This repository contains Docker Compose configurations for various self-hosted services in my homelab environment. All services are configured to work together with Traefik as a reverse proxy and are accessible through custom domains with SSL certificates.
- Reverse Proxy: Traefik with Let's Encrypt SSL certificates
- Network: External
proxy-networkfor service communication - VPN: WireGuard VPN (10.42.42.0/24) for secure remote access
- Authentication: Authentik SSO — forward-auth via Traefik for internet-facing services
- Database: PostgreSQL running on host machine (local.madhur.co.in:5432)
- Monitoring: cAdvisor, Gatus, Grafana, Change Detection for observability
- Notifications: Ntfy for push notifications
- Storage: Multiple database systems (MongoDB, Redis, Elasticsearch, DynamoDB) and persistent volumes
- Traefik - Reverse proxy with automatic SSL certificates | GitHub
- Authentik - Identity provider & SSO | GitHub
- WireGuard Easy - VPN server for remote access | GitHub
- Gatus - Declarative service health monitoring | GitHub
- Bookstack - Simple, self-hosted wiki platform | GitHub
- Booklore - Book library manager | GitHub
- Docmost - Collaborative documentation | GitHub
- Karakeep - Self-hosted bookmark and knowledge manager | GitHub
- Linkwarden - Self-hosted bookmark manager with archive capabilities | GitHub
- Immich - Self-hosted photo and video backup solution | GitHub
- Jellyfin - Media server for movies, TV shows, and music | GitHub
- Paperless-ngx - Document management system | GitHub
- qBittorrent - BitTorrent client | GitHub
- Firefly III - Personal finance manager | GitHub
- Actual Budget - Local-first personal budget app | GitHub
- EzBookkeeping - Personal bookkeeping | GitHub
- ExpenseOwl - Expense tracking | GitHub
- Myfin - Personal finance tracker | GitHub
- InvoiceShelf - Invoice management | GitHub
- Vaultwarden - Self-hosted Bitwarden password manager | GitHub
- Code Server - VS Code in the browser | GitHub
- Gitea - Self-hosted Git service | GitHub
- Komodo - Build and deployment automation platform | GitHub
- Prefect - Workflow orchestration platform | GitHub
- Temporal - Workflow orchestration platform | GitHub
- DynamoDB - NoSQL database (local instance) | AWS Docs
- Elasticsearch - Search and analytics engine | GitHub
- MongoDB - NoSQL document database | GitHub
- PostgreSQL - Relational database
- Redis Cluster - In-memory data store cluster | GitHub
- Redis MQ Kafka - Message queue with Kafka | GitHub
- cAdvisor - Container resource monitoring | GitHub
- Change Detection - Website change monitoring | GitHub
- Dockpeek - Docker container monitoring and management | GitHub
- Gatus - Declarative service health monitoring | GitHub
- Graphite + StatsD + Grafana - Metrics collection and visualization | GitHub
- ConvertX - File format converter | GitHub
- Glance - Self-hosted dashboard | GitHub
- Homebox - Home inventory management | GitHub
- Homepage - Application dashboard | GitHub
- IT Tools - Collection of handy developer tools | GitHub
- JSON Crack - JSON data visualization tool | GitHub
- Networking Toolbox - Network diagnostic and testing tools
- Ntfy - Push notifications service | GitHub
- OliveTin - Web UI for running shell commands | GitHub
- OpenGist - Self-hosted pastebin powered by Git | GitHub
- Radicale - CalDAV/CardDAV server | GitHub
- Sterling PDF - PDF processing and manipulation service | GitHub
- Docker and Docker Compose installed
- External
proxy-networkcreated - Domain names configured with DNS pointing to your server
-
Clone this repository:
git clone <repository-url> cd docker
-
Create the external network:
docker network create proxy-network
-
Navigate to any service directory and start it:
cd traefik docker-compose up -d
Most services use .env files for configuration. Key variables include:
- Domain names (e.g.,
immich.desktop.madhur.co.in) - Database credentials
- Upload locations
- Timezone settings (
Asia/Kolkata)
- proxy-network: External network for service communication
- wg: WireGuard VPN network (10.42.42.0/24)
- elastic: Elasticsearch cluster network
- Authentik SSO with forward-auth middleware for internet-facing services
- Dual-router pattern: LAN/VPN bypasses auth, internet requires Authentik
- VPN whitelist middleware for sensitive services
- SSL certificates via Let's Encrypt
- Container security options (no-new-privileges)
- Network isolation
- Gatus: Declarative health checks for all services, alerts via Ntfy
- cAdvisor: Container resource usage metrics
- Grafana: Visualizes metrics from Graphite/StatsD
- Change Detection: Monitors websites for changes
- Ntfy: Push notifications for system events
- Authentik:
https://authentik.desktop.madhur.co.in - Gatus:
https://gatus.desktop.madhur.co.in - Traefik Dashboard:
https://traefik.desktop.madhur.co.in:9091 - WireGuard:
https://wg.desktop.madhur.co.in
- Bookstack:
https://bookstack.desktop.madhur.co.in - Booklore:
https://booklore.desktop.madhur.co.in - Docmost:
https://docmost.desktop.madhur.co.in - Karakeep:
https://kk.desktop.madhur.co.in - Linkwarden:
https://linkwarden.desktop.madhur.co.in
- Immich:
https://immich.desktop.madhur.co.in - Jellyfin:
https://jf.desktop.madhur.co.in - Paperless:
https://paperless.desktop.madhur.co.in - qBittorrent:
https://torrent.desktop.madhur.co.in
- Firefly III:
https://firefly.desktop.madhur.co.in - Actual Budget:
https://actual.desktop.madhur.co.in - EzBookkeeping:
https://ezbookkeeping.desktop.madhur.co.in - ExpenseOwl:
https://expenseowl.desktop.madhur.co.in - Myfin:
https://myfin.desktop.madhur.co.in - InvoiceShelf:
https://invoiceshelf.desktop.madhur.co.in
- Code Server:
https://code.desktop.madhur.co.in - Prefect:
https://prefect.desktop.madhur.co.in - Temporal UI:
https://temporal-ui.desktop.madhur.co.in - Vaultwarden:
https://vault.madhur.co.in
- ConvertX:
https://convertx.desktop.madhur.co.in - Glance:
https://glance.desktop.madhur.co.in - Homebox:
https://homebox.desktop.madhur.co.in - Homepage:
https://home.desktop.madhur.co.in - IT Tools:
https://tools.desktop.madhur.co.in - JSON Crack:
https://jc.desktop.madhur.co.in - Ntfy:
https://ntfy.madhur.co.in - OliveTin:
https://olivetin.desktop.madhur.co.in - OpenGist:
https://og.desktop.madhur.co.in - Radicale:
https://radiscale.desktop.madhur.co.in - Sterling PDF:
https://pdf.desktop.madhur.co.in
- Dawarich:
https://dawarich.desktop.madhur.co.in
- Grafana:
http://grafana.local.madhur.co.in - Prometheus:
http://proxmox.local.madhur.co.in - ActivityWatch:
http://activitywatch.local.madhur.co.in - WatchYourLAN:
http://watchyourlan.local.madhur.co.in - Ollama:
http://ollama.local.madhur.co.in - HomeAssistant:
http://homeassistant.local.madhur.co.in
- Updates: Manual container updates via
docker compose pull && docker compose up -d - Backups: Regular backups of persistent volumes recommended
- Monitoring: Check logs via Dozzle (
http://localhost:9999) ordocker logs <container-name> - SSL: Certificates automatically renewed by Traefik
- Authentik forward-auth applied to internet-facing services; LAN/VPN access bypasses auth
- VPN whitelist middleware applied to sensitive services (e.g., Vaultwarden)
- External network
proxy-networkmust be created before starting services - Some services require additional configuration files (
.env, etc.) - PostgreSQL runs on the host machine and is shared by multiple services connecting to
local.madhur.co.in:5432 - All services use domain pattern:
*.desktop.madhur.co.inor*.madhur.co.in - Traefik automatically provisions and renews Let's Encrypt SSL certificates
This is a personal homelab setup. Feel free to use these configurations as reference for your own homelab.