Self-Hosting with Docker & Linux: Run Your Own Services

• Definition: Self-hosting involves running services, applications, or websites that you control, offering full command over access and privacy.

• Accessibility:

  • Self-hosted tools can be accessed remotely via devices such as smartphones, laptops, or desktops.

  • Control who has access: Limit to home network, select internet users, or open to the public.

• Comparison with Traditional and Cloud Services:

  • Traditional applications are device-specific (e.g., a word processor on a laptop).

  • Self-hosted apps are accessible from any approved network, providing flexibility and mobility.

  • Self-hosting differs from cloud services (such as SaaS) by allowing personal control over infrastructure and data.

• Control and Responsibility:

  • Users control their data, deciding how it’s stored, accessed, and backed up.

  • Manage which services and applications interact with your data.

• Alternatives to Third-Party Services:

  • Cloud Storage: Replace Google Drive, Dropbox, etc., with NextCloud, CFile, or SyncThing.

  • Project Management: Swap Trello or Asana for Kanboard, WeKan, or OpenProject.

  • Messaging: Exchange Slack or Microsoft Teams for Mattermost, Rocket.Chat, or Zulip.

  • Photos and Videos: Use Image or PhotoPrism instead of Google Photos or Flickr.

• Benefits:

  • Full ownership and control over data.

  • Tailored privacy and security measures to suit specific needs.

• Challenges:

  • Requires personal responsibility for data management and security.

  • Potential for increased complexity and need for technical knowledge.

• Actionable Insights:

  • Explore self-hosted alternatives for existing applications.

  • Assess personal needs for control, security, and privacy in digital tools.

• Data Control & Privacy:

  • Full control over data management, access, and handling.

  • Eliminates risks of data mining, invasive tracking, and unauthorized data sharing by third parties.

• Independence from Providers:

  • Avoid reliance on third-party services whose terms, features, or existence could change unexpectedly.

  • Self-determination over service continuity, updates, and feature customization.

• Customization & Flexibility:

  • Customize applications and services to fit exact needs without being limited by third-party constraints.

  • Control deployment in local, remote, or public settings based on preference.

• Cost Efficiency:

  • Reduce expenses by replacing subscription-based services with self-hosted, often open-source, alternatives.

  • Avoid license or premium feature fees for tools such as Nextcloud, Syncthing, Jellyfin, or Plex.

• Hardware Utilization:

  • Use existing hardware to minimize initial costs (e.g., repurposing old desktops/laptops).

  • Affordable setup options include Raspberry Pi ($50), micro desktop PCs ($150), or pre-owned enterprise servers (~$200).

• Update & Feature Control:

  • Avoid forced updates that may disrupt workflows or introduce unwanted features.

  • Maintain compatibility and stability by choosing when and how to implement updates.

• Long-Term Savings:

  • Significant cost reduction over time by eliminating multiple paid services, enhancing privacy, control, and customization benefits.

• VPS Advantages:

  • VPS (Virtual Private Server) is a virtualized server managed by a hosting provider, eliminating the need for physical hardware.

  • Provides complete control over the operating system, configurations, and software, similar to a physical server.

  • Offers a reliable, high-performance infrastructure without the need to manage physical equipment.

  • Considered a better alternative to third-party SaaS applications due to increased privacy and less likelihood of data scanning or monetization.

• VPS Considerations:

  • Relies on the hosting provider for availability and privacy of data.

  • Providers generally do not inspect data, but reliance on them is a factor to consider.

  • Less risk of data scanning compared to SaaS applications, which often have business models involving data analysis.

• VPS vs. SaaS:

  • SaaS applications, such as Google Drive, frequently analyze user data and are designed on centralized infrastructure.

  • VPS offers more privacy since data is less likely to be actively accessed or monetized.

• VPS Provider Options:

  • Examples include DigitalOcean, Vulture, AWS LightCell, OVH Cloud, and Hetzner.

  • DigitalOcean offers plans starting at $4 per month and is noted for its reliable service and support.

  • There are many other providers with various plans to suit different needs, and exploration of additional options is recommended.

• Recommendations:

  • Consider using a VPS if you prefer self-hosting without managing physical hardware.

  • Evaluate different providers based on your specific needs and budget.

• Skill Development:

  • Hosting applications enhances skills in server configuration, software management, troubleshooting, and system optimization.

  • Provides a deeper understanding of networking, security, and resource management, valuable for IT careers.

• Problem Solving and Creativity:

  • Self-hosting promotes critical thinking by adapting tools to specific needs.

  • It enhances logical and creative problem-solving skills through unique challenges and projects.

• Learning Opportunities:

  • Engaging in self-hosting offers continuous learning experiences, providing personal satisfaction and a sense of accomplishment.

• Benefits of Open Source:

  • Most self-hosted applications are open source, providing flexibility, transparency, and the ability to modify and share software.

  • Open source enables collaboration and community contributions.

• Community Contribution:

  • Contributing to open source communities can be done by submitting bug reports, which helps improve software quality.

  • Updating documentation enhances accessibility and usability for new users.

  • Sharing solutions to problems helps other users facing similar issues.

• Impact of Contributions:

  • Enhances software by improving documentation and fixing issues.

  • Reduces barriers for new users, enabling more confident software adoption.

• Self-Hosting Benefits and Challenges:

  • Offers total control over your environment and data.

  • Requires self-reliance for technical support and troubleshooting.

  • Entails managing your own data security.

• Responsibilities:

  • You are responsible for solving technical issues such as server crashes, data corruption, or backup management.

  • Home-hosted services can experience downtime due to power outages or internet disruptions.

• Considerations for Home Setups:

  • Power and internet outages can cause service interruptions.

  • Unlike cloud providers, achieving redundancy and failover at home can be challenging.

• Data Security:

  • Protecting and securing data access is your responsibility.

  • Carefully consider the security implications when enabling external access.

• Skills Development:

  • Initial self-hosting challenges will help build technical skills and expertise.

  • Overcoming obstacles fosters confidence and routine proficiency.

• Empowerment and Ownership:

  • Self-hosting provides ownership of your digital life and independence from external service providers.

  • It requires effort but offers rewarding control and empowerment over applications and data.

• Conclusion:

  • Self-hosting is a powerful, rewarding endeavor for those ready to embrace its responsibilities.

• Definition: Self-hosting involves running applications, services, or websites that you have complete control over, unlike traditional cloud-based or SaaS solutions.

• Alternatives: It's feasible to self-host alternatives to popular services, such as cloud storage, project management tools, and messaging platforms.

• Benefits:

  • Enhanced privacy and independence.

  • Potential cost savings.

• Responsibilities:

  • Requires effort to maintain and secure environments.

  • Involves troubleshooting and ensuring the reliability of your system.

• Insights:

  • While challenging, self-hosting is rewarding and provides ownership of your digital assets.

  • Offers an opportunity to develop valuable technical skills.

• Linux Overview

  • Linux is technically a kernel, the core part of an operating system, managing communication between hardware and software.

  • The Linux kernel functions as an intermediary, allowing applications to access hardware components such as processors and memory.

• Linux Distribution (Distro)

  • A Linux distribution is an operating system that uses the Linux kernel, paired with a collection of software.

  • Linux distributions are often referred to as "distros" or "flavors."

  • They manage hardware resources and provide an environment for applications, similar to other operating systems such as Windows and Mac OS.

• Customization and Flexibility

  • Each Linux distribution includes default software, which can vary (e.g., different text editors such as nano or vim).

  • Users have the flexibility to change default software, installing and using the applications they prefer.

• Recommendation for Servers

  • Linux, particularly in its distributions, is widely used for servers due to its robust performance and customization abilities.

• Ubuntu LTS for Self-Hosting

  • The LTS version of Ubuntu, a popular Linux distribution, is considered an ideal choice for self-hosting scenarios due to its long-term support and stability.

• Cost Efficiency:

  • Linux is open source and free to use, eliminating licensing fees.

  • This cost reduction is beneficial for self-hosted environments.

• Stability and Reliability:

  • Highly stable, ideal for environments requiring consistent uptime.

  • Minimizes risks of crashes or interruptions.

• Security Advantages:

  • Open source code allows for quick identification and rectification of vulnerabilities.

  • Features include a built-in firewall, a strict permissions model, and process isolation.

  • Docker enhances security by isolating applications in containers.

  • Continuous vigilance and regular updates are essential, as no system is immune to threats.

• Available Software and Community Support:

  • Thousands of free and open source applications are optimized for Linux.

  • Active communities offer support for deployment, troubleshooting, and maximizing software usage.

• Ease of Software Deployment with Docker:

  • Docker containers bundle applications with dependencies, ensuring consistent performance across environments.

  • Reduces concerns about version mismatches and configuration issues, simplifying installation and maintenance.

• Linux Distributions Overview:

  • Linux, being open-source, offers a vast number of distributions (distros), with over 1,000 available.

  • Fewer than 300 of these distributions are actively maintained.

  • Only a small number are widely used and recommended.

• Self-Hosting and Docker:

  • For self-hosting, choose a Linux distro officially supported by Docker.

  • As of now, supported distros include CentOS, Debian, Fedora, Raspberry Pi OS, Red Hat Enterprise Linux, SUSE Linux Enterprise Server, and Ubuntu.

  • Running Docker on other distros, especially those based on Ubuntu, is possible but comes with less support.

• Ubuntu Recommendations:

  • Ubuntu is recommended due to its stability, ease of use, and strong community support.

  • Ubuntu offers Long Term Support (LTS) releases every two years in April, providing five years of updates and security.

  • Example: Ubuntu 24.04 LTS (released April 2024) supported until April 2029, and Ubuntu 26.04 LTS (released April 2026) supported until April 2031.

• Release Cycle and Support:

  • Ubuntu releases a new version every six months, but non-LTS versions are supported for only nine months.

  • LTS versions are ideal for self-hosting due to their long-term stability and reduced maintenance needs.

  • Non-LTS are suitable for testing new features but aren't recommended for a stable self-hosting environment.

• Community and Support:

  • Ubuntu has an active community with comprehensive documentation and many support forums.

  • Numerous guides and Docker resources are tailored for Ubuntu.

• Professional Use and Compatibility:

  • Ubuntu is widely adopted by businesses for critical services and offers commercial support from Canonical.

  • It's the default Linux distribution for Windows Subsystem for Linux (WSL), facilitating easy setup and use alongside Windows.

• Deployment Options for Linux:

  • Bare Metal Installation:

    • Linux is installed directly on physical hardware.

    • Offers high performance with full access to CPU, memory, and storage.

    • Provides improved stability and reliability due to fewer layers.

  • Virtual Machine Installation:

    • Linux runs as a guest OS inside a software-based emulation.

    • Can be installed alongside existing OS, such as Windows or Mac OS.

    • Offers convenience for testing and learning without altering current setup.

• Advantages of Each Method:

  • Bare Metal:

    • Maximizes hardware performance and efficiency.

    • Reduces complexity and potential points of failure.

  • Virtual Machine:

    • Enables running multiple OS alongside each other.

    • Ideal for experimentation and learning in a non-disruptive manner.

• Decision-Making Guide:

  • Extra Hardware Available:

    • If using other OS alongside Linux, choose a VM.

    • If not, opt for bare metal installation.

  • No Extra Hardware:

    • Consider budget constraints.

    • If affordable, choose dedicated hardware for bare metal.

    • Otherwise, use a VM.

• Final Insight:

  • Both options are viable for self-hosting, and the choice depends on hardware availability and personal requirements.

• Linux Overview:

  • Linux is a kernel but commonly refers to a Linux distribution, which is a full operating system.

  • It is free, open-source, and stable, making it an excellent choice for self-hosting.

• Docker and Self-Hosting:

  • Many self-hosted applications can run in Docker containers.

  • Docker provides isolated environments, preventing issues with missing libraries or software version conflicts.

• Ubuntu for Self-Hosting:

  • The LTS (Long Term Support) version of Ubuntu is recommended for several reasons:

    • Official Docker support.

    • Strong community backing.

    • Offers five years of updates, ensuring long-term stability.

• Installation Options:

  • Linux can be installed directly on hardware (bare metal) or via a virtual machine, providing flexibility based on user needs.

• Decision Making: Choose how to run Linux based on your current system setup.

• Virtual Machine on Windows:

  • Follow the lesson titled "Installing Ubuntu on Windows" if opting to run Linux in a virtual machine on an existing Windows installation.

• Virtual Machine on Mac:

  • Refer to the lesson titled "Installing Ubuntu on Mac OS" for running Linux in a virtual machine on a Mac system.

• Dedicated Linux System:

  • If dedicating an entire computer for Linux, proceed to the lesson titled "Installing Ubuntu on Bare Metal."

• Overview of WSL Installation:

  • Learn to install Ubuntu on Windows using Windows Subsystem for Linux (WSL).

  • Ensure Linux starts automatically when Windows boots.

• System Requirements & Preparations:

  • Must have Windows 10 version 2004 or higher.

  • Enable virtualization in the BIOS settings.

  • Check virtualization status via Task Manager under the Performance tab.

  • If virtualization is disabled, enable it through the BIOS, referencing specific manufacturer guidelines.

• Installation Steps:

• Launching & Setting Up Ubuntu:

• Autostart WSL on Windows Boot:

• Outcome:

  • Ubuntu installed on Windows and configured to start automatically with system boot.

• Objective: Install Ubuntu in a virtual machine on Mac OS using VMware Fusion, and ensure Linux starts automatically when Mac OS boots.

• VMware Fusion Download:

• VMware Fusion Installation:

• Ubuntu Download:

• Ubuntu Installation in VMware Fusion:

• Configure Automatic Start for Ubuntu VM:

• Activate Automatic Mac OS Login (Optional):

• Test Configuration:

• Security Considerations:

  • Remember, automatic login and disabling File Vault reduce security; assess the risk based on the location and use case.

• Bare-Metal Installation Overview

  • Provides better performance and stability compared to virtual machines or WSL.

  • Directly installs Ubuntu on physical hardware.

• Download Ubuntu Installation Media

• Create Bootable USB

• Prepare for Installation

• Begin Installation Process

• Network and Configuration Settings

• Profile Setup

• Complete Installation

• Post-Installation Login

This lesson guides you through installing Ubuntu on a physical machine, ensuring you understand each step for a successful installation and initial setup.

• Introduction to Tailscale:

  • Tailscale is a secure, private networking solution that simplifies remote access to self-hosted services without exposing them to the internet or requiring complex configurations.

  • It’s ideal for users who desire a straightforward setup without needing in-depth technical knowledge.

• Key Features of Tailscale:

  • Peer-to-Peer MeshVPN: Establishes direct encrypted tunnels between devices, eliminating the need for a centralized VPN server.

  • Tailnet: A private network of authenticated devices allowing secure and seamless communication.

  • No Traditional VPN Complexity: Removes the need for VPN servers, firewall rules, and port forwarding.

  • NAT Traversal: Enables direct communication even behind NATs and firewalls; uses DERP servers when direct connections fail.

  • Multi-Platform Support: Works on Linux, Windows, macOS, iOS, Android, and cloud instances.

  • Web-based Admin Console: Simplifies device management and allows easy monitoring and control.

• Tailscale Benefits:

  • Enhanced Security: All device communication is encrypted using the WireGuard protocol, ensuring privacy even over untrusted networks.

  • Improved Performance: Direct device connections result in lower latency and faster remote access.

  • No Public IP or Router Configuration Required: Keeps services private and reduces the complexity associated with traditional self-hosting.

  • Exit Nodes: Allows routing of all internet traffic through a trusted device, aiding secure browsing and bypassing geo-restrictions.

• Plans and Pricing:

  • Generous Free Plan: Offers up to 100 devices and 3 user accounts for personal use with core features.

  • Business Plans: Include advanced features such as external user sharing and enhanced administrative controls, with pricing based on user base size.

• Summary:

  • Tailscale provides a modern, efficient alternative to traditional VPNs by enabling secure, direct connections between devices.

  • It is especially beneficial for individuals or small teams looking to simplify secure network access without needing extensive IT expertise.

• Objective: Install and configure Tailscale on an Ubuntu-based Docker host to create a secure private mesh network for accessing self-hosted services from anywhere without exposing them to the public internet.

• Log into Ubuntu Docker Host:

• Update System Packages:

  • Run sudo apt update to refresh the package index.

  • Run sudo apt upgrade -y to install the newest versions of all installed applications.

• Tailscale Account Setup:

  • Visit tailscale.com and create a new account.

  • Use existing accounts (Google, Microsoft, GitHub, or Apple) for login.

  • Click to sign up with your chosen account, e.g., GitHub, and authorize Tailscale access.

  • Choose a Personal account for self-hosted applications.

• Installing Tailscale:

• Connecting to Tailscale:

  • After installation, execute sudo tailscale up.

  • Follow the provided link to sign in and connect your Linux system to your tailnet.

• Post-installation Configuration:

  • Skip the introduction of connecting a second device for now.

  • Access the Tailscale dashboard to view connected devices, referred to as machines.

  • Disable key expiry for the Docker host to avoid the need to re-authenticate every 180 days.

• Next Steps:

  • Add another device to the tailnet for secure communication.

  • Implement self-hosted services accessible from any tailnet-connected device.

  • Watch upcoming short videos for installing Tailscale on additional platforms such as Windows, macOS, and iOS.

1. Visit Tailscale Website:

   • Open a web browser on your Windows system.

   • Go to tailscale.com and navigate to the download section.

2. Download and Install Tailscale:

   • Click the download link for Tailscale for Windows.

   • Locate the installer file, typically in your downloads folder.

   • Double-click or open the installer file from the browser to launch it.

   • Agree to the license terms and click install.

   • If prompted, click yes or allow to any permissions.

   • Once installation is complete, click close.

3. Connect to TailNet:

   • Tailscale will start automatically post-installation.

   • Click on "Get Started" and then "Sign In to Your Network."

   • Sign in using your preferred account such as Google, Microsoft, GitHub, or Apple.

   • Confirm the connection to your TailNet by clicking the connect button.

   • Your device confirmation is displayed, and you are redirected to the Tailscale dashboard.

4. Device Management:

   • Your Windows device will appear on the Tailscale dashboard with existing devices.

   • Devices need to re-authenticate every 180 days by default to maintain connections.

   • To avoid re-authentication, disable key expiry by clicking the three-dot menu next to your device and selecting "Disable Key Expiry."

1. Installation of Tailscale on Mac OS:

   • Visit tailscale.com using a web browser on your Mac.

   • Navigate to the download section, found in the main menu.

   • Click the link to download Tailscale for Mac OS.

   • Locate the downloaded installer in the downloads folder and launch it.

2. Installation Process:

   • Double-click the installer file.

   • Accept all default installation settings by clicking “Continue” and then “Install.”

   • Enter your system password if prompted.

   • After installation, choose whether to keep or move the installer to Trash.

3. Starting Tailscale:

   • Open Finder and navigate to the Applications folder.

   • Double-click on Tailscale to start the application.

   • Click “Get Started” and allow necessary extensions:

     • Click "Install Now" for extensions.

     • Open System Settings to enable Tailscale by clicking the relevant button and entering the password.

     • Allow VPN configuration when prompted.

4. Connecting to Tailscale Network:

   • Sign in to Tailscale using your chosen account (GitHub, Google, Microsoft, or Apple).

   • Confirm the connection to your Tailscale network by clicking the “Connect” button.

   • Opt to start Tailscale automatically on login if prompted.

5. Post-Connection Setup:

   • After connecting, access your Tailscale dashboard to verify the added device.

   • Re-authenticate devices every 180 days to maintain connectivity.

   • Disable key expiry if desired to avoid re-authentication by accessing the three-dot menu next to your host’s details.

1. Install Tailscale on iOS:

   • Open a web browser on your iOS device and go to tailscale.com.

   • Navigate to the download section and click the download link to access tailscale.com/download.

   • Scroll down and click "Download Tailscale for iOS" to go to the App Store.

   • In the App Store, click "Get" or "Install" next to the Tailscale app icon.

2. Set Up Tailscale:

   • After installation, open the Tailscale app and click "Get Started."

   • Click "I Understand" if prompted, and allow notifications if desired.

   • Allow VPN configuration by clicking "Install" and "Allow."

   • Enter your password if prompted.

3. Login and Connect:

   • Log into your Tailscale account using your preferred method (such as Google, Microsoft, GitHub, or Apple).

   • Confirm the connection to your Tailnet by clicking the "Connect" button.

4. Manage Connections:

   • View connected devices via the device list in your Tailnet.

   • Temporarily disconnect by clicking the button in the top left corner.

   • Reconnect by opening Tailscale and clicking the "Connect" button.

5. Secure Communication:

   • Once connected, communicate securely with other devices on your Tailnet.

• Installing Tailscale on Android:

  • Open a web browser on your Android device (e.g., Samsung Galaxy, Google Pixel).

  • Visit Tailscale.com and go to the download section.

  • Find the download link, which may require expanding the menu on smaller screens.

  • Click the link to go to Tailscale.com/download.

  • Scroll down and select "Download Tailscale for Android," which redirects to the Google Play Store.

  • Click "Install" to download the app, then click "Open" to launch it.

• Setting Up Tailscale:

  • Follow the app prompts by clicking "Get Started."

  • Approve any permission requests by clicking "Yes," "Allow," or "OK."

  • Sign in using your Tailscale account through your original login method (e.g., Google, Microsoft, GitHub, Apple).

  • Allow notifications if prompted.

• Connecting to Tailnet:

  • After signing in, you will see a list of connected devices on your Tailnet.

  • Disconnect by clicking the button in the top left corner.

  • To reconnect, open the Tailscale app and click "Connect."

• Usage and Next Steps:

  • Once connected, your device can securely communicate with other devices on your Tailnet.

  • Future lessons will cover deploying services accessible via your Tailscale network.

Access Ubuntu Environment

System Update

Install Required Packages

Add Docker’s GPG Key

Add Docker Repository

Install Docker

Docker Permissions

Test Docker

• Introduction to Portainer

  • Learn the reasons behind Portainer's popularity for Docker management.

  • Understand the step-by-step installation process.

  • Explore a quick walk-through of its main features.

• Overview of Portainer

  • Portainer is an open-source container management tool.

  • It offers an intuitive web interface for managing Docker environments, such as containers, images, volumes, and networks.

  • Simplifies Docker tasks to focus more on application deployment than system management.

• Benefits of Using Portainer

  • Accessible to newcomers with a user-friendly web-based interface.

  • Provides real-time monitoring for easy status and resource usage checks.

  • Facilitates quick deployment and management of applications through its web interface.

• Recommended Directory Structure:

  • Use /opt/docker as a standardized location for Docker configuration files.

  • This location separates Docker files from user data and system files.

  • The /opt directory is traditionally for optional software and add-ons, making it suitable for Docker projects.

• Project Organization:

  • Inside /opt/docker, create a subdirectory for each Docker-based project, application, or service.

  • Example: Use /opt/docker/portainer for the Portainer Docker configuration.

  • Future deployments, such as a "homepage" application, will have directories like /opt/docker/homepage.

• Benefits:

  • A consistent directory structure ensures organization.

  • Simplifies updates by providing a clear path to Docker application directories.

• Execution Steps:

  • Create the top-level directory with: sudo mkdir /opt/docker.

  • Enter your user password if prompted (example password: Self-Hosted!).

  • Create a subdirectory for Portainer using: sudo mkdir /opt/docker/portainer.

• Docker Container Management:

  • Containers can be managed using either the Docker run command or Docker compose command.

  • Both methods achieve container deployment, but Docker compose offers easier management.

• When to Use Docker Run:

  • Suitable for running containers with minimal custom configuration.

  • Becomes complex with multiple features or options, such as:

    • Mounting volumes.

    • Setting environment variables.

    • Binding ports.

    • Defining restart policies.

  • Managing several containers for a single service involves multiple Docker run commands, executed in the correct order.

• Advantages of Docker Compose:

  • Simplifies configuration through a YAML file.

  • YAML files can define:

    • Docker images.

    • Port mapping and storage volumes.

    • Environment variables and restart policies.

    • Dependencies between containers.

  • Use docker compose up to start containers, streamlining management and ensuring consistency.

• YAML File Details:

  • compose.yaml is the current standard file name for configuration.

  • Older names like docker-compose.yml are deprecated but may still appear in documentation.

  • The format allows easy readability and management of configurations.

• Actionable Insights:

  • For complex configurations or multiple containers, use Docker Compose for easier management.

  • Transition to using compose.yaml for consistency and alignment with current standards.

This lesson walks you through the process of deploying Portainer, a web-based Docker management UI, using Docker Compose on a Linux system.

By the end of this lesson, you’ll have:

• A complete and well-structured compose.yaml file.

• A clear understanding of each configuration element.

• The ability to launch Portainer with Docker Compose and manage Docker resources through its web interface.

In this lesson, you learn how to start the Portainer service using Docker Compose and access its web interface via your Tailscale network.

By the end of this lesson, you will be able to:

• Start the Portainer service using Docker Compose in detached mode.

• Confirm that Portainer is running using docker compose ps.

• Retrieve your server’s Tailscale IP address and use it to access Portainer via a browser.

• Set an initial admin password for Portainer.

• Troubleshoot common startup issues like timeouts by restarting the container.

• Successfully log into the Portainer UI and prepare it for further configuration.

• Initial Setup Steps:

  • Log in as the admin user to access the environment wizard.

  • Click 'Get Started' to proceed.

  • Select the 'local' environment to access the Docker environment.

• Dashboard Overview:

  • Upon accessing, a dashboard will display existing Docker resources.

  • Example resources include one stack, one container, one image, one volume, and four networks.

• Understanding Portainer Terminology:

  • A "stack" refers to a group of related services deployed together, defined by a compose.yml file.

  • Portainer uses Docker Compose for deployment and sees itself as part of a stack.

• Navigation and Management:

  • Dashboard: View overall Docker resources.

  • Templates Section: Deploy pre-defined templates for containers, applications, or services. Custom applications/services will require manual setup.

  • Stacks Section: Manage and inspect groups of related services; see details like containers, images, and networks used.

  • Containers Section: Manage running and stopped containers; start, stop, remove, or inspect containers.

  • Images Section: View and manage Docker images on the host.

  • Networks Section: Manage Docker networks for container communication.

  • Volumes Section: Manage Docker volumes for persistent data storage; create, delete, and inspect volumes.

  • Events Section: Monitor Docker activities, such as container start/stop events; useful for troubleshooting.

  • Hosts Section: View info about the Docker host machine, including OS, CPU, and memory details.

• Actionable Insights:

  • Use the dashboard for an overview of Docker resources and activities.

  • Leverage the templates section for quick deployments using predefined templates.

  • Regularly monitor the events section for better oversight and troubleshooting.

• Topic Overview:

  • The lesson covered the popularity and practical uses of Portainer, a tool for managing Docker environments.

• Key Learnings:

  • Portainer's Popularity:

    • Recognized for its efficiency in managing Docker systems.

  • Deployment and Configuration:

    • Instructions on how to deploy and configure Portainer.

  • Access via Tailscale:

    • Guidance on accessing Portainer through a Tailscale network.

• Actionable Insights:

  • Implement Portainer to streamline Docker management.

  • Use Tailscale for secure and easy access to Portainer-managed environments.

In this lesson, you learn how to deploy File Browser, a web-based file management tool, using Portainer. File Browser provides a graphical interface for managing files and directories on your server, making it easier to perform tasks such as uploading, editing, and organizing configuration files—especially helpful for users less comfortable with the command line.

By the end of this lesson, you will be able to:

• Deploy the File Browser application using Portainer or the command line.

• Access File Browser via your Tailscale network at http://<tailscale-ip>:8080.

• Log into File Browser and update the default admin password.

• Use File Browser’s graphical interface to:

  • Browse your server’s file system.

  • View and edit configuration files (e.g., compose.yaml).

  • Upload, download, and organize files and folders.

• Understand how Docker volumes and environment variables are used in container configuration.

• Configure Portainer’s environment settings for seamless navigation to container ports.

• Accessing Services Improvement: Learn to use human-friendly domain names and SSL certificates for accessing self-hosted services.

• Current Access Method: Traditionally, services are accessed using a Tailscale IP address and port (e.g., HTTP://[IP]:[Port]).

• Solution Introduction: Use TSDProxy (Tailscale Docker Proxy) to simplify this process.

• TSD Proxy Benefits:

  • Automates service registration with Tailscale using memorable domain names.

  • Issues SSL certificates for secure service access.

  • Acts as a proxy to forward requests to the correct port and container.

• Example: Access "Portainer" via HTTPS://[ServiceName].[TailnetName].ts.net instead of using IP and port directly.

• Tailnet Names:

  • Default is a randomly generated name (tailABC123.ts.net).

  • Can generate "fun" names (e.g., halfmoon-cat, dusky-ocean).

  • Allows selection of a memorable name, though custom names are not possible.

• Enhanced Security:

  • TSDProxy provides HTTPS, ensuring all connections are encrypted and protected.

• Actionable Insights:

  • Simplify service access by using TSDProxy with fun, memorable domain names.

  • Ensure secure access through automatically provided HTTPS connections.

• Log into Tailscale:

  • Visit tailscale.com and log into your account.

• Configure DNS Settings:

  • Access the DNS settings section within your account.

  • Locate your current Tailnet name.

• Rename Tailnet:

  • Click on "Rename Tailnet."

  • Acknowledge any warning messages by clicking "I understand and continue."

  • Select a new Tailnet name from the provided options or reroll to find a suitable one.

  • Confirm your choice by clicking "Rename Tailnet."

• Enable HTTPS:

  • Scroll to the HTTPS certificate section and click "Enable HTTPS."

  • Confirm the action if prompted to ensure tsdproxy can generate SSL certificates.

  • Note: Enabling HTTPS is crucial for proper tsdproxy functionality; neglecting this step will result in error messages.

In this lesson, you deploy TSDProxy using Portainer, enabling secure HTTPS access to Docker services through Tailscale. You configure the container with proper port mappings, volumes, environment settings, and labels to support automatic reverse proxy generation. The lesson also walks through authenticating the service with Tailscale and accessing it via a human-readable domain name.

By the end of this lesson, you will be able to:

• Deploy the TSDProxy service using Portainer with a provided compose.yaml file.

• Understand and configure port mappings, bind mounts, named volumes, and environment variables for TSDProxy.

• Use Docker labels to control reverse proxy behavior and HTTPS exposure through Tailscale.

• Authenticate TSDProxy with your Tailscale account and manage its access via the Tailscale dashboard.

• Access TSDProxy via a secure, human-readable domain (e.g., https://tsdproxy.<tailnet-name>.ts.net).

• Disable key expiry for persistent access to the service without reauthentication.

In this lesson, you configure the File Browser container to work with TSDProxy by adding a label in Portainer. This enables secure, HTTPS access via a Tailscale-managed domain name. You then authenticate the service with Tailscale and disable key expiry to ensure persistent access.

By the end of this lesson, you will be able to:

• Modify a running Docker stack in Portainer by adding labels.

• Enable TSDProxy integration for the File Browser container.

• Authenticate the File Browser service through the TSD Proxy web interface.

• Access File Browser securely via a Tailscale domain (e.g., https://filebrowser.<tailnet>.ts.net).

• Disable key expiry in Tailscale for uninterrupted service access.

In this lesson, you configure the Portainer container to work with TSDProxy by adding a label in Portainer. This enables secure, HTTPS access via a Tailscale-managed domain name. You then authenticate the service with Tailscale and disable key expiry to ensure persistent access.

By the end of this lesson, you will be able to:

• Modify a running Docker stack in Portainer by adding labels.

• Enable TSDProxy integration for the Portainer container.

• Authenticate the File Browser service through the TSD Proxy web interface.

• Access Portainer securely via a Tailscale domain (e.g., https://portainer.<tailnet>.ts.net).

• Disable key expiry in Tailscale for uninterrupted service access.

In this lesson, you learn two methods to find open or available ports on your Docker host:

1. Command-line method using the ss tool to list active ports.

2. Web-based method by deploying a custom Open Port Finder app via Portainer, accessible securely using TSD Proxy and Tailscale.

By the end of this lesson, you will be able to:

• Use the ss -nutl command to manually identify in-use ports on a Linux system.

• Deploy a containerized Open Port Finder application via Portainer.

• Access the Open Port Finder securely using a Tailscale-based domain name.

• Determine the next available host port for new Docker services.

• Understand how host networking and container labels impact TSD Proxy integration.

• Objective of Lesson: Learn to deploy Homepage, a customizable dashboard for centralizing self-hosted services.

• Problem Addressed:

  • Managing multiple applications with different URLs can be cumbersome.

  • Homepage provides a single interface for easy access to all services.

• Benefits of Homepage:

  • Centralized access to all self-hosted services from one dashboard.

  • Simplifies sharing access with family or network users by directing them to one URL.

• Personal Use Case:

  • Useful for managing services you access occasionally.

  • Helps remember service names and provides quick access.

• Actionable Insight: Consider using Homepage to streamline the management and accessibility of self-hosted services and improve user experience for both personal and shared use.

In this lesson you'll learn how to deploy the Homepage Dashboard web application.

• Customization Options:

  • Homepage offers extensive customization for layout, sections, links, services, icons, color scheme, and background image.

  • Designed to tailor to user needs.

• Information Widgets:

  • Located at the top of the homepage.

  • The "Resources" widget shows system resource usage, such as CPU, RAM, and disk space.

  • Expandable to include statistics like CPU temperature and uptime.

  • Includes a search bar defaulted to DuckDuckGo, which is customizable.

• Services Section:

  • Below widgets, with default groups labeled "first group," "second group," and "third group."

  • Intended for customization to suit user preferences.

• Bookmark Section:

  • Contains three sections, each with one default bookmark.

• Color Scheme and Display:

  • Options available at the dashboard's bottom for quickly switching color palettes.

  • Toggle button for dark mode and light mode.

• Configuration Management:

  • Button to force homepage to reread its configuration settings.

  • Useful if automatic detection of changes does not occur.

1. Customizing Homepage:

   • Settings.yaml: Adjust global settings like theme, color, and background image.

     • Save changes and refresh to see updates.

     • Adjust background image brightness, opacity, etc.

     • Set themes consistently by hard coding preferences (e.g., dark mode).

     • Hide unnecessary information, e.g., version info.

   • Widgets.yaml: Modify system resource displays and search provider.

     • Add elements, such as a clock.

     • Consult documentation for available widgets like weather, stocks.

   • Services.yaml: Manage links to services with optional icons and monitoring.

     • Use icons from various projects (e.g., dashboard icons, material design).

     • Enable service status monitoring with site monitor setting.

     • Add Docker container status display (requires Docker.sock bind mount).

     • Example service widget for Portainer: shows container counts, needs environment number & API key.

   • Bookmarks.yaml: Organize static links for frequently used sites.

     • Differentiate bookmarks (static) from services (dynamic).

     • Add useful links like Tailscale management and documentation resources.

2. Documentation and Further Configuration:

   • All configuration settings and available options are detailed at gethomepage.dev.

   • Refer to home page documentation for in-depth customization and widget options.

• Learned to deploy and customize a homepage using YAML-based configuration files.

  • Controlled features such as title, background, theme, widgets, service groups, and bookmarks.

• Acquired skills to:

  • Add service icons.

  • Monitor service availability.

  • Enhance the dashboard with dynamic widgets.

• Achieved a centralized, visually organized interface for managing self-hosted services.

• Recommended actions:

  • Bookmark the customized homepage in your browser for quick access.

  • Consider setting it as your browser's default start page.

• Objective and Context:

  • Learn to deploy IT tools for tasks such as encoding/decoding data, comparing textual data, and converting Docker run commands into Docker compose files.

  • Demonstrated using Portainer, though it can also be configured via command line.

• Tool Exploration:

  • Explore available tools, especially the Docker Run to Docker Compose Converter.

  • To use, type "Docker" in the search bar, select the tool, and convert Docker Run commands to compose.yaml format.

• Target Audience:

  • Designed for users with an existing domain or planning to register one.

  • Those not in this group can skip to the next section.

• Current Access Method:

  • Initially accessed services using IP addresses and port numbers.

  • Introduced TSDProxy and Tailscale for easier access with human-friendly names.

  • Used Tailscale-generated Tailnet names on their domain, limiting control.

• Solution with Own Domain:

  • Use a personal domain to name and access services independently.

  • Implement a web server, Caddy, as a reverse proxy to manage incoming traffic.

  • Caddy also obtains and renews TLS certificates to secure services.

• Caddy Web Server Features:

  • Automatically handles TLS certificates via Let's Encrypt or ZeroSSL.

  • Traditional HTTP challenges are not viable since services aren't publicly accessible.

  • Caddy can use DNS challenges to prove domain ownership, bypassing public access restrictions.

• Setup Considerations:

  • Use Cloudflare as the DNS provider for domain management.

  • Caddy interacts with Cloudflare to manage DNS records automatically.

  • Allows secure access and valid SSL certificates, maintaining privacy within the tailnet.

In this lesson, you learn how to register a custom domain and configure it with Cloudflare DNS to securely access your self-hosted services. Two common DNS setups are covered: using your entire domain or using a subdomain (e.g., internal.example.com) for private services. Wildcard DNS records are used to simplify routing multiple service subdomains to your Docker host via its Tailscale IP address.

By the end of this lesson, you will be able to:

• Register a custom domain through a domain registrar.

• Set up Cloudflare DNS and connect your domain to it.

• Update your domain’s nameservers to use Cloudflare’s.

• Choose between using a full domain or a subdomain for private services.

• Create wildcard DNS records to route multiple subdomains to your Docker host’s Tailscale IP.

• Understand how to structure URLs for accessing self-hosted services securely using your domain.

In this lesson, you configure a custom domain with Cloudflare and deploy Caddy as a reverse proxy to serve your self-hosted services over HTTPS using your domain name. You create DNS records, generate a Cloudflare API token, build the required Caddyfile configuration, and deploy the Caddy service via Portainer using a prebuilt Docker image with Cloudflare DNS support.

By the end of this lesson, you will be able to:

• Create A and wildcard DNS records in Cloudflare pointing to your Docker host’s Tailscale IP.

• Generate and manage a Cloudflare API token for DNS record automation.

• Create and configure a Caddyfile for reverse proxying your services using custom domain names.

• Deploy the Caddy reverse proxy container using Portainer and a prebuilt image with Cloudflare DNS integration.

• Access your self-hosted services via secure HTTPS URLs like https://internal.yourdomain.com or https://portainer.internal.yourdomain.com.