Containers

Best Docker Containers for Home Server in 2024

Learn about the best Docker containers for home server in 2024. Easily spin up new applications and manage containers with Docker Compose.

Highlights

  • Let’s look at the best Docker containers for home server and the Docker Compose files needed to spin up the solutions for the feel of a serverless solution for your self-hosted apps.
  • Using a simple Docker Compose file, you can quickly and easily spin up new applications in your home lab and manage containers, even in multiples, using Docker Compose code.
  • Below are general containers that you can run in your home lab or home server environment and make up some of the best Docker containers for home server in 2024 (IMHO).

There are so many great containerized solutions and container images out there freely available for running applications and services in a virtualization environment. Using a simple Docker Compose file, you can quickly and easily spin up new applications in your home lab and manage containers, even in multiples, using Docker Compose code. Also, you can use Traefik or Nginx Proxy Manager to manage all SSL certificates to your services automatically in your containerization environment. Let’s look at the best Docker containers for home server in 2024 and example code for spinning up the containers.

Prerequisites

  • Install Docker on your Docker container host or LXC containers
  • Install Docker Compose
  • Have a user with sudo permissions and in the Docker group
  • Have access to create files and folders on your Docker host

Let’s look at the best Docker containers for home server and the Docker Compose files needed to spin up the solutions for the feel of a serverless solution for your self-hosted apps.

Best Docker Containers for Home Server – General

Below are general containers that you can run in your home lab or home server environment and make up some of the best Docker containers for home server in 2024 (IMHO).

Learn more about Kasm Workspaces here: Kasm Workspaces | The Container Streaming Platform (kasmweb.com)

1. Kasm Workspaces

Kasm Workspaces is one of the coolest Docker container solutions I have stumbled on this year. It provides a browser-based platform that allows secure and convenient access to applications and full Linux desktops running inside a Docker container.

Kasm
Kasm

Provisioning Kasm with Docker Compose is straightforward. However, we do this, not with Docker Compose code, but by pulling down an install script we run from the Bash prompt.

You run the following Linux shell script from the command line:

cd /tmp

curl -O https://kasm-static-content.s3.amazonaws.com/kasm_release_1.15.0.06fdc8.tar.gz

tar -xf kasm_release_1.15.0.06fdc8.tar.gz
sudo bash kasm_release/install.sh

Read my full write up on how to install and configure Kasm in your home network:

2. Plex

Plex is arguably the most popular solution for self-hosting streaming your media. It allows you to transform your server into a powerful entertainment server. Docker Compose makes the Plex installation script easy without complex commands.

Learn more about Plex here: Stream Movies & TV Shows | Plex

version: '3'
services:
  plex:
    image: plexinc/pms-docker:latest
    ports:
      - "32400:32400"
    volumes:
      - /path/to/plex/database:/config
      - /path/to/media:/data
Plex
Plex

3. Jellyfin

Jellyfin is another open-source alternative for media management and streaming. It enables you to have complete control over your digital media library. Docker Compose allows you to easily deploy Jellyfin.

Learn more about Jellyfin here: The Free Software Media System | Jellyfin

Jellyfin
Jellyfin
version: '3'
services:
  jellyfin:
    image: jellyfin/jellyfin
    ports:
      - "8096:8096"
    volumes:
      - /path/to/config:/config
      - /path/to/cache:/cache
      - /path/to/media:/media

4. Emby

Emby is another media solution that makes organizing your content and streaming across multiple devices easy. Docker Compose streamlines Emby’s setup.

Learn more about Emby here: Emby – The open media solution

Emby
Emby
version: "2.3"
services:
  emby:
    image: emby/embyserver
    container_name: embyserver
    runtime: nvidia # Expose NVIDIA GPUs
    network_mode: host # Enable DLNA and Wake-on-Lan
    environment:
      - UID=1000 # The UID to run emby as (default: 2)
      - GID=100 # The GID to run emby as (default 2)
      - GIDLIST=100 # A comma-separated list of additional GIDs to run emby as (default: 2)
    volumes:
      - /path/to/programdata:/config # Configuration directory
      - /path/to/tvshows:/mnt/share1 # Media directory
      - /path/to/movies:/mnt/share2 # Media directory
    ports:
      - 8096:8096 # HTTP port
      - 8920:8920 # HTTPS port
    devices:
      - /dev/dri:/dev/dri # VAAPI/NVDEC/NVENC render nodes
      - /dev/vchiq:/dev/vchiq # MMAL/OMX on Raspberry Pi
    restart: on-failure

5. Nextcloud

For those who want to self-host their file storage solution, Nextcloud is one of the best-known self-hosted cloud file storage solutions. It mirrors cloud functionalities with better privacy and enhanced security. Docker Compose allows you to spin up your Nextcloud server experience easily.

Learn more about Nextcloud here: Nextcloud – Open source content collaboration platform

Nextcloud
Nextcloud
version: '2'

volumes:
  nextcloud:
  db:

services:
  db:
    image: mariadb:10.6
    restart: always
    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
    volumes:
      - db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=
      - MYSQL_PASSWORD=
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud

  app:
    image: nextcloud
    restart: always
    ports:
      - 8080:80
    links:
      - db
    volumes:
      - nextcloud:/var/www/html
    environment:
      - MYSQL_PASSWORD=
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=db

6. Pi-Hole

Pi-Hole is a network ad-blocking solution that allows you to take control over your network by blocking ads and telemetry data from being collected from devices on your network. It provides a DNS sinkhole solution. Deploying Pi-Hole via Docker Compose allows you to easily stand up network-wide ad blocking to enhance your bandwidth efficiency, privacy, and security.

Learn more about Pi-Hole here: Pi-hole โ€“ Network-wide Ad Blocking.

Pi hole
Pi hole
version: "3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "80:80/tcp"
    environment:
      TZ: 'America/Chicago'
      # WEBPASSWORD: 'set a secure password here or it will be random'
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
    restart: always

7. Home Assistant

Home Assistant is arguably the best known solution in the home automation scene. It offers a centralized platform to manage all your smart devices. With Docker Compose, setting up Home Assistant on your server is easy.

Learn more about Home Assistant here: Home Assistant (home-assistant.io)

Home assistant
Home assistant
version: '3'
services:
  home-assistant:
    container_name: homeassistant
    image: homeassistant/home-assistant:stable
    volumes:
      - /PATH_TO_YOUR_CONFIG:/config
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped
    network_mode: host

8. Bitwarden

Bitwarden stands as a secure and open-source password manager, safeguarding your digital credentials. Docker Compose simplifies Bitwarden’s deployment, securing your passwords with ease on your own server.

Learn more about Bitwarden here: The password manager trusted by millions | Bitwarden.

Bitwarden
Bitwarden
version: '3'
services:
  bitwarden:
    image: bitwardenrs/server:latest
    volumes:
      - /path/to/bitwarden/data:/data
    ports:
      - "80:80"
      - "443:443"
    restart: always

This Docker Compose snippet sets up Bitwarden on your home server, providing a secure environment for managing passwords across your devices.

9. Ghost

Ghost is a blogging platform designed for professional publishing and is gaining popularity in the way you can use it to publish content using Git versioning. Docker Compose enables you to host your own instance of Ghost, and gives you control over your content and presentation.

Learn more about Ghost here: Ghost: Independent technology for modern publishing.

version: '3.1'
services:
  ghost:
    image: ghost:latest
    ports:
      - "2368:2368"
    volumes:
      - /path/to/ghost/data:/var/lib/ghost/content
    environment:
      url: http://your-website-url.com
Ghost content
Ghost content

10. Gitea

Gitea is an easy-to-install Git service. It is perfect for self-hosted software development. With Docker Compose, Gitea enables streamlined version control and collaboration.

Learn more about Gitea here: Gitea Official Website.

version: "3"

networks:
  gitea:
    external: false

services:
  server:
    image: gitea/gitea:1.20.5
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
    restart: always
    networks:
      - gitea
    volumes:
      - ./gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "222:22"
Gitea
Gitea

11. Dashy

Dashy is a customizable home lab dashboard solution and provides a homepage for your server, whether this is a single server or multiple servers across your lab. You can use it for organizing your web apps and services in one place. Note the following Docker compose code for standing up Dashy.

Learn more about Dashy here: Dashy | Dashy.

version: "3.8"
services:
  dashy:
    # To build from source, replace 'image: lissy93/dashy' with 'build: .'
    # build: .
    image: lissy93/dashy
    container_name: Dashy
    # Pass in your config file below, by specifying the path on your host machine
    # volumes:
      # - /root/my-config.yml:/app/public/conf.yml
    ports:
      - 4000:80
    # Set any environmental variables
    environment:
      - NODE_ENV=production
    # Specify your user ID and group ID. You can find this by running `id -u` and `id -g`
    #  - UID=1000
    #  - GID=1000
    # Specify restart policy
    restart: unless-stopped
    # Configure healthchecks
    healthcheck:
      test: ['CMD', 'node', '/app/services/healthcheck']
      interval: 1m30s
      timeout: 10s
      retries: 3
      start_period: 40s
Dashy
Dashy

12. Uptime Kuma

Uptime Kuma is quickly gaining popularity for self-hosted monitoring, especially for web servers. You can stand up Uptime Kuma and have it monitor your dockerized services and apps via Docker compose.

Learn more about Uptime Kuma here: GitHub – louislam/uptime-kuma: A fancy self-hosted monitoring tool.

version: '3.8'

services:
  uptime-kuma:
    image: louislam/uptime-kuma:1
    container_name: uptime-kuma
    volumes:
      - uptime-kuma:/app/data
    ports:
      - "3001:3001"  # <Host Port>:<Container Port>
    restart: always

volumes:
  uptime-kuma:
Uptime kuma
Uptime kuma

13. Mailrise

I have totally replaced my SMTP solution and configuration using public SMTP servers like Gmail, with Mailrise. Using Mailrise, you can have a solution that is a drop in replacement for your SMTP server and it allows legacy devices that only have SMTP as their notification capability to use modern push notification APIs for sending messages.

Learn more about Mailrise here: GitHub – YoRyan/mailrise: An SMTP gateway for Apprise notifications..

Mailrise
Mailrise
version: '3'
services:
  mailrise:
    image: yoryan/mailrise
    ports:
      - "8025:8025"
    volumes:
      - ~/mailrise/etc/mailrise.conf:/etc/mailrise.conf

14. Adguard

Adguard Home is another network ad-blocking solution, much like Pi-Hole, that provides a DNS sinkhole solution to block network ads, malware, phishing, ransomware, and protect your privacy at the same time, even with default settings.

Learn more about Adguard here: AdGuard Home | Network-wide software for any OS: Windows, macOS, Linux.

Adguard
Adguard
version: '3'
services:
  adguardhome:
    image: adguard/adguardhome
    container_name: adguardhome
    ports:
      - 53:53/tcp
      - 53:53/udp
      - 784:784/udp
      - 853:853/tcp
      - 3000:3000/tcp
      - 80:80/tcp
      - 443:443/tcp
    volumes:
      - ./workdir:/opt/adguardhome/work
      - ./confdir:/opt/adguardhome/conf
    restart: unless-stopped

      config:
        - subnet: 172.19.0.0/16

15. FreshRSS

FreshRSS is one of the best RSS aggregator containers I have used. I have tried other solutions, but I always come back to FreshRSS. If you want to aggregate many different RSS feeds, FreshRSS is one of the best you can self-host.

Learn more about FreeRSS here: FreshRSS, a free, self-hostable feeds aggregator.

Freshrss
Freshrss
version: "2.1"
services:
freshrss:
image: lscr.io/linuxserver/freshrss:latest
container_name: freshrss
environment:
- PUID=1000
- PGID=1000
- TZ: America/Chicago
- CRON_MIN: '3,33'
volumes:
- /path/to/data:/config
ports:
- 80:80
restart: always

Best Docker Containers – Security

Below are some of the best Docker containers for security focused tasks, such as general Docker security, lining, and vulnerability scanning.

1. SonarQube

SonarQube stands as a beacon for code quality, offering detailed insights and identifying vulnerabilities within your codebase. Docker Compose enables a straightforward setup, embedding this crucial tool into your development pipeline.

Learn more about Sonarqube here: Code Quality, Security & Static Analysis Tool with SonarQube | Sonar (sonarsource.com).

Sonarqube
Sonarqube
version: '3'
services:
  sonarqube:
    image: sonarqube:latest
    ports:
      - "9000:9000"  # SonarQube web interface
    volumes:
      - sonarqube_data:/var/sonarqube/data  # Persistent storage for SonarQube data
volumes:
  sonarqube_data: {}

2. Sysdig Secure

Sysdig Secure provides security scanning, compliance checks, and runtime defense mechanisms. We can use Docker Compose to use Sysdig to secure the infrastructure against threats. It is a paid solution as well.

Learn more about Sysdig here: Sysdig | Security for Containers, Kubernetes, and Cloud.

3. Falco

Falco is a cloud-native security tool that continuously monitors system calls with containers. If it sees activity that is out of the ordinary that could be malware or other threats, it can identify and remediate the attacks before they progress.

Learn more about Falco here: Falco.

Falco 1
Falco 1
docker run --rm -i -t \
--privileged \
-v /var/run/docker.sock:/host/var/run/docker.sock \
-v /dev:/host/dev \
-v /proc:/host/proc:ro \
-v /boot:/host/boot:ro \
-v /lib/modules:/host/lib/modules:ro \
-v /usr:/host/usr:ro \
-v /etc:/host/etc:ro \
falcosecurity/falco:latest

4. Hadolint

Hadolint is a Dockerfile linter that helps enforce best practices in Dockerfiles. For developers aiming to optimize their Docker container images, it is a must-have linting tool.

Learn more about Hadolint here: Releases ยท hadolint/hadolint (github.com).

Hadolint 1
Hadolint 1
docker run --rm -i hadolint/hadolint < Dockerfile
# OR
docker run --rm -i ghcr.io/hadolint/hadolint < Dockerfile

5. Trivy

Trivy scans for vulnerabilities in your container images. It can give you detailed reports and integration into your CI/CD pipeline. It protects your container images from known vulnerabilities in packages.

Learn more about Trivy here: Trivy Home – Trivy.

Trivy 1
Trivy 1
version: '3'
services:
trivy-scanner:
image: aquasec/trivy:0.49.1
command: ["trivy", "image", "<your-image-name>"] # Replace with the image you want to scan

Best DevOps Containers

If you are getting into DevOps and wanting to use your home lab as a playground for learning more DevOps skills, the following are the best DevOps containers you need to know about for learning things like git and CI/CD.

1. GitLab

GitLab is one of the best self-hosted git repositories I think you can host in your home lab. To me, it is intuitive and has tons of features. You can run the enterprise edition totally free also. It includes a container registry you can turn on as well as CI/CD features and capabilities to run your own pipelines.

Learn more about Gitlab here: The most-comprehensive AI-powered DevSecOps platform | GitLab.

Gitlab
Gitlab
gitlab:
    image: gitlab/gitlab-ee:latest
    hostname: 'gitlab.mydomain.com'
    restart: always
    volumes:
      - '~/homelabservices/gitlab/data:/var/opt/gitlab'
      - '~/homelabservices/gitlab/config:/etc/gitlab'
      - '~/homelabservices/gitlab/logs:/var/log/gitlab'

    container_name: gitlab

2. Jenkins

Jenkins is one of the best known code automation platforms. It has been around the longest and has a large base of users and community members. While it is long in the tooth, it is still the standard that many go by for DevOps and CI/CD.

Learn more about Jenkins here: Jenkins.

Jenkins
Jenkins
version: '3.8'
services:
  jenkins-master:
    image: jenkins/jenkins:lts
    container_name: jenkins-master
    user: "1001" 
    environment: 
      - PUID=1001 
      - PGID=1001
    ports:
      - "8080:8080"
      - "50000:50000"
    volumes:
      - ~/homelabservices/jenkins/jenkins-data:/var/jenkins_home
      - /var/run/docker.sock:/var/run/docker.sock
    restart: always

3. Traefik

Traefik is the de facto standard as a reverse proxy for Docker or Kubernetes clusters (orchestration, more scalability, high availability architecture). With it, you can route traffic from the outside to a specific container that exists internally and it can also terminate SSL connections in a web browser. Using Let’s Encrypt, you can automate the process of provisioning and renewing certificates.

Learn more about Traefik here: Traefik, The Cloud Native Application Proxy | Traefik Labs.

Traefik
Traefik
version: '3.3'

services:
  traefik2:
    image: traefik:latest
    restart: always
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
    ports:
      - 80:80
      - 443:443
    networks:
      traefik:
        ipv4_address: 172.19.0.10
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    container_name: traefik

4. HashiCorp Vault

Hashicorp Vault is a trusted solution from Hashicorp for storing your secrets. You can use it to securely store secrets, dynamically create secrets, and create policies to define how devices and users can connect to obtain secrets in the environment.

Learn more about Hashicorp Vault here: HashiCorp Vault – Manage Secrets & Protect Sensitive Data.

Hashicorp vault
Hashicorp vault
version: '3.6'
services:

  vault:
    image: vault:latest
    container_name: vault
    restart: on-failure:10
    ports:
      - "8201:8201"
    environment:
      VAULT_ADDR: 'https://0.0.0.0:8201'
    cap_add:
      - IPC_LOCK
    volumes:
      - vault-volume:/data
    healthcheck:
      retries: 5
    command: ./workflow-vault.sh
    networks:
      - my network

version: ‘3’ services: vault: image: vault:latest cap_add: – IPC_LOCK ports: – “8200:8200” volumes: – vault_data

5. ArgoCD

ArgoCD automates application deployment in Kubernetes clusters. If you want to align with the principles of GitOps, it simplifies application lifecycle management and ensures that your deployments match the configurations stored in Git. Docker Compose can deploy ArgoCD.

Learn more about ArgoCD here: Argo CD | Argo (argoproj.github.io).

Argocd
Argocd
version: '2'

services:
  argo-cd:
    image: docker.io/bitnami/argo-cd:2

Best DevOps Monitoring containers

Monitoring your containers is part of best practices in container management. Let’s consider the best DevOps monitoring containers.

1. Prometheus

Prometheus allows collecting metrics from configured targets at certain intervals. Gathering metrics from microservices is essential. Note below how you can easily stand up Prometheus using Docker Compose.

Learn more about Prometheus here: Prometheus – Monitoring system & time series database.

Prometheus
Prometheus
version: '3'
services:
  prometheus:
    image: prom/prometheus:v2.22.0
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml
    ports:
      - "9090:9090"

2. Grafana

Grafana allows visualizing metrics you are collecting with Prometheus in a very visual way with dashboards and visual query builder/analyzer.

Learn more about Grafana here: Grafana: The open observability platform | Grafana Labs.

Grafana
Grafana
version: '3'
services:
  grafana:
    image: grafana/grafana:latest
    volumes:
      - grafana_data:/var/lib/grafana
    environment:
      - GF_SECURITY_ADMIN_PASSWORD=secret
    ports:
      - "3000:3000"
volumes:
  grafana_data:

3. Nagios Core

Nagios Core has been around for a long while and allows you to monitor performance of network services, host resources, and servers, providing alerts for failures. Docker Compose can be used to deploy Nagios Core, as seen below:

Learn more about Nagios here: Nagios Open Source | Nagios Open Source.

Nagios
Nagios
version: '3'
services:
  nagios:
    image: jasonrivers/nagios:latest
    volumes:
      - /path/to/nagios/etc:/opt/nagios/etc
      - /path/to/nagios/var:/opt/nagios/var
    ports:
      - "8080:80"

4. InfluxDB

InfluxDB is a time series database for high write and query loads. It is an ideal storage solution for time series data. I have used it for monitoring many things in the home lab, including my Proxmox hosts.

Learn more about Influxdb here: InfluxDB Time Series Data Platform | InfluxData.

Influxdb
Influxdb
version: '3'
services:
  influxdb:
    image: influxdb:latest
    volumes:
      - influxdb_data:/var/lib/influxdb2
    ports:
      - "8086:8086"
volumes:
  influxdb_data:

5. Telegraf

Telegraf is an agent for collecting, processing, aggregating, and writing metrics. You can use it with InfluxDB and Grafana as part of the TICK monitoring stack. Docker Compose simplifies Telegraf’s integration into your monitoring setup.

Learn more about Telegraf here: Telegraf | InfluxData.

Telegraf
Telegraf
version: '3'
services:
  telegraf:
    image: telegraf:latest
    volumes:
      - /path/to/telegraf.conf:/etc/telegraf/telegraf.conf:ro

Looking for the Best Docker Containers

Wrapping up

These are a few of the best Docker containers in 2024 and show the wide range of capabilities you can have with Docker containers running apps on your home server. Keep in mind, everyone’s focus will be different on their home server and may host many different containers outside of the ones we have highlighted. Most of these solutions have really good documentation on their code repository that can help get up and running and take advantage of the solutions quickly. Let me know in the comments what Docker containers you are running.

Subscribe to VirtualizationHowto via Email ๐Ÿ””

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, He has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family. Also, he goes through the effort of testing and troubleshooting issues, so you don't have to.

Related Articles

2 Comments

  1. Great post, thanks. Though I think the link to plex should be to plex.tv instead of .com ๐Ÿ˜‰

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.