π Daftar Isi
1. Pengenalan Raspberry Pi Home Server
Raspberry Pi Home Server adalah setup di mana Raspberry Pi digunakan sebagai server pribadi di rumah untuk berbagai layanan: penyimpanan file (NAS), pemblokir iklan (Pi-hole), VPN pribadi, media streaming, dan banyak lagi. Dengan daya listrik yang sangat rendah (~5-10W), Raspberry Pi bisa berjalan 24/7 tanpa tagihan listrik yang besar.
Menggunakan Raspberry Pi sebagai home server adalah langkah pertama menuju self-hosting β mengendalikan data dan layanan Anda sendiri tanpa bergantung pada layanan cloud berbayar. Anda belajar Linux system administration, networking, dan DevOps secara praktis.
Layanan yang Akan Dibangun
| Layanan | Fungsi | Port | Container |
|---|---|---|---|
| Samba NAS | File sharing jaringan (SMB/CIFS) | 445 | Native |
| Pi-hole | DNS ad blocker untuk seluruh jaringan | 53, 80 | Docker |
| WireGuard | VPN pribadi untuk akses dari luar | 51820 | Docker |
| Jellyfin | Media server (film, musik, foto) | 8096 | Docker |
| Nextcloud | Cloud storage pribadi (alternatif Google Drive) | 8080 | Docker |
| Portainer | Dashboard manajemen Docker | 9000 | Docker |
| Uptime Kuma | Monitoring uptime layanan | 3001 | Docker |
Keuntungan Self-Hosting
| Aspek | Self-Hosted (Raspberry Pi) | Cloud Service |
|---|---|---|
| Biaya | π’ Satu kali beli, listrik ~Rp 30rb/bulan | π΄ Langganan bulanan terus-menerus |
| Privasi | π’ Data di rumah Anda sendiri | π΄ Data di server orang lain |
| Kontrol | π’ Full control atas semua konfigurasi | π΄ Terbatas pada fitur yang disediakan |
| Internet | π΄ Butuh internet untuk akses dari luar | π’ Selalu online |
| Backup | π΄ Tanggung jawab sendiri | π’ Biasanya di-backup provider |
| Reliability | π΄ Single point of failure | π’ Redundant infrastructure |
2. Persiapan Hardware
Daftar Komponen
| Komponen | Rekomendasi | Est. Harga |
|---|---|---|
| Raspberry Pi | Raspberry Pi 4 Model B (4GB/8GB RAM) | Rp 1.200.000 - 1.500.000 |
| SSD/SSD External | SSD 256GB-1TB via USB 3.0 enclosure | Rp 300.000 - 1.000.000 |
| USB 3.0 Enclosure | SATA to USB 3.0 (UASP support) | Rp 80.000 |
| MicroSD Card | 32GB A2 class (untuk boot) | Rp 80.000 |
| Power Supply | Official RPi PSU USB-C 5V/3A | Rp 150.000 |
| Ethernet Cable | Cat6 ke router | Rp 30.000 |
| Casing + Fan | Casing dengan kipas aktif | Rp 100.000 |
| UPS (opsional) | Mini UPS untuk perlindungan mati listrik | Rp 200.000 |
Setup Awal Raspberry Pi
# ============================================
# Setup Raspberry Pi OS untuk Home Server
# Gunakan Raspberry Pi OS Lite (64-bit, headless)
# ============================================
# 1. Flash OS menggunakan Raspberry Pi Imager
# Pilih: Raspberry Pi OS Lite (64-bit)
# Advanced options: set hostname, enable SSH, set user
# 2. Boot dan SSH masuk
ssh pi@raspberrypi.local
# 3. Update sistem
sudo apt update && sudo apt upgrade -y
# 4. Set static IP (edit /etc/dhcpcd.conf)
sudo tee -a /etc/dhcpcd.conf <<'EOF'
interface eth0
static ip_address=192.168.1.10/24
static routers=192.168.1.1
static domain_name_servers=1.1.1.1 8.8.8.8
EOF
sudo systemctl restart dhcpcd
# 5. Mount SSD external
# Cek nama device SSD
lsblk
# Misal: /dev/sda
# Format SSD (sekali saja!)
sudo mkfs.ext4 /dev/sda1
# Buat mount point
sudo mkdir -p /mnt/storage
# Mount SSD
sudo mount /dev/sda1 /mnt/storage
# Set permission
sudo chown -R pi:pi /mnt/storage
# Auto-mount saat boot (tambahkan ke /etc/fstab)
echo '/dev/sda1 /mnt/storage ext4 defaults,noatime 0 2' | sudo tee -a /etc/fstab
# 6. Install utilitas dasar
sudo apt install -y htop curl wget git tmux \
net-tools unattended-upgrades
# 7. Enable automatic security updates
sudo dpkg-reconfigure -plow unattended-upgrades
# 8. Konfigurasi firewall dasar
sudo apt install ufw -y
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow from 192.168.1.0/24
sudo ufw enable
sudo ufw status3. Docker & Docker Compose
Docker adalah platform containerization yang memungkinkan kita menjalankan aplikasi dalam container yang terisolasi. Docker Compose memudahkan deploy beberapa layanan sekaligus dengan satu file konfigurasi.
# ============================================
# Install Docker dan Docker Compose
# ============================================
# Install Docker
curl -fsSL https://get.docker.com | sh
# Tambahkan user pi ke grup docker
sudo usermod -aG docker pi
# Aktifkan Docker
sudo systemctl enable docker
sudo systemctl start docker
# Verifikasi
docker --version
docker compose version
# Install Portainer (Docker management UI)
docker volume create portainer_data
docker run -d \
--name portainer \
--restart=always \
-p 9000:9000 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v portainer_data:/data \
portainer/portainer-ce:latest
# Akses Portainer: http://192.168.1.10:9000
# ============================================
# Docker Compose untuk semua layanan
# ============================================
# Buat direktori untuk konfigurasi
mkdir -p ~/home-server
cd ~/home-server
# Buat file docker-compose.yml
cat <<'EOF' > docker-compose.yml
version: '3.8'
services:
# ===== Pi-hole DNS Ad Blocker =====
pihole:
image: pihole/pihole:latest
container_name: pihole
restart: unless-stopped
ports:
- "53:53/tcp"
- "53:53/udp"
- "8053:80/tcp"
environment:
TZ: 'Asia/Jakarta'
WEBPASSWORD: 'ubah-password-ini'
DNSMASQ_LISTENING: 'all'
volumes:
- ./pihole/etc-pihole:/etc/pihole
- ./pihole/etc-dnsmasq.d:/etc/dnsmasq.d
cap_add:
- NET_ADMIN
networks:
- server-net
# ===== WireGuard VPN =====
wireguard:
image: linuxserver/wireguard:latest
container_name: wireguard
restart: unless-stopped
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
TZ: 'Asia/Jakarta'
SERVERURL: 'auto'
SERVERPORT: '51820'
PEERS: '3'
PEERDNS: 'auto'
volumes:
- ./wireguard/config:/config
- /lib/modules:/lib/modules
ports:
- "51820:51820/udp"
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
networks:
- server-net
# ===== Jellyfin Media Server =====
jellyfin:
image: jellyfin/jellyfin:latest
container_name: jellyfin
restart: unless-stopped
ports:
- "8096:8096"
environment:
TZ: 'Asia/Jakarta'
volumes:
- ./jellyfin/config:/config
- ./jellyfin/cache:/cache
- /mnt/storage/media:/media:ro
networks:
- server-net
# ===== Uptime Kuma (Monitoring) =====
uptime-kuma:
image: louislam/uptime-kuma:latest
container_name: uptime-kuma
restart: unless-stopped
ports:
- "3001:3001"
volumes:
- ./uptime-kuma/data:/app/data
networks:
- server-net
networks:
server-net:
driver: bridge
EOF
# Jalankan semua layanan
docker compose up -d
# Cek status
docker compose ps
docker compose logs -f4. NAS dengan Samba
Network Attached Storage (NAS) memungkinkan Anda berbagi file ke semua perangkat di jaringan rumah (PC, laptop, smart TV, HP). Samba menggunakan protokol SMB/CIFS yang didukung oleh Windows, macOS, Linux, Android, dan iOS.
# ============================================
# Setup Samba NAS
# ============================================
# 1. Install Samba
sudo apt install samba samba-common-bin -y
# 2. Backup konfigurasi default
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.bak
# 3. Konfigurasi Samba
sudo tee /etc/samba/smb.conf <<'EOF'
[global]
workgroup = HOMENET
server string = Raspberry Pi NAS
security = user
map to guest = never
dns proxy = no
interfaces = eth0
bind interfaces only = yes
# Optimasi performa
socket options = TCP_NODELAY IPTOS_LOWDELAY
read raw = yes
write raw = yes
max xmit = 65535
dead time = 15
getwd cache = yes
[shared]
comment = Shared Storage
path = /mnt/storage/shared
browseable = yes
read only = no
create mask = 0664
directory mask = 0775
valid users = @nasusers
[media]
comment = Media Files
path = /mnt/storage/media
browseable = yes
read only = no
create mask = 0664
directory mask = 0775
valid users = @nasusers
[backup]
comment = Backup Folder
path = /mnt/storage/backup
browseable = yes
read only = no
create mask = 0664
directory mask = 0775
valid users = @nasusers
EOF
# 4. Buat direktori
sudo mkdir -p /mnt/storage/{shared,media,backup}
sudo chown -R pi:pi /mnt/storage
# 5. Buat user Samba
sudo groupadd nasusers
sudo usermod -aG nasusers pi
sudo smbpasswd -a pi
# Masukkan password untuk akses Samba
# 6. Restart Samba
sudo systemctl restart smbd nmbd
sudo systemctl enable smbd nmbd
# 7. Test dari Windows:
# Buka File Explorer β ketik: \192.168.1.10shared
# Atau map network drive
# 8. Test dari Linux/Mac:
# smbclient //192.168.1.10/shared -U pi
# 9. Mount otomatis di Windows:
# File Explorer β This PC β Map Network Drive
# Drive: Z:
# Folder: 192.168.1.10shared
# Centang "Reconnect at sign-in"
# 10. Mount otomatis di Linux:
# Tambahkan ke /etc/fstab:
# //192.168.1.10/shared /mnt/nas cifs credentials=/home/pi/.smbcreds,uid=1000,gid=1000 0 0
# File ~/.smbcreds:
# username=pi
# password=your-samba-passwordπ‘ Performa NAS
Dengan Raspberry Pi 4 Gigabit Ethernet dan SSD via USB 3.0, kecepatan baca/tulis Samba bisa mencapai 80-110 MB/s. Ini cukup untuk streaming video 4K dan transfer file besar. Gunakan SSD (bukan HDD) untuk random I/O yang lebih baik.
5. Pi-hole DNS Ad Blocker
Pi-hole adalah DNS sinkhole yang berfungsi sebagai ad blocker untuk seluruh jaringan. Cukup set Pi-hole sebagai DNS server di router, dan semua perangkat di rumah (termasuk smart TV dan HP) akan terbebas dari iklan tanpa perlu install aplikasi apapun.
Cara Kerja Pi-hole
Diagram: Pi-hole DNS Filtering
PI-HOLE: How It Works
βββββββββββββββββββββ
Perangkat (HP/Laptop/TV) Internet
β β
β 1. DNS request: β
β "ads.google.com" β
β β
βΌ β
ββββββββββββββββ β
β Pi-hole β 2. Cek blocklist β
β (DNS) β β
β β β
β Blocked? β β
β βββββ β β
β βYESββ Return β β
β β β 0.0.0.0β β Iklan diblokir! β
β βββββ β β
β βββββ β β
β β NOββ Forwardβββββββββββββββββββββββ 3. Forward
β β β requestβ β ke upstream
β βββββ βββββββββββββββββββββββ 4. Balas IP
ββββββββββββββββ β
β β
β 5. Return IP (legit) β
βΌ β
Perangkat menerima website β
tanpa iklan! π β
Statistik: Biasanya 20-40% traffic
adalah iklan/tracker β dihemat!
# ============================================
# Konfigurasi Pi-hole (setelah Docker deploy)
# ============================================
# 1. Akses Pi-hole web interface
# Buka: http://192.168.1.10:8053/admin
# Login dengan password yang di-set di docker-compose
# 2. Tambahkan blocklist tambahan
# Settings β DNS β Upstream DNS Servers
# Pilih: Custom
# Tambahkan:
# - 1.1.1.1 (Cloudflare)
# - 8.8.8.8 (Google)
# - 9.9.9.9 (Quad9)
# 3. Tambahkan adlist (blocklist tambahan)
# Adlists β paste URL berikut:
# https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
# https://raw.githubusercontent.com/AdAway/adaway.android/master/hosts.txt
# https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt
# Klik "Add" lalu "Update Gravity"
# 4. Set Pi-hole sebagai DNS di Router
# Login ke router (biasanya 192.168.1.1)
# Network Settings β DHCP β DNS Server
# Set Primary DNS: 192.168.1.10 (IP Pi-hole)
# Set Secondary DNS: 1.1.1.1 (fallback)
# 5. Atau set manual per perangkat:
# Windows: Settings β Network β DNS β 192.168.1.10
# Android: WiFi β Advanced β DNS β 192.168.1.10
# iPhone: WiFi β Configure DNS β Manual β 192.168.1.10
# 6. Whitelist domain yang salah terblokir
# Pi-hole Admin β Whitelist
# Tambahkan domain yang dibutuhkan:
# - play.google.com
# - android.clients.google.com
# - connectivitycheck.gstatic.com
# 7. Statistik via CLI
docker exec pihole pihole -c # Summary
docker exec pihole pihole -q # Query log6. WireGuard VPN Server
WireGuard adalah VPN modern yang sangat cepat dan ringan. Dengan WireGuard di Raspberry Pi, Anda bisa mengakses jaringan rumah (NAS, Pi-hole, CCTV) dari mana saja di internet secara aman.
Cara Kerja VPN
Diagram: WireGuard VPN Architecture
WIREGUARD VPN: Remote Access
βββββββββββββββββββββββββββ
Di Kafe/WiFi Publik Di Rumah
ββββββββββββ ββββββββββββββββ
β Laptop β Encrypted β RPi + β
β + WG ββββtunnelββββββββββββ WireGuard β
β Client β (UDP 51820) β Server β
ββββββββββββ ββββββββ¬ββββββββ
β β
β Akses seolah di rumah: β LAN 192.168.1.x
β β’ NAS files (192.168.1.10) β
β β’ Pi-hole DNS β
β β’ CCTV cameras β
β β’ Printer β
β β
β IP publik: β
β 10.66.66.1 ββ 10.66.66.2 β
β (tunnel addresses) β
Keuntungan WireGuard:
β’ Sangat cepat (kernel-level encryption)
β’ Konfigurasi sederhana (public/private key)
β’ Battery-friendly di mobile
β’ Codebase kecil (~4000 lines vs OpenVPN 100K+)
# ============================================
# Konfigurasi WireGuard VPN
# ============================================
# 1. WireGuard sudah di-deploy via Docker Compose
# Cek peers yang sudah dibuat:
docker exec wireguard wg
# 2. Ambil konfigurasi client
# File ada di ./wireguard/config/peer1/peer1.conf
cat ./wireguard/config/peer1/peer1.conf
# Contoh output:
# [Interface]
# Address = 10.66.66.2/32
# PrivateKey =
# DNS = 10.66.66.1
#
# [Peer]
# PublicKey =
# Endpoint = your-public-ip:51820
# AllowedIPs = 0.0.0.0/0
# 3. Dapatkan IP publik rumah
curl ifconfig.me
# Contoh: 103.xxx.xxx.xxx
# 4. Setup port forwarding di router:
# External Port: 51820/UDP
# Internal IP: 192.168.1.10
# Internal Port: 51820/UDP
# 5. Install WireGuard client:
# - Windows: https://www.wireguard.com/install/
# - Android: WireGuard dari Play Store
# - iPhone: WireGuard dari App Store
# - Linux: sudo apt install wireguard
# 6. Import konfigurasi ke client:
# - Scan QR code (ada di docker logs)
docker logs wireguard 2>&1 | grep -A 20 "QR"
# - Atau import file .conf langsung
# 7. Dynamic DNS (jika IP publik berubah)
# Gunakan No-IP atau DuckDNS:
# Daftar di https://www.duckdns.org
# Buat cron job update IP:
crontab -e
# Tambahkan:
*/5 * * * * curl -s "https://www.duckdns.org/update?domains=MYDOMAIN&token=MYTOKEN&ip=" > /dev/null
# 8. Test VPN:
# Aktifkan VPN di client
# Buka: http://192.168.1.10:8053 (Pi-hole)
# Harus bisa diakses dari luar! β οΈ Keamanan VPN
Selalu gunakan public key authentication (bukan password). Ganti port default 51820 ke port acak untuk mengurangi scanning. Pastikan firewall hanya mengizinkan port VPN dari luar. Monitor log untuk koneksi mencurigakan.
7. Media Server (Jellyfin)
Jellyfin adalah media server open source (alternatif Plex/Emby) yang memungkinkan streaming film, musik, dan foto dari Raspberry Pi ke semua perangkat: smart TV, HP, tablet, laptop. Jellyfin 100% gratis tanpa fitur terkunci.
# ============================================
# Konfigurasi Jellyfin Media Server
# ============================================
# 1. Jellyfin sudah di-deploy via Docker Compose
# Akses: http://192.168.1.10:8096
# 2. Setup wizard:
# - Bahasa: Indonesia
# - Buat akun admin
# - Tambahkan media library:
# Movies: /media/movies
# TV Shows: /media/tvshows
# Music: /media/music
# Photos: /media/photos
# 3. Struktur folder media yang benar:
# /mnt/storage/media/
# βββ movies/
# β βββ Movie Name (2024)/
# β β βββ Movie Name (2024).mkv
# β βββ Another Movie (2023)/
# β βββ Another Movie (2023).mp4
# βββ tvshows/
# β βββ Show Name/
# β β βββ Season 01/
# β β β βββ S01E01.mkv
# β β β βββ S01E02.mkv
# β β βββ Season 02/
# β βββ Another Show/
# βββ music/
# β βββ Artist/
# β β βββ Album/
# β β β βββ track.mp3
# βββ photos/
# βββ 2024/
# βββ vacation/
# 4. Install client apps:
# - Smart TV: Cari "Jellyfin" di app store
# - Android: Jellyfin dari Play Store
# - iPhone: Jellyfin dari App Store
# - Browser: langsung buka http://192.168.1.10:8096
# - Desktop: Jellyfin Media Player
# 5. Hardware transcoding (opsional, untuk performa):
# Raspberry Pi 4 mendukung hardware decoding H.264
# Tambahkan di docker-compose.yml untuk jellyfin:
# devices:
# - /dev/video10:/dev/video10 # H264 decoder
# - /dev/video11:/dev/video11 # H264 encoder
# - /dev/video12:/dev/video12 # ISP
# 6. Download media dengan yt-dlp (opsional):
sudo apt install yt-dlp -y
yt-dlp -o "/mnt/storage/media/movies/%(title)s.%(ext)s" \
"URL_VIDEO"
# 7. Remote access via VPN:
# Setelah WireGuard aktif, akses Jellyfin dari mana saja
# via http://192.168.1.10:80968. Self-Hosted Services Lainnya
Selain layanan utama di atas, berikut beberapa layanan self-hosted bermanfaat lain yang bisa dijalankan di Raspberry Pi:
Tambahan ke Docker Compose
# ============================================
# Tambahkan ke docker-compose.yml
# ============================================
# ===== Nextcloud (Cloud Storage Pribadi) =====
nextcloud:
image: nextcloud:latest
container_name: nextcloud
restart: unless-stopped
ports:
- "8080:80"
environment:
TZ: 'Asia/Jakarta'
MYSQL_HOST: nextcloud-db
MYSQL_DATABASE: nextcloud
MYSQL_USER: nextcloud
MYSQL_PASSWORD: 'securepassword'
volumes:
- ./nextcloud/html:/var/www/html
- /mnt/storage/nextcloud-data:/var/www/html/data
networks:
- server-net
nextcloud-db:
image: mariadb:10
container_name: nextcloud-db
restart: unless-stopped
environment:
MYSQL_ROOT_PASSWORD: 'rootpassword'
MYSQL_DATABASE: nextcloud
MYSQL_USER: nextcloud
MYSQL_PASSWORD: 'securepassword'
volumes:
- ./nextcloud/db:/var/lib/mysql
networks:
- server-net
# ===== Home Assistant (Smart Home) =====
homeassistant:
image: ghcr.io/home-assistant/home-assistant:stable
container_name: homeassistant
restart: unless-stopped
network_mode: host
environment:
TZ: 'Asia/Jakarta'
volumes:
- ./homeassistant:/config
privileged: trueLayanan Lain yang Direkomendasikan
| Layanan | Fungsi | Docker Image | Port |
|---|---|---|---|
| Vaultwarden | Password manager (Bitwarden) | vaultwarden/server | 8888 |
| Nginx Proxy Manager | Reverse proxy + SSL | jc21/nginx-proxy-manager | 80,443,81 |
| Tandoor Recipes | Resep masakan digital | vabene1111/recipes | 8081 |
| Gitea | Git server pribadi | gitea/gitea | 3000 |
| Homepage | Dashboard untuk semua layanan | ghcr.io/gethomepage/homepage | 3002 |
| Duplicati | Backup otomatis | linuxserver/duplicati | 8200 |
9. Keamanan & Maintenance
Checklist Keamanan
| # | Aksi | Deskripsi | Status |
|---|---|---|---|
| 1 | SSH Key Auth | Disable password login, gunakan SSH key | β |
| 2 | Firewall (UFW) | Hanya buka port yang diperlukan | β |
| 3 | Auto Updates | Aktifkan unattended-upgrades | β |
| 4 | Fail2ban | Blokir IP yang gagal login berulang | β |
| 5 | VPN Only Access | Layanan internal hanya via VPN | β |
| 6 | Docker Security | Jangan run container sebagai root | β |
| 7 | Backup Otomatis | Backup konfigurasi ke SSD/NAS terpisah | β |
| 8 | Monitoring | Uptime Kuma untuk alert layanan down | β |
# ============================================
# Setup Fail2ban
# ============================================
sudo apt install fail2ban -y
# Konfigurasi
sudo tee /etc/fail2ban/jail.local <<'EOF'
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600
findtime = 600
EOF
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
# Cek banned IP
sudo fail2ban-client status sshd
# ============================================
# Backup Script Otomatis
# ============================================
cat <<'EOF' > ~/backup.sh
#!/bin/bash
BACKUP_DIR="/mnt/storage/backup/home-server"
DATE=$(date +%Y%m%d_%H%M%S)
mkdir -p $BACKUP_DIR/$DATE
# Backup Docker configs
cp -r ~/home-server $BACKUP_DIR/$DATE/
# Backup Pi-hole custom lists
cp -r ~/home-server/pihole $BACKUP_DIR/$DATE/
# Backup WireGuard configs
cp -r ~/home-server/wireguard $BACKUP_DIR/$DATE/
# Hapus backup lama (>30 hari)
find $BACKUP_DIR -maxdepth 1 -mtime +30 -exec rm -rf {} \;
echo "Backup completed: $DATE"
EOF
chmod +x ~/backup.sh
# Jadwalkan backup setiap hari jam 3 pagi
(crontab -l 2>/dev/null; echo "0 3 * * * ~/backup.sh >> /var/log/backup.log 2>&1") | crontab -π‘ Performa & Tips
- Gunakan SSD via USB 3.0 untuk semua data β hindari microSD untuk storage intensif
- Aktifkan log2ram untuk mengurangi write ke SD card:
sudo apt install log2ram - Monitor suhu:
vcgencmd measure_tempβ pastikan di bawah 70Β°C - Gunakan UPS mini untuk mencegah corrupt saat mati listrik mendadak
- Restart otomatis jika hang:
sudo apt install watchdog
10. Quiz: Uji Pemahamanmu!
Setelah membaca tutorial di atas, jawablah 5 pertanyaan berikut untuk menguji pemahamanmu tentang Raspberry Pi Home Server: