SelfHosting Updates - End Summer 2025
Summer is almost gone…
TL;DR:
Lately I have been tinkering with Python Web Apps and with SGGs.
A Post for anyone just starting with a home server.
+++ If you like Music, this is how to have your DIY spotify - server setup via container
Intro
If you are new with SelfHosting and HomeLab in general, just remember to get started properly:
Install some Linux (or try with a VM first / via wsl on your Windows)
Get docker installed like a PRO with such script
curl -O https://raw.githubusercontent.com/JAlcocerT/Linux/main/Z_Linux_Installations_101/Selfhosting_101.sh
nano Selfhosting_101.sh #MAKE SURE YOU UNDERSTAND WHAT YOU WILL BE RUNNING FIRST
#chmod +x Selfhosting_101.sh
#sudo ./Selfhosting_101.sh
If you want, you can get Podman instead of Docker:
sudo apt install podman
podman --version
Open Portainer
localhost:9000
and start deploying apps other people created (FAST)Get a domain (TLD) and bring https when you feel confortable.
Along the way…
- Understand what chmod does: https://it-tools.tech/chmod-calculator
- Dont be afraid of the terminal. Embrace the CLI and SSH ( Termix will help! )
- Crontab to schedule tasks: https://it-tools.tech/crontab-generator
- Get in love with docker compose: https://it-tools.tech/docker-run-to-docker-compose-converter
- Understand apt packages and how to manage them
SelfHosting Sept 25
At some point, you will need these docker commands:
#df -h #check space
docker stop $(docker ps -a -q) #stop all
#docker volume rm $(docker volume ls -q | grep -v '^portainer_data$') #rm all volumes but portainer
#docker system df
#docker image prune -a
#docker builder prune -a --force
docker system prune --all --volumes #release space from old containers
#docker system prune --all --volumes #just clean all...
HTTPs Everywhere
When you will be confortable with containers, you will want to bring https instead of having that insecure http.
I got to know about: https://github.com/FiloSottile/mkcert
#sudo apt install mkcert #https://github.com/jeffcaldwellca/mkcertWeb
A simple zero-config tool to make locally trusted development certificates with any names you’d like.
To access securely your services outside home, You have low config VPNs like tailscale.
For more advance users, and exploring DNS, see PiHole and DuckDNS.
But as of today i’d rather keep these https setups:
- Setup NGINX to get https via UI as per this guide
- Or go the Traefik v3.3 approach (programatic https) as per this other guide
- Just use cloudflared…
Setup NGINX
How to setup -PiHole and UnBound DNS with FireBat
Setup Syncthing
P2P Syncing between home devices with Filebrowser
Setup NextCloud in your Home Server with Https
With Traefik with a domain pointing to a private IP address
As a NC has recently made a release: https://hub.docker.com/_/nextcloud/tags
sudo docker compose -f docker-compose.traefik.yml up -d
#/media/casa/Datos_copia_2
#/home/casa/Home-Lab/nextcloud
sudo docker compose -f docker-compose.traefik.yml ps
#ping nextcloud.casa.jalcocertech.com
#ifconfig enp1s0
#sudo docker inspect nextcloud
#docker inspect nc -f '{{range $net, $conf := .NetworkSettings.Networks}}{{$net}} ({{$conf.IPAddress}}){{end}}'
#docker network inspect traefik_traefik-proxy --format '{{range .Containers}}{{.Name}} ({{.IPv4Address}}) - {{.MacAddress}}{{"\n"}}{{end}}'
If you want a photo centered selfhosted app, see Immich, which just released v2.0
Make sure your router DHCP settings does not change the private ip of your homelab, or your cloudflare x traefik setup will be pointing to a wrong ip:
See also…
Conclusions
Autumn is almost here.
And is a great chance to tinker with your miniPC and homelab.
Try new desktop app for your linux system and install them via:
See also appimagelauncher :)
I promised recently that I wont do more static sites for people.
And consequently, this has not been a DFY (done for you), but a DWY (done with you) recap of this and this web setup
Just make sure to have all you need for HUGO or Astro web development ready
Plot twist, you will never stop learning, as more and more selfhosted apps will catch our attention:
- Networking, Domains and DNS, SSL…
- Creating your containers…
Fortunately, there are amazing resources to give you ideas:
- From this one you will get weekly projects to have a look ( Plot Twist: you wont have time to see them all)
MIT | The open-source CapCut alternative
Youtube is a great source for great tutorials too: Jims Garage, Christian Lempa, Tech with Nana, NetworkChuck, Pelado Nerd (in Spanish), DB Tech…
I will never be able to thank them enough for all they have taught me already (and to other great channels that would make the list too long).
If you ever wandered what are the most popular repos: https://gitstar-ranking.com/repositories
Remember about:
- Free goodies: https://free-for.dev/#/ and https://freestuff.dev/alternative/clerk/
Lately I…
They are also placed into the new Home-Lab repo and the stack of this post will be placed also accordingly:
I have updated the docker-compose.yml
and Dockerfiles at:
Astro Theme Selection | Blog 101 with PPTs đ
git clone https://github.com/monakit/monakit
npm install
npm run dev -- --host 0.0.0.0 --port 4321 #http://192.168.1.11:4321/
This theme uses revealJS for the ppts, a candidate for an upcoming blog.jalcocertech.com
You can add pretty quick an n8n embedded chatbot to these kind of sites.
HUGO Theme | Blog 101 đ
git clone https://github.com/JAlcocerT/EntreAgujayPunto
#install go
wget https://go.dev/dl/go1.21.1.linux-armv6l.tar.gz
sudo tar -C /usr/local -xvzf go1.21.1.linux-armv6l.tar.gz
export PATH=$PATH:/usr/local/go/bin
source ~/.bashrc
go version
#https://github.com/gohugoio/hugo/releases/tag/v0.123.0
wget https://github.com/gohugoio/hugo/releases/download/v0.123.0/hugo_extended_0.123.0_linux-amd64.deb -O hugo_specific_version.deb && \
sudo dpkg -i hugo_specific_version.deb && \
rm hugo_specific_version.deb && \
source ~/.bashrc
hugo version
hugo server --bind="0.0.0.0" --baseURL="http://192.168.1.106" --port=1313
To put astro/hugo inside a container is as simple as:
Once you have your theme selected and tweaked, you have to host it:
Option A: You can use any of these 3rd party free static hosting
Example:
https://box2overtake.com/
orproyectorutasmoto.web.app
Option B: create your container to selfhost astro/hugo/whatever ssg and expose it publically via cloudflare tunnels.
Using your HomeLab to host a cool website, like this ebook landing, is as simple as understanding those!
Want sth more? See how to use your SSG with IPFS and ENS (WEB3 ready!)
Pi and IoT
Ive been tinkering with MicroControllers and MQTT protocol.
New Software
Ive also tried:
With CTRL+ALT+C
it gets really compact!
#pkill -9 brave #brave was not behaving properly lately...
flatpak install flathub app.zen_browser.zen
Welcome to a calmer internet | Firefox based
Zen offers a “Sync” feature, which is implemented using Mozilla Firefox’s Sync feature.
Had a look to couple of tools for diagrams
Make beautiful isometric infrastructure diagrams
It renders text to diagram and can reference files: https://gist.githubusercontent.com/raw/af76a4c245b302206b16aec503dbe07b/markmap.md
MIT | Build mindmaps with plain text
Other
Link analytics solutions, like Kutt:
FAQ
Your Music Server
Got that server running with containers?
Congrats, you can no whave your DIY spotify: A music webapp server that stores whatever your bring them, like from here
Your music your rules.
sh -lc 'echo "Current user: $(whoami)"; id; echo "UID: $(id -u)"; echo "GID: $(id -g)"; echo "Groups: $(id -Gn)"'
For android, you have as client ultrasonic: https://gitlab.com/ultrasonic/ultrasonic
Free and open-source music streaming Android client for Subsonic API compatible servers
With Supported (tested) Subsonic API implementations: Subsonic, Airsonic-Advanced, Supysonic, Ampache
You also have substreamer app on ios or android (as a client), they also have: https://hub.docker.com/r/ghenry22/substreamer
Just that its not OSS
See also MeTube and Navidrome:
Youtube FE
If you are creating youtube videos and storing them just there: you can download them later on, so you can review your travel stories during those long flights.
There are more alternatives, like:
Unlicensed | A clean and minimal youtube frontend, without all the ads and whistles
HomeLab Commands
- Whats taking that much space?
#sudo du -ahx / | sort -rh | head -n 50
sudo du -ahx . | sort -rh | head -n 50 #from current folder and below
- I want to clean old container stuff
docker builder prune
#docker system prune -a
docker volume prune
docker image prune -a
- Stop all containers, but portainer:
#docker ps -a -q --filter 'name=!portainer'
docker ps -q | grep -v portainer | xargs docker stop
- How much resources are those containers cosuming?
docker-compose stats
#sudo docker stats 7dfdfce97523
#sudo docker stats nextcloud
#docker stats typebot-builder typebot-viewer typebot-db
docker stats $(docker ps --filter "name=typebot" --format "{{.Names}}")
#docker stats -a
See also lazydocker!
Git Sync
From https://akashrajpurohit.com/blog/initial-vps-setup-checklist-first-30-minutes/
đ A simple tool to backup and sync your git repositories
How to Change USB Size
This has been useful few times already (from Windows):
Diskpart
List disk
select disk N
clean
create partition primary
Which Linux to get started?
To not complicate things: Just get Ubuntu LTS with GNOME.
If this is your first time, take it easy on the learning journey and for now, dont trust your new miniPC as unique storage of anything
You can also consider:
Lubuntu - Because it requires just ~700mb of RAM
Ubuntu if you want the same, but with GNOME
You can have ubuntu without UI, if you plan to use your server’s terminal only
- Garuda, if you want to say I use ARCH BTW. Mind the steep learning curve.
How exactly?
Well, first try download them and run it via a VM.
Then, setup VENTOY into your USBs and bring your favourite one.
Backup Github
Gitea and Gogs: Lightweight self-hosted Git services. They support mirroring repositories from GitHub, providing a continuously synced backup
Which Devices are connected to my router?
- First get to know
who
is your router:
ip route | grep default
- Then, inspect:
nmap -sn 192.168.1.0/24
# Starting Nmap 7.80 ( https://nmap.org ) at 2025-09-26 11:43 CEST
# Nmap scan report for _gateway (192.168.1.1)
# Host is up (0.025s latency).
# Nmap scan report for 192.168.1.103
# Host is up (0.067s latency).
# Nmap scan report for BYOD-00335 (192.168.1.104)
# Host is up (0.000095s latency).
# Nmap done: 256 IP addresses (3 hosts up) scanned in 3.63 seconds
(Optional) get the mac/vendor of one of them:
ping -c 4 192.168.1.106
#nmap -O 192.168.1.106
#tailscale status
sudo tailscale up --force-reauth #just in case you forgot to extend the expiry
See the life traffic over a network:
ifconfig enp1s0
vnstat -l -i enp1s0 # live mode (Ctrl+C to stop)
#vnstat -l -i proton0 # live mode (Ctrl+C to stop)
#https://protonvpn.com/support/official-linux-vpn-debian/
wget https://repo.protonvpn.com/debian/dists/stable/main/binary-all/protonvpn-stable-release_1.0.8_all.deb
sudo dpkg -i ./protonvpn-stable-release_1.0.8_all.deb && sudo apt update
#echo "0b14e71586b22e498eb20926c48c7b434b751149b1f2af9902ef1cfe6b03e180 protonvpn-stable-release_1.0.8_all.deb" | sha256sum --check -
sudo apt install proton-vpn-gnome-desktop
Its recommended to do p2p behind a VPN so that hackers can attack youe public IP address
But hey, this is just to do legal stuff, like sharing OSS images, like ubuntu.
Dont dare to watch f movies
with your cat
:)
Those might be down: https://www.isitdownrightnow.com/
You know, just in case your cool site gets banned without a reason:
Hello Again Firebat
After one year of putting the FireBat AK2 up and running…
I realized that not everyone is ready to have a PC 24/7.
Because: what is it doing exactly?
Plus…tailscale can get expired and access lost for the admin.
And that has a point, actually.
ssh casa@192.168.1.106
#du -sh . # Human-readable size of current folder
du -sh /media/casa/Datos_copia_2/PerriChico
#du -sh .* | sort -h
#du -h --max-depth=2 # Two levels deep
#rm *.LRF #clean (if needed) all LRF files
sudo snap install vlc
sudo apt update && sudo apt install ubuntu-restricted-extras
So I decided to propose a new homelab architecture….
Traefik v3.3 + Cloudflare + Tailscale IP
- acme.json
- config.yml
- traefik.yml
git clone https://github.com/JAlcocerT/Home-Lab
cd ./Home-Lab/traefik
#https://jalcocert.github.io/JAlcocerT/testing-tinyauth/
#https://fossengineer.com/selfhosting-traefik/
curl "https://api.cloudflare.com/client/v4/user/tokens/verify" \
-H "Authorization: Bearer abcdefg12345709"
sudo apt install apache2-utils
echo $(htpasswd -nB admin) | sed -e s/\\$/\\$\\$/g
#cd ./Home-Lab/traefik
touch /home/casa/Home-Lab/traefik/acme.json #blank, just change the permissions to 600 later (private key)
touch /home/casa/Home-Lab/traefikacme.yml
touch /home/casa/Home-Lab/traefik/traefik.yml
chmod 600 ./acme.json && \
chmod 600 ./traefik.yml #or it will be a security risk for other users to see the privatekey
Make sure to point cf DNS records, maybe using script https://github.com/JAlcocerT/waiting-to-landing/blob/main/cloudflare-dns-updater.py
For which you will need the ZoneID of your Domain as well as per this .env.sample
sudo snap install jq
sudo snap install yq
# Get zone ID of your domain via CLI instead of Cloudflare UI
curl -s -X GET "https://api.cloudflare.com/client/v4/zones?name=jalcocertech.com" \
-H "Authorization: Bearer $cf_token" \
-H "Content-Type: application/json" | jq -r '.result[0].id'
These are the only ones you will see configured in cloudflare DNS: if you want, change that private IP for your tailscale one
#python3 cf-dns-updater.py
dig +short casa.jalcocertech.com A
ping casa.jalcocertech.com
nslookup casa.jalcocertech.com
We are going to get https://casa.jalcocertech.com/
and https://auth.casa.jalcocertech.com/login
working pretty soon…
touch config/acme.json && chmod 600 config/acme.json
sudo docker compose up -d
sudo docker logs traefik
Once Traefik is deployed, go to: https://casa.jalcocertech.com/dashboard/#/http/routers
Example 1: Traefik + already created (from others) webapps â
dig +short silverbullet.casa.jalcocertech.com A
ping silverbullet.casa.jalcocertech.com
nslookup silverbullet.casa.jalcocertech.com
ping portainer.casa.jalcocertech.com
Example 2 Traefik + your (flask/dash/whatever) webapp â
Example with ThreeBodies (flask)
git clone https://github.com/JAlcocerT/ThreeBodies
cd ThreeBodies
#make docker-up
Or with Trip Planner… with this traefik+tinyauth compose
git clone https://github.com/JAlcocerT/Py_Trip_Planner
cd Py_Trip_Planner
#make docker-up
#cd trip-planner #from homelab repo
sudo docker compose -f docker-compose.traefik.yml up -d
Example 3 Traefik + a Web App + Tinyauth â
If you need a webapp on your homelab that does not bring some user/pwd, like OpenSpeedTest…
This method will allow to authenticate webapps via user/pwd or with Oauth like GH.
https://github.com/JAlcocerT/Home-Lab/blob/main/open-speed-test/docker-compose.traefik.yml
We will need to create a Github OAUTH App: https://auth.casa.jalcocertech.com
Add the link as per your subdomain: https://auth.casa.jalcocertech.com/api/oauth/callback/github
- Then, registre the application. Get its ID and and its client secret:
Those are required for
environment:
- GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID} #For GitHub OAuth
- GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET}
- When its done, we will be Seeing the application: https://github.com/settings/applications/3023538
particularly at the OAUTH developer section.
Just spin up Tiny Auth with: https://github.com/JAlcocerT/Home-Lab/blob/main/tinyauth/docker-compose.firebat.yml
cd tinyauth
#sudo docker compose up -d
docker compose -f docker-compose.firebat.yml up -d
Now, go to https://auth.casa.jalcocertech.com
or whatever subdomain you placed.
See that this works without touching any configuration nor Cloudflare DNS and we already have the HTTPs and the dns pointing
nslookup auth.casa.jalcocertech.com
Authorize the app And you will be logged in!
Remember that you can also add Users/pwd to TinyAuth via the .env:
echo $(htpasswd -nB jalcocert) | sed -e s/\\$/\\$\\$/g
sudo docker restart tinyauth
Now, for OpenSpeedTest to use TinyAuth via Traefik:
cd
sudo docker compose -f docker-compose.traefiktinyauth.yml up -d
##command: tail -f /dev/null #in case you need to keep running
And there you go
https://openspeedtest.casa.jalcocertech.com/
The only additional part to the dockercompose service label (like openspeedtest), is the
traefik.http.routers.openspeedtest-secure.middlewares=tinyauth
Thanks again to Jims Garage!
Imo, much better than the cloudflare webapp authentication method we saw some time ago: