This is a work in progress...
I know little about Docker, and little about self-hosting.
I know that I prefer environments that are easy to recreate whenever necessary, and that I really hate having to go through a lot of manual steps to do so.
Because I'm trying to force myself to be better about clean organization and separation of confidential/configuration data from infrastructural definition.
And because I'll be less likely to do things that embarrass myself, or at least more likely to clean them up when they become obvious.
https://github.com/BaptisteBdn/docker-selfhosted-apps
https://github.com/DoTheEvo/selfhosted-apps-docker
- Backup and Disaster Recovery (automatic data backups, automatic redeployment, minimal manual steps to set up a new self-hosted server)
- Security (use of HTTPS internally and externally, automatic certificate acquisition and renewal, minimal attack surface)
- Clarity (well documented, easy to understand, easy to monitor and diagnose problems)
- Fun (I want to learn new things and play with new-to-me toys)
- Does what it says on the tin. An off-premises place to which my on-network backups are synced.
- Currently, Backblaze, but I'm sure Amazon S3 or Azure or another cloud storage provider would be fine
A RAID box that sits quietly and stores files. I've got a QNAP NAS with all sorts of bells and whistles, but I frankly don't want to use it to run containers or serve media or much else other than save my data. It does a nice job of syncing and mirroring data to and from places like Google, Dropbox, Backblaze, etc., though.
- Stores media
- Stores user-specific files for myself and family/friends
- Stores container backups
- Stores backups of various other third-party services (Google Drive, Photos, Dropbox, mail, etc)
- Synchronizes in-house backups with offsite Cloud Backup Storage
I needed a public domain name, hosted by someone who can both provide DDNS (so that I can keep my IP up-to-date), and API access to the nameserver records (so that I can set up automatic Let's Encrypt certificate issuance and renewal without needing to punch a hole in my firewall for an HTTP challenge).
I was using NoIp, until I realized that while their DDNS offering is great, their Managed DNS doesn't have the API access I'd need. So, I am currently using Namecheap, and am happy thus far. I am less happy about throwing a year's subscription fee to a provider who didn't meet my needs...entirely my fault for not considering things more carefully first.
There are lots of providers out there who fit the bill, however.
Here's more details on how I did it in my environment.
- Currently a hardware solution composed of Ubiquiti devices. Might go software someday, but I really like the convenience of a simple UniFi network, and it's flexible enough (so far) to meet my needs.
- Also provides me a place to set up local DNS records, so that I can bind internal IPs to a public domain and secure them with proper certificates.
- I'm currently playing with Home Assistant. While I like the idea of running it in a VM (can't containerize, as
it needsI want add-ons that are themselves containers), it's a key part of my system, and I prefer separate physical hardware into which I can plug a couple of USB dongles for Z-Wave/Zigbee/Matter control. - I do require that it be accessed only from inside my network, and I have set up the Let's Encrypt add-on to secure communications inside the network too. (Other tools I used: the Certificate Expiry sensor, and a nifty blueprint which uses said sensor to renew the certificate when needed. (Here's the initial post that showed me the way, as well as notes on how I resolved a name resolution problem.)
For my first server: any Debian system, basically minimum features + ssh (e.g. Raspberry Pi 4, since I have a spare). Easy to spin up another on any hardware I have lying around.
- Reverse proxy/traffic manager/SSL chokepoint. trafik
- Container management GUI. Portainer
- Backup manager (to get container data backed up to the NAS). borg
- Performance monitoring. Prometheus/Loki/Grafana?
- TBD IDS/IPS/Vulnerability scanning
- Notifications ntf
- IP banning tool fail2ban
- SSO/LDAP authelia/LLDAP
- TBD RSS aggregator. Probably TinyTinyRSS
- TBD File sharing system
- Node-red. Mostly for fun and education, as I've not yet come close to finding things that Home Assistant can't do.
- TBD MQTT Broker. Mosquitto seems like a good place to start.
- TBD NVR and video analysis. Frigate?