Log in Subscribe

Server Apps

In this section you'll find more information about the application that can be installed on your server using the deployment script.

The deployment script employs a modular architecture that gives server administrators flexibility in deploying exactly the applications they need. Each component is designed as a self-contained module with well-defined integration points, allowing administrators to select which applications to install based on their specific requirements.

The deployment script provides streamlined methods for adding or removing applications without disrupting existing services, making future adaptations straightforward as organizational needs evolve. This approach prevents bloat from unnecessary services while ensuring that all installed components maintain consistent authentication, monitoring, and security standards regardless of which combination is deployed.

[!note] If you want to install and try out all the applications available for self-hosting with this project, use the -m all option when running the deployment script, such as: ./hv -m all

For example, the following is a diagram of the applications that will be installed and configured when deploying this project into a server, using the following parameters:

./hv -m cockpit -m immich -m nextcloud
Example deployment with 4 modules enabled

Base Module

The base module is always installed on deployment. It does not need to be specified when calling the setup script, and it cannot be removed. This module provides basic services and infrastructure that all other modules depend on for connectivity, authentication, etc.

The following applications are included as part of the base module:

Tailscale Client

The base module installs and configures the Tailscale client software on the host OS. The setup script creates a device token for the server and ensures the server remains authenticated by disabling token expiration. The Tailscale Client allows the server to expose private applications (like Cockpit or Grafana) behind your Tailnet (VPN).

Cloudflared

This docker container establishes a connection to your Cloudflare Tunnel. This container allows the server to expose public applications (like Immich or NextCloud) to the internet, without requiring complex configuration on your router or home network.

Traefik

Traefik is a reverse proxy application that handles incoming traffic from either your Tailnet or Cloudflare Tunnel and routes it to the desired application depending on the url that was used by the client. For example, requests to https://immich.yourdomain.com are routed to Immich, requests to https://nextcloud.yourdomain.com are routed to Nextcloud, etc.

Traefik is also responsible for other tasks, such as managing encryption certificates for secure websites, as well as enforcing client authentication for applications that do not integrate natively with Authelia, such as Cockpit or WUD.

Traefik's Web Dashboard

Authelia

Authelia is an authentication and authorization portal that provides identity and access management (IAM) for the applications running on the server, as well as allowing a convenient single sign-on (SSO) experience for clients. Authelia also provides a client-facing portal where users of the server can change or recover their password, if necessary. Once installed, Authelia's web portal is available as a public application at https://authelia.yourdomain.com.

Authelia supports multi-factor authentication (MFA). Although the project currently requires single-factor for all applications, it is possible to modify the configuration after deployment, if so is required.

Authelia Authentication Flow

LLDAP

LLDAP is a simple authentication server that provides a simple interface for server administrators to manage users and their privileges. Through LLDAP's web portal you can, for example, add an account for a new family or team member, and grant them access to one or more applications running on the server. Once installed, the LLDAP web portal is available at https://lldap.yourdomain.com

During deployment, the setup script configures your the Pluggable Authentication Module (PAM) on your Linux OS to talk to LLDAP, allowing you to grant accounts in LLDAP the ability to start an SSH session and run sudo, for example. This integration makes it possible to create accounts for system administrators on a temporary basis, for example, to provide remote support to the server.

LLDAP Web Portal

WUD

What's Up Docker (WUD) is a background service that keeps track of the latest versions for the applications that are installed on the server. When a newer version is made available online, WUD will send an email to the server administrator with the details of the update. It is possible to configure WUD to apply the updates automatically, although it's best practice to always review what is new with each update and read the notes from the application developer before applying any updates to the server.

WUD's Web Portal Showing Available Updates

TrafegoDNS

TrafegoDNS is a service that automatically manages DNS records based on Traefik and Docker containers configuration on the server. It integrates directly with Cloudflare to create and update A and CNAME records on your domain as you deploy new applications to the server. This removes the need for the server administrator to log into the Cloudflare Dashboard and make modifications any time that the topology of applications changes on the server.

Application Modules

Immich

Immich is a self-hosted photo and video management solution that provides features similar to Google Photos, without giving up your data privacy. Easily back up, organize, and manage your photos on your own server.

You can install Immich by passing the option -m immich to the deployment script. Once installed, the Immich web portal is available at https://immich.yourdomain.com.

[!info] To grant users access to Immich on your server, you must add them to the immich_user group using LLDAP

Some of the more popular features on Immich include:

  • Fast and streamlined web portal with ability to search, sort and filter photos, and organize them into albums.
  • Ability to share photos, videos and albums with other server members or anyone via a public link.
  • Machine-learning for facial recognition and automatic tagging
  • Android and iOS applications with automatic background sync
Immich Web Portal

Nextcloud

Nextcloud is a suite of client-server software for creating and using file hosting services. Nextcloud provides functionality similar to Dropbox, Office 365, or Google Drive. Besides the Nextcloud Hub web portal, Nextcloud provides applications for Desktop on Mac and Windows, as well as Android and iOS apps.

You can install Nextcloud by passing the option -m nextcloud to the deployment script. Once installed, the Nextcloud Hub website is available at: https://nextcloud.yourdomain.com.

[!info] To grant users access to Nextcloud on your server, you must add them to the nextcloud_user group using LLDAP

Out of the box, Nextcloud allows you to synchronize files across your devices. You can manage your files through the web interface, and you can also share your files with other users of Nextcloud, as well as via public web links.

Besides those built-in features, this projects also installs the following add-ons for Nextcloud:

  • Collabora Online, a powerful online document editing suite. It integrates with Nextcloud Office to provide collaborative document editing. It lets you create and edit files in all major MS Office formats (docx, pptx and xlsx)
  • Nextcloud Full-text Search, enhances the search capabilities beyond the basic file search functionality. It enables users to search through the content of their files and documents, not just file names. It supports searching within the content of text, PDF and MS Office documents.

Nextcloud Talk

Talk is the communication component of the Nextcloud ecosystem. It integrates directly into your Nextcloud setup, providing a privacy-focused, self-hosted alternative to third-party communication platforms, like Slack. With Talk you can have text chats, voice calls and video-conferences right within your Nextcloud environment, without your communication data being stored on external servers.

You can install Nextcloud Talk by passing the option -m nextcloud.talk to the deployment script. Talk will appear as an internal application within your Nextcloud Hub website which is available at https://nextcloud.yourdomain.com.

You can find more in this blog post that provides a feature comparison between Nextcloud Talk and Microsoft Teams

Server Administration Modules

This project includes a collection of applications meant to help with the administration of the server. Although these apps are not strictly required, it is strongly recommended to install them.

[!tip] All the applications below are accessible only to users that have been added to the server_admin group in LLDAP. You should only add users who are meant to perform administrative functions on the server to this group.

Homepage

Homepage is a powerful and customizable dashboard solution for self-hosted services. It provides a clean, modern interface that aggregates all your applications and services in one place. Homepage serves as a collection of bookmarks and widgets that make it easier to interact with the applications on your server.

You can install Homepage by passing the option -m homepage to the deployment script. Once installed, the Homepage dashboard is available at https://home.yourdomain.com.

All the modules available in this project plug dynamically into Homepage. For example: if you install the Nextcloud module, there will be a widget for Nextcloud under the Applications section of your Homepage website.

Homepage Website With All Application Modules Installed

Cockpit

Cockpit is a web-based graphical interface for servers that lets you manage many aspects of the Linux OS. Cockpit makes Linux discoverable. You don’t have to remember commands at a command-line. See your server in a web browser and perform system tasks with a mouse.

You can install Cockpit by passing the option -m cockpit to the deployment script. Once installed, the Cockpit interface is available at https://cockpit.yourdomain.com.

Here are some things you can do from the Cockpit portal on your server:

  • Inspect your system's hardware
  • Install software updates
  • Open a remote terminal window
  • View, upload, download and delete files on the local filesystem

Cockpit Web Portal

Portainer

Portainer is a lightweight, self-hosted container management platform that helps with Docker administration for your server, by providing an intuitive web GUI that eliminates the need for SSH or local terminal commands. It extends Docker's functionality by allowing users to deploy, oversee, and troubleshoot containers through a user-friendly interface.

You can install Portainer by passing the option -m portainer to the deployment script. Once installed, the Portainer interface is available at https://portainer.yourdomain.com.

Portainer Web Portal

Monitoring

The monitoring module installs and configures several applications that work together to provide a view into your server performance. These tools can be helpful when investigating the root cause of many hardware and software issues. The module installs Grafana to provide interactive visualization of server performance through charts, graphs and dashboards.

The data for these dashboards is collected and stored in a time-series database called Prometheus. In addition to performance metrics, this module installs Alloy, an application used to collect logs from the host OS and all Docker containers, which are then stored in Loki, a log aggregation system.

You can install these tools by passing the option -m monitoring to the deployment script. Once installed, the Grafana interface is available at https://grafana.yourdomain.com.

Grafana Dashboards and Logs