from scratch
  • Docker orchestration at scale (44 containers, 4 networks)
  • Reverse proxy configuration with automated TLS
  • Storage architecture: parity, cache tiers, and hardlink strategies
  • Network security: VPN routing, firewall rules, DNS management
  • Database administration across multiple engines
  • Bash scripting for automation
  • Debugging complex infrastructure issues without a team to ask

Notes

This is an infrastructure project without a public repository. Configuration and documentation are maintained privately.