We have reached the more fascinating parts now, where I spent (still spending) the most time and the one that adds the most value to me. All of these applications are running on docker, set up by docker-compose. There are some obvious choices here that may not be obvious to many of you reading this, such as using Træfik instead of the more predominantly used NPM (Nginx Proxy Manager) . There are two parts to this. One, I am familiar with those more so than the alternatives, two, I might have had the same running before I migrated some of these from my PC.
Let me start with the base of it all, as mentioned before, Træfik. I will also link the git repository for each of these in its title, in case some of you are planning to follow along; although I might not explain in detail, feel free to use the comments section if you need clarifications.
Træfik : Træfik is the ingress for all the apps that I have hosted on this server on top of docker. Any and every web request goes through it. SSL termination and certificates are handled by it. Application L7 routing is handled by it. It can also handle authentication with the help of authelia , but I haven’t needed it myself till now, although I do plan to add it. It binds to ports 80 and 443 and uses (sub)domain/Host-based routing for the applications.
Homer : Homer is a static homepage for having all the services hosted (not just that, think like bookmarks, but better) on a homepage that I can also set as my new tab page on my browser.
Git : Gitea is an open-source self-hosted SCM (source code management) similar to Github Enterprise or Gitlab CE , but written in Go and very light-weight in terms of memory and load. I paired this with Drone which is a CI platform giving me the missing feature in Gitea. It also integrates via Gitea for sign-in as an OAuth application making the whole experience seamless.
Nextcloud : Nextcloud is a self-hosted file share and productivity platform, similar to the likes of google drive. I like that it has a mobile app where I can configure auto-upload of my images to my server for backup. And it has a bunch of collaboration features if you want to use it with other people. This is bind-mounted to the NAS, so that all my data stays on the NAS, and not local to the VM. It also prevents the data from being backed up by the VM causing duplicate copies.
Jellyfin : Jellyfin is an open-source self-hosted media system to play and stream local media. Their web and mobile apps are impressive, and I use them almost daily to binge movies and TV shows. This container gets the iGPU that I passed through to the Ubuntu VM as a
/dev/dri
bind to the docker container. I went with the liunxserver.io’s container as it is recommended by Jellyfin for hardware acceleration for transcoding using the passed-through graphics card. NAS share is mounted for the media here as well.Pi-hole : Pi-hole is a network-wide ad blocker working on DNS level blocking. Which means that it acts as a caching DNS server using another DNS server (like a public google 8.8.8.8 or cloudflare 1.1.1.1 DNS) but implements block-lists for known malicious or ad domains. Here, I have a local DNS server for my LAN domain running in Windows server, and for everything else, I went with DoH (DNS over HTTPS) to get more security. A cloudflared container does DoH requests to the given URLs for this setup to work. My configuration refers to my location-based DoH from Cloudflare for Teams which logs all queries on my account, and I can apply further rules if necessary. Pi-hole does not exactly natively support split DNS, but it runs dnsmasq under the hood, so bind mounting a custom config to
/etc/dnsmasq.d/
fixes that.
Note that you need a custom network since Pi-hole cannot use a DNS hostname of the cloudflared container to use as the DNS server since that creates a loop of what DNS server to use to resolve the DNS server.Guacamole : Guacamole is an interesting one, this is a whole RDP, SSH, and VNC client running on a web browser. If you have a browser, you can connect to your servers from anywhere as long as Guacamole is reachable. Although I don’t frequently use it, when used, it is usually very helpful.
Torrent Downloader : Transmission is a very good and efficient torrent client with good API support, but its web UI leaves much to be desired. Enter Flood . It is one of the most polished UIs I’ve seen. And it just hooks into the transmission API and uses it to download anything. Transmission has a bind mount to the NAS share so that I can copy the contents over easily. To add to that, Flood has support to download the contents from the browser directly. It is a beautiful integration that is going on.
Sonarr and Radarr : Sonarr is a PVR and file management system for TV shows. It can pull metadata from TheTVDB and manage folders and file names for all the shows. Radarr is the same for movies. These containers bind mount to the NAS share for having all the media in a shared common space. I went with the linuxserver.io’s images here since there is no official image provided. I fall right into the pitfall mentioned in the Sonarr/Radarr’s site where it says having different mounts for the TV and download folder causes slow moves since it cannot use hard links as the docker container thinks those are different filesystems and would not do that. But that is fine for me where I don’t download that much.
Another cool feature is that both Sonarr and Radarr have download client integration for not just Transmission, but specifically, Flood. This means that my Transmission container is not exposed at all. Everything happens through Flood. And it beautifully does it by adding tags likesonarr
andradarr
to the ones it downloads, and I can manually find and add torrents with the same tags likesonarr
/radarr
. These pick them up automatically and move them to the correct places once it completes.
The cherry on top, both of these containers use the same folder that Jellyfin checks for media, so once the download completes, it is available in Jellyfin to watch!Portainer : Portainer is a container management GUI for looking at and creating running containers, compose and stacks. It can manage them as well, but I only use them to check the stats and maybe exec into a container if needed.
Etherpad : Etherpad is a real-time collaborative note-taking app that I sometimes use to jot down notes on the go. It can be extended and customized using plugins, but I have not vested much time due to lack of much use.
Static server : This is a dead-simple static file server whose only job is to serve files from a local folder. I use this to host my certificates and any custom resources like icons or little guides if need be. It was an inspiration from here using thttpd from acme, which is both secure and fast while being tiny. The docker image weighs in at a meager 186kB!
With that, the applications hosted here are complete! Check out my next posts to see what I used to get the whole thing on the internet!