SelfHosting Updates - End Summer 2025

SelfHosting Updates - End Summer 2025

September 28, 2025

Summer is almost gone…

TL;DR:

Lately I have been tinkering with Python Web Apps and with SGGs.

A Post for anyone just starting with a home server.

+++ If you like Music, this is how to have your DIY spotify - server setup via container

Intro

If you are new with SelfHosting and HomeLab in general, just remember to get started properly:

  1. Install some Linux (or try with a VM first / via wsl on your Windows)

  2. Get docker installed like a PRO with such script

curl -O https://raw.githubusercontent.com/JAlcocerT/Linux/main/Z_Linux_Installations_101/Selfhosting_101.sh
nano Selfhosting_101.sh #MAKE SURE YOU UNDERSTAND WHAT YOU WILL BE RUNNING FIRST

#chmod +x Selfhosting_101.sh
#sudo ./Selfhosting_101.sh 

If you want, you can get Podman instead of Docker:

sudo apt install podman
podman --version
  1. Open Portainer localhost:9000 and start deploying apps other people created (FAST)

  2. Start creating and deploying your Apps

  3. Get a domain (TLD) and bring https when you feel confortable.

  4. Along the way…


SelfHosting Sept 25

At some point, you will need these docker commands:

#df -h #check space
docker stop $(docker ps -a -q) #stop all
#docker volume rm $(docker volume ls -q | grep -v '^portainer_data$') #rm all volumes but portainer

#docker system df
#docker image prune -a 
#docker builder prune -a --force
docker system prune --all --volumes #release space from old containers

#docker system prune --all --volumes #just clean all...

HTTPs Everywhere

When you will be confortable with containers, you will want to bring https instead of having that insecure http.

I got to know about: https://github.com/FiloSottile/mkcert

#sudo apt install mkcert #https://github.com/jeffcaldwellca/mkcertWeb

A simple zero-config tool to make locally trusted development certificates with any names you’d like.

To access securely your services outside home, You have low config VPNs like tailscale.

For more advance users, and exploring DNS, see PiHole and DuckDNS.

But as of today i’d rather keep these https setups:

  • Setup NGINX to get https via UI as per this guide
  • Or go the Traefik v3.3 approach (programatic https) as per this other guide
  • Just use cloudflared…

As a NC has recently made a release: https://hub.docker.com/_/nextcloud/tags

sudo docker compose -f docker-compose.traefik.yml up -d
#/media/casa/Datos_copia_2
#/home/casa/Home-Lab/nextcloud
sudo docker compose -f docker-compose.traefik.yml ps

#ping nextcloud.casa.jalcocertech.com
#ifconfig enp1s0

#sudo docker inspect nextcloud
#docker inspect nc -f '{{range $net, $conf := .NetworkSettings.Networks}}{{$net}} ({{$conf.IPAddress}}){{end}}'
#docker network inspect traefik_traefik-proxy --format '{{range .Containers}}{{.Name}} ({{.IPv4Address}}) - {{.MacAddress}}{{"\n"}}{{end}}'

alt text

If you want a photo centered selfhosted app, see Immich, which just released v2.0

Make sure your router DHCP settings does not change the private ip of your homelab, or your cloudflare x traefik setup will be pointing to a wrong ip:

alt text

See also…


Conclusions

Autumn is almost here.

And is a great chance to tinker with your miniPC and homelab.

Try new desktop app for your linux system and install them via:

See also appimagelauncher :)

I promised recently that I wont do more static sites for people.

And consequently, this has not been a DFY (done for you), but a DWY (done with you) recap of this and this web setup

Just make sure to have all you need for HUGO or Astro web development ready

Plot twist, you will never stop learning, as more and more selfhosted apps will catch our attention:

  • Networking, Domains and DNS, SSL…
  • Creating your containers…

Fortunately, there are amazing resources to give you ideas:

  1. https://selfh.st/

MIT | The open-source CapCut alternative

  1. https://github.com/jmlcas?tab=repositories

Youtube is a great source for great tutorials too: Jims Garage, Christian Lempa, Tech with Nana, NetworkChuck, Pelado Nerd (in Spanish), DB Tech…

I will never be able to thank them enough for all they have taught me already (and to other great channels that would make the list too long).

If you ever wandered what are the most popular repos: https://gitstar-ranking.com/repositories

Remember about:

  1. Free goodies: https://free-for.dev/#/ and https://freestuff.dev/alternative/clerk/

Lately I…

They are also placed into the new Home-Lab repo and the stack of this post will be placed also accordingly:

I have updated the docker-compose.yml and Dockerfiles at:

Astro Theme Selection | Blog 101 with PPTs 📌
git clone https://github.com/monakit/monakit
npm install
npm run dev -- --host 0.0.0.0 --port 4321 #http://192.168.1.11:4321/

This theme uses revealJS for the ppts, a candidate for an upcoming blog.jalcocertech.com

You can add pretty quick an n8n embedded chatbot to these kind of sites.

HUGO Theme | Blog 101 📌
git clone https://github.com/JAlcocerT/EntreAgujayPunto

#install go
wget https://go.dev/dl/go1.21.1.linux-armv6l.tar.gz
sudo tar -C /usr/local -xvzf go1.21.1.linux-armv6l.tar.gz
export PATH=$PATH:/usr/local/go/bin
source ~/.bashrc
go version

#https://github.com/gohugoio/hugo/releases/tag/v0.123.0
wget https://github.com/gohugoio/hugo/releases/download/v0.123.0/hugo_extended_0.123.0_linux-amd64.deb -O hugo_specific_version.deb && \
sudo dpkg -i hugo_specific_version.deb && \
rm hugo_specific_version.deb && \
source ~/.bashrc

hugo version
hugo server --bind="0.0.0.0" --baseURL="http://192.168.1.106" --port=1313

To put astro/hugo inside a container is as simple as:

Once you have your theme selected and tweaked, you have to host it:

Option A: You can use any of these 3rd party free static hosting

Example: https://box2overtake.com/ or proyectorutasmoto.web.app

Option B: create your container to selfhost astro/hugo/whatever ssg and expose it publically via cloudflare tunnels.

Using your HomeLab to host a cool website, like this ebook landing, is as simple as understanding those!

Want sth more? See how to use your SSG with IPFS and ENS (WEB3 ready!)

Pi and IoT

Ive been tinkering with MicroControllers and MQTT protocol.

New Software

Ive also tried:

  1. Tried Zen browser: https://zen-browser.app/download/

With CTRL+ALT+C it gets really compact!

#pkill -9 brave #brave was not behaving properly lately...
flatpak install flathub app.zen_browser.zen

Welcome to a calmer internet | Firefox based

Zen offers a “Sync” feature, which is implemented using Mozilla Firefox’s Sync feature.

Had a look to couple of tools for diagrams

  1. https://github.com/stan-smith/FossFLOW

Make beautiful isometric infrastructure diagrams

  1. https://markmap.js.org/ and https://github.com/markmap/markmap

It renders text to diagram and can reference files: https://gist.githubusercontent.com/raw/af76a4c245b302206b16aec503dbe07b/markmap.md

MIT | Build mindmaps with plain text

Other

Link analytics solutions, like Kutt:

SelfHosting Kutt

Kutt Links


FAQ

Your Music Server

Got that server running with containers?

Congrats, you can no whave your DIY spotify: A music webapp server that stores whatever your bring them, like from here

Your music your rules.

sh -lc 'echo "Current user: $(whoami)"; id; echo "UID: $(id -u)"; echo "GID: $(id -g)"; echo "Groups: $(id -Gn)"' 

For android, you have as client ultrasonic: https://gitlab.com/ultrasonic/ultrasonic

Free and open-source music streaming Android client for Subsonic API compatible servers

With Supported (tested) Subsonic API implementations: Subsonic, Airsonic-Advanced, Supysonic, Ampache

You also have substreamer app on ios or android (as a client), they also have: https://hub.docker.com/r/ghenry22/substreamer

Just that its not OSS

See also MeTube and Navidrome:

NaviDrome UI

â„šī¸
Get tailscale VPN on your server and phone. Enjoy your music from anywhere.

Youtube FE

If you are creating youtube videos and storing them just there: you can download them later on, so you can review your travel stories during those long flights.

MeTube UI

There are more alternatives, like:

Unlicensed | A clean and minimal youtube frontend, without all the ads and whistles

HomeLab Commands

  1. Whats taking that much space?
#sudo du -ahx / | sort -rh | head -n 50
sudo du -ahx . | sort -rh | head -n 50 #from current folder and below
  1. I want to clean old container stuff
docker builder prune
#docker system prune -a
docker volume prune
docker image prune -a
  1. Stop all containers, but portainer:
#docker ps -a -q --filter 'name=!portainer'
docker ps -q | grep -v portainer | xargs docker stop
  1. How much resources are those containers cosuming?
docker-compose stats
#sudo docker stats 7dfdfce97523
#sudo docker stats nextcloud
#docker stats typebot-builder typebot-viewer typebot-db

docker stats $(docker ps --filter "name=typebot" --format "{{.Names}}")
#docker stats -a

See also lazydocker!

Git Sync

From https://akashrajpurohit.com/blog/initial-vps-setup-checklist-first-30-minutes/

🔄 A simple tool to backup and sync your git repositories

How to Change USB Size

This has been useful few times already (from Windows):

Diskpart
List disk
select disk N
clean 
create partition primary

Which Linux to get started?

To not complicate things: Just get Ubuntu LTS with GNOME.

If this is your first time, take it easy on the learning journey and for now, dont trust your new miniPC as unique storage of anything

You can also consider:

  1. Lubuntu - Because it requires just ~700mb of RAM

  2. Ubuntu if you want the same, but with GNOME

You can have ubuntu without UI, if you plan to use your server’s terminal only

  1. Garuda, if you want to say I use ARCH BTW. Mind the steep learning curve.

How exactly?

Well, first try download them and run it via a VM.

Then, setup VENTOY into your USBs and bring your favourite one.

Backup Github

  1. https://github.com/TimWitzdam/GitSave

  2. Gitea and Gogs: Lightweight self-hosted Git services. They support mirroring repositories from GitHub, providing a continuously synced backup

Which Devices are connected to my router?

  1. First get to know who is your router:
ip route | grep default
  1. Then, inspect:
nmap -sn 192.168.1.0/24
# Starting Nmap 7.80 ( https://nmap.org ) at 2025-09-26 11:43 CEST
# Nmap scan report for _gateway (192.168.1.1)
# Host is up (0.025s latency).
# Nmap scan report for 192.168.1.103
# Host is up (0.067s latency).
# Nmap scan report for BYOD-00335 (192.168.1.104)
# Host is up (0.000095s latency).
# Nmap done: 256 IP addresses (3 hosts up) scanned in 3.63 seconds

(Optional) get the mac/vendor of one of them:

ping -c 4 192.168.1.106
#nmap -O 192.168.1.106
#tailscale status
sudo tailscale up --force-reauth #just in case you forgot to extend the expiry

See the life traffic over a network:

ifconfig enp1s0
vnstat -l -i enp1s0   # live mode (Ctrl+C to stop)
#vnstat -l -i proton0   # live mode (Ctrl+C to stop)
â„šī¸
If you are looking for HomeLab Privacy see this post for a stronger homelab (vpn section)
#https://protonvpn.com/support/official-linux-vpn-debian/
wget https://repo.protonvpn.com/debian/dists/stable/main/binary-all/protonvpn-stable-release_1.0.8_all.deb
sudo dpkg -i ./protonvpn-stable-release_1.0.8_all.deb && sudo apt update
#echo "0b14e71586b22e498eb20926c48c7b434b751149b1f2af9902ef1cfe6b03e180 protonvpn-stable-release_1.0.8_all.deb" | sha256sum --check -
sudo apt install proton-vpn-gnome-desktop

Its recommended to do p2p behind a VPN so that hackers can attack youe public IP address

As seen in 0625, Reddit knows your thing

But hey, this is just to do legal stuff, like sharing OSS images, like ubuntu.

Dont dare to watch f movies with your cat :)

Those might be down: https://www.isitdownrightnow.com/

You know, just in case your cool site gets banned without a reason:

LaLiga Cloudflare Unjustified Ban

Hello Again Firebat

After one year of putting the FireBat AK2 up and running…

I realized that not everyone is ready to have a PC 24/7.

Because: what is it doing exactly?

Plus…tailscale can get expired and access lost for the admin.

And that has a point, actually.

ssh casa@192.168.1.106
#du -sh .                    # Human-readable size of current folder
du -sh /media/casa/Datos_copia_2/PerriChico
#du -sh .* | sort -h
#du -h --max-depth=2         # Two levels deep
#rm *.LRF #clean (if needed) all LRF files
sudo snap install vlc
sudo apt update && sudo apt install ubuntu-restricted-extras

So I decided to propose a new homelab architecture….

Traefik v3.3 + Cloudflare + Tailscale IP

    • acme.json
    • config.yml
    • traefik.yml
  • docker-compose.yaml
  • .env
  • cf-token
  • git clone https://github.com/JAlcocerT/Home-Lab
    cd ./Home-Lab/traefik
    #https://jalcocert.github.io/JAlcocerT/testing-tinyauth/
    #https://fossengineer.com/selfhosting-traefik/
    curl "https://api.cloudflare.com/client/v4/user/tokens/verify" \
         -H "Authorization: Bearer abcdefg12345709"

    Cloudfalre API Tokens for Traefik v3

    sudo apt install apache2-utils
    echo $(htpasswd -nB admin) | sed -e s/\\$/\\$\\$/g

    Traefik UI

    #cd ./Home-Lab/traefik
    touch /home/casa/Home-Lab/traefik/acme.json #blank, just change the permissions to 600 later (private key)
    touch /home/casa/Home-Lab/traefikacme.yml
    touch /home/casa/Home-Lab/traefik/traefik.yml
    chmod 600 ./acme.json && \
    chmod 600 ./traefik.yml #or it will be a security risk for other users to see the privatekey

    Make sure to point cf DNS records, maybe using script https://github.com/JAlcocerT/waiting-to-landing/blob/main/cloudflare-dns-updater.py

    For which you will need the ZoneID of your Domain as well as per this .env.sample

    sudo snap install jq
    sudo snap install yq
    # Get zone ID of your domain via CLI instead of Cloudflare UI
    curl -s -X GET "https://api.cloudflare.com/client/v4/zones?name=jalcocertech.com" \
      -H "Authorization: Bearer $cf_token" \
      -H "Content-Type: application/json" | jq -r '.result[0].id'
    âš ī¸
    The only DNS you need to point is the one for Traefik, the rest is done automatically as per the labels!

    These are the only ones you will see configured in cloudflare DNS: if you want, change that private IP for your tailscale one

    cf DNS setup with traefik

    #python3 cf-dns-updater.py
    dig +short casa.jalcocertech.com A
    ping casa.jalcocertech.com
    nslookup casa.jalcocertech.com

    alt text

    We are going to get https://casa.jalcocertech.com/ and https://auth.casa.jalcocertech.com/login working pretty soon…

    touch config/acme.json && chmod 600 config/acme.json
    sudo docker compose up -d
    sudo docker logs traefik
    â„šī¸
    This uses DNSchallenge (instead of https), so you dont have to open any ports :)

    Once Traefik is deployed, go to: https://casa.jalcocertech.com/dashboard/#/http/routers

    alt text

    Example 1: Traefik + already created (from others) webapps ✅

    dig +short silverbullet.casa.jalcocertech.com A
    ping silverbullet.casa.jalcocertech.com
    nslookup silverbullet.casa.jalcocertech.com
    
    ping portainer.casa.jalcocertech.com

    alt text

    Example 2 Traefik + your (flask/dash/whatever) webapp ✅

    Example with ThreeBodies (flask)

    git clone https://github.com/JAlcocerT/ThreeBodies
    cd ThreeBodies
    #make docker-up

    Or with Trip Planner… with this traefik+tinyauth compose

    git clone https://github.com/JAlcocerT/Py_Trip_Planner
    cd Py_Trip_Planner
    #make docker-up
    
    #cd trip-planner #from homelab repo
    sudo docker compose -f docker-compose.traefik.yml up -d

    Example 3 Traefik + a Web App + Tinyauth ✅

    If you need a webapp on your homelab that does not bring some user/pwd, like OpenSpeedTest

    This method will allow to authenticate webapps via user/pwd or with Oauth like GH.

    traefik working with openspeedtest with custom subdomain

    https://github.com/JAlcocerT/Home-Lab/blob/main/open-speed-test/docker-compose.traefik.yml

    Just in case you dont want to use the regular hosted speedtest

    We will need to create a Github OAUTH App: https://auth.casa.jalcocertech.com

    Github Apps

    1. Go to https://github.com/settings/applications/new

    Add the link as per your subdomain: https://auth.casa.jalcocertech.com/api/oauth/callback/github

    Github OAUTH

    alt text

    1. Then, registre the application. Get its ID and and its client secret:

    Github Secret

    Those are required for

        environment:
          - GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID} #For GitHub OAuth
          - GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET}
    1. When its done, we will be Seeing the application: https://github.com/settings/applications/3023538

    particularly at the OAUTH developer section.

    Github OAUTH App Created

    Just spin up Tiny Auth with: https://github.com/JAlcocerT/Home-Lab/blob/main/tinyauth/docker-compose.firebat.yml

    cd tinyauth
    #sudo docker compose up -d
    docker compose -f docker-compose.firebat.yml up -d

    Now, go to https://auth.casa.jalcocertech.com or whatever subdomain you placed.

    See that this works without touching any configuration nor Cloudflare DNS and we already have the HTTPs and the dns pointing

    nslookup auth.casa.jalcocertech.com

    TinyAuth UI with https

    Authorize the app And you will be logged in!

    Authorizing TinyAuth

    Remember that you can also add Users/pwd to TinyAuth via the .env:

    echo $(htpasswd -nB jalcocert) | sed -e s/\\$/\\$\\$/g
    sudo docker restart tinyauth

    TinyAuth hardcoded user and password

    Now, for OpenSpeedTest to use TinyAuth via Traefik:

    cd 
    sudo docker compose -f docker-compose.traefiktinyauth.yml up -d
    ##command: tail -f /dev/null #in case you need to keep running

    And there you go https://openspeedtest.casa.jalcocertech.com/

    The only additional part to the dockercompose service label (like openspeedtest), is the traefik.http.routers.openspeedtest-secure.middlewares=tinyauth

    Thanks again to Jims Garage!

    â„šī¸
    So any new service added to traefik (+tinyauth) is just a matter if its compose having proper labels, nothing else to be configured!

    Imo, much better than the cloudflare webapp authentication method we saw some time ago:

    alt text

    alt text

    More Free Resources

    1. https://fmhy.net/devtools#static-page-hosting from https://github.com/fmhy/edit

    2. https://free-for.dev/#/ from https://github.com/jixserver/free-for-dev