Best Self-hosted Apps in 2023
You can run many great self-hosted apps in your home lab or on your media server with only a small amount of tinkering. Let’s look at the best self-hosted apps in 2023 and a list of apps you should check out.
Table of contents
- Why Self-hosting?
- Plex: The Media Server King
- Jellyfin: Open Source Media Freedom
- Emby: A Balanced Media Contender
- Nextcloud: Your Personal Cloud Service
- Home Assistant: Automate Your Living Space
- Bitwarden: Secure Your Secrets
- Ghost: The Future of Blogging
- Gitea: Self-hosted Git Service
- Grafana: Monitoring Perfected
- Dashy: A Start Page for Your Services
- Homarr: The Ultimate Dashboard for Self-hosted Enthusiasts
- Uptime Kuma: Track Service Availability with Precision
- RSS: Aggregating Content from the Web
- Appwrite: Developers’ Swiss Army Knife
- Bookstack: Knowledge Management Reinvented
- Audiobookshelf: For the Voracious Listener
- Pi-hole: The defacto standard for home Ad-Blocker
- Adguard Home: Another popular Ad-Blocker
- Wazuh
- Mailrise: Modern notifications made easy
- FAQs
- Wrapping up
Why Self-hosting?
In the age of the cloud, some may wonder why you would want to self-host anything. Aren’t there services in the cloud for just about anything you can think of? Yes, there are.
However, self-hosting allows you to take total ownership of your data and run applications you want to run in an environment that you control. Also, there are many excellent self-hosted apps, including those for inventory management, project management, media server services, security, ad-blocking, and many others. Most can easily be provisioned using Docker images and spinning up Docker containers, as we will see, without the need to install software.
Plex: The Media Server King
Plex is arguably one of the most common self-hosted apps and is one of the best self-hosted apps for media. It includes many key features, even in the free version, that allow users to stream their personal collections of movies, TV shows, and home videos, Plex remains a top choice for many.
Pros:
Good device compatibility for accessing media
Advanced features including analytics.
Allows managing large media libraries easily
Cons:
Premium features are locked behind a paywall.
Not entirely open-source.
Docker Compose:
version: '3'
services:
plex:
image: plexinc/pms-docker:latest
ports:
- "32400:32400"
volumes:
- /path/to/plex/database:/config
- /path/to/media:/dataJellyfin: Open Source Media Freedom
Jellyfin offers a free media server solution, ensuring users maintain full control over their media and avoid streaming services with ads.
Pros:
Fully open-source.
No premium walls, every feature is accessible from the start.
Active community support, including regular updates and security patches.
Cons:
Lacks some of the polish and features of its competitors.
It might require additional configuration for reverse proxy setups, but this is true of many solutions.
Docker Compose:
version: '3'
services:
jellyfin:
image: jellyfin/jellyfin
ports:
- "8096:8096"
volumes:
- /path/to/config:/config
- /path/to/cache:/cache
- /path/to/media:/media
Emby: A Balanced Media Contender
For those wanting an alternative to Plex but still desiring some premium features, Emby strikes a balance between functionality and cost.
Pros:
Offers live TV support and other nice features
Integrates with cloud services for backup and sync.
A User-friendly interface allows even non tech-savvy users to self-host their media.
Cons:
While it has a free version, some features are behind a paywall.
Requires periodic server management for optimal performance.
Docker Compose:
version: "2.3"
services:
emby:
image: emby/embyserver
container_name: embyserver
runtime: nvidia # Expose NVIDIA GPUs
network_mode: host # Enable DLNA and Wake-on-Lan
environment:
- UID=1000 # The UID to run emby as (default: 2)
- GID=100 # The GID to run emby as (default 2)
- GIDLIST=100 # A comma-separated list of additional GIDs to run emby as (default: 2)
volumes:
- /path/to/programdata:/config # Configuration directory
- /path/to/tvshows:/mnt/share1 # Media directory
- /path/to/movies:/mnt/share2 # Media directory
ports:
- 8096:8096 # HTTP port
- 8920:8920 # HTTPS port
devices:
- /dev/dri:/dev/dri # VAAPI/NVDEC/NVENC render nodes
- /dev/vchiq:/dev/vchiq # MMAL/OMX on Raspberry Pi
restart: on-failureNextcloud: Your Personal Cloud Service
Nextcloud stands out as one of the best self-hosted apps for users looking to have control over their files. It provides file sync and a number of apps for calendar, contacts, notes, and other services, making it a hub for all your cloud services.
Pros:
Offers an all-in-one solution: file sync, calendars, contacts, and other apps.
Supports multiple users, and can be used for businesses or families.
Provides end-to-end encryption for sensitive information.
Cons:
Might require some initial server setup and maintenance.
Increasing capacity may require hardware upgrades.
Docker Compose:
version: '2'
volumes:
nextcloud:
db:
services:
db:
image: mariadb:10.6
restart: always
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=
- MYSQL_PASSWORD=
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
app:
image: nextcloud
restart: always
ports:
- 8080:80
links:
- db
volumes:
- nextcloud:/var/www/html
environment:
- MYSQL_PASSWORD=
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=dbHome Assistant: Automate Your Living Space
Home Assistant is the ultimate tool for home automation enthusiasts. It allows users to integrate many devices and platforms, providing full control of your home environment.
Pros:
Vast compatibility with many smart devices.
Allows for complex automation.
Active community and constant updates.
Cons:
It might require additional configuration, especially for non-standard devices.
Learning curve for beginners.
Docker Compose:
services:
homeassistant:
image: lscr.io/linuxserver/homeassistant:latest
container_name: homeassistant
network_mode: host
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
volumes:
- /path/to/data:/config
ports:
- 8123:8123 #optional
devices:
- /path/to/device:/path/to/device #optional
restart: alwaysBitwarden: Secure Your Secrets
When it comes to a self-hosted password manager, Bitwarden is one of the best. It offers a self-hosted solution to store and manage all your credentials in one place.
Take a look at my writeup on Bitwarden Unified Docker installation here: Bitwarden Unified Docker installation self-hosted password manager.
Pros:
Enables two-factor authentication for added security.
Can be accessed from any browser or device.
Open-source and transparent.
Cons:
Setup requires an understanding of security best practices.
Dependency on internet access for external access
Docker Compose:
version: '3.3'
services:
traefik2:
image: traefik:latest
restart: always
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
ports:
- 80:80
- 443:443
networks:
traefik:
ipv4_address: 172.19.0.10
volumes:
- /var/run/docker.sock:/var/run/docker.sock
container_name: traefik
bitwarden:
depends_on:
- db
env_file:
- '~/homelabservices/bitwarden/settings.env'
image: bitwarden/self-host:beta
restart: always
networks:
traefik:
ipv4_address: 172.19.0.20
volumes:
- '~/homelabservices/bitwarden/data:/etc/bitwarden'
labels:
- "traefik.enable=true"
- "traefik.http.routers.bitwarden.rule=Host(`bitwarden.cloud.local`)"
- "traefik.http.routers.bitwarden.tls=true"
- "traefik.http.routers.bitwarden.entrypoints=websecure"
- "traefik.http.services.bitwarden.loadbalancer.server.port=8080"
container_name: bitwarden
db:
environment:
MARIADB_USER: "bitwarden"
MARIADB_PASSWORD: "password"
MARIADB_DATABASE: "bitwarden_vault"
MARIADB_RANDOM_ROOT_PASSWORD: "true"
image: mariadb:10
restart: always
networks:
traefik:
ipv4_address: 172.19.0.30
volumes:
- '~/homelabservices/mariadb/data:/var/lib/mysql'
container_name: mariadb
networks:
traefik:
driver: bridge
name: traefik
ipam:
driver: default
config:
- subnet: 172.19.0.0/16Ghost: The Future of Blogging
Ghost, as a blogging platform, offers a slick and modern way for creators to self-host their content. It provides a minimalist design that emphasizes content and readability.
Pros:
SEO-friendly out of the box.
Easily integrates with various services like Google Analytics.
Supports multiple users for team blogs or businesses.
Cons:
Lacks some of the plugins and themes available to more mature platforms like WordPress.
Initial configuration can be challenging for non-technical users.
Docker Compose:
version: '3.1'
services:
ghost:
image: ghost:4-alpine
restart: always
ports:
- 8080:2368
environment:
# see https://ghost.org/docs/config/#configuration-options
database__client: mysql
database__connection__host: db
database__connection__user: root
database__connection__password: example
database__connection__database: ghost
# this url value is just an example, and is likely wrong for your environment!
url: http://localhost:8080
# contrary to the default mentioned in the linked documentation, this image defaults to NODE_ENV=production (so development mode needs to be explicitly specified if desired)
#NODE_ENV: development
db:
image: mysql:8.0
restart: always
environment:
MYSQL_ROOT_PASSWORD: exampleGitea: Self-hosted Git Service
Gitea provides a modern way to manage your code repositories without relying on external services. It provides many features for a self-hosted version control system.
Pros:
Lightweight and speedy compared to similar platforms.
Comes with a built-in issue-tracking system.
Compatible with most CI/CD systems out of the box.
Cons:
Fewer features when compared to giants like GitHub or GitLab.
UI might seem minimalistic for those used to more elaborate platforms.
Docker Compose:
version: "3"
networks:
gitea:
external: false
services:
server:
image: gitea/gitea:1.20.5
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
restart: always
networks:
- gitea
volumes:
- ./gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "222:22"Grafana: Monitoring Perfected
For those who understand the need to track server health, user statistics, Kubernetes clusters, and even Google Analytics data, Grafana is the de facto standard for open-source dashboard monitoring tools.
Pros:
Highly customizable dashboards.
Integrates seamlessly with multiple data sources, including cloud services.
An active community providing plugins, free dashboards, and features regularly.
Cons:
Requires some initial setup and knowledge to harness its capabilities fully.
It can be overwhelming for beginners due to its many features and configuration possibilities.
Docker Compose:
version: '3'
services:
grafana:
image: grafana/grafana:latest
ports:
- "3000:3000"
volumes:
- /path/to/grafana/data:/var/lib/grafanaDashy: A Start Page for Your Services
When running many self-hosted home services, you need a way to keep up with access to these services, especially when they may exist on non-standard ports across various container hosts. Dashy offers a customizable start page to keep everything in the same place. Think of it as your central hub on the web.
Read my writeup on Dashy dashboard here: Home lab dashboard with Dashy.
Pros:
Simplistic design ensures quick access to your most-used services.
Mobile-friendly out of the box.
Ability to integrate with multiple users.
Cons:
May be overwhelming to setup for beginners
Dependence on active internet connectivity for external access
Docker Compose:
version: "3.8"
services:
dashy:
# To build from source, replace 'image: lissy93/dashy' with 'build: .'
# build: .
image: lissy93/dashy
container_name: Dashy
# Pass in your config file below, by specifying the path on your host machine
# volumes:
# - /root/my-config.yml:/app/public/conf.yml
ports:
- 4000:80
# Set any environmental variables
environment:
- NODE_ENV=production
# Specify your user ID and group ID. You can find this by running `id -u` and `id -g`
# - UID=1000
# - GID=1000
# Specify restart policy
restart: unless-stopped
# Configure healthchecks
healthcheck:
test: ['CMD', 'node', '/app/services/healthcheck']
interval: 1m30s
timeout: 10s
retries: 3
start_period: 40sHomarr: The Ultimate Dashboard for Self-hosted Enthusiasts
Like Dashy, Homarr provides a visually appealing and efficient way to manage and monitor your self-hosted apps from one place. It is designed for users with numerous self-hosted services and gives you complete control over how your dashboard looks and functions.
Pros:
At-a-glance overview of all your services in one unified platform.
Supports integration with multiple users
Frequent updates and an active community behind it.
Cons:
It might be overkill for those with only a few services.
Some setup is required to maximize what it can do.
Docker Compose:
version: '3'
#---------------------------------------------------------------------#
# Homarr - A simple, yet powerful dashboard for your server. #
#---------------------------------------------------------------------#
services:
homarr:
container_name: homarr
image: ghcr.io/ajnart/homarr:latest
restart: unless-stopped
volumes:
- ./homarr/configs:/app/data/configs
- ./homarr/icons:/app/public/icons
ports:
- '7575:7575'Uptime Kuma: Track Service Availability with Precision
Uptime Kuma lets you track the uptime of your services, making sure you are always aware of any downtime or issues. Think of it as your personal watchdog for your hosted apps and services.
Pros:
Provides detailed reports, including historical data.
Supports multiple notification methods.
Two-factor authentication for added security.
Cons:
Requires a dedicated local server or cloud instance to run.
It might be redundant if you are using other monitoring tools.
Docker Compose:
version: '3.8'
services:
uptime-kuma:
image: louislam/uptime-kuma:1
container_name: uptime-kuma
volumes:
- uptime-kuma:/app/data
ports:
- "3001:3001" # <Host Port>:<Container Port>
restart: always
volumes:
uptime-kuma:RSS: Aggregating Content from the Web
A simple RSS feed aggregator that supports RSS and ATOM formats, auto-fetching, custom feed names and colors, the ability to hide feed posts by default, etc.
Pros:
Feed-based tags for categorization
3 different post layout modes (card, list, compact).
Cross-device synchronization ensures you pick up where you left off.
Cons:
No import of full post/article content.
No authentication or authorization built-in.
Docker Compose:
version: "2"
services:
rss:
image: ghcr.io/ssddanbrown/rss:latest
container_name: rss
environment:
- APP_NAME=RSS
volumes:
- ./rss-files:/app/storage
ports:
- "8080:80"
restart: alwaysAppwrite: Developers’ Swiss Army Knife
For those looking to easily manage backend services and databases, Appwrite is a great self-hosted end-to-end server for web and mobile developers.
Pros:
All-in-one platform: database, authentication, cloud functions, and more.
Supports multiple users, ideal for collaborative projects.
Regular updates with new features and security patches.
Cons:
Might require a steeper learning curve for those unfamiliar with backend development.
Requires regular maintenance to ensure optimal performance.
Docker:
docker run -it --rm
--volume /var/run/docker.sock:/var/run/docker.sock
--volume "$(pwd)"/appwrite:/usr/src/code/appwrite:rw
--entrypoint="install"
appwrite/appwrite:1.4.5Bookstack: Knowledge Management Reinvented
Bookstack is a knowledge management Wiki for creating documentation. It offers a platform to create, organize, and store documentation with a WYSIWYG editor. It is powered by SQL and includes Markdown support.
Pros:
Hierarchical structure: books, chapters, and pages.
Rich text editor with Markdown support.
Integrates easily with services like Google Analytics for traffic insights.
Cons:
The interface might seem complex to some users.
Requires regular backups to prevent potential data loss.
Docker Compose:
---
version: "2"
services:
bookstack:
image: lscr.io/linuxserver/bookstack
container_name: bookstack
environment:
- PUID=1000
- PGID=1000
- APP_URL=https://bookstack.example.com
- DB_HOST=bookstack_db
- DB_PORT=3306
- DB_USER=bookstack
- DB_PASS=<yourdbpass>
- DB_DATABASE=bookstackapp
volumes:
- ./bookstack_app_data:/config
ports:
- 6875:80
restart: unless-stopped
depends_on:
- bookstack_db
bookstack_db:
image: lscr.io/linuxserver/mariadb
container_name: bookstack_db
environment:
- PUID=1000
- PGID=1000
- MYSQL_ROOT_PASSWORD=<yourdbpass>
- TZ=Europe/London
- MYSQL_DATABASE=bookstackapp
- MYSQL_USER=bookstack
- MYSQL_PASSWORD=<yourdbpass>
volumes:
- ./bookstack_db_data:/config
restart: unless-stoppedAudiobookshelf: For the Voracious Listener
Audiobookshelf is a media server tailored for audiobook and podcast enthusiasts. The app lets users stream their audiobook collection from anywhere, transforming devices into personal libraries.
Pros:
Supports multiple users with individual progress tracking.
Integration with Google Analytics offers insights into listening habits.
Web player allows for streaming across devices.
Cons:
Limited to audio content, unlike other comprehensive media servers.
Reliant on proper metadata for efficient book management.
Docker Compose:
version: "3.7"
services:
audiobookshelf:
image: ghcr.io/advplyr/audiobookshelf:latest
ports:
- 13378:80
volumes:
- </path/to/audiobooks>:/audiobooks
- </path/to/podcasts>:/podcasts
- </path/to/config>:/config
- </path/to/metadata>:/metadataPi-hole: The defacto standard for home Ad-Blocker
Pi-hole is the de facto standard in ad-blocking at home for those who self-host services. It stands out by offering network-wide ad-blocking rather than just blocking ads in your browser. It makes sure devices connected to the network are free from advertisements and trackers and also helps to block malicious sites and malware.
Pros:
Network-wide blocking ensures no device is left out.
Detailed dashboards allow users to track blocked requests.
Can be installed on lightweight devices like a Raspberry Pi, offering energy-efficient operation.
Cons:
Requires a constant local server connection.
It might occasionally block non-ad websites if not correctly configured.
Docker Compose:
version: "3"
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
# For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
ports:
- "53:53/tcp"
- "53:53/udp"
- "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
- "80:80/tcp"
environment:
TZ: 'America/Chicago'
# WEBPASSWORD: 'set a secure password here or it will be random'
# Volumes store your data between container upgrades
volumes:
- './etc-pihole:/etc/pihole'
- './etc-dnsmasq.d:/etc/dnsmasq.d'
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
cap_add:
- NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
restart: alwaysAdguard Home: Another popular Ad-Blocker
Similar in concept to Pi-hole, Adguard Home offers self-hosters a way to secure their local network. It blocks advertisements and protects against phishing websites and malicious domains.
Read my full write up on Adguard Home here: Adguard Home Docker Compose with Traefik Ingress.
Pros:
Advanced security features to protect devices on the network.
User-friendly interface with detailed statistics.
Flexible configuration options, including custom filtering rules.
Cons:
Slightly more resource-intensive compared to Pi-hole.
Needs regular updating to keep the malicious domain list current.
Docker Compose:
version: '3.3'
services:
traefik2:
image: traefik:latest
restart: always
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
ports:
- 80:80
- 443:443
networks:
traefik:
ipv4_address: 172.19.0.10
volumes:
- /var/run/docker.sock:/var/run/docker.sock
container_name: traefik
adguard:
image: adguard/adguardhome
restart: always
ports:
- 53:53/tcp
- 53:53/udp
- 67:67/udp
- 853:853/tcp
- 853:853/udp
- 5443:5443/tcp
- 5443:5443/udp
- 8853:8853/udp
networks:
traefik:
ipv4_address: 172.19.0.53
volumes:
- '~/homelabservices/adguard/work:/opt/adguardhome/work'
- '~/homelabservices/adguard/conf:/opt/adguardhome/conf'
container_name: adguard
labels:
- "traefik.enable=true"
- "traefik.http.routers.adguard.rule=Host(`adguardtest.cloud.local`)"
- "traefik.http.routers.adguard.tls=true"
- "traefik.http.routers.adguard.entrypoints=websecure"
- "traefik.http.services.adguard.loadbalancer.server.port=3000"
networks:
traefik:
driver: bridge
name: traefik
ipam:
driver: default
config:
- subnet: 172.19.0.0/16Wazuh
Wazuh is an excellent open-source security platform, designed to offer a security solution for home labs and businesses. With Wazuh, you can efficiently log and have visibility to security events, helping SecOps with network security.
Read my recent Wuzah write-up here: Wazuh Open Source SIEM: XDR for Enterprise and Home Lab.
Pros:
Great security features and capabilities
Modern interface with an enterprise feel for open-source software
Supports multiple users, facilitating team collaboration.
Cons:
Initial setup may be complex to get things dialed in
Security tools require some knowledge base of how to use them
Docker Compose: Wazuh uses an installation script instead of Docker Compose code:
curl -sO https://packages.wazuh.com/4.5/wazuh-install.sh && sudo bash ./wazuh-install.sh -aMailrise: Modern notifications made easy
Mailrise is built on the Apprise notification framework and allows you to have access to modern notification systems, including push notifications, even for legacy SMTP-enabled devices. It translates SMTP notification into push notifications.
Read my writeup on Mailrise here: IoT Notification System Push Notifications for Home Lab no SMTP required.
Pros:
Easy to setup in a Docker container
Provides integrations to over 50+ notification services
Requires no additional setup on your devices aside from pointing SMTP notifications to the mailrise server
Cons:
May be more complicated for some who are not technical
Services like Pushover do require a subscription
Docker Compose:
version: '3'
services:
mailrise:
image: yoryan/mailrise
ports:
- "8025:8025"
volumes:
- ~/mailrise/etc/mailrise.conf:/etc/mailrise.confFAQs
Why is self-hosting gaining traction among businesses and individuals?
Self-hosting is not a new concept, but it’s gaining momentum as both businesses and individuals realize the advantages of having full control over their data. With the popularity of cloud services, data ownership concerns have risen. By self-hosting you have and maintain control over data access. Businesses also find it beneficial for compliance, making sure that data protection standards are met.
Are there security risks involved in self-hosting?
JJust like any internet-connected service, self-hosted apps are vulnerable to potential security threats. However, the security of these apps relies on how they’re set up and managed. Implementing features like two-factor authentication, using a secure local server, and regularly updating software can drastically help with security.
What kind of hardware do you need self-hosting?
The hardware requirements depend on the apps you’re planning to host. While some lightweight apps can be hosted on devices as small as a Raspberry Pi, more resource-intensive software might require dedicated servers or at least a beefy personal computer. Take a look at the resources needs for each of your applications.
How do Docker containers help with self-hosting?
Docker containers make the process of setting up and running software much easier. Containers bundle an app and all its dependencies into a single package, making sure it runs consistently across different environments. It makes managing, tracking, and updating apps easier without getting into complex installation processes.
Can I manage multiple self-hosted apps from the same place?
Yes, solutions like Dashy and Homarr allow users to create a central dashboard to manage and access all their self-hosted apps from a single dashboard. Also, if you are using one or more Docker container hosts, you can use tools to manage all the containers on a single host from a single pane of glass.
Is it challenging to migrate to self-hosted solutions from cloud services?
It depends on what services you want to migrate. Some cloud platforms offer export features, making moving data straightforward. On the flip side, some proprietary services may be challenging to move. However, the demand to have ownership of your data has led to better options for export with many cloud service providers.
Do self-hosted apps lag in features compared to their cloud counterparts?
Not necessarily. While cloud releases are constant and backed by large corporations, the self-hosted community is very active with aggressive development. Developers supporting these communities are often passionate about self-hosting and keeping software updated, and secure, and introducing features that rival cloud alternatives.
Wrapping up
These are only 20 of the best self-hosted apps in 2023 that you can run. You may have other favorites in your self-hosted environment and home lab. Let me know in the comments if you have favorites that weren’t included in the list and let me know what you are running. There are so many apps out there that provide tremendous value to the community and the self-hosted environment.
