Setup, power and thermals, and software tips for running a Mac mini as a home server or self-hosting box.
A home server operator runs Jellyfin, Nginx, and a Cloudflare Tunnel all as Docker containers to expose their media server at a domain like media.mydomain.cc. The Cloudflare Tunnel correctly forwards requests to Nginx, but Nginx fails to reach Jellyfin, returning a 502 Bad Gateway with a connection-refused error. The logs show Nginx trying to connect to 172.29.0.2:8086 and failing. Meanwhile, curling Jellyfin directly via the Docker bridge IP, or browsing to the NAS host IP on port 8096, both work fine. So the service itself is healthy — only the path through Nginx is broken.
The M4 Pro Mac mini is listed as able to drive up to three 6K displays. This setup uses an LG UltraFine 6K, a first-generation Studio Display, and a Wokyis M5 side display. The Wokyis M5 is a USB-C hub with a built-in 720p display, and it can take video through USB-C or HDMI. All three screens do not work at the same time in any tested setup. The preferred setup was to daisy chain the Studio Display through the LG UltraFine 6K, but that did not work. Connecting the LG UltraFine 6K and Studio Display directly to the Mac mini still did not make the Wokyis M5 appear as the third display.
The planned home setup uses a first NAS mainly as a Plex media server and backup server. It needs to handle up to two 4K Plex streams at the same time, Home Assistant, and CCTV recording from 8 4K cameras at 24 frames per second, with a possible move to 20 cameras later. The same box is also expected to run Pi-hole ad blocking, a VPN, a Minecraft or other game server if possible, a torrent VM, photo cloud backup, and email hosting. The two main options are the QNAP TVS-h674 and the Synology DS-1525+. The main question is whether either model has enough room for all these jobs now and for future growth. Ease of use and the strength of the QNAP and Synology ecosystems are also key concerns. QNAP looks more attractive because Synology may push buyers toward Synology-branded hard drives; the stated 20TB drive prices are $1,650 for Synology, $1,370 for IronWolf Pro, and $1,068 for WD Red Pro.
This setup uses cheap used parts and recycled hardware to build a small homelab that can stay on with low power use. A modified UPS with a 9Ah lead battery powers the equipment through a protected outlet and a smart Wi-Fi outlet. The UPS has a DS18B20 temperature sensor inside and a blower fan taken from an old notebook, because the entry-level UPS could reach 50C and overheat. A Mercusys gigabit switch handles wired network connections. Power is also supplied by a 250W Delta Electronics ATX power supply taken from an older enterprise server, connected to a board that provides banana plug outputs and six USB power ports. One machine is a Raspberry Pi 4 with 4GB of memory in an Argon One case, used for Pi-hole and Unbound network services.
An Ubuntu home server is running on an old ASUS laptop with 16 GB of memory and plenty of SSD and hard drive storage. Instead of using Firebase Auth, the goal is to run a personal identity provider. The options under consideration include Authelia, Authentik, Keycloak, Zitadel, and similar self-hosted authentication tools. Several home lab services are already running, but they are not yet placed behind a reverse proxy. The goal is to learn self-hosted authentication, SSO, and IAM while choosing something practical enough to connect to multiple services. Long-term maintainability and possible future contribution to an open-source project also matter.
Redlib is a privacy-friendly way to browse Reddit without using Reddit’s official website. The public Redlib service runs on dedicated hardware in Victoria, Australia, using a 1000/400 NBN internet connection. A Fedora Server virtual machine hosts the service, and Docker Compose runs the Redlib stack. The origin server does not expose public ports; outside traffic reaches it through Cloudflare Tunnel. Traefik routes web requests to the right internal service, and Anubis sits in front of Redlib to reduce abuse and automated traffic. The setup also includes external uptime monitoring, a public status page, and a Cloudflare Worker maintenance page for planned downtime. OpenWrt SQM/CAKE is used to prioritize the virtual machine that runs community services. The Redlib build is a fork with updated Rust dependencies, packaged in a custom Alpine-based container image, and the container is hardened by running as non-root, using a read-only filesystem, blocking privilege escalation, and dropping all Linux capabilities.
A small home server setup is moving away from Debian and CasaOS because CasaOS no longer feels actively updated, and the Debian version bundled with the Orange Pi does not feel fully trustworthy. Armbian is being considered as the new operating system. The replacement dashboard options under consideration are UmbrelOS, CosmosCloud, ZimaOS, and OlaresOS. The needed feature is simple management for Docker containers, including easy deployment and updates for new services.
The current setup has a Dell work laptop, a BenQ monitor, and a Mac mini. A second monitor in vertical position is planned. The goal is to let both the Dell laptop and the Mac mini use both monitors. The desired setup would avoid unplugging cables and switch between the two computers with one click or something similar. A KVM switch is being considered, but real-world experience with that kind of setup is the open question.
The setup uses the Hermes desktop app, Ollama, and the qwen3.5:4b-mlx model on a Mac mini M4 with 16 GB memory. The available details only confirm this combination. There are no install steps, speed results, memory-use notes, heat readings, power-use numbers, or long-running stability details.
A Mac mini M4 is showing random problems with a wired Dell mouse and wired Dell keyboard. The mouse suddenly moves in a jumpy or shaky way, and the keyboard sometimes stops responding for a few seconds. The problem happens at random times, not only during heavy work. Restarting the Mac usually fixes it for a while, but the issue later returns. The Mac is running the latest macOS, and reconnecting the devices or trying different USB ports has not fixed it. An external SSD is also connected for development work, but it is not yet clear whether that device is involved. Possible causes include a faulty USB controller, a macOS update problem, a conflict with an external SSD or USB hub, or failing mouse and keyboard hardware. The next planned checks are to try another mouse and keyboard and unplug all other external USB devices to see whether one of them is causing a conflict.
Some banking and crypto apps may refuse to open when the main phone has Shizuku, ADB, developer options, or apps installed from APK files. This is described as a common problem with stricter financial apps in parts of Southeast Asia. One workaround under consideration is to keep a clean second Android device and access it remotely instead of carrying it around. That second device could be an Android emulator, a hosted service, a self-run server setup, or a real physical phone. The main challenge is whether the apps will treat that remote device as a normal real phone and pass their checks. Different apps may check different things, so the result may not be consistent across every app.
The current file server uses a Raspberry Pi running OpenMediaVault with three external USB drives attached. That setup feels risky because the storage depends on several USB-connected drives. OpenMediaVault has also not been enjoyable to use. There used to be time to tinker and fix things, but with two children now, convenience matters more than hands-on setup work. With memory and storage prices much higher, the main question is what people are using for home file servers today.
The learning goal is to return to Mac administration and practice tools such as MDM, Jamf, Microsoft Intune, Apple certification, and Mosyle. The available hardware is one daily-use M1 Pro MacBook Pro, one iPad, and two iPhones. The main question is whether proper deployment practice needs an extra Mac mini or another small Mac, or whether the current devices are enough to start. Budget is tight after a move, so building even a small homelab is a concern. The preferred path is to learn and practice fully remotely if possible.
A guide is available for using the Cloudflare Free Plan to improve security for small websites. The provided item does not include the actual setup steps or recommended settings. For someone running websites or personal services from a Mac mini server at home, this is relevant because it points to a low-cost way to make public access safer.
A developer built a database comparing pricing for 1747 virtual server (VPS) offers from European providers. Hetzner stands out because its plans appear among both the cheapest and the most expensive options in the dataset. That means price varies enormously depending on which specific plan, region, and hardware spec is chosen, even within the same provider. The database lets people compare European VPS providers by CPU, memory, storage, and price side by side.
The goal is to move from Tailscale to NetBird and run the remote-access network internally. NetBird appears to have more setup guidance for a Linux VM or Docker Compose, so the main issue is whether it can work cleanly through Docker on unRAID. Using multiple containers is acceptable. The practical goal is simply to get the NetBird server installed and online. No working setup steps or confirmed fix are included yet.
A new cloud virtual machine should automatically join a VPN network when it starts. The intended setup uses a startup script so the server can enter the private network without manually handling keys or login methods each time. A cellular router may also be part of the setup, so the network needs to work even when the connection is not a normal home internet line. The practical problem is keeping VPN keys and authentication methods organized enough that new servers can join reliably.
A five-node home Kubernetes setup can now be rebuilt from fresh Ubuntu to a full working stack in about 30 minutes with one command. The hardware includes two Lenovo ThinkPad T480/T480s machines, one Dell OptiPlex 7060 USFF, two Lenovo ThinkCentre M720q machines, and a Synology DS223 NAS for storage and backups. The server stack includes bare metal Kubernetes, kubeadm, MetalLB, Nginx Ingress, cert-manager, ArgoCD, Prometheus, Grafana, Loki, Sealed Secrets, and Tailscale. Manual rebuilds used to take hours each time a setting was wrong, and the process was repeated about 10 times before it was automated with Ansible playbooks. The automation was tested across three hardware makers: Lenovo ThinkCentre, HP EliteDesk, and a Dell laptop. The full process and playbooks are public, so a similar home server setup can use them as a starting point.
A World Cup viewing setup is trying to send AceStream links into Plex, but it does not stay reliable for long. AceScrapper gathers AceStream links from web addresses and turns them into an M3U list. Dispatcharr then converts that M3U list into something Plex can read as an HDHomeRun-style source. The setup works for about a day, then fails when stream links or channel lists change. The main issue is that live stream addresses change often, and the current chain does not handle those changes reliably.
The goal is to run a personal blog from a home network. The site would mostly contain written articles, with some images and possibly video. The home internet connection is XDSL, and the router is a basic provider-supplied model. The router can use DNS settings from some services, including no-ip. Home Assistant is already running on one Raspberry Pi 5, and another Raspberry Pi may be used for the website or network setup. The main questions are whether it is safe to expose a home-hosted site to the internet, and whether connecting a bought domain name is manageable for a relative beginner.
A password manager stores login details and fills them in when needed. With Bitwarden, one master password can already unlock all saved service passwords, so an extra login system may seem unnecessary for a solo home server. Authentik and Authelia work differently: they sit in front of services and act as a shared login gate. Their main value is user management, stronger protection for services with weak built-in login, and one sign-in flow across multiple self-hosted tools. If only one person uses the services and none are open to the internet, the benefit can feel small. Still, setting up an auth server can be a useful project for learning how to harden a home server.
A roughly 75-person all-Mac workplace runs into broken developer setups whenever new laptops are upgraded with Migration Assistant. The copied setup brings over Homebrew, nvm, and other version managers, but the toolchain does not work cleanly after the move. The planned replacement is to stop cloning machines and rebuild each Mac from configuration. A shared repository would hold a Brewfile and bootstrap script for the common base setup, while each developer’s personal dotfiles would be added with chezmoi. Iru would trigger the setup, secrets would stay in 1Password, and personal data would move through cloud sync. The main open questions are what breaks during the move from cloning to rebuilding, whether Ansible or Nix is worth the extra complexity, how to keep personal differences manageable, and how Iru should start the setup process.
A home server setup needs several small computers, storage boxes, switches, and a router to work together reliably. This setup centers on three Proxmox servers, one TrueNAS storage server, an 8-port power-over-Ethernet switch, and a UPS in a mini rack. The planned services include Jellyfin, Immich, a possible second Pi-hole, OPNsense, Audiobookshelf, Papra, and other self-hosted tools. Storage comes from four 4 TB hard drives placed in two external USB enclosures, connected to an Intel NUC running TrueNAS. The main concerns are whether daisy-chaining network switches will cause problems, whether the current USB-based NAS setup is the best low-cost option, and what should change before allowing remote access to the Proxmox nodes through WireGuard or Tailscale. There is also a plan to install OpenWRT on a TP-Link device for use as a wireless access point, then possibly add another OpenWRT router to run some services.
The setup uses a small ARM single-board computer as a personal gateway for Zrok tunnels and a reverse proxy, so local services can be reached from outside the home. The first design used Wi-Fi for the internet side and Ethernet for the local side, which made the device easy to move and place anywhere. Wi-Fi as the upstream connection has caused the most trouble because startup timing can break, the wireless link can be unstable, and the tunnel depends on whatever the local Wi-Fi is doing. WireGuard runs on top of that connection, so weak or changing Wi-Fi directly lowers tunnel quality. The more stable direction is to feed the gateway with wired Ethernet instead. That could be done with a very thin fiber run and converters at both ends, or with a direct network cable. Since the home router already handles the internet-facing WAN work, the gateway software can drop that role and become simpler.
This small homelab is built for testing backup systems, changing settings, trying different designs, and safely breaking things. The setup has three PVE nodes on small-form-factor PCs or mini PCs, one TrueNAS machine, Mikrotik gear, a cheap managed 2.5Gb switch from AliExpress, a managed 1Gb TP-Link switch, and a simple switch for the PVE cluster link. All of the hardware sits in a self-built cabinet with cooling, placed under the TV in the living room. The main goal is not to run many public or home services, but to give a backup engineer a private place to test backup products, setups, architectures, and new versions. Using work equipment would mean asking for resources, waiting for network changes, and dealing with missing permissions. In this home setup, anything can be changed freely, and even breaking the whole cluster is acceptable. Most of the hardware is used or cheap, but it meets the need. It is also quiet and does not take much room, which was an important requirement.
After the move to VisionOS 26.5, copying large files from a network share can fail before the transfer finishes. The files are around 20GB on average, and the failure shows error code -36. The same problem happens when copying from a local NAS and when copying from an external hard drive shared through a Mac Mini. Restarting the devices and reconnecting the shared folders did not fix it.
A small native macOS app can run FLUX.2 Klein image generation fully on an Apple Silicon Mac. It uses Apple’s MLX framework and does not require Python, a ComfyUI graph, a local server, or cloud processing. The workflow is simple: enter a sentence in any language, press generate, and receive an image. The app is called Typhoonminigen, and both the source code and a downloadable build are available on GitHub under the MIT license. The image engine is Vincent Gourbin’s flux-2-swift-mlx, the model is Black Forest Labs’ FLUX.2 Klein, and MLX handles the computing. The maker says the app was built with Claude Code, with no Swift written by hand, while testing and checking the result personally. The main lesson is that old SDXL/Forge prompt habits do not transfer well to FLUX.2 Klein, so better results need a different style of prompt writing.
Power BI and Fabric work often raises two concerns when large language models are involved: token cost and data privacy. Power BI MCP server was connected to a locally running Nvidia model on a 2020 M1 Mac mini. The machine had only 8 GB of memory and is the kind of older Mac mini that can be found used for about $300 to $400. The setup worked, but performance was poor. The weak point appears to be the old Mac mini and its small memory, not necessarily the whole local-AI idea. Newer laptops with 128 GB of memory and AMD’s Unified Memory Architecture, priced around $3,500, were presented as more realistic machines for running these AI tools fully locally inside a company. That price could still make sense for a large business if employee laptops already cost a few thousand dollars and local processing reduces privacy and usage-cost concerns.
An older Synology DS418 NAS has limited resources and weak performance, so it may not be the best place to run remote access duties. The two replacement options are an M2 Mac mini with 8GB of memory and a 256GB SSD, or a Windows 11 machine with an AMD Ryzen 5 7640HS, 16GB of RAM, and a 1TB SSD. The goal is to move Tailscale to a stronger machine so remote access to the home network and the Synology NAS works better. The main remote uses are Synology apps such as DSAudio, DSDrive, and Photos, including photo transfers. Moving Tailscale off the NAS could reduce load on the NAS and improve performance as an exit node. The practical tradeoff is that the Mac mini is used every day, while the Windows machine has been powered off for months.
USBridge-KVM 2.0 is a hardware IP-KVM that captures a raw HDMI signal and turns pre-boot screens, such as BIOS menus, into text. Normal screen readers do not work before the operating system starts, so blind users cannot easily read BIOS settings or early boot errors. This device converts the visual BIOS interface into a clean interactive text stream that can be used through SSH. Its automation engine also sends a JSON stream with screen status, including each character’s text and color. The data interface was first made so AI agents using the MCP protocol could read the screen and run hardware checks. The same SSH and JSON streams could also feed a screen reader, letting it announce active BIOS menu items in real time. The accessibility use was not the original goal, but the text interface built for scripting may help solve a long-running gap in low-level hardware access.