Intro: welcome to the chaos but it’s your chaos

Self-hosting in 2025 feels a bit like building a secret base in your garage.

It starts innocently enough.
“I just want to run my own notes app.”
Next thing you know, you’re port-forwarding through your ISP’s double NAT, hardening SSH keys, and explaining to your router why your Jellyfin server absolutely needs port 8920 open at all times.

But here’s the thing: self-hosting isn’t just a hobby. It’s a power move.

You’re reclaiming control from the Googles and Dropboxes of the world. You’re saying:
“Nah, I’ll run my own Git repo and media center and maybe a full-blown CI/CD pipeline in my closet, thank you very much.”

And yeah, it breaks sometimes.
Your backups fail silently.
Your DNS dies at midnight.
Your uptime monitor pings you while you’re at dinner.
But still it’s your system. You built it. You understand it. And when it works, it feels glorious.

€50 free credits for 30 days trial
 Promo code: devlink50

This guide isn’t some Docker 101 fluff or “how to spin up Nextcloud in 3 clicks.”
It’s a full-on walkthrough of what I actually run, why I run it, and how I (barely) keep it together.

Because in a world where everything is SaaS, running your own stack feels like a superpower.

Let’s break it down.

The base layer: hardware that won’t betray you at 2 a.m.

Before you self-host anything, you need iron. No, not AWS credits. Real, humming, heat-emitting hardware that lives under your desk or next to your modem, blinking like it has a purpose.

Here’s what I’ve learned (the hard way):
You don’t need a server farm. But you do need something reliable, quiet, and low power unless you enjoy high electricity bills and fan noise while you sleep.

Pick your fighter:

Raspberry Pi (if you can find one):

• Great for: basic apps, low power, nerd cred
• Bad for: databases, transcoding, anything RAM-hungry
• Tip: Only go here if you’re okay with arm64 weirdness

Intel NUC / Mini PC:

• Best all-rounder: runs everything, sips power, fits in a drawer
• Pricey depending on model
• Use this if you’re serious about having 24/7 uptime

Old ThinkCentre or OptiPlex:

• Dirt cheap on eBay or local classifieds
• Loud fans, higher power draw
• But for $80, you get a quad-core i5 and 16GB of RAM? Not bad.

Network setup: the make-or-break layer

Once your iron is sorted, you’ll want to connect it in a way that doesn’t make future-you hate past-you.

Static IP:

Assign a static IP on your LAN so services don’t randomly vanish after a router reboot.

Port forwarding:

You’ll need to forward ports like:

• 80/443 (for web access)
• 22 (SSH but use a different port and keys)
• Whatever else your services need (Jellyfin, Gitea, etc.)

Avoid UPnP like it’s haunted.

External access (but safely):

Use something like:

• Tailscale (my top pick VPN mesh with zero config)

• Cloudflare Tunnel (tunneling HTTP apps with SSL)

• Ngrok (quick testing, not for prod)

These let you access your self-hosted services from anywhere without exposing your IP to every botnet on the planet.

Bonus tip: SSDs > HDDs, always.

Unless you’re storing terabytes of anime or movie backups, an SSD will make your self-hosted stack feel way snappier. And fewer moving parts = fewer 3am surprises.

Once you’ve got stable iron and clean pipes, you’re ready to install the one tool that will carry you through this entire self-hosting journey: Docker.

The core stack: what every self-hosting setup needs (no matter what you run)

There’s a golden rule in self-hosting

If it’s not in Docker, it’s not real.
And if it’s not backed up, it’s already gone.

Let’s talk about the foundational tools you’ll install once and then reuse for everything else.

Docker + Docker Compose

If you’re self-hosting without Docker in 2025, you’re either:

• an absolute Linux wizard
• or someone who really enjoys debugging Python dependencies

For the rest of us, Docker is life. Pair it with docker-compose, and you’re spinning up entire stacks with one command.

Install both:

sudo apt install docker docker-compose

Then drop a docker-compose.yml, run docker-compose up -d, and boom: instant service.

Portainer (your visual dashboard)

You don’t have to use Portainer, but… it’s like training wheels for Docker that you never outgrow.

• View all your containers
• Restart or rebuild services
• Deploy new apps without touching the CLI

Just run:

docker run -d <br>  -p 9000:9000 <br>  -v /var/run/docker.sock:/var/run/docker.sock <br>  portainer/portainer-ce

Now go to http://localhost:9000 and enjoy god mode.

Watchtower (auto-update containers like a boss)

Docker Hub pushes updates. But your containers? Stuck in 2022 until you manually rebuild them.

Watchtower fixes that by checking for new versions and updating your containers automatically.

docker run -d <br>  --name watchtower <br>  -v /var/run/docker.sock:/var/run/docker.sock <br>  containrrr/watchtower

Set it to check every X hours and you never have to worry about CVEs ruining your Sunday.

Uptime Kuma (is it up? now you know)

What’s better than hosting your own apps?
Knowing when they go down.

Uptime Kuma is a beautiful, self-hosted uptime monitor. Think of it as your own mini status page.

docker run -d <br>  -p 3001:3001 <br>  louislam/uptime-kuma

Then set up monitors for your services and get Telegram/email/Discord alerts when something dies (probably your reverse proxy again ).

Backup your configs, not your tears

Use tools like:

• duplicati (GUI for scheduled backups)

• restic (CLI-based, solid and encrypted)

• Just plain rsync to an external drive

You don’t need a 3–2–1 backup strategy worthy of a Fortune 500. But at least automate backing up your docker-compose files and volumes. Future you will owe you a beer.

What I actually run (and why)

Here’s the thing about self-hosting: you try a lot, break a lot, and eventually settle on a core group of apps you can’t live without. These are the ones I’ve stuck with and a few I respectfully uninstalled with fire.

Notes & second brain

Logseq

• Markdown, local-first, graph-based note-taking
• Looks like Obsidian but is open source and your
• I run it in a browser via a container + synced with Syncthing across devices

Joplin

• Great Evernote replacement
• Full desktop and mobile sync
• Bonus: Encrypted notes if you like writing secrets like “todo: fix my Nginx config”

Email (aka the dark arts)

Mailcow / Mailu

• Yes, I tried self-hosting email. Yes, I regret it.
• You can do it. But unless you understand DKIM, SPF, and reverse DNS perfectly, Gmail will ghost your emails forever.

TL;DR: self-hosted email is like running your own post office in 2025. It’s technically impressive. But you will suffer.

Media & streaming

Jellyfin

• Plex alternative, 100% open source
• No tracking, no sign-ins, just stream your files
• I run it with hardware acceleration enabled on Intel iGPU = butter-smooth 4K

Navidrome

• For music nerds
• Think: Spotify but from your own MP3 collection
• Also works with Subsonic-compatible mobile apps

qBittorrent + WebUI

• Not telling you how to use this, just saying it works really well in a container

Search & personal web tools

Whoogle

• Google results without Google
• Great for making your browser search bar actually private

Linkding

• Self-hosted bookmark manager
• Replaces Pocket and lets you keep links organized without feeding an algorithm

RSSHub + FreshRSS

• Turns anything into an RSS feed
• I follow newsletters, blogs, even YouTube channels without subscribing on-platform

Dev & automation

Gitea

• GitHub clone you can run on a potato
• Great for small projects, personal wikis, automation scripts

n8n

• Open-source Zapier
• I use it to automate backups, send alerts from uptime monitors, even tweet from cron jobs (don’t judge me)

Outline

• Team Wiki, Notion-style, markdown-based
• Beautiful, fast, and plays nice with Git for versioned documentation

Honorable mentions I killed off:

• Nextcloud → Too slow, too bloated. I just use Syncthing + external drives

• HomeAssistant → Great if you’re into smart homes. I am not. I like my switches dumb and dependable.

• Vaultwarden (Bitwarden) → Still good, just moved back to 1Password due to mobile autofill pain

These are the real ones. The apps that stuck. The stack that makes self-hosting actually useful, not just experimental.

Security: how not to get owned by your own fridge

Self-hosting turns your home into a tiny datacenter and if you’re not careful, a tiny target. Once you expose services to the internet, you’re playing a game of “how fast can I get scanned by China, Russia, and your neighbor’s hacked webcam.”

Here’s how I keep my stuff reasonably safe (and how you can too).

Step 1: no open ports without protection

Want to expose your apps to the world?
Cool then use one of these before you docker run anything public:

• Tailscale: mesh VPN, zero config. Just install and forget. Perfect for personal/private access.

• Cloudflare Tunnel: tunnels HTTP services with auto SSL + obfuscation.

• Nginx Proxy Manager: if you want that dashboard life with SSL and subdomain routing.

No naked ports. Ever.

Step 2: firewall + fail2ban

If it’s on the internet, it will get brute-forced. Guaranteed.

Set up:

• UFW or iptables: block everything by default except what you explicitly open.

• Fail2Ban: scans logs for bad login attempts and bans IPs after too many tries.

sudo apt install fail2ban

Then configure for your SSH or web server. It’ll stop script kiddies cold.

Step 3: authentication ≠ optional

Use:

• Unique strong passwords (stored in a password manager)

• Two-factor auth if the app supports it

• Basic auth on services like Portainer, Uptime Kuma, etc.

• If the app doesn’t support auth? Put it behind Nginx with a password file. Easy win.

Step 4: SSL everything

No HTTP in 2025. Use Let’s Encrypt with:

• Nginx or Traefik (with automatic certificate generation)
• Cloudflare proxy + full SSL mode
• Or Caddy server (it auto-SSLs everything out of the box

Don’t trust “http://localhost” even in your own home. Trust issues are healthy.

Step 5: backups or it didn’t happen

Hard drives die. USB sticks get corrupted. Accidentally docker volume rm?
Gone.

So:

• Back up your docker-compose.yml files, configs, and data volumes
• Automate daily or weekly jobs with:
• duplicati
• restic
• rsync + cron
• Store copies off-device: cloud bucket, another drive, external SSD, whatever

TL;DR:

• No exposed services without tunnels or SSL
• Block everything by default
• Watch your logs (and block bad actors)
• Password-protect everything
• Back up like your next job depends on it

Section 7: Why I self-host (and why you might not want to)

Let’s be real: self-hosting isn’t for everyone. It’s not some perfect replacement for Google Workspace or Notion. It’s not magically cheaper or easier. It’s definitely not faster than just clicking “Sign up with Google.”

But for the right kind of person?

It’s magic.

Why I self-host:

• Because I want to understand my stack. I like knowing what runs where, why it fails, and how to fix it.

• Because I don’t want to be dependent on five different Big Tech dashboards. One day they’ll sunset your favorite tool. Mine’s still running.

• Because I enjoy it. Breaking and fixing stuff is half the fun. It feels good to run your own digital HQ.

Why you might not want to:

• You hate CLI, YAML, or Googling error logs.
• You don’t have time to check if your services are still up after a power outage.
• You need perfect reliability and push notifications at 3 a.m.? Yeah… go with Notion.

That said self-hosting isn’t all or nothing. You can run just one service and call it a win.
Your own notes app, your own photo backup, or your own music streaming setup? That alone makes the journey worth it.

Start small. Learn. Level up. You’ll be surprised how far it takes you.

Section 8: Helpful resources & starter packs

If you want to go deeper, these are my go-to resources:

Starter kits

• Awesome Selfhosted the ultimate list of open source self-hosted tools

• Docker Compose Samples prebuilt examples for common stacks

• LinuxServer.io battle-tested Docker images for everything from media servers to sync tools

• r/selfhosted memes, setups, pain stories, and real community advice

Bonus tools I always install:

• Pi-hole: DNS-level ad-blocking

• Duplicati: backup GUI

• Caddy: web server with automatic HTTPS

Conclusion: you don’t need a PhD to self-host cool stuff

Self-hosting isn’t some elite hacker-only zone.

You don’t need to build your own kernel, learn Go, or compile Nginx from source (unless you’re into that pain). What you need is curiosity, patience, and maybe a second-hand ThinkCentre.

Start with one service something dumb and fun. Like a local notes app or your own Plex alternative.
Then slowly add more. Add backups. Add a VPN tunnel. Fix a broken container. Celebrate.
Repeat until you’ve built something that feels yours.

Because that’s what this is really about: ownership.

In 2025, self-hosting is less about saving money and more about owning your data, learning how systems work, and being okay with breaking stuff once in a while.

You don’t have to be perfect. You just have to be persistent.

So go spin up that container.
Expose that port (safely).
And remember: every DevOps wizard was once a confused person staring at a docker-compose.yml that wouldn’t start.

You got this.