SelfHosting Updates - End Summer 2025
Summer is almost gone…
TL;DR:
Lately I have been tinkering with Python Web Apps and with SGGs.
A Post for anyone just starting with a home server.
+++ If you like Music, this is how to have your DIY spotify - server setup via container +++ Revisited the FireBat AK2 and added https via Traefik
Intro
If you are new with SelfHosting and HomeLab in general, just remember to get started properly:
Install some Linux (or try with a VM first / via wsl on your Windows)
Get docker installed like a PRO with such script
curl -O https://raw.githubusercontent.com/JAlcocerT/Linux/main/Z_Linux_Installations_101/Selfhosting_101.sh
nano Selfhosting_101.sh #MAKE SURE YOU UNDERSTAND WHAT YOU WILL BE RUNNING FIRST
#chmod +x Selfhosting_101.sh
#sudo ./Selfhosting_101.sh If you want, you can get Podman instead of Docker:
sudo apt install podman
podman --versionOpen Portainer
localhost:9000and start deploying apps other people created (FAST)Get a domain (TLD) and bring https when you feel confortable.
Along the way…
- Understand what chmod does: https://it-tools.tech/chmod-calculator
- Dont be afraid of the terminal. Embrace the CLI and SSH ( Termix will help! )
- Crontab to schedule tasks: https://it-tools.tech/crontab-generator
- Get in love with docker compose: https://it-tools.tech/docker-run-to-docker-compose-converter
- Understand apt packages and how to manage them
SelfHosting Sept 25
At some point, you will need these docker commands:
#df -h #check space
docker stop $(docker ps -a -q) #stop all
#docker volume rm $(docker volume ls -q | grep -v '^portainer_data$') #rm all volumes but portainer
#docker system df
#docker image prune -a
#docker builder prune -a --force
docker system prune --all --volumes #release space from old containers
#docker system prune --all --volumes #just clean all...Be aware that named volumes, which are not removed by default with docker system prune as they might contain important data.
But you can have such script to clean all volumes that are not associated to a running containre.
Just be careful:
comm -23 <(docker volume ls -q | sort) <(docker ps --format '{{.Names}}' | xargs -I {} docker inspect --format '{{range .Mounts}}{{if .Name}}{{.Name}}
{{end}}{{end}}' {} 2>/dev/null | sort -u) | xargs -r docker volume rmHTTPs Everywhere
When you will be confortable with containers, you will want to bring https instead of having that insecure http.
I got to know about: https://github.com/FiloSottile/mkcert
#sudo apt install mkcert #https://github.com/jeffcaldwellca/mkcertWebA simple zero-config tool to make locally trusted development certificates with any names you’d like.
But I would recommend to go directly to a ,proper’ Cloudflare or Traefik v3.3 setup
To access securely your services outside home, You have low config VPNs like tailscale.
# Enable IPv4 forwarding
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
# Enable IPv6 forwarding
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
# Apply the changes immediately
sudo sysctl -p /etc/sysctl.conf
#sudo tailscale up --advertise-exit-node
#sudo tailscale set --advertise-exit-node=trueGo to https://login.tailscale.com/admin/machines and configure your exit node

For more advance users exploring DNS: see PiHole and DuckDNS.
But as of today i’d rather keep these https setups:
- Setup NGINX to get https via UI as per this guide
- Or go the Traefik v3.3 approach (programatic https) as per this other guide
- Just use cloudflared…
Setup NGINX
How to setup -PiHole and UnBound DNS with FireBat
Setup Syncthing
P2P Syncing between home devices with Filebrowser
Setup NextCloud in your Home Server with Https
With Traefik with a domain pointing to a private IP address
As a NC has recently made a release: https://hub.docker.com/_/nextcloud/tags
sudo docker compose -f docker-compose.traefik.yml up -d
#/media/casa/Datos_copia_2
#/home/casa/Home-Lab/nextcloud
sudo docker compose -f docker-compose.traefik.yml ps
#ping nextcloud.casa.jalcocertech.com
#ifconfig enp1s0
#sudo docker inspect nextcloud
#docker inspect nc -f '{{range $net, $conf := .NetworkSettings.Networks}}{{$net}} ({{$conf.IPAddress}}){{end}}'
#docker network inspect traefik_traefik-proxy --format '{{range .Containers}}{{.Name}} ({{.IPv4Address}}) - {{.MacAddress}}{{"\n"}}{{end}}'
If you want a photo centered selfhosted app, see Immich, which just released v2.0
Make sure your router DHCP settings does not change the private ip of your homelab, or your cloudflare x traefik setup will be pointing to a wrong ip:

See also…
These posts might help:
Conclusions
Autumn is almost here.
And is a great chance to tinker with your miniPC and homelab.
Try new desktop apps for your linux system and install them via:
Example, install RustDesk or Reminna to control your new miniPC from your laptop (with full UI access):
flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
flatpak install flathub com.rustdesk.RustDesk
> See also [appimagelauncher](https://jalcocert.github.io/JAlcocerT/flask-cms-for-ssgs/#lately-i) :)I promised recently that I wont do more static sites for people.
And consequently, this has not been a DFY (done for you), but a DWY (done with you) recap of this and this web setups.
This is how the session went:
Just make sure to have all you need for HUGO or Astro web development ready
Plot twist.
You will never stop learning, as more and more selfhosted apps will catch our attention:
For example, Homarr:
- Networking, Domains and DNS, SSL…
- Creating your own containers…
Fortunately, there are amazing resources to give you ideas:
- From this one you will get weekly projects to have a look ( Plot Twist: you wont have time to see them all)
MIT | The open-source CapCut alternative
MIT | A Cloudflare alternative for local and cloud use, can be used ontop of cloudflare for cloudflares paid features, but for free!
Youtube is a great source for great tutorials too: Jims Garage, Christian Lempa, Tech with Nana, NetworkChuck, Pelado Nerd (in Spanish), DB Tech…
I will never be able to thank them enough for all they have taught me already (and to other great channels that would make the list too long).
If you ever wandered what are the most popular repos: https://gitstar-ranking.com/repositories
Remember about:
- Free goodies: https://free-for.dev/#/ and https://freestuff.dev/alternative/clerk/
Lately I…
They are also placed into the new Home-Lab repo and the stack of this post will be placed also accordingly:
I have updated the docker-compose.yml and Dockerfiles at:
Astro Theme Selection | Blog 101 with PPTs đ
git clone https://github.com/monakit/monakit
npm install
npm run dev -- --host 0.0.0.0 --port 4321 #http://192.168.1.11:4321/This theme uses revealJS for the ppts, a candidate for an upcoming blog.jalcocertech.com
You can add pretty quick an n8n embedded chatbot to these kind of sites.
HUGO Theme | Blog 101 đ
git clone https://github.com/JAlcocerT/EntreAgujayPunto
#install go
wget https://go.dev/dl/go1.21.1.linux-armv6l.tar.gz
sudo tar -C /usr/local -xvzf go1.21.1.linux-armv6l.tar.gz
export PATH=$PATH:/usr/local/go/bin
source ~/.bashrc
go version
#https://github.com/gohugoio/hugo/releases/tag/v0.123.0
wget https://github.com/gohugoio/hugo/releases/download/v0.123.0/hugo_extended_0.123.0_linux-amd64.deb -O hugo_specific_version.deb && \
sudo dpkg -i hugo_specific_version.deb && \
rm hugo_specific_version.deb && \
source ~/.bashrc
hugo version
hugo server --bind="0.0.0.0" --baseURL="http://192.168.1.106" --port=1313To put astro/hugo inside a container is as simple as:
Once you have your theme selected and tweaked, maybe even with custom shortcodes/components…
You have to host it somewhere so that others can see what you created.
Option A: You can use any of these 3rd party free static hosting
Example:
https://box2overtake.com/orproyectorutasmoto.web.app
Option B: create your container to selfhost astro/hugo/whatever ssg and expose it publically via cloudflare tunnels.
Using your HomeLab to host a cool website, like this ebook landing, is as simple as understanding those!
Want sth more? See how to use your SSG with IPFS and ENS (WEB3 ready!)
Pi and IoT
Ive been tinkering with MicroControllers and MQTT protocol.
Microcontrollers like the esp32 and some creativity can get you even a ebook reader as per this video
New Software
Ive also tried:
With CTRL+ALT+C it gets really compact!
With CTRL+H, it opens your synced tab, so you can see your mobile firefox tabs on desktop :)
#pkill -9 brave #brave was not behaving properly lately...
flatpak install flathub app.zen_browser.zenWelcome to a calmer internet | Firefox based
Zen offers a “Sync” feature, which is implemented using Mozilla Firefox’s Sync feature.
FAQ
Your Music Server
Got that server running with containers?
Congrats, you can no whave your DIY spotify: A music webapp server that stores whatever your bring them, like from here
Your music your rules.
sh -lc 'echo "Current user: $(whoami)"; id; echo "UID: $(id -u)"; echo "GID: $(id -g)"; echo "Groups: $(id -Gn)"' For android, you have as client ultrasonic: https://gitlab.com/ultrasonic/ultrasonic
Free and open-source music streaming Android client for Subsonic API compatible servers
With Supported (tested) Subsonic API implementations: Subsonic, Airsonic-Advanced, Supysonic, Ampache
You also have substreamer app on ios or android (as a client), they also have: https://hub.docker.com/r/ghenry22/substreamer
Just that its not OSS
See also MeTube and Navidrome:

Youtube FE
If you are creating youtube videos from your action cam and storing them just there: you can download them later on, so you can review your travel stories during those long flights.

There are more alternatives, like:
Unlicensed | A clean and minimal youtube frontend, without all the ads and whistles
HomeLab Commands
- Whats taking that much space?
#sudo du -ahx / | sort -rh | head -n 50
sudo du -ahx . | sort -rh | head -n 50 #from current folder and below- I want to clean old container stuff
docker builder prune
#docker system prune -a
docker volume prune
docker image prune -a- Stop all containers, but portainer:
#docker ps -a -q --filter 'name=!portainer'
docker ps -q | grep -v portainer | xargs docker stop- How much resources are those containers cosuming?
docker-compose stats
#sudo docker stats 7dfdfce97523
#sudo docker stats nextcloud
#docker stats typebot-builder typebot-viewer typebot-db
docker stats $(docker ps --filter "name=typebot" --format "{{.Names}}")
#docker stats -aSee also lazydocker!
Git Sync
From https://akashrajpurohit.com/blog/initial-vps-setup-checklist-first-30-minutes/
đ A simple tool to backup and sync your git repositories
How to Change USB Size
This has been useful few times already (from Windows):
Diskpart
List disk
select disk N
clean
create partition primaryWhich Linux to get started?
To not complicate things: Just get Ubuntu LTS with GNOME.
If this is your first time, take it easy on the learning journey and for now, dont trust your new miniPC as unique storage of anything
You can also consider:
Lubuntu - Because it requires just ~700mb of RAM
Ubuntu if you want the same, but with GNOME
You can have ubuntu without UI, if you plan to use your server’s terminal only
- Garuda, if you want to say I use ARCH BTW. Mind the steep learning curve.
How exactly?
Well, first try download them and run it via a VM.
Then, setup VENTOY into your USBs and bring your favourite one.
Backup Github
Gitea and Gogs: Lightweight self-hosted Git services. They support mirroring repositories from GitHub, providing a continuously synced backup
Which Devices are connected to my router?
- First get to know
whois your router:
ip route | grep default- Then, inspect:
nmap -sn 192.168.1.0/24
# Starting Nmap 7.80 ( https://nmap.org ) at 2025-09-26 11:43 CEST
# Nmap scan report for _gateway (192.168.1.1)
# Host is up (0.025s latency).
# Nmap scan report for 192.168.1.103
# Host is up (0.067s latency).
# Nmap scan report for BYOD-00335 (192.168.1.104)
# Host is up (0.000095s latency).
# Nmap done: 256 IP addresses (3 hosts up) scanned in 3.63 seconds(Optional) get the mac/vendor of one of them:
ping -c 4 192.168.1.106
#nmap -O 192.168.1.106
#tailscale status
sudo tailscale up --force-reauth #just in case you forgot to extend the expirySee the life traffic over a network:
ifconfig enp1s0
vnstat -l -i enp1s0 # live mode (Ctrl+C to stop)
#vnstat -l -i proton0 # live mode (Ctrl+C to stop)
#ip -s link show wlp3s0#https://protonvpn.com/support/official-linux-vpn-debian/
wget https://repo.protonvpn.com/debian/dists/stable/main/binary-all/protonvpn-stable-release_1.0.8_all.deb
sudo dpkg -i ./protonvpn-stable-release_1.0.8_all.deb && sudo apt update
#echo "0b14e71586b22e498eb20926c48c7b434b751149b1f2af9902ef1cfe6b03e180 protonvpn-stable-release_1.0.8_all.deb" | sha256sum --check -
sudo apt install proton-vpn-gnome-desktopIts recommended to do p2p behind a VPN so that hackers can attack youe public IP address
But hey, this is just to do legal stuff, like sharing OSS images, like ubuntu.
Dont dare to watch f movies with your cat. Not interesting fmhy repo https://fmhy.net/posts/sept-2025
Neither read the anna’s archive.
Those might be down: https://www.isitdownrightnow.com/
You know, just in case your cool site gets banned without a reason:

Hello Again Firebat
After one year of putting the FireBat AK2 up and running…
I realized that not everyone is ready to have a PC 24/7.
Because: what is it doing exactly?
Plus…tailscale can get expired and access lost for the admin.
And that has a point, actually.
ssh casa@192.168.1.106
#du -sh . # Human-readable size of current folder
du -sh /media/casa/Datos_copia_2/PerriChico
#du -sh .* | sort -h
#du -h --max-depth=2 # Two levels deep
#rm *.LRF #clean (if needed) all LRF files
sudo snap install vlc
sudo apt update && sudo apt install ubuntu-restricted-extrasSo I decided to propose a new homelab architecture….
Traefik v3.3 + Cloudflare + Tailscale IP
- acme.json
- config.yml
- traefik.yml
git clone https://github.com/JAlcocerT/Home-Lab
cd ./Home-Lab/traefik
#https://jalcocert.github.io/JAlcocerT/testing-tinyauth/
#https://fossengineer.com/selfhosting-traefik/curl "https://api.cloudflare.com/client/v4/user/tokens/verify" \
-H "Authorization: Bearer abcdefg12345709"
sudo apt install apache2-utils
echo $(htpasswd -nB admin) | sed -e s/\\$/\\$\\$/g
#cd ./Home-Lab/traefik
touch /home/casa/Home-Lab/traefik/acme.json #blank, just change the permissions to 600 later (private key)
touch /home/casa/Home-Lab/traefikacme.yml
touch /home/casa/Home-Lab/traefik/traefik.ymlchmod 600 ./acme.json && \
chmod 600 ./traefik.yml #or it will be a security risk for other users to see the privatekeyMake sure to point CF DNS records, maybe using script https://github.com/JAlcocerT/waiting-to-landing/blob/main/cloudflare-dns-updater.py
For which you will need the ZoneID of your Domain as well as per this .env.sample
sudo snap install jq
sudo snap install yq
# Get zone ID of your domain via CLI instead of Cloudflare UI
curl -s -X GET "https://api.cloudflare.com/client/v4/zones?name=jalcocertech.com" \
-H "Authorization: Bearer $cf_token" \
-H "Content-Type: application/json" | jq -r '.result[0].id'These are the only ones you will see configured in cloudflare DNS: if you want, change that private IP for your tailscale one

#python3 cf-dns-updater.py
dig +short casa.jalcocertech.com A
ping casa.jalcocertech.com
nslookup casa.jalcocertech.com
We are going to get https://casa.jalcocertech.com/ and https://auth.casa.jalcocertech.com/login working pretty soon…
touch config/acme.json && chmod 600 config/acme.jsonsudo docker compose up -d
sudo docker logs traefikOnce Traefik is deployed, go to: https://casa.jalcocertech.com/dashboard/#/http/routers

You can also check with
CTRL+Iwithin firefox
Example 1: Traefik + already created (from others) webapps â
dig +short silverbullet.casa.jalcocertech.com A
ping silverbullet.casa.jalcocertech.com
nslookup silverbullet.casa.jalcocertech.com
ping portainer.casa.jalcocertech.com
Example 2 Traefik + your (flask/dash/whatever) webapp â
Example with ThreeBodies (flask)
git clone https://github.com/JAlcocerT/ThreeBodies
cd ThreeBodies
#make docker-upOr with Trip Planner… with this traefik+tinyauth compose
git clone https://github.com/JAlcocerT/Py_Trip_Planner
cd Py_Trip_Planner
#make docker-up
#cd trip-planner #from homelab repo
sudo docker compose -f docker-compose.traefik.yml up -dExample 3 Traefik + a Web App + Tinyauth â
If you need a webapp on your homelab that does not bring some user/pwd, like OpenSpeedTest…
This method will allow to authenticate webapps via user/pwd or with Oauth like GH.

https://github.com/JAlcocerT/Home-Lab/blob/main/open-speed-test/docker-compose.traefik.yml

We will need to create a Github OAUTH App: https://auth.casa.jalcocertech.com

Add the link as per your subdomain: https://auth.casa.jalcocertech.com/api/oauth/callback/github


- Then, registre the application. Get its ID and and its client secret:

Those are required for
environment:
- GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID} #For GitHub OAuth
- GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET}- When its done, we will be Seeing the application: https://github.com/settings/applications/3023538
particularly at the OAUTH developer section.

Just spin up Tiny Auth with: https://github.com/JAlcocerT/Home-Lab/blob/main/tinyauth/docker-compose.firebat.yml
cd tinyauth
#sudo docker compose up -d
docker compose -f docker-compose.firebat.yml up -dNow, go to https://auth.casa.jalcocertech.com or whatever subdomain you placed.
See that this works without touching any configuration nor Cloudflare DNS and we already have the HTTPs and the dns pointing
nslookup auth.casa.jalcocertech.com
Authorize the app And you will be logged in!

Remember that you can also add Users/pwd to TinyAuth via the .env:
echo $(htpasswd -nB jalcocert) | sed -e s/\\$/\\$\\$/g
sudo docker restart tinyauth
Now, for OpenSpeedTest to use TinyAuth via Traefik:
cd
sudo docker compose -f docker-compose.traefiktinyauth.yml up -d
##command: tail -f /dev/null #in case you need to keep runningAnd there you go
https://openspeedtest.casa.jalcocertech.com/
The only additional part to the dockercompose service label (like openspeedtest), is the
traefik.http.routers.openspeedtest-secure.middlewares=tinyauth
Thanks again to Jims Garage!
Imo, much better than the cloudflare webapp authentication method we saw some time ago: yet still coding for entrepreneurs approach is also great


