A robust and extensible homeserver setup without any magic.
It is designed to be hosted and used only on your local network. Even though being only used on your local network it uses https via a wildcard certificate for everything to avoid browser security warnings and because some services do not work properly without TLS. You can still access from all around the world via a VPN e.g. Tailscale.
Each service is fully contained in a directory. Usually there are at least a docker-compose.yml and an .env.example file. All data is persistet in the service's data/ direcrtory.
Traefik is the reverse proxy for all the services. To start a service simply cp .env.example .env edit it to your likes, add the service name to the ACTIVE_SERVICES variable in the root .env file and run ./script.sh ACTIVE_SERVICES up -d. This script simply applies all passed parameters to docker compose executed in each service`s directory specified in the .env file.
Services specified under SAVE_BACKUP will be stopped by the ./backup.sh script before doing a backup and started again when the backup is finished.
- server running docker
- domain (get a free one at freemon)
- DNS A-record wildcard pointing to your servers IP (e.g. 192.168.1.2)
Not all DNS providers support wildcard A-records, cloudflare and digitalocean do. Sign up and point your domain's NS-records to digitalocean's nameservers. It is free.
cp .env.example .env
cd services/traefik
cp .env.example .env
Change the DOMAIN in .env and edit SERVER_DOMAIN, ACME_EMAIL in services/traefik2/.env.
Add credentials for your DNS provider of choice.
To test if you can get a certificate from letsencrypt uncomment the line about the staging server in services/traefik/docker-compose.yml by removing the # sign.
Run
docker network create zone1
./script.sh ACTIVE_SERVICES up -d
wait till all images are pulled, build and a certificate retrieved. Then you can access nextcloud and gogs via your browser. If your browser warns you about an unknown certificate authority accept the risk because you know it is a staging certificate or maybe a self signed certificate from traefik. In the latter case you still need to wait a minute till your letsencrypt certificate is issued or you have an error somewhere. Check docker compose logs -f traefik to view the logs of traefik. If everything worked alright, just comment out the one line in traefik's docker-compose.yml and run the script again to get a valid certificate.
The default dashboard is homepage from benphelps (./services/homepage). Most services are already configured to appear on the dashboard when they are up and running. If you want to use another dashboard you can do so of course.
You have several options to customize the services without effecting the state of this git repository.
- Change or add variables in the corrosponding
.envfile - Change a deployment by adding your own
docker-compose.override.ymlfile - Add your own service
If you have you a own website or you want to host a service which is not listed under ./services then you can add it under ./custom_services. Everything here is not traced by git. Follow the same pattern by creating a subfolder and docker-compose.yml file for each service e.g. ./custom_service/my_website/docker-compose.yml. To automatically start and stop it via the script, just add the subfolder`s name to the CUSTOM_SERVICES variable in the ```.env``` file.
Because all user data is mounted to the filesystem you can backup everything simply by backing up this folder. You can use your own solution or use the ./backup.sh script. Specify your directories in the .env file accordingly. The .env.example assumes that your homeserver-folder lives under /mnt/data and you want to back it up to /mnt/backup. Both /mnt/data and /mnt/backup are seperatly mounted harddrives. If you want to put your backup in a subfolder change the path accordingly at BACKUP_DESTINATION.
You can setup a cronjob to do a regular backup.
sudo crontab -e
0 0 * * * (time /bin/bash /mnt/data/homeserver/backup.sh) >> /mnt/data/homeserver/backup-logs.txt 2>&1If you want to publish some services to the internet take a look at services/cloudflared.
If you want to publish some services to the internet take a look at services/cloudflared.
version: "3.6"
services:
app123:
container_name: app123
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- traefik
labels:
my.zone: zone1
traefik.enable: true
traefik.http.routers.app123.rule: Host(`${SUB_DOMAIN}.${SERVER_DOMAIN}`)
traefik.http.routers.app123.entrypoints: websecure
traefik.http.services.app123.loadbalancer.server.port: 3000
networks:
traefik:
name: zone1