Every time you upload a photo to iCloud, sync a note to Google, or back up a file to Dropbox, you're making a quiet trade: a little convenience now in exchange for a lot of leverage later. Leverage your provider can sell, share with law enforcement on a subpoena (or a National Security Letter you'll never see), lose to a breach, or revoke whenever their terms of service shift. For most people, that trade has felt invisible. In 2026, it stops feeling invisible the moment a breach notification lands in your inbox or an account gets locked because an algorithm decided your face in a family photo violated a policy.
This is the moment self-hosting stops being a hobbyist's pastime and starts being a basic privacy hygiene practice — like using a password manager, encrypted messaging, or a VPN. The good news: it has never been easier to start. The better news: the on-ramp now reaches all the way from a $80 Raspberry Pi sitting on a shelf to a rack of enterprise-grade gear humming in your basement, and you can climb that ladder one rung at a time.
This is your beginner's map. We'll walk through the major platforms in roughly the order of how hard they are to get running — from "plug it in and click through a wizard" all the way to "you're now a part-time sysadmin." For each one, you'll get the hardware you need, what it's actually good at, what it's not good at, and the trap doors to watch out for.
Why "sovereignty" — and why now
Self-hosting is the practice of running the software you depend on — file storage, photos, calendars, password managers, media servers, smart-home brains, even AI models — on hardware you physically own and control. The opposite of self-hosting is what most of the world does today: renting access to your own data from a handful of trillion-dollar companies.
"Sovereignty" is the word the self-hosting community has settled on because it captures something the word "privacy" alone misses. Privacy is about who can see your data. Sovereignty is about who decides what happens to it. When your photos live on your own server:
- No one can scan them for content moderation, train models on them, or hand them over without due process.
- No one can lock you out of your own account because of a billing mistake or a flagged AI heuristic.
- No one can change the terms of the deal six months from now, sunset the product, or paywall a feature that used to be free.
- You don't disappear when a company does.
That last one matters more than people realize. Cloud services die all the time — Google has a graveyard of them, and so does every other big provider. Your local server doesn't get sunset by a product manager.
The hardware: three tiers, real numbers
Before we talk software, let's talk about the box it runs on. Every self-hosting decision starts here, and the right hardware depends entirely on what you want to host. Below are the three tiers most people start in.
Tier 1 — The Raspberry Pi (and friends)
A Raspberry Pi 5 with 8GB of RAM, a decent microSD card or an M.2 SSD via the official HAT, a power supply, and a case will set you back roughly $120–$180 all-in. That single board can comfortably run an ad blocker, a password manager, a small file sync, a media server for one or two streams, a Bitcoin or Lightning node, and a smart-home hub. It pulls about as much power as a phone charger — you can leave it on 24/7 and not notice on your electric bill.
What it's not great for: transcoding 4K video to multiple devices, hosting AI models larger than a few billion parameters, or running anything that wants more than ~6GB of usable RAM. Storage on a Pi is also not where you want to put irreplaceable family photos as the only copy — SD cards die, and even SSDs in single-drive setups have no redundancy.
Tier 2 — The Mini PC / NUC / used office desktop
This is the tier most people land in once they catch the bug. A used Intel NUC, a Beelink mini PC, an HP/Lenovo Tiny/Mini/Micro from eBay, or a refurbished Dell Optiplex Micro can be had for $150–$400 and gives you 4–8 modern x86 cores, 16–32GB of RAM, and proper NVMe storage. That's enough to run dozens of containers, transcode 4K Plex/Jellyfin streams, host a Nextcloud instance for the whole family, run small local LLMs, and still have headroom.
The unsung win of this tier: x86 compatibility. Almost every self-hosted app in the world ships an AMD64 container first; ARM support is improving but still occasionally a footnote. A mini PC is also quiet, sips ~10–25W idle, and fits behind a monitor or in a media cabinet.
Tier 3 — The dedicated server / NAS
Once you start hosting other people's data — your spouse's photos, your parents' password manager, the family media library — you want real redundancy. That means multiple drives in a RAID or ZFS pool, ECC RAM if you can swing it, and ideally a backup target somewhere off-site. A purpose-built NAS like a Synology, QNAP, or a DIY build with TrueNAS or Unraid, or a used enterprise tower like an HP ProLiant or Dell PowerEdge, fits this slot. Budget: $500 at the absolute floor, $1,500–$3,000 is a more realistic family-server setup once you add drives.
You don't have to start here. Most people shouldn't.
The platforms — easiest to most challenging
1. Umbrel — the iPhone of home servers
Umbrel is, hands-down, the easiest way to get from "I've never self-hosted anything" to "I run a dozen services on my own hardware" — sometimes in under an hour. It started life in the Bitcoin community as a one-click full node, and has since evolved into a polished, browser-based home server OS with an app store of 300+ apps including Nextcloud, Immich, Jellyfin, Vaultwarden, Home Assistant, Pi-hole, and Ollama for local AI.
Hardware: Raspberry Pi 4 or 5, any x86-64 mini PC, a VM, or their pre-built Umbrel Home appliance. The Pi route is genuinely beginner-friendly — flash the OS image to an SSD, plug in, browse to umbrel.local, done.
Pros: Stunning UI. One-click installs. Active development. Massive app catalog. Genuinely no-Linux-knowledge-required for the basics. Hardware monitoring, encrypted backups, and unified login are built in.
Cons: Communications between your browser and Umbrel over your home network are plain HTTP by default — anyone on your Wi-Fi can technically intercept your passwords. (You can fix this with Tailscale or a reverse proxy, more on that later.) Some power users find the abstraction limiting; if you want to tweak a config file, you're often dropping into SSH. The Bitcoin heritage is still visible in the app catalog if that's not your scene.
Best for: Your first server. If you've never done this before, start here.
2. CasaOS — the Docker-friendly cloud OS
CasaOS takes a slightly different angle: instead of being its own operating system, it's a lightweight layer that installs on top of an existing Linux distribution (Debian, Ubuntu, Raspberry Pi OS) and gives you a beautiful web UI, an app store, and dead-simple Docker container management. If Umbrel is the iPhone, CasaOS is the friendly Android — slightly more open, slightly more "you can poke at things."
Hardware: Raspberry Pi (ARM), x86 mini PCs, the ZimaBoard/ZimaBlade hardware from the same team. Very flexible.
Pros: Drop-dead-easy Docker app installs from a curated store. Sits politely on top of an existing Linux install — you can keep your existing setup. Great file manager, network share creation (SMB), and storage management. Excellent for tinkerers who want a UI but don't want a walled garden.
Cons: Smaller official app catalog than Umbrel (though you can install any Docker container manually). Documentation is decent but skews toward the Zima hardware ecosystem. Not as opinionated about security defaults as Start9.
Best for: People who already have a Linux machine sitting around and want a friendly UI on top of it without committing to a single-vendor OS. Also a great fit if you want a step on the path toward learning Docker without being thrown in the deep end.
Worth noting: the same team also makes ZimaOS, which is a full standalone OS evolution of CasaOS aimed at NAS-style use cases — RAID, ZFS/Btrfs, SMB/NFS/iSCSI, even a built-in VM manager. If you're building a dedicated storage box on x86 hardware, ZimaOS is worth a look alongside TrueNAS.
3. YunoHost — the email-in-a-box European darling
YunoHost doesn't get the hype Umbrel does, but it's quietly one of the most powerful beginner-friendly self-hosting platforms — particularly if your goal is to replace cloud services like Gmail, Google Workspace, and shared family calendars. It's a Debian-based distro that bundles user management, email, XMPP chat, web hosting, single sign-on, and an app catalog of ~400 packaged services into one cohesive system.
Hardware: Raspberry Pi, ARM SBCs, x86 mini PCs, VPS, or repurposed old PCs. Famously light.
Pros: One of the only self-hosted platforms that takes self-hosted email seriously and actually makes it work (which is genuinely hard in 2026). Built-in user accounts and SSO across all installed apps. Strong security defaults. Excellent multi-user support — perfect for family/community servers. Active French/European open-source community with a long track record.
Cons: Web UI is functional but less polished than Umbrel or CasaOS. Email self-hosting still requires you to manage DNS records, reverse DNS, and a static IP or smart-host relay — YunoHost helps but doesn't magic it away. Smaller English-speaking community than the alternatives.
Best for: People serious about replacing the Google Workspace stack — email, contacts, calendar, file sync — for themselves or a small group, and willing to invest a weekend to learn the basics.
4. Home Assistant OS — sovereignty for your smart home
Worth a full call-out because most "smart home" devices today are surveillance devices in costume. Home Assistant OS is a purpose-built operating system that pulls every smart bulb, sensor, lock, camera, and thermostat in your house into one local system — and crucially, lets you cut the cloud cord on most of them. Your motion sensor data, your camera feeds, your routines: all stay in your house.
Hardware: Home Assistant Green ($99 official appliance), Raspberry Pi 4/5, any x86 mini PC, or a VM on Proxmox. The Yellow and Green appliances are explicitly designed for non-technical users.
Pros: The single best thing you can do for smart-home privacy. Massive integration catalog (3,000+ devices and services). Local voice control via the Assist + Whisper + Piper stack now competes with Alexa/Google for basic commands. Active, well-funded foundation behind it.
Cons: The learning curve to build serious automations is real. Some integrations still require cloud round-trips (especially older Wi-Fi devices). It's a deep rabbit hole — you've been warned.
Best for: Anyone who has more than three smart devices and doesn't want a permanent corporate eavesdropper in every room.
5. StartOS by Start9 — the sovereignty maximalist
StartOS is what you choose when you've read this far and thought, "I want the most private, most secure, most sovereign option, and I'm willing to give up some app variety to get it." Where Umbrel optimizes for ease, Start9 explicitly optimizes for security and ownership. It's a full Linux distribution (not an app you install on top of one), and the philosophical differences show up in real, measurable ways.
Hardware: Raspberry Pi 4 or x86-64 PC with at least 8GB RAM and a fast SSD. Start9 also sells the Server One appliance and a DIY kit if you don't want to source parts.
Pros: HTTPS over your local network by default — a concrete security upgrade over Umbrel. Encrypted backups built in (push a button, get a verifiable backup). Tor-first networking — every service gets a Tor address out of the box, so remote access doesn't require opening ports or trusting a third-party tunnel. Config management via rich web forms instead of SSH editing. Strong, opinionated philosophy that tracks with privacy values.
Cons: Smaller app catalog than Umbrel (~50 vs. 300+). Slightly steeper initial setup. The Tor-first model means some services feel snappier than others. Hardware compatibility is narrower.
Best for: Privacy-first users who would rather have 50 well-vetted services than 300 with looser security defaults. If you're comparing Start9 and Umbrel and you came here from a privacy podcast, Start9 deserves a serious look.
6. Unraid — the storage-first middle ground
Unraid sits in an interesting middle position: it's a paid, license-based OS (one-time purchase, three tiers) that does three things well — flexible array storage with mismatched drives, Docker container management, and full VMs — all from one polished web UI. It's the "I want one box that does everything, I'll pay for it, and I want it to just work" choice.
Hardware: x86-64 with at least one parity drive plus one or more data drives. Plays nicely with mismatched-size drives, which is huge if you're piecing together storage from what you have.
Pros: Best-in-class flexible storage — you can mix a 4TB, an 8TB, and a 12TB drive in the same array, expand later, and spin down idle drives to save power. Massive community plug-in ecosystem (Community Applications). Great Docker UI. Excellent for media servers + storage + a couple of VMs in one box. Long-term, well-supported, stable.
Cons: Costs money (currently $59–$249 depending on tier, one-time). Closed-source core. Parity-based array is slower than ZFS for some workloads. Not as security-hardened as Start9 out of the box.
Best for: The "one box for the whole house" build — media library, family file storage, a few VMs, smart home — when you're willing to pay for a smooth experience and value flexible storage above all else.
7. TrueNAS Community Edition — serious storage, free
TrueNAS Community Edition (the artist formerly known as TrueNAS Scale) is what you choose when storage is the point. Built on Debian Linux with OpenZFS at its core, it's the same software that runs in actual enterprise data centers — donated to the community, free forever. If you've ever been burned by a hard-drive failure that took irreplaceable data with it, this is the platform that makes that pain stop.
Hardware: x86-64, multiple drives in a ZFS pool, ECC RAM strongly recommended (8GB minimum, 16–32GB realistic). Will run on a repurposed desktop, but a proper NAS chassis with hot-swap bays is the dream setup.
Pros: ZFS is the gold standard of storage integrity — checksums on every block, snapshots, send/receive replication, self-healing. Excellent SMB/NFS/iSCSI sharing for any device on your network. Apps catalog (Docker-based) covers the popular self-hosted services. Best free option if your primary goal is "never lose a photo again."
Cons: Steeper learning curve around ZFS pool design — once you create a pool, expanding it is more constrained than Unraid. The TrueCharts community app catalog was deprecated in 2025, and the official app ecosystem is smaller. Not as fluent at running general-purpose containers as Proxmox or Unraid. UI for networking can be finicky.
Best for: The family archive — photos, videos, documents you genuinely cannot afford to lose. Pair it with off-site backups (Backblaze B2, another TrueNAS at a friend's house) and you have a real archival setup.
8. Docker — the universal currency
Docker isn't really an "operating system" in the same sense as the others — it's a container runtime, the thing that almost every other platform on this list uses under the hood to run apps. But once you graduate from the click-an-app-store world, learning to write your own docker-compose.yml file is the single highest-leverage skill in self-hosting. Every modern self-hosted app ships a Compose file. With Docker on plain Debian or Ubuntu, you can run any of them.
Hardware: Anything that runs Linux. A Pi, a mini PC, a VPS, an old laptop with a broken screen.
Pros: Universal — every project supports it. No vendor lock-in. The compose file is a portable, version-controllable definition of your entire stack. Pair with Portainer or Dockge for a friendly web UI. The skills transfer directly to Kubernetes, cloud-native development, and professional sysadmin work.
Cons: No app store, no hand-holding — you're reading docs and editing YAML. Networking, volumes, and reverse proxies are all your problem. Updates require thought. The terminal becomes a real part of your life.
Best for: The graduating self-hoster. Once Umbrel feels limiting, this is the next stop.
9. Proxmox VE — the homelab hypervisor
Proxmox VE is where you go when you stop running individual apps and start running entire operating systems — virtualized. It's a free, open-source, enterprise-grade hypervisor (the same category as VMware ESXi) with a polished web UI, full clustering support, and the ability to run unlimited Linux containers (LXC) and full virtual machines on one box. The classic "expert" homelab move is to install Proxmox on the bare metal, then run TrueNAS, Home Assistant OS, Umbrel, and a dozen LXC containers all on the same physical server.
Hardware: x86-64 with virtualization extensions (Intel VT-x or AMD-V). Decent CPU (4+ cores), 16GB+ RAM, multiple drives ideal. Used enterprise gear is a sweet spot.
Pros: Maximum flexibility — run anything that runs on a computer. Snapshots and backups of entire VMs are trivial. Excellent for testing — spin up a throwaway Ubuntu VM, break it, delete it, no harm done. Massive community, brilliant documentation, the de-facto homelab standard for a reason. Free with optional paid support subscription.
Cons: No app store. You're managing operating systems, not apps. Steeper conceptual model — you'll need to understand virtualization, networking bridges, storage backends. Updates require attention. Definitely not where a complete beginner should start.
Best for: The point in your journey where one box isn't enough and you want to run multiple full systems on one machine. Also great for anyone who wants real career-relevant infrastructure skills.
The killer app: Nextcloud (especially All-in-One)
Most people start self-hosting because they want to escape one specific service. For most newcomers, that service is some combination of Google Drive, Google Photos, Google Calendar, and Google Contacts. Nextcloud replaces all of them in one install — and the modern Nextcloud All-in-One (AIO) Docker image specifically exists to make this painless.
AIO bundles Nextcloud plus Talk (video calls), Office (collaborative docs), Whiteboard, Imaginary (image processing), and a backup system into a single managed Docker container. You get a setup wizard, automatic updates, and built-in encrypted backups. It runs on every platform above — Umbrel, CasaOS, TrueNAS, Unraid, Proxmox, plain Docker, all of it.
If your goal is "leave Google," Nextcloud AIO on a mini PC with a couple of TB of storage and Tailscale for remote access is a complete answer. Many people never need to go further than this.
Remote access without exposing yourself
Here's the wall almost every beginner hits: "Great, I have a server at home — how do I get to it from my phone when I'm not on Wi-Fi?" The historical answer was "open a port on your router and hope for the best," and it is also the fastest way to get your server compromised.
In 2026, you have three sensible options, in roughly the order most beginners should consider them:
Tailscale — A managed mesh VPN built on WireGuard. You install it on your server and your phone/laptop. They magically find each other through Tailscale's coordination service, and your devices talk over an encrypted tunnel as if they were on the same LAN. Free for personal use up to 100 devices. Setup time: about ten minutes. Honestly the right answer for 90% of self-hosters. The trade-off is that Tailscale (the company) operates the coordination layer — they don't see your traffic, but they do see metadata. If that bothers you, run Headscale, a self-hosted, open-source coordination server that speaks the same protocol.
Cloudflare Tunnel — Lets you expose a specific service (your Nextcloud, your photo gallery) to the public internet without opening any ports on your router. Cloudflare proxies the traffic. Free tier is generous. Trade-off: Cloudflare sees your traffic in transit (it has to, to terminate TLS). Fine for things you'd be comfortable hosting on a public web server, less ideal for sensitive data. Works beautifully for sharing one specific service publicly.
Reverse proxy + your own VPN (WireGuard) — The maximum-sovereignty option. You run a reverse proxy like Caddy or Nginx Proxy Manager on your server, expose it through a self-hosted WireGuard tunnel from a small VPS, and pay no third party for the privilege. More setup, more knobs. Worth it once you have the chops.
The order to learn these in: Tailscale first (you'll be done by lunch), then Cloudflare Tunnel for anything you want to share with non-technical family, then a fully self-hosted reverse proxy when you're ready.
Which one should you start with?
If you've never self-hosted anything in your life and you want a single sentence: buy a Raspberry Pi 5 with 8GB of RAM, install Umbrel on it, install Pi-hole and Vaultwarden as your first two apps, and put Tailscale on your phone. That's a real, working, useful private setup you can stand up in an afternoon for under $200, and it will teach you everything you need to know to choose the next step.
From there, here's the rough decision tree:
- Want maximum ease, don't mind a curated app store → Umbrel.
- Want maximum sovereignty and security defaults → Start9 / StartOS.
- Already have a Linux box, want a UI on top → CasaOS.
- Want to escape the Google stack, including email → YunoHost.
- Have lots of smart-home devices → Home Assistant OS (often alongside one of the above).
- Storage is the whole point, family archive matters → TrueNAS Community Edition.
- Want one box that does everything and don't mind paying → Unraid.
- Ready to write your own Compose files → Docker on plain Debian.
- Want to run multiple full operating systems on one box → Proxmox.
One more thing worth saying out loud: you don't have to pick just one. The most common trajectory we see in the community looks like Pi + Umbrel for six months → mini PC + CasaOS or Docker for a year → Proxmox running TrueNAS, Home Assistant, and a couple of LXC containers on a used enterprise tower. Each step teaches you the next one.
Sovereignty is a practice, not a purchase
The thing nobody tells you when you're starting out is that self-hosting changes how you think about software. Once you've run your own photo gallery, the next time a cloud provider raises prices or quietly trains a model on user uploads, you'll feel the difference between a tenant and an owner. That feeling is the whole point.
You won't replace every service overnight, and you shouldn't try. Pick one — your password manager, your photos, your DNS, your smart home — and reclaim it this month. Then pick the next one next month. Six months in, you'll look up and realize that a meaningful slice of your digital life now lives on a small box humming quietly in a closet, answering only to you.
That's sovereignty. Welcome to the network.
Got questions about a specific platform, hardware build, or migration? Reply to this post or drop a note — we read every one, and reader questions often become future episodes.