Hetzner is a cloud hosting provider offering high-performance virtual machines, storage solutions, and dedicated servers. I use Hetzner as the cloud backbone of my homelab to host services that benefit from consistent uptime, public access, or isolation from my home environment.
Hetzner offers affordable, powerful ARM-based virtual machines with full networking control and reliable storage. Itβs ideal for running both internal tools and public-facing applications, while allowing me to scale independently from my home network.
Specs: 8 ARM vCPUs, 16GB RAM
OS: Rocky Linux
Purpose: Hosts most of my private/self-use Docker services
Firewall Rules:
Only allows inbound traffic from my home IP on management ports
Blocks all other ports by default
Key Services Hosted:
Vaultwarden
BookStack
Snipe-IT
Plex
Bar Assistant
Gluetun (VPN tunnel to home)
Dockerized media stack
Tailscale node
Internal Pihole instance
Nginx Proxy Manager
Draw.io
Type: CAX11
Specs: 2 ARM vCPUs, 4GB RAM
OS: Rocky Linux
Purpose: Hosts publicly accessible services behind Cloudflare
Firewall Rules:
Only allows HTTP/HTTPS inbound from Cloudflare IPs
Blocks all other inbound traffic
Key Services Hosted:
WordPress (this website)
Nginx Proxy Manager (for public routing and TLS)
Security Stack:
Cloudflare proxy for DNS and WAF
Hetzner firewall blocks all direct-to-IP access
Type: BX31
Storage: 10TB
Purpose: Used for media storage and non-critical backup/archive data
Access: Connected to VMs via CIFS for offloading downloads/media
How to manage multi-tier firewall architectures (Cloudflare β Hetzner β Docker network)
The importance of service separation (public vs internal) to reduce security exposure
The value of affordable cloud infrastructure for scaling a homelab
Experience working with ARM-based compute nodes in production scenarios