Container runtimes often lie at the heart of many self-hosting setups, as they’re responsible for deploying FOSS services inside lightweight, isolated, and portable environments. But if you’re a part of the home lab ecosystem, you’ll probably know that they are far from the only tools at your disposal. And I don’t just mean regular applications, either.
Hidden beneath multiple veils of the self-hosting rabbit hole are a plethora of cool apps whose sole purpose is to aid your containerization workloads. As someone who spends hours buried in GitHub repos, here’s my curated list of tools that every self-hosting enthusiast needs to deploy on their workstation.
Authentik
Simple way to add SSO to your app stack
If you’re as security-conscious as I am, you might be familiar with t…
Container runtimes often lie at the heart of many self-hosting setups, as they’re responsible for deploying FOSS services inside lightweight, isolated, and portable environments. But if you’re a part of the home lab ecosystem, you’ll probably know that they are far from the only tools at your disposal. And I don’t just mean regular applications, either.
Hidden beneath multiple veils of the self-hosting rabbit hole are a plethora of cool apps whose sole purpose is to aid your containerization workloads. As someone who spends hours buried in GitHub repos, here’s my curated list of tools that every self-hosting enthusiast needs to deploy on their workstation.
Authentik
Simple way to add SSO to your app stack
If you’re as security-conscious as I am, you might be familiar with the pain of managing user credentials on them. Unfortunately, certain apps tend to use root profiles by default, while others may not even require credentials to log you in. Then there’s the convenience issue of being forced to sign in with long and complex passwords every time you need to access your applications.
A Single Sign-On server mitigates these issues by redirecting all the login attempts to an identity provider, allowing you to access your entire app suite using one set of credentials. Authentik gets my vote as the best SSO server, as it has a fairly intuitive web interface despite being compatible with most of the popular authorization protocols. Better yet, it supports session binding, can flag suspicious login attempts, and also send alerts upon detecting fishy activity from your profiles.
Nginx Proxy Manager
For your reverse proxy needs
Even when you’ve only got a few containers running on your self-hosting nodes, you may have a hard time recalling the IP address and port numbers of all your services. Dashboard applications can help you access your app collection without forcing you to recall all their network details, though reverse proxy servers have their own utility in home lab environments.
Besides mapping your container stack to custom domain names, reverse proxy servers also let you apply TLS encryption to all your apps. While Caddy and Nginx are solid options for home labbers, I’m a staunch member of the intuitive UI offered by Nginx Proxy Manager. Since I don’t wish to spend extra money on domain registrars, I use Pi-hole to create local DNS records and configure Nginx Proxy Manager to route the traffic to the right containers.
Uptime Kuma
To get notified when your services go down
When you’ve got multiple mission-critical services running on your home server, you’d want to keep an eye on them to ensure your container stack doesn’t come crashing down out of nowhere. Alas, home labs, including self-hosting, involve quite a bit of trial and error, and it’s easy to break a server when you’re still in the learning phase.
As such, it’s a good idea to deploy a monitoring server that keeps track of the uptime of your locally-hosted apps. Capable of pinging your services repeatedly to check their operational status, Uptime Kuma is my favorite tool for this task. Despite its lightweight nature, Uptime Kuma also has terrific notification provisions and can send alerts to a multitude of apps – including email addresses, Discord servers, and self-hosted Gotify instances – once it detects a downed service.
Portainer
Make container management a lot easier
CLI commands may be the most powerful way to manage your container, but they can get rather inconvenient to use, especially when your self-hosted app collection starts to scale up. If you’re using Docker to deploy your services, its Desktop application can simplify container management to some extent, though its limited capabilities make it far from the ideal option.
Me? I use Portainer to manage containerized environments, as its menu-based interface lets me tinker with everything from container images to the storage, networking, and system resources occupied by my self-hosted stack. Checking logs and troubleshooting is just as easy with Portainer, and you can even use custom templates to further simplify container deployment. It supports Docker and Podman runtimes, and can even pair with Docker Swarm and Kubernetes setups.
Tailscale
Remotely access your arsenal of services
With all the malware, botnets, ransomware, and other malicious code floating in the vast expanse of the Internet, it’s not a good idea to expose your self-hosted services to external networks without proper security measures. A VPN is one such tool that provides better security when connecting to your self-hosted stack from remote networks, and you can even run a VPN server locally using WireGuard, OpenVPN, and other useful packages.
But for folks such as myself, CGNAT acts as a huge bottleneck in self-hosting a VPN server, making Tailscale the next best thing for remotely accessing home lab setups. Its zero-configuration nature makes it easy for beginners, while its top-notch encryption provisions and customizable access rules enhance the security of your Tailnet.
Kopia
Back up your container volumes
Unlike conventional apps, containers are ephemeral by their very design – to the point where it’s a good idea to destroy your containerized environments when updating them. Their data, however, is a different story, as most containers require you to mount dedicated storage volumes for their files. Even if you’re not as paranoid as I am, it’s a good idea to back up these directories every once in a while.
Kopia is a solid option for creating snapshots of your container files and storing them on different machines for a 3-2-1 backup solution. Since Kopia creates incremental snapshots, you don’t have to worry about your backups occupying a lot of storage, and deduplication and compression further reduce the amount of space hogged by these files.
Enhance your self-hosting game with even more free tools
If you’re still on the prowl for more apps that can help with your self-hosted tasks, I’ve got a couple of other recommendations. Dashboards like Homepage and Homarr not only make it easy to access your services, but also let you show-off your arsenal of apps with sleek UIs. Meanwhile, Watchtower can automatically update your containers, though I suggest using the monitor-only label for your mission-critical services, which asks for your approval before redeploying your apps with new images. That way, you can lower the odds of Watchtower breaking your containers by updating them with faulty images.