Feb 10, 2026

The Complete Guide to Self-Hosting in 2026: Replace Every Cloud Service You Use

You pay $6.99/month for Google One. $9.99 for iCloud+. $11.99 for Dropbox Plus. $3 for a password manager. $13.99 for a family Spotify plan that keeps getting more expensive. A few bucks here for analytics, a few there for monitoring.

Add it all up and you’re spending $50 to $120 per month on cloud services that store your data on someone else’s computer, scan your files to train AI models, and can change their terms or raise prices whenever they feel like it.

There’s another way. In 2026, the self-hosting ecosystem has matured to the point where a single $200 mini PC can replace nearly every cloud service you use — and you don’t need a computer science degree to set it up. This guide will walk you through the entire process, from choosing hardware to deploying your first services.

TL;DR

A $150-$300 mini PC can replace $50-$120/month in cloud subscriptions, paying for itself in 2-5 months.
Docker Compose makes deploying self-hosted apps as simple as editing a text file and running one command.
Start with Nextcloud (cloud storage), Vaultwarden (passwords), and Immich (photos) — they replace the services most people pay for.
Use Cloudflare Tunnels or a reverse proxy like Caddy for secure remote access without exposing your home IP.
Backups are non-negotiable. Follow the 3-2-1 rule or you will lose data eventually.

Why Self-Host in 2026?

Privacy That Actually Means Something

Google scans your Drive files. Apple scans your iCloud photos. Microsoft trains Copilot on your documents. In 2026, nearly every major cloud provider uses customer data for AI training unless you explicitly opt out — and even then, the “anonymized” telemetry they collect is substantial.

When you self-host, your data stays on hardware you physically control. Your family photos aren’t feeding an image model. Your notes aren’t training a language model. Your email isn’t being parsed for ad targeting.

Real Cost Savings

Here’s a breakdown of what a typical tech-savvy household pays monthly for cloud services:

Service	Cloud Cost/Month	Self-Hosted Alternative
Google One 2TB	$13.99	Nextcloud
iCloud+ 200GB	$3.99	Nextcloud
Bitwarden Family	$3.33	Vaultwarden
Google Photos Storage	(included above)	Immich
Spotify/Music	$13.99	Jellyfin + Navidrome
Plex Pass	$4.99	Jellyfin
Notion (team)	$8.00	Obsidian Livesync
Simple Analytics	$19.00	Umami / Plausible
Mailbox.org	$3.00	Mailcow
Total	$70.29	$0 (after hardware)

A $250 mini PC pays for itself in under four months. Even factoring in electricity ($5-8/month for a low-power machine) and a domain name ($12/year), you’re saving $700+ annually.

Control and Longevity

Remember when Google killed Google Domains? Or when Photobucket held everyone’s images hostage? Or when Notion had that 4-hour outage that took down half the internet’s project management?

Self-hosted services don’t have a product manager who can decide to pivot, a CFO who can raise prices, or an acquirer who can shut everything down. Your Nextcloud instance will keep running until you decide to stop it.

Learning That Pays Off

Setting up a home server teaches you Linux administration, networking, Docker, DNS, TLS certificates, and backup strategies. These are real, marketable skills. More than a few people have landed DevOps roles partly because they could talk fluently about their home lab setup in interviews.

Choosing Your Hardware

You don’t need a rack-mounted server. You don’t need 128GB of RAM. For most self-hosting setups, you need surprisingly little.

Tier 1: The Old Laptop ($0)

If you have a laptop from 2018 or later sitting in a drawer, it’s probably good enough to start. An Intel i5 or Ryzen 5 with 8GB of RAM can comfortably run 10-15 Docker containers. The built-in battery even acts as a basic UPS.

Pros: Free, built-in UPS, built-in display for debugging. Cons: Higher power consumption (15-45W), fans can be noisy, not designed for 24/7 operation.

Tier 2: Mini PCs ($150-$350) — The Sweet Spot

This is what most people should buy. Mini PCs are designed for low power consumption, they’re silent or near-silent, and they’re small enough to hide behind a monitor.

Top picks for 2026:

Beelink SER5 (Ryzen 5 5560U) — $180, 6 cores, supports up to 64GB RAM. The best bang-for-buck option.
Beelink EQ12 (Intel N100) — $150, 4 cores, 16GB RAM. Ultra-low power (6-12W idle). Perfect if you’re running fewer than 10 services.
Minisforum UM690S (Ryzen 9 6900HX) — $350, 8 cores. Overkill for most people, but great if you want to run Immich’s machine learning features locally.

All of these run Proxmox, Ubuntu Server, or Debian without issues. Add a 1TB NVMe SSD ($60) and you’re set for most use cases. If you need bulk storage for media, add an external USB 3.0 drive or a NAS.

Tier 3: NAS Devices ($300-$800)

A dedicated NAS like the Synology DS224+ ($300 without drives) or QNAP TS-264 ($350) gives you hardware RAID for redundancy and a polished management interface. Both run Docker natively now.

Best for: People who prioritize data redundancy and want a turnkey experience. Drawback: Less flexible than a mini PC, slower CPUs, proprietary OS quirks.

Tier 4: Proxmox Server ($400-$1000+)

For the enthusiast who wants to run everything — multiple VMs, containers, a firewall appliance, maybe even a Windows gaming VM with GPU passthrough. Buy a used Dell OptiPlex Micro or HP EliteDesk from eBay ($150-$250), max out the RAM, and install Proxmox VE.

Proxmox lets you create isolated virtual machines and LXC containers, so you can run your production services separately from your experiments. If you break something in a test VM, your Nextcloud instance keeps humming along.

Essential Self-Hosted Services: What to Replace

Cloud Storage: Nextcloud

Replaces: Google Drive, Dropbox, OneDrive

Nextcloud is the backbone of most self-hosting setups. It handles file sync, calendar, contacts, collaborative document editing (via Nextcloud Office or OnlyOffice), and has a mobile app for auto-uploading photos.

What to expect: The web interface is functional but not as polished as Google Drive. The desktop sync client, however, is solid. Calendar and contacts sync works perfectly with CalDAV/CardDAV.

Resource usage: ~512MB RAM idle, spikes during file indexing.

For a complete Docker Compose setup, check out our guide on deploying 10 essential self-hosted apps with Docker Compose.

Photos: Immich

Replaces: Google Photos, iCloud Photos, Amazon Photos

Immich is the standout self-hosted project of the past two years. It looks and feels almost exactly like Google Photos — facial recognition, map view, memories, shared albums, and a mobile app that auto-uploads your camera roll.

What to expect: The machine learning features (face detection, object recognition, CLIP search) work best with at least 4GB of RAM dedicated to them. On an N100 mini PC, initial photo processing is slow but manageable. On a Ryzen 5, it’s quite fast.

Resource usage: 1-4GB RAM depending on ML features. Plan for 15-20GB of storage per 1,000 photos (including thumbnails and ML data).

Media Server: Jellyfin

Replaces: Plex, Netflix (for your own media library), Spotify (with Navidrome as a companion)

Jellyfin is completely free and open source — no “premium” tier, no account creation, no telemetry. It handles movies, TV shows, music, and live TV/DVR. The Android, iOS, and smart TV apps have improved dramatically in 2025-2026.

What to expect: Hardware transcoding works out of the box with Intel Quick Sync (all the mini PCs listed above support it). Most direct-play scenarios use negligible CPU.

Password Manager: Vaultwarden

Replaces: Bitwarden, 1Password, LastPass

Vaultwarden is an unofficial Bitwarden-compatible server written in Rust. It uses around 30MB of RAM (compared to the official Bitwarden server’s 2GB+), supports all Bitwarden client apps, and includes premium features like TOTP generation and file attachments for free.

What to expect: Set it up once and forget about it. The official Bitwarden browser extensions, desktop apps, and mobile apps all work seamlessly. This is the single easiest self-hosted service to deploy and the one with the biggest quality-of-life improvement.

Security note: This is arguably the most critical service you’ll self-host. Use a strong master password, enable HTTPS, and back up the database religiously.

Email: Mailcow

Replaces: Gmail, Outlook, ProtonMail, Fastmail

Self-hosting email is the final boss of self-hosting. It works, but it’s the most maintenance-intensive service on this list. Mailcow bundles Postfix, Dovecot, SOGo (webmail), ClamAV (antivirus), Rspamd (spam filtering), and a slick admin UI into a Docker Compose stack.

What to expect: The initial setup takes 1-2 hours. The ongoing challenge is email deliverability — you need proper SPF, DKIM, and DMARC records, a clean IP address, and patience. Many residential IP ranges are pre-blocked by major email providers.

Honest recommendation: Start with a VPS for email (Hetzner’s CX22 at $4.50/month works well) rather than running it from home. Use your home server for everything else.

DNS & Ad Blocking: Pi-hole or AdGuard Home

Replaces: Cloud-based DNS, browser ad blockers (partially)

Pi-hole or AdGuard Home acts as your network’s DNS server and blocks ads, trackers, and malware domains at the DNS level. Every device on your network benefits — including smart TVs and IoT devices that you can’t install a browser extension on.

Pi-hole is the veteran choice. Rock-solid, well-documented, huge community. AdGuard Home has a more modern UI, built-in DNS-over-HTTPS/TLS, and slightly easier initial setup.

Both use negligible resources. Pick whichever UI you prefer.

Analytics: Plausible or Umami

Replaces: Google Analytics

If you run any websites, you don’t need Google Analytics watching your visitors. Plausible and Umami are privacy-focused, cookie-free analytics tools. They give you pageviews, referrers, country data, and device breakdowns without the GDPR compliance headaches.

Plausible has a more polished UI and easier setup. Umami is lighter on resources and more customizable.

Notes: Obsidian Livesync

Replaces: Notion, Evernote, Apple Notes (sync functionality)

If you use Obsidian (and in 2026, an enormous number of developers do), Obsidian Livesync lets you sync your vault across devices using a self-hosted CouchDB instance. No Obsidian Sync subscription needed.

Resource usage: CouchDB uses about 100MB of RAM. Setup takes 15 minutes.

Docker Compose: The Foundation of Self-Hosting

If you’re new to Docker, here’s the 60-second version: Docker packages applications into containers that include everything they need to run. Docker Compose lets you define multiple containers in a single YAML file and start them all with one command.

Installing Docker

On Ubuntu or Debian:

curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker $USER
# Log out and back in for group change to take effect

Your First docker-compose.yml

Here’s a minimal example that runs Vaultwarden:

version: "3.8"
services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: unless-stopped
    volumes:
      - ./vw-data:/data
    environment:
      - DOMAIN=https://vault.yourdomain.com
    ports:
      - "8080:80"

Save this as docker-compose.yml, run docker compose up -d, and Vaultwarden is running on port 8080. That’s it.

For complete, production-ready Compose files for 10 essential apps, see our Docker Compose deployment guide.

Key Concepts

volumes: Persist data outside the container. Without volumes, your data disappears when the container is recreated.
restart: unless-stopped: The container automatically starts on boot and restarts if it crashes.
environment: Configuration variables. Each app has its own set.
Networks: By default, containers in the same Compose file can talk to each other by service name.

Networking: Making It All Accessible

Option 1: Local Access Only

The simplest approach. Your services are only accessible on your home network. Access Nextcloud at http://192.168.1.100:8080, Jellyfin at http://192.168.1.100:8096, etc.

Pros: Zero security exposure. Cons: No access when you’re away from home.

Option 2: Reverse Proxy + Dynamic DNS

A reverse proxy like Caddy or Traefik sits in front of all your services and routes traffic based on the domain name. Instead of remembering port numbers, you access nextcloud.yourdomain.com, jellyfin.yourdomain.com, etc.

Caddy is the easier choice. Its config file is almost comically simple:

nextcloud.yourdomain.com {
    reverse_proxy nextcloud:80
}

jellyfin.yourdomain.com {
    reverse_proxy jellyfin:8096
}

vault.yourdomain.com {
    reverse_proxy vaultwarden:80
}

Caddy automatically provisions Let’s Encrypt TLS certificates. No manual cert management.

Traefik is more powerful and integrates deeply with Docker (it can auto-discover new containers), but the learning curve is steeper.

For remote access with this approach, you’ll need:

A domain name ($12/year from Namecheap, Cloudflare, or Porkbun).
Dynamic DNS to point your domain at your home IP. Cloudflare’s free tier with a small cron job works well. DuckDNS is another free option.
Port forwarding on your router (ports 80 and 443 to your server).

Option 3: Cloudflare Tunnels (Recommended)

Cloudflare Tunnels have become the go-to solution for self-hosters who want remote access without opening ports on their router.

You install the cloudflared daemon on your server. It creates an outbound-only connection to Cloudflare’s network. Cloudflare routes traffic from your domain to your server through this tunnel. Your home IP is never exposed.

# Install cloudflared
curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -o cloudflared
chmod +x cloudflared
sudo mv cloudflared /usr/local/bin/

# Authenticate and create a tunnel
cloudflared tunnel login
cloudflared tunnel create my-homelab

Then configure your tunnel to route traffic to your local services. Cloudflare handles TLS termination, DDoS protection, and caching.

Pros: No port forwarding, home IP hidden, free tier is generous, built-in access controls. Cons: Single point of dependency on Cloudflare, websocket support can be finicky for some apps.

Option 4: Tailscale / WireGuard VPN

For services you don’t want publicly accessible (like your admin panels), Tailscale creates a private mesh VPN between your devices. Install it on your server and your phone/laptop, and you can access your homelab from anywhere as if you were on your local network.

Tailscale’s free tier supports up to 100 devices and 3 users. It’s absurdly easy to set up.

Security Best Practices

Self-hosting means you’re responsible for security. Here’s the non-negotiable checklist:

1. Keep Everything Updated

Set up automatic security updates for your OS:

sudo apt install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades

For Docker containers, use Watchtower to automatically pull new images — but only for non-critical services. For databases and services like Vaultwarden, update manually after reading the changelog.

2. Use HTTPS Everywhere

Never expose a service over plain HTTP. Caddy handles this automatically. If you’re using Cloudflare Tunnels, TLS is handled for you.

3. Firewall Configuration

Only open the ports you actually need:

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

4. SSH Hardening

Disable password authentication and use SSH keys only:

# In /etc/ssh/sshd_config:
PasswordAuthentication no
PermitRootLogin no

5. Backups: The 3-2-1 Rule

3 copies of your data
2 different storage media
1 offsite copy

Use restic or borgbackup for encrypted, deduplicated backups. Back up to an external drive AND an offsite location (a friend’s NAS, Backblaze B2 at $0.005/GB/month, or a cheap VPS).

Test your restores. A backup you haven’t tested is not a backup.

6. Monitor Your Services

Things will go wrong. A disk will fill up, a container will crash, a certificate will expire. Set up monitoring so you know about problems before your family group chat tells you Jellyfin is down.

Uptime Kuma is an excellent self-hosted monitoring tool that checks your services and sends alerts via email, Telegram, Discord, or Slack.

For scheduled tasks like backups, cert renewals, and database maintenance, consider a cron job monitoring service that alerts you when a job fails to run or takes longer than expected. Knowing that your 2 AM backup script actually completed successfully is the kind of thing that lets you sleep well at night.

Cost Comparison: Cloud vs. Self-Hosted

Let’s do the full math for a two-year period.

Cloud Services (24 months)

Service	Monthly	24-Month Total
Google One 2TB	$13.99	$335.76
Bitwarden Family	$3.33	$79.92
Plex Pass	$4.99	$119.76
Simple Analytics	$19.00	$456.00
Notion (Pro)	$8.00	$192.00
Fastmail	$5.00	$120.00
Misc subscriptions	$10.00	$240.00
Total	$64.31	$1,543.44

Self-Hosted (24 months)

Item	Cost
Beelink SER5 Mini PC	$180.00
32GB RAM upgrade	$45.00
1TB NVMe SSD	$60.00
4TB External HDD (media)	$80.00
Domain name (2 years)	$24.00
Electricity (~8W avg, 24/7)	$35.00
VPS for email (optional, 24mo)	$108.00
Total	$532.00

Two-year savings: $1,011.44. And the hardware keeps working in year three, four, five — the marginal cost drops to basically just electricity and the domain renewal.

Getting Started: Your First Weekend Project

Don’t try to replace everything at once. Here’s a suggested order:

Weekend 1: Foundation

Install Ubuntu Server or Debian 12 on your mini PC.
Install Docker and Docker Compose.
Deploy Vaultwarden and migrate your passwords.
Set up Caddy or Cloudflare Tunnels for remote access.

Weekend 2: Cloud Storage

Deploy Nextcloud.
Install the desktop sync client on your computers.
Set up CalDAV/CardDAV for calendar and contacts.
Migrate files from Google Drive/Dropbox.

Weekend 3: Photos & Media

Deploy Immich and install the mobile app.
Upload your photo library (this takes time — let it run overnight).
Deploy Jellyfin if you have a media collection.

Weekend 4: Everything Else

Set up Pi-hole or AdGuard Home.
Deploy Uptime Kuma for monitoring.
Set up automated backups with restic.
Deploy any remaining services you need.

Common Mistakes to Avoid

No backups. I’m saying it again because it’s that important. A dead SSD will wipe out everything.
Exposing services without HTTPS. Even on your local network, use TLS.
Using latest tags in production. Pin your Docker image versions so updates don’t break things unexpectedly.
Not monitoring disk space. A full disk causes cascading failures across all your services.
Overcomplicating it. You don’t need Kubernetes. You don’t need Ansible (yet). Docker Compose on a single machine handles an impressive workload.

Wrapping Up

Self-hosting in 2026 is more accessible than it has ever been. The software is mature, the community is enormous, and the hardware is cheap. You don’t need to replace every cloud service overnight — start with one or two, see how it feels, and expand from there.

The real reward isn’t just the cost savings. It’s the knowledge that your data is yours, your services run on your terms, and you’ve built something that doesn’t depend on a corporation’s quarterly earnings call.

If you’re ready to start deploying, head over to our Docker Compose guide for complete, copy-paste-ready configurations for 10 essential self-hosted apps. And if you’re evaluating developer tools for your workflow, check out our comparison of Bruno vs Postman — another area where open source alternatives are winning.

Have questions about self-hosting? Found a setup that works well for you? We’d love to hear about your homelab journey. Drop us a note and we might feature your setup in a future article.