| Service | Purpose | Notes |
|---|---|---|
| Oracle Cloud | Compute, networking, storage | Free account required; credit card needed for verification but Always-Free resources are not charged |
| Domain registrar / DNS provider | Domain name + DNS management | Any provider works; Cloudflare DNS is recommended for propagation speed |
Install these on your workstation before starting:
# OCI CLI
bash -c "$(curl -L https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh)"
# SSH key generation (if you don't have one already)
ssh-keygen -t ed25519 -C "homelab-oci"Verify OCI CLI is configured:
oci setup config # interactive wizard
oci iam user get --user-id <your-user-ocid> # confirm auth worksYou should be comfortable with:
- Linux command line — file editing, systemd, package management
- Docker + Docker Compose — basic container and volume operations
- DNS — understanding of A records, TTL, propagation
- SSH — key-based authentication, basic session management
Helpful but not required:
- OCI Console navigation
- Caddy configuration syntax
- Network security concepts (ports, firewalls, NSGs)
You need a domain name you control. Throughout this documentation, example.com is used as a placeholder. Replace it with your actual domain everywhere.
Planned subdomains (adjust to your preference):
| Subdomain | VM | Service |
|---|---|---|
notes.example.com |
VM1 | Memos |
links.example.com |
VM1 | Linkding |
docs.example.com |
VM2 | Paperless-ngx |
vault.example.com |
VM2 | Vaultwarden |
Know what you're working with:
| Resource | Always-Free Allowance |
|---|---|
| A1.Flex OCPUs | 4 total (across all instances) |
| A1.Flex RAM | 24 GB total |
| Block Storage | 200 GB total |
| Outbound bandwidth | 10 TB/month |
| Public IPs | 2 reserved |
| VCN | 2 |
This project uses:
- 2 instances × 2 OCPU / 12 GB RAM = within limits
- 2 × 50 GB boot volumes = within limits
Ports that must be publicly reachable on each VM:
| Port | Protocol | Purpose |
|---|---|---|
| 22 | TCP | SSH admin access (restrict source CIDR to your IP) |
| 80 | TCP | HTTP → HTTPS redirect + Caddy ACME HTTP-01 challenge |
| 443 | TCP | HTTPS application traffic |
Ports that must not be publicly reachable:
- All application ports (
5230,9090,8000,8080, etc.) — internal Docker network only