Home
Softono
selfhostyourtech

selfhostyourtech

Open source Shell
Website GitHub
12
Stars
1
Forks
9
Issues
6
Watchers
6 months
Last Commit
Workflow Automation Kanban Boards

About selfhostyourtech

🐳 A Docker getting-started kit for new businesses trying to self-host their data! Includes vetted apps for team communication, office document editing, CRM, marketing/publishing, AI, and more.

Platforms

Web Self-hosted Cloud Docker

Languages

Shell

Links

Website Source Code
m
Published by
monadical-sas
Visit View Profile

README.md

View on GitHub

SelfHostYour.Tech Documentation

Overview

SelfHostYour.Tech is an all-in-one Docker kit designed to help businesses self-host their complete tech stack. It's specifically tailored for companies with 1 to 100 employees who want to maintain control over their data and services.

Important Links:

Getting Started

DNS Configuration

To properly set up the DNS for this, you need to configure the following records in your domain's DNS settings:

  1. A Record:

    • Create an A record for the root domain (e.g., example.com)
    • Point this record to your server's IP address

  2. Wildcard CNAME Record:

    • Create a CNAME record with * as the hostname
    • Point this record to the value of your A record (e.g., example.com)
Record Type Hostname Value/Points To
A example.com 10.34.2.1 (Your server IP)
CNAME * example.com

This configuration ensures that both the root domain and all subdomains resolve to your server.

Quickstart

Get up and running in minutes with our automated installer that configures everything with sensible defaults.

  1. Clone the repository (recommended location is /opt):

    cd /opt
git clone https://github.com/Monadical-SAS/selfhostyourtech.git
cd selfhostyourtech

  2. Quickstart (Ubuntu only):

    ./bin/shtool quickstart <domain> <email> <traefik_username> <traefik_password>

Detailed Installation

  1. Clone the repository (recommended location is /opt):

    cd /opt
git clone https://github.com/Monadical-SAS/selfhostyourtech.git

  2. Install Docker (Ubuntu only):

    cd /opt/selfhostyourtech
./bin/shtool install_docker

  3. Configure Let's Encrypt for SSL certificates:

    docker compose run --rm manager shtool setup_letsencrypt <domain> <email> [traefik_username] [traefik_password] [environment]

    Parameters:

    • <domain>: Your domain name (required)
    • <email>: Email for Let's Encrypt notifications (required)
    • [username]: Admin username (optional, defaults to "admin")
    • [password]: Admin password (optional, auto-generated if not specified)
    • [environment]: Environment type - "prod" or "dev" (optional, defaults to "prod")

    Example:

    docker compose run --rm manager shtool setup_letsencrypt example.com [email protected] myadmin mysecurepass prod

    Note: If password is omitted, a secure random password will be generated.

  4. Configure your apps by editing the enabled apps file (optional):

    nano /opt/selfhostyourtech/etc/apps-enabled.yaml

  5. Configure application settings including credentials and passwords:

    docker compose run --rm manager shtool configure_app_settings

    This interactive tool will help you set up passwords, credentials, and other important settings for all enabled applications.

  6. Update the Homer dashboard to reflect your enabled apps (optional):

    docker compose run --rm manager shtool update_homer_config

  7. Deploy your selected apps:

    docker compose up -d

Environment Configuration

SelfHostYour.Tech supports two deployment environments:

Production Environment (prod)

  • HTTPS enabled: All services use SSL/TLS certificates from Let's Encrypt
  • Secure redirects: HTTP traffic is automatically redirected to HTTPS
  • Full SSL validation: Complete certificate chain validation
  • Recommended for: Live deployments, production use

Development Environment (dev)

  • HTTP only: Services run without SSL certificates
  • No redirects: Direct HTTP access without HTTPS enforcement
  • Local development: Suitable for localhost testing
  • Recommended for: Testing, development, local setups

The environment is configured during the setup_letsencrypt step and affects all services automatically.

Starting/Stopping/Status Services

docker compose exec -ti manager shtool start
docker compose exec -ti manager shtool stop
docker compose exec -ti manager shtool start <service>
docker compose exec -ti manager shtool stop <service>
docker compose exec -ti manager shtool status
docker compose exec -ti manager shtool reload

Managing Services by Docker Compose wrapper

You can manage individual services using the shtool manage command followed by the service name and docker-compose command:

docker compose run --rm manager shtool manage <service_name> <command>

Examples:

  • Check service status: docker compose run --rm manager shtool manage nextcloud ps
  • Stop a service: docker compose run --rm manager shtool manage zulip stop
  • Start a service: docker compose run --rm manager shtool manage nextcloud up -d
  • View logs: docker compose run --rm manager shtool manage ghost logs -f

Deployment Management

Deploy Individual Services

Deploy or redeploy a specific service:

docker compose run --rm manager shtool deploy <service_name> [force_rebuild]
docker compose run --rm manager shtool redeploy <service_name> [force_rebuild]

Examples:

# Deploy Nextcloud
docker compose run --rm manager shtool deploy nextcloud

# Redeploy with forced rebuild
docker compose run --rm manager shtool redeploy nextcloud true

Deploy All Services

Redeploy all enabled services:

docker compose run --rm manager shtool redeploy_all [force_rebuild]

Example:

# Redeploy all services with forced rebuild
docker compose run --rm manager shtool redeploy_all true

Data Management and Cleanup

Clean All Data

⚠️ WARNING: This will permanently delete ALL data

docker compose run --rm manager shtool clean

This command will:

  • Stop all services
  • Remove all Docker volumes
  • Require confirmation with a randomly generated code

Clean Individual Service Data

⚠️ WARNING: This will permanently delete data for the specified service

docker compose run --rm manager shtool clean_app <service_name>

Example:

docker compose run --rm manager shtool clean_app nextcloud

Application Configuration

Configure all applications at once:

docker compose run --rm manager shtool configure_app_settings

Configure a single application:

docker compose run --rm manager shtool configure_app <app_name>

Example:

docker compose run --rm manager shtool configure_app nextcloud

This will launch a configuration script specifically for the selected application, allowing you to set or update:

  • Admin credentials
  • Database settings
  • Storage paths
  • Integration options
  • Application-specific parameters

For zulip

Use this command to create the organization.

cd ./apps/zulip
docker compose exec -u zulip zulip /home/zulip/deployments/current/manage.py generate_realm_creation_link

For Authentik

Use this url to access the admin settings.

https://authentik./if/flow/initial-setup/

CUSTOM_SUBDOMAIN Configuration Guide

The CUSTOM_SUBDOMAIN environment variable provides a way to override the default subdomain behavior in your application. When configured, it allows you to specify a custom subdomain that will be used instead of the application's default subdomain logic.

Configuration

Add the following to your application's .env file:

CUSTOM_SUBDOMAIN=your_custom_subdomain

Available Services

Communication

  • Zulip
    • Description: Team chat with threaded conversations
    • Type: Chat Platform

Office

  • Nextcloud

    • Description: File sharing and collaboration platform
    • Type: Nextcloud

  • ONLYOFFICE

    • Description: Online document editing suite
    • Type: Document Editor

  • HedgeDoc

    • Description: Collaborative markdown editor
    • Type: Documentation

CRM & Data

  • Baserow

    • Description: No-code database & CRM solution
    • Type: Database/CRM

  • Twenty

    • Description: Modern CRM platform
    • Type: CRM

Security

  • Authentik

    • Description: Identity provider & SSO solution
    • Type: Identity Management

  • Traefik

    • Description: Reverse proxy & SSL management
    • Type: Traefik

Publishing

  • Ghost

    • Description: Professional publishing platform
    • Type: CMS

  • WordPress

    • Description: Popular content management system
    • Type: CMS

Development

  • Gitea
    • Description: Self-hosted Git service with web interface
    • Type: Version Control

AI & Productivity

  • LibreChat
    • Description: AI chat interface supporting multiple providers
    • Type: AI Assistant

Analytics

  • Matomo
    • Description: Privacy-focused web analytics platform
    • Type: Analytics

System

  • Homer

    • Description: Homepage dashboard
    • Type: System Dashboard

  • Portainer

    • Description: Container management web interface
    • Type: Container Management

Coming Soon

The following services are in development or planned for future releases:

  • ArchiveBox - Web archiving tool
  • Databox - Analytics platform
  • Duplicati - Backup solution
  • And more...

Troubleshooting

Common Issues

  • Service doesn't start: Check logs with docker compose run --rm manager shtool manage <service> logs
  • Can't access service: Verify Traefik configuration and DNS settings
  • SSL certificate problems: Run docker compose run --rm manager shtool setup_letsencrypt again
  • Incorrect credentials: Reconfigure application settings with docker compose run --rm manager shtool configure_app_settings
  • Configuration issues: Check application-specific configuration files in the service directory
  • Environment mismatch: Ensure your environment (prod/dev) is correctly configured

Environment-Specific Issues

Production Environment:

  • Verify domain DNS is pointing to your server
  • Ensure ports 80 and 443 are open and accessible
  • Check Let's Encrypt certificate generation in Traefik logs

Development Environment:

  • Services will be accessible via HTTP only
  • Use localhost or your local IP address
  • No SSL certificates required

Best Practices

  1. Regularly back up your data
  2. Keep the system updated with git pull in the repository directory
  3. Monitor system resources to ensure adequate capacity
  4. Implement proper security measures and network isolation
  5. Set up monitoring for critical services
  6. Use production environment for live deployments
  7. Test changes in development environment first

Support and Community

Join our Zulip community at https://zulip.selfhostyour.tech for support, discussions, and to connect with other users.

For bug reports and feature requests, please use the GitHub repository at https://github.com/Monadical-SAS/selfhostyourtech.

Table of Contents

Authentik

Variable Description Default
PG_DB PostgreSQL database name traefik
PG_USER PostgreSQL username traefik
PG_PASS PostgreSQL password Required
AUTHENTIK_SECRET_KEY Secret key for sessions & encryption Required
AUTHENTIK_LISTEN__HTTP HTTP listen address and port 0.0.0.0:9000
AUTHENTIK_LISTEN__HTTPS HTTPS listen address and port 0.0.0.0:9443
SMTP_HOST SMTP server address Optional
SMTP_USERNAME SMTP server username Optional
SMTP_PASSWORD SMTP server password Optional
EMAIL_FROM Email sender address Optional

Ghost

Variable Description Default
MYSQL_DATABASE MySQL database name nextcloud
MYSQL_USER MySQL username nextcloud
MYSQL_ROOT_PASSWORD MySQL root password Required
MYSQL_PASSWORD MySQL user password Required

HedgeDoc

Variable Description Default
POSTGRES_USER PostgreSQL username hedgedoc
POSTGRES_DB PostgreSQL database name hedgedoc
POSTGRES_PASSWORD PostgreSQL password Required
HD_SESSION_SECRET Session encryption key Required

Nextcloud

Variable Description Default
MYSQL_DATABASE MySQL database name nextcloud
MYSQL_USER MySQL username nextcloud
MYSQL_ROOT_PASSWORD MySQL root password Required
MYSQL_PASSWORD MySQL user password Required
TRUSTED_PROXIES Allowed proxy IP ranges 172.0.0.0/8

ONLYOFFICE

Variable Description Default
POSTGRES_DB PostgreSQL database name onlyoffice
POSTGRES_USER PostgreSQL username onlyoffice
REDIS_PASSWORD Redis password Required
DB_PASSWORD Database password Required
JWT_SECRET JWT token secret key Required

Traefik

Variable Description Default
TRAEFIK_USER_AUTH HTTP Basic Auth credentials Required
EMAIL Email for Let's Encrypt Required

Twenty

Variable Description Default
PG_DATABASE_USER PostgreSQL username Required
PG_DATABASE_PASSWORD PostgreSQL password Required
PG_DATABASE_HOST PostgreSQL host Required
PG_DATABASE_PORT PostgreSQL port Required
SERVER_URL Public URL for the server Required
REDIS_URL Redis connection URL Required
STORAGE_TYPE Storage type (local/S3) Required
STORAGE_S3_REGION S3 region Optional
STORAGE_S3_NAME S3 bucket name Optional
STORAGE_S3_ENDPOINT S3 endpoint URL Optional
APP_SECRET Application secret key Required
EMAIL_FROM_ADDRESS Sender email address Optional
EMAIL_FROM_NAME Sender name Optional
EMAIL_SYSTEM_ADDRESS System email address Optional
EMAIL_DRIVER Email driver (SMTP/etc.) Optional
EMAIL_SMTP_HOST SMTP server host Optional
EMAIL_SMTP_PORT SMTP server port Optional
EMAIL_SMTP_USER SMTP username Optional
EMAIL_SMTP_PASSWORD SMTP password Optional

Zulip

Variable Description Default
POSTGRES_DB PostgreSQL database name Required
POSTGRES_USER PostgreSQL username Required
POSTGRES_PASSWORD PostgreSQL password Required
MEMCACHED_PASSWORD Memcached password Required
REDIS_PASSWORD Redis password Required
RABBITMQ_USER RabbitMQ username Required
RABBITMQ_PASSWORD RabbitMQ password Required
EMAIL_HOST SMTP server host Optional
EMAIL_HOST_USER SMTP username Optional
EMAIL_HOST_PASSWORD SMTP password Optional
EMAIL_PORT SMTP port Optional
NOREPLY_EMAIL No-reply email address Optional
ZULIP_SECRET_KEY Secret key for Zulip Required
GIPHY_API_KEY Giphy integration API key Optional
VIDEO_ZOOM_CLIENT_ID Zoom Client ID Optional
VIDEO_ZOOM_CLIENT_SECRET Zoom Client Secret Optional
SOCIAL_AUTH_OIDC_SECRET OIDC authentication secret Optional

Gitea

Variable Description Default
GITEA_POSTGRES_USER PostgreSQL username gitea
GITEA_POSTGRES_DB PostgreSQL database name gitea
GITEA_POSTGRES_PASSWORD PostgreSQL password Required

LibreChat

Variable Description Default
LIBRECHAT_PORT LibreChat application port 3080
UID User ID for container permissions 1000
GID Group ID for container permissions 1000
ALLOW_EMAIL_LOGIN Enable email login true
ALLOW_REGISTRATION Enable user registration true
JWT_SECRET JWT token secret key Required
JWT_REFRESH_SECRET JWT refresh token secret Required
CREDS_KEY Credentials encryption key Required
CREDS_IV Credentials initialization vector Required
MEILI_MASTER_KEY Meilisearch master key Required
SESSION_EXPIRY Session expiration time (ms) 900000
REFRESH_TOKEN_EXPIRY Refresh token expiration (ms) 604800000

Matomo

Variable Description Default
MATOMO_MYSQL_ROOT_PASSWORD MariaDB root password Required
MATOMO_MYSQL_USER MariaDB username matomo
MATOMO_MYSQL_PASSWORD MariaDB user password Required
MATOMO_MYSQL_DATABASE MariaDB database name matomo

WordPress

Variable Description Default
WORDPRESS_MYSQL_ROOT_PASSWORD MariaDB root password Required
WORDPRESS_MYSQL_USER MariaDB username wordpress
WORDPRESS_MYSQL_PASSWORD MariaDB user password Required
WORDPRESS_MYSQL_DATABASE MariaDB database name wordpress

Portainer

Variable Description Default
No additional variables Uses Docker socket and data volume -