You can run many great self-hosted apps in your home lab or on your media server with only a small amount of tinkering. Let’s look at the best self-hosted apps in 2023 and a list of apps you should check out.
Table of contents
- Why Self-hosting?
- Plex: The Media Server King
- Jellyfin: Open Source Media Freedom
- Emby: A Balanced Media Contender
- Nextcloud: Your Personal Cloud Service
- Home Assistant: Automate Your Living Space
- Bitwarden: Secure Your Secrets
- Ghost: The Future of Blogging
- Gitea: Self-hosted Git Service
- Grafana: Monitoring Perfected
- Dashy: A Start Page for Your Services
- Homarr: The Ultimate Dashboard for Self-hosted Enthusiasts
- Uptime Kuma: Track Service Availability with Precision
- RSS: Aggregating Content from the Web
- Appwrite: Developers’ Swiss Army Knife
- Bookstack: Knowledge Management Reinvented
- Audiobookshelf: For the Voracious Listener
- Pi-hole: The defacto standard for home Ad-Blocker
- Adguard Home: Another popular Ad-Blocker
- Mailrise: Modern notifications made easy
- Wrapping up
In the age of the cloud, some may wonder why you would want to self-host anything. Aren’t there services in the cloud for just about anything you can think of? Yes, there are.
However, self-hosting allows you to take total ownership of your data and run applications you want to run in an environment that you control. Also, there are many excellent self-hosted apps, including those for inventory management, project management, media server services, security, ad-blocking, and many others. Most can easily be provisioned using Docker images and spinning up Docker containers, as we will see, without the need to install software.
Plex: The Media Server King
Plex is arguably one of the most common self-hosted apps and is one of the best self-hosted apps for media. It includes many key features, even in the free version, that allow users to stream their personal collections of movies, TV shows, and home videos, Plex remains a top choice for many.
Good device compatibility for accessing media
Advanced features including analytics.
Allows managing large media libraries easily
Premium features are locked behind a paywall.
Not entirely open-source.
version: '3' services: plex: image: plexinc/pms-docker:latest ports: - "32400:32400" volumes: - /path/to/plex/database:/config - /path/to/media:/data
Jellyfin: Open Source Media Freedom
Jellyfin offers a free media server solution, ensuring users maintain full control over their media and avoid streaming services with ads.
No premium walls, every feature is accessible from the start.
Active community support, including regular updates and security patches.
Lacks some of the polish and features of its competitors.
It might require additional configuration for reverse proxy setups, but this is true of many solutions.
version: '3' services: jellyfin: image: jellyfin/jellyfin ports: - "8096:8096" volumes: - /path/to/config:/config - /path/to/cache:/cache - /path/to/media:/media
Emby: A Balanced Media Contender
For those wanting an alternative to Plex but still desiring some premium features, Emby strikes a balance between functionality and cost.
Offers live TV support and other nice features
Integrates with cloud services for backup and sync.
A User-friendly interface allows even non tech-savvy users to self-host their media.
While it has a free version, some features are behind a paywall.
Requires periodic server management for optimal performance.
version: "2.3" services: emby: image: emby/embyserver container_name: embyserver runtime: nvidia # Expose NVIDIA GPUs network_mode: host # Enable DLNA and Wake-on-Lan environment: - UID=1000 # The UID to run emby as (default: 2) - GID=100 # The GID to run emby as (default 2) - GIDLIST=100 # A comma-separated list of additional GIDs to run emby as (default: 2) volumes: - /path/to/programdata:/config # Configuration directory - /path/to/tvshows:/mnt/share1 # Media directory - /path/to/movies:/mnt/share2 # Media directory ports: - 8096:8096 # HTTP port - 8920:8920 # HTTPS port devices: - /dev/dri:/dev/dri # VAAPI/NVDEC/NVENC render nodes - /dev/vchiq:/dev/vchiq # MMAL/OMX on Raspberry Pi restart: on-failure
Nextcloud: Your Personal Cloud Service
Nextcloud stands out as one of the best self-hosted apps for users looking to have control over their files. It provides file sync and a number of apps for calendar, contacts, notes, and other services, making it a hub for all your cloud services.
Offers an all-in-one solution: file sync, calendars, contacts, and other apps.
Supports multiple users, and can be used for businesses or families.
Provides end-to-end encryption for sensitive information.
Might require some initial server setup and maintenance.
Increasing capacity may require hardware upgrades.
version: '2' volumes: nextcloud: db: services: db: image: mariadb:10.6 restart: always command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW volumes: - db:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD= - MYSQL_PASSWORD= - MYSQL_DATABASE=nextcloud - MYSQL_USER=nextcloud app: image: nextcloud restart: always ports: - 8080:80 links: - db volumes: - nextcloud:/var/www/html environment: - MYSQL_PASSWORD= - MYSQL_DATABASE=nextcloud - MYSQL_USER=nextcloud - MYSQL_HOST=db
Home Assistant: Automate Your Living Space
Home Assistant is the ultimate tool for home automation enthusiasts. It allows users to integrate many devices and platforms, providing full control of your home environment.
Vast compatibility with many smart devices.
Allows for complex automation.
Active community and constant updates.
It might require additional configuration, especially for non-standard devices.
Learning curve for beginners.
services: homeassistant: image: lscr.io/linuxserver/homeassistant:latest container_name: homeassistant network_mode: host environment: - PUID=1000 - PGID=1000 - TZ=Etc/UTC volumes: - /path/to/data:/config ports: - 8123:8123 #optional devices: - /path/to/device:/path/to/device #optional restart: always
Bitwarden: Secure Your Secrets
When it comes to a self-hosted password manager, Bitwarden is one of the best. It offers a self-hosted solution to store and manage all your credentials in one place.
Take a look at my writeup on Bitwarden Unified Docker installation here: Bitwarden Unified Docker installation self-hosted password manager.
Enables two-factor authentication for added security.
Can be accessed from any browser or device.
Open-source and transparent.
Setup requires an understanding of security best practices.
Dependency on internet access for external access
version: '3.3' services: traefik2: image: traefik:latest restart: always command: - "--log.level=DEBUG" - "--api.insecure=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=true" - "--entrypoints.web.address=:80" - "--entrypoints.websecure.address=:443" - "--entrypoints.web.http.redirections.entryPoint.to=websecure" - "--entrypoints.web.http.redirections.entryPoint.scheme=https" ports: - 80:80 - 443:443 networks: traefik: ipv4_address: 172.19.0.10 volumes: - /var/run/docker.sock:/var/run/docker.sock container_name: traefik bitwarden: depends_on: - db env_file: - '~/homelabservices/bitwarden/settings.env' image: bitwarden/self-host:beta restart: always networks: traefik: ipv4_address: 172.19.0.20 volumes: - '~/homelabservices/bitwarden/data:/etc/bitwarden' labels: - "traefik.enable=true" - "traefik.http.routers.bitwarden.rule=Host(`bitwarden.cloud.local`)" - "traefik.http.routers.bitwarden.tls=true" - "traefik.http.routers.bitwarden.entrypoints=websecure" - "traefik.http.services.bitwarden.loadbalancer.server.port=8080" container_name: bitwarden db: environment: MARIADB_USER: "bitwarden" MARIADB_PASSWORD: "password" MARIADB_DATABASE: "bitwarden_vault" MARIADB_RANDOM_ROOT_PASSWORD: "true" image: mariadb:10 restart: always networks: traefik: ipv4_address: 172.19.0.30 volumes: - '~/homelabservices/mariadb/data:/var/lib/mysql' container_name: mariadb networks: traefik: driver: bridge name: traefik ipam: driver: default config: - subnet: 172.19.0.0/16
Ghost: The Future of Blogging
Ghost, as a blogging platform, offers a slick and modern way for creators to self-host their content. It provides a minimalist design that emphasizes content and readability.
SEO-friendly out of the box.
Easily integrates with various services like Google Analytics.
Supports multiple users for team blogs or businesses.
Lacks some of the plugins and themes available to more mature platforms like WordPress.
Initial configuration can be challenging for non-technical users.
version: '3.1' services: ghost: image: ghost:4-alpine restart: always ports: - 8080:2368 environment: # see https://ghost.org/docs/config/#configuration-options database__client: mysql database__connection__host: db database__connection__user: root database__connection__password: example database__connection__database: ghost # this url value is just an example, and is likely wrong for your environment! url: http://localhost:8080 # contrary to the default mentioned in the linked documentation, this image defaults to NODE_ENV=production (so development mode needs to be explicitly specified if desired) #NODE_ENV: development db: image: mysql:8.0 restart: always environment: MYSQL_ROOT_PASSWORD: example
Gitea: Self-hosted Git Service
Gitea provides a modern way to manage your code repositories without relying on external services. It provides many features for a self-hosted version control system.
Lightweight and speedy compared to similar platforms.
Comes with a built-in issue-tracking system.
Compatible with most CI/CD systems out of the box.
Fewer features when compared to giants like GitHub or GitLab.
UI might seem minimalistic for those used to more elaborate platforms.
version: "3" networks: gitea: external: false services: server: image: gitea/gitea:1.20.5 container_name: gitea environment: - USER_UID=1000 - USER_GID=1000 restart: always networks: - gitea volumes: - ./gitea:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - "3000:3000" - "222:22"
Grafana: Monitoring Perfected
For those who understand the need to track server health, user statistics, Kubernetes clusters, and even Google Analytics data, Grafana is the de facto standard for open-source dashboard monitoring tools.
Highly customizable dashboards.
Integrates seamlessly with multiple data sources, including cloud services.
An active community providing plugins, free dashboards, and features regularly.
Requires some initial setup and knowledge to harness its capabilities fully.
It can be overwhelming for beginners due to its many features and configuration possibilities.
version: '3' services: grafana: image: grafana/grafana:latest ports: - "3000:3000" volumes: - /path/to/grafana/data:/var/lib/grafana
Dashy: A Start Page for Your Services
When running many self-hosted home services, you need a way to keep up with access to these services, especially when they may exist on non-standard ports across various container hosts. Dashy offers a customizable start page to keep everything in the same place. Think of it as your central hub on the web.
Read my writeup on Dashy dashboard here: Home lab dashboard with Dashy.
Simplistic design ensures quick access to your most-used services.
Mobile-friendly out of the box.
Ability to integrate with multiple users.
May be overwhelming to setup for beginners
Dependence on active internet connectivity for external access
version: "3.8" services: dashy: # To build from source, replace 'image: lissy93/dashy' with 'build: .' # build: . image: lissy93/dashy container_name: Dashy # Pass in your config file below, by specifying the path on your host machine # volumes: # - /root/my-config.yml:/app/public/conf.yml ports: - 4000:80 # Set any environmental variables environment: - NODE_ENV=production # Specify your user ID and group ID. You can find this by running `id -u` and `id -g` # - UID=1000 # - GID=1000 # Specify restart policy restart: unless-stopped # Configure healthchecks healthcheck: test: ['CMD', 'node', '/app/services/healthcheck'] interval: 1m30s timeout: 10s retries: 3 start_period: 40s
Homarr: The Ultimate Dashboard for Self-hosted Enthusiasts
Like Dashy, Homarr provides a visually appealing and efficient way to manage and monitor your self-hosted apps from one place. It is designed for users with numerous self-hosted services and gives you complete control over how your dashboard looks and functions.
At-a-glance overview of all your services in one unified platform.
Supports integration with multiple users
Frequent updates and an active community behind it.
It might be overkill for those with only a few services.
Some setup is required to maximize what it can do.
version: '3' #---------------------------------------------------------------------# # Homarr - A simple, yet powerful dashboard for your server. # #---------------------------------------------------------------------# services: homarr: container_name: homarr image: ghcr.io/ajnart/homarr:latest restart: unless-stopped volumes: - ./homarr/configs:/app/data/configs - ./homarr/icons:/app/public/icons ports: - '7575:7575'
Uptime Kuma: Track Service Availability with Precision
Uptime Kuma lets you track the uptime of your services, making sure you are always aware of any downtime or issues. Think of it as your personal watchdog for your hosted apps and services.
Provides detailed reports, including historical data.
Supports multiple notification methods.
Two-factor authentication for added security.
Requires a dedicated local server or cloud instance to run.
It might be redundant if you are using other monitoring tools.
version: '3.8' services: uptime-kuma: image: louislam/uptime-kuma:1 container_name: uptime-kuma volumes: - uptime-kuma:/app/data ports: - "3001:3001" # <Host Port>:<Container Port> restart: always volumes: uptime-kuma:
RSS: Aggregating Content from the Web
A simple RSS feed aggregator that supports RSS and ATOM formats, auto-fetching, custom feed names and colors, the ability to hide feed posts by default, etc.
Feed-based tags for categorization
3 different post layout modes (card, list, compact).
Cross-device synchronization ensures you pick up where you left off.
No import of full post/article content.
No authentication or authorization built-in.
version: "2" services: rss: image: ghcr.io/ssddanbrown/rss:latest container_name: rss environment: - APP_NAME=RSS volumes: - ./rss-files:/app/storage ports: - "8080:80" restart: always
Appwrite: Developers’ Swiss Army Knife
For those looking to easily manage backend services and databases, Appwrite is a great self-hosted end-to-end server for web and mobile developers.
All-in-one platform: database, authentication, cloud functions, and more.
Supports multiple users, ideal for collaborative projects.
Regular updates with new features and security patches.
Might require a steeper learning curve for those unfamiliar with backend development.
Requires regular maintenance to ensure optimal performance.
docker run -it --rm --volume /var/run/docker.sock:/var/run/docker.sock --volume "$(pwd)"/appwrite:/usr/src/code/appwrite:rw --entrypoint="install" appwrite/appwrite:1.4.5
Bookstack: Knowledge Management Reinvented
Bookstack is a knowledge management Wiki for creating documentation. It offers a platform to create, organize, and store documentation with a WYSIWYG editor. It is powered by SQL and includes Markdown support.
Hierarchical structure: books, chapters, and pages.
Rich text editor with Markdown support.
Integrates easily with services like Google Analytics for traffic insights.
The interface might seem complex to some users.
Requires regular backups to prevent potential data loss.
--- version: "2" services: bookstack: image: lscr.io/linuxserver/bookstack container_name: bookstack environment: - PUID=1000 - PGID=1000 - APP_URL=https://bookstack.example.com - DB_HOST=bookstack_db - DB_PORT=3306 - DB_USER=bookstack - DB_PASS=<yourdbpass> - DB_DATABASE=bookstackapp volumes: - ./bookstack_app_data:/config ports: - 6875:80 restart: unless-stopped depends_on: - bookstack_db bookstack_db: image: lscr.io/linuxserver/mariadb container_name: bookstack_db environment: - PUID=1000 - PGID=1000 - MYSQL_ROOT_PASSWORD=<yourdbpass> - TZ=Europe/London - MYSQL_DATABASE=bookstackapp - MYSQL_USER=bookstack - MYSQL_PASSWORD=<yourdbpass> volumes: - ./bookstack_db_data:/config restart: unless-stopped
Audiobookshelf: For the Voracious Listener
Audiobookshelf is a media server tailored for audiobook and podcast enthusiasts. The app lets users stream their audiobook collection from anywhere, transforming devices into personal libraries.
Supports multiple users with individual progress tracking.
Integration with Google Analytics offers insights into listening habits.
Web player allows for streaming across devices.
Limited to audio content, unlike other comprehensive media servers.
Reliant on proper metadata for efficient book management.
version: "3.7" services: audiobookshelf: image: ghcr.io/advplyr/audiobookshelf:latest ports: - 13378:80 volumes: - </path/to/audiobooks>:/audiobooks - </path/to/podcasts>:/podcasts - </path/to/config>:/config - </path/to/metadata>:/metadata
Pi-hole: The defacto standard for home Ad-Blocker
Pi-hole is the de facto standard in ad-blocking at home for those who self-host services. It stands out by offering network-wide ad-blocking rather than just blocking ads in your browser. It makes sure devices connected to the network are free from advertisements and trackers and also helps to block malicious sites and malware.
Network-wide blocking ensures no device is left out.
Detailed dashboards allow users to track blocked requests.
Can be installed on lightweight devices like a Raspberry Pi, offering energy-efficient operation.
Requires a constant local server connection.
It might occasionally block non-ad websites if not correctly configured.
version: "3" # More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/ services: pihole: container_name: pihole image: pihole/pihole:latest # For DHCP it is recommended to remove these ports and instead add: network_mode: "host" ports: - "53:53/tcp" - "53:53/udp" - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server - "80:80/tcp" environment: TZ: 'America/Chicago' # WEBPASSWORD: 'set a secure password here or it will be random' # Volumes store your data between container upgrades volumes: - './etc-pihole:/etc/pihole' - './etc-dnsmasq.d:/etc/dnsmasq.d' # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities cap_add: - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed restart: always
Adguard Home: Another popular Ad-Blocker
Similar in concept to Pi-hole, Adguard Home offers self-hosters a way to secure their local network. It blocks advertisements and protects against phishing websites and malicious domains.
Read my full write up on Adguard Home here: Adguard Home Docker Compose with Traefik Ingress.
Advanced security features to protect devices on the network.
User-friendly interface with detailed statistics.
Flexible configuration options, including custom filtering rules.
Slightly more resource-intensive compared to Pi-hole.
Needs regular updating to keep the malicious domain list current.
version: '3.3' services: traefik2: image: traefik:latest restart: always command: - "--log.level=DEBUG" - "--api.insecure=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=true" - "--entrypoints.web.address=:80" - "--entrypoints.websecure.address=:443" - "--entrypoints.web.http.redirections.entryPoint.to=websecure" - "--entrypoints.web.http.redirections.entryPoint.scheme=https" ports: - 80:80 - 443:443 networks: traefik: ipv4_address: 172.19.0.10 volumes: - /var/run/docker.sock:/var/run/docker.sock container_name: traefik adguard: image: adguard/adguardhome restart: always ports: - 53:53/tcp - 53:53/udp - 67:67/udp - 853:853/tcp - 853:853/udp - 5443:5443/tcp - 5443:5443/udp - 8853:8853/udp networks: traefik: ipv4_address: 172.19.0.53 volumes: - '~/homelabservices/adguard/work:/opt/adguardhome/work' - '~/homelabservices/adguard/conf:/opt/adguardhome/conf' container_name: adguard labels: - "traefik.enable=true" - "traefik.http.routers.adguard.rule=Host(`adguardtest.cloud.local`)" - "traefik.http.routers.adguard.tls=true" - "traefik.http.routers.adguard.entrypoints=websecure" - "traefik.http.services.adguard.loadbalancer.server.port=3000" networks: traefik: driver: bridge name: traefik ipam: driver: default config: - subnet: 172.19.0.0/16
Wazuh is an excellent open-source security platform, designed to offer a security solution for home labs and businesses. With Wazuh, you can efficiently log and have visibility to security events, helping SecOps with network security.
Read my recent Wuzah write-up here: Wazuh Open Source SIEM: XDR for Enterprise and Home Lab.
Great security features and capabilities
Modern interface with an enterprise feel for open-source software
Supports multiple users, facilitating team collaboration.
Initial setup may be complex to get things dialed in
Security tools require some knowledge base of how to use them
Docker Compose: Wazuh uses an installation script instead of Docker Compose code:
curl -sO https://packages.wazuh.com/4.5/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
Mailrise: Modern notifications made easy
Mailrise is built on the Apprise notification framework and allows you to have access to modern notification systems, including push notifications, even for legacy SMTP-enabled devices. It translates SMTP notification into push notifications.
Read my writeup on Mailrise here: IoT Notification System Push Notifications for Home Lab no SMTP required.
Easy to setup in a Docker container
Provides integrations to over 50+ notification services
Requires no additional setup on your devices aside from pointing SMTP notifications to the mailrise server
May be more complicated for some who are not technical
Services like Pushover do require a subscription
version: '3' services: mailrise: image: yoryan/mailrise ports: - "8025:8025" volumes: - ~/mailrise/etc/mailrise.conf:/etc/mailrise.conf
Why is self-hosting gaining traction among businesses and individuals?
Self-hosting is not a new concept, but it’s gaining momentum as both businesses and individuals realize the advantages of having full control over their data. With the popularity of cloud services, data ownership concerns have risen. By self-hosting you have and maintain control over data access. Businesses also find it beneficial for compliance, making sure that data protection standards are met.
Are there security risks involved in self-hosting?
JJust like any internet-connected service, self-hosted apps are vulnerable to potential security threats. However, the security of these apps relies on how they’re set up and managed. Implementing features like two-factor authentication, using a secure local server, and regularly updating software can drastically help with security.
What kind of hardware do you need self-hosting?
The hardware requirements depend on the apps you’re planning to host. While some lightweight apps can be hosted on devices as small as a Raspberry Pi, more resource-intensive software might require dedicated servers or at least a beefy personal computer. Take a look at the resources needs for each of your applications.
How do Docker containers help with self-hosting?
Docker containers make the process of setting up and running software much easier. Containers bundle an app and all its dependencies into a single package, making sure it runs consistently across different environments. It makes managing, tracking, and updating apps easier without getting into complex installation processes.
Can I manage multiple self-hosted apps from the same place?
Yes, solutions like Dashy and Homarr allow users to create a central dashboard to manage and access all their self-hosted apps from a single dashboard. Also, if you are using one or more Docker container hosts, you can use tools to manage all the containers on a single host from a single pane of glass.
Is it challenging to migrate to self-hosted solutions from cloud services?
It depends on what services you want to migrate. Some cloud platforms offer export features, making moving data straightforward. On the flip side, some proprietary services may be challenging to move. However, the demand to have ownership of your data has led to better options for export with many cloud service providers.
Do self-hosted apps lag in features compared to their cloud counterparts?
Not necessarily. While cloud releases are constant and backed by large corporations, the self-hosted community is very active with aggressive development. Developers supporting these communities are often passionate about self-hosting and keeping software updated, and secure, and introducing features that rival cloud alternatives.
These are only 20 of the best self-hosted apps in 2023 that you can run. You may have other favorites in your self-hosted environment and home lab. Let me know in the comments if you have favorites that weren’t included in the list and let me know what you are running. There are so many apps out there that provide tremendous value to the community and the self-hosted environment.