Guides

The Complete Self-Hosting Security Stack: Fail2Ban + CrowdSec + Authelia Running self-hosted services is great — until someone else discovers them. The moment you expose a port to the internet, bots start probing. Brute-force SSH attempts, credential stuffing on web apps, vulnerability scanners — it never stops. No single tool solves this. You need layers. This guide walks through building a complete security stack using three open-source tools that complement each other perfectly: ...

Linux Server Hardening Checklist for Self-Hosters You spun up a server, installed Docker, and deployed a dozen services. Everything works. But your SSH port is open to the world with password auth, you’re running everything as root, and your firewall is… what firewall? Most self-hosting guides skip security entirely. This one doesn’t. Here’s a practical, ordered checklist to harden your Linux server without breaking the services running on it. Who This Is For Anyone running a self-hosted server — whether it’s a Raspberry Pi on your desk, a mini PC in the closet, or a VPS at Hetzner. You don’t need to be a sysadmin. You just need a terminal and 30 minutes. ...

Running Authentik vs Authelia: SSO Comparison for Self-Hosters (2026) You’re tired of logging into every self-hosted service separately. You want single sign-on. You’ve narrowed it down to two options: Authentik and Authelia. Both are open-source, both work with Docker, both solve the “too many logins” problem — but they take fundamentally different approaches. Authentik is a full identity provider. Authelia is a lightweight authentication portal. Choosing between them depends on what you actually need. ...

If your team relies on Slack but you’re tired of message history limits, per-seat pricing, and having your conversations live on someone else’s servers — Mattermost is the answer. It’s an open-source, self-hosted team communication platform that looks and feels like Slack, but runs entirely on your hardware. What is Mattermost? Mattermost is a collaboration platform built for teams that need full control over their communication data. It offers channels, direct messages, threads, file sharing, search, and a plugin ecosystem — all packaged in a modern web interface that’ll feel familiar if you’ve used Slack or Microsoft Teams. ...

Self-Hosting Docmost: Notion Alternative with Real-Time Collaboration If you’ve been looking for a self-hosted replacement for Notion or Confluence that doesn’t feel like it was built in 2010, Docmost is worth your attention. It’s an open-source collaborative wiki and documentation platform with real-time editing, a clean modern UI, and all the features you’d expect from a paid knowledge base tool. What sets Docmost apart from the crowded field of self-hosted wikis is polish. The editor is fast. Real-time collaboration actually works. And it ships with diagram support (Draw.io, Excalidraw, and Mermaid), nested spaces with granular permissions, comments, page history, embeds, and file attachments — all out of the box. ...

Self-Hosting Ente: End-to-End Encrypted Google Photos Alternative Google Photos is convenient. It’s also a privacy nightmare — your photos are scanned, analyzed, and stored on servers you don’t control. If you’ve been looking for a self-hosted alternative that doesn’t sacrifice the features that make cloud photo management actually useful, Ente deserves serious consideration. Ente is a fully open-source, end-to-end encrypted photo storage platform. Every photo is encrypted on your device before it ever touches your server. Not even you (as the server admin) can see the contents of uploaded photos without the user’s encryption keys. It’s been audited by Cure53, one of the most respected cybersecurity firms in the world, along with Symbolic Software for cryptography and Fallible for penetration testing. ...

Self-Hosting Karakeep (formerly Hoarder): AI-Powered Bookmark Manager You find an interesting article on Hacker News. A useful GitHub repo on your phone. A recipe someone shared on Reddit. You tell yourself you’ll read it later — and then it vanishes into the void of browser tabs you’ll never reopen. Karakeep (formerly known as Hoarder) solves this. It’s a self-hosted bookmark manager that saves links, notes, images, and PDFs, then uses AI to automatically tag and categorize everything. Think of it as Pocket meets Linkwarden, but with an AI brain that actually organizes your chaos. ...

Self-Hosting Pingvin Share: WeTransfer Alternative with Docker You need to send a large file to someone. WeTransfer caps free transfers at 2 GB. Google Drive wants your firstborn child’s data. Dropbox links expire at inconvenient times. And you’re already running a home server — so why not host your own file sharing platform? Pingvin Share is a self-hosted, open-source file sharing platform that does exactly what WeTransfer does, but on your hardware, with your rules, and no file size limits beyond your disk space. ...

Setting Up Gluetun: VPN Container for All Your Docker Services You’ve got a media stack running — maybe Sonarr, Radarr, qBittorrent. Or you’re running a web scraper, a Tor relay, or just a browser that needs to look like it’s in another country. You want VPN protection, but you don’t want to tunnel your entire server through a VPN and lose access to everything else. Gluetun solves this elegantly. It’s a lightweight Docker container that runs a VPN client (WireGuard or OpenVPN), and any other container can use it as its network gateway. Only the containers you choose get routed through the VPN. Everything else stays on your normal network. ...

Backups are the most neglected part of any self-hosting setup — until the day you need one. Kopia is a modern, open-source backup tool that makes encrypted, deduplicated, incremental backups surprisingly painless. If you’ve looked at Restic and wondered whether there’s something with a GUI, Kopia is the answer. What is Kopia? Kopia is a cross-platform backup tool that stores encrypted snapshots in a repository. It handles deduplication at the block level, compresses data, and supports a wide range of storage backends — local disk, SFTP, S3, Backblaze B2, Google Cloud Storage, Azure Blob, and more. ...