The Self-Hosted Stack: Run Your Own Cloud with Docker Compose
$9 a month to Google Drive, $3 to 1Password, $3 to iCloud. Over a year that's hundreds of dollars across the stack.
Worse, your data isn't yours. Pricing changes, policy shifts, account flags — and your tens of thousands of photos, years of passwords, thousands of notes can vanish overnight.
Self-hosting is the other path: a few hundred bucks for a NAS or repurpose an old machine, install Docker, move everything home. Up-front effort, long-term peace of mind, and 100% data ownership.
This article gives you a ready-to-deploy self-hosted stack — 10 apps worth running, Docker Compose one-shot setup, a unified reverse proxy, and a complete backup strategy.
Why Self-Host: Run the Numbers
| Aspect | SaaS Subscriptions | Self-Hosted |
|---|---|---|
| Monthly cost | $50-100/month (stacked across services) | Electricity + depreciation ~$15/mo |
| Data ownership | The vendor | You |
| Privacy | Their policy | Physical isolation |
| Customization | Limited | Total |
| Cross-device sync | Out of the box | Set up yourself |
| Maintenance cost | 0 | Occasional upgrades, troubleshooting |
| When things break | Wait for vendor | Fix it yourself |
| Learning ROI | 0 | Tinkering is its own reward |
Who this suits: people willing to trade time for control and savings, sensitive to data sovereignty, with an always-on machine at home.
Who it doesn't: people with zero ops experience, allergic to Docker, without stable home internet — keep using SaaS.
Hardware Choices
Entry tier (just starting):
| Option | Price | Pros & Cons |
|---|---|---|
| Spare laptop/desktop | $0 | Capable, power-hungry |
| Raspberry Pi 5 (8GB) | ~$80 | Low power, occasional ARM quirks |
| Mac mini M-series (used) | $400+ | Silent and power-sipping, macOS Docker is finicky |
| Synology DS923+ | $600+ | Plug-and-play, polished Docker support |
| TerraMaster / Ugreen NAS | $300-500 | Cheaper alternatives, OS less mature |
Mid tier (multi-service / home lab):
- Small chassis + N100 motherboard (~$200) + large HDDs: best bang per buck
- Used enterprise SFF (HP EliteDesk and friends, $150-300): plenty of horsepower
Minimum spec: 4 cores / 8 GB RAM / 256 GB SSD (system) + 2 TB HDD (data).
Network Planning
- LAN access: assign a static IP from the router or use mDNS (
server.local) - Public access: pair with Cloudflare Tunnel (see the Cloudflare Tunnel article) — no inbound ports needed
- Domain: grab a cheap domain, give each service a subdomain (
vault.example.com,photo.example.com)
Baseline Docker Compose Template
Create ~/stack/docker-compose.yml:
Caddyfile:
Caddy auto-provisions and renews Let's Encrypt certificates — HTTPS is hands-off.
10 Worth-It Self-Hosted Apps
1. Vaultwarden — Password Manager (Replaces 1Password)
A Rust implementation of the Bitwarden server, very low resource usage, fully compatible with official clients (browser extensions, desktop, mobile).
Saves $36/year per user, and the whole family can share organizations.
2. Immich — Photo Library (Replaces Google Photos)
The fastest-rising self-hosted photo service in recent years — AI face recognition + smart search rival Google Photos.
Install the Immich app on your phone, enable auto-upload, years of photos belong to you forever.
3. Jellyfin — Media Server (Replaces Netflix-style subscriptions)
Turn your media library into a "private Netflix" with transcoding, subtitles, and multi-user support.
4. Linkding — Bookmark Manager (Replaces Pocket / Raindrop)
Minimalist bookmark management with tags, notes, and automatic title/description scraping.
5. Memos — Notes / Journal (Replaces Flomo / Logseq Daily)
Made by Chinese developers, a minimalist card-based note app — Flomo-like UX.
6. n8n — Workflow Automation (Replaces Zapier / IFTTT)
Visual workflow editor with hundreds of integration nodes — webhook triggers, scheduled tasks, you name it.
7. Uptime Kuma — Service Monitoring (Replaces Pingdom)
Beautiful service monitoring dashboard supporting HTTP/Ping/TCP/DNS/SSL certificate checks and more.
Push alerts via Telegram, email, or webhook on outages.
8. SearXNG — Meta Search Engine (Replaces Google)
Aggregates 70+ search sources, self-hosted private search — no search logs retained.
9. Karakeep (formerly Hoarder) — Read-Later (Replaces Pocket / Instapaper)
Snapshot, archive, AI tagging, full-text search — all in one.
10. Headscale — Private VPN (Replaces Tailscale)
Open-source Tailscale server — fully self-hosted. All your devices form an encrypted private network; work laptop, home machines, and phone can reach each other directly.
Use the official Tailscale client without a Tailscale account.
Unified Reverse Proxy (Complete Caddyfile)
Caddy auto-issues and renews Let's Encrypt certificates — zero-config HTTPS.
Backup Strategy: The Lifeline of Self-Hosting
Your data is yours — which also means if you lose it, nobody recovers it for you. Follow the 3-2-1 rule:
- 3 copies of data
- 2 different media types
- 1 offsite
Recommended: restic + Offsite Storage
Schedule it with cron, 3 AM daily:
Back Up Databases Separately
Stateful services like Postgres and MySQL shouldn't be backed up by copying data directories — data corruption is common. Dump SQL first, then back up:
Common Pitfalls
1. Containers Can't Reach Each Other
Make sure all services share the same Docker network. Compose creates a default network, but cross-compose-file requires explicit external networks.
2. Port Conflicts
Caddy occupies 80/443 — don't expose those ports for other services on the host.
3. Volume Permissions
The biggest pitfall for newcomers: files written by containers as root can't be edited by the host user. Best practice:
Or use NAS-managed shared folder permissions.
4. Upgrades Break Things
Snapshot current versions before upgrading: docker compose ps + docker images, back up data, then docker compose pull && docker compose up -d. Roll back immediately on issues:
5. Memory/Disk Exhaustion
Check periodically:
Summary
Self-hosting isn't about "saving money" — it's about reclaiming data sovereignty. You will save $500-1000/year in subscriptions, but more importantly:
- Your password vault is never compromised because LastPass got breached
- Your photos aren't held hostage by iCloud price hikes
- Your notes don't trigger anxiety every time Notion changes its privacy policy
- The act of tinkering itself is a technical asset
Recommended on-ramp:
- Start with Vaultwarden (password management)
- Add Immich (photo library)
- Add Uptime Kuma (monitor the first two)
- Run for a month, then expand
Then use the Cloudflare Tunnel guide to safely publish these services to the internet — a modern private cloud comes online.