A core set of privacy-preserving services that can be easily self-hosted via Docker Compose.
This repository contains everything you need to start self-hosting a core set of privacy-preserving services that I have found helpful, all run via a common Docker Compose configuration using Let's Encrypt for SSL certificates.
NOTE: I am in the process of migrating all apps here to meienberger/runtipi, as that is a much better overall solution for this type of project. Once done I will archive this repo and direct all users to that. You can follow the porting process here: https://github.com/meienberger/runtipi-appstore/pulls/sethforprivacy
80/tcp
, 443/tcp
, 18080/tcp
, 18083/tcp
, 3333/tcp
, 37889/tcp
, and 18089/tcp
exposed/forwarded to the hostNOTE: If you do not want to run one of the services above simply comment out or delete the relevant service section from docker-compose.yml
.
This repo relies on Docker Compose to configure and run all of the above services, leveraging Traefik to automatically expose each service, request and maintain Let's Encrypt certificates for SSL, and handle all proxying.
You will need to clone this repository to the host you want running these services first:
git clone https://github.com/sethforprivacy/self-hosted-services.git
cd self-hosted-services
Once cloned, set the necessary passwords and desired sub-domains in the .env
file (PLEASE DO NOT COPY THE FOLLOWING CONFIG, CHANGE THE PASSWORDS AND HOSTNAMES APPROPRIATELY IN YOUR LOCAL .env
FILE):
# Nextcloud Variables
NEXTCLOUD_HOSTNAME=nextcloud.mydomain.com
NEXTCLOUD_ADMIN_USER=
NEXTCLOUD_ADMIN_PASSWORD=
POSTGRES_PASSWORD=
# Wallabag Variables
WALLABAG_HOSTNAME=wallabag.mydomain.com
WALLABAG_DB_ROOT_PASS=
WALLABAG_DB_PASS=
WALLABAG_URL=https://wallabag.mydomain.com
# Teddit Variables
TEDDIT_HOSTNAME=teddit.mydomain.com
# Nitter Variables
NITTER_HOSTNAME=nitter.mydomain.com
# Traefik Variables
TRAEFIK_HOSTNAME=traefik.mydomain.com
# Heimdall Variables
DASHBOARD_HOSTNAME=dashboard.mydomain.com
DASHBOARD_TZ=America/New York
# Privatebin Variables
PRIVATEBIN_HOSTNAME=paste.mydomain.com
# Monero explorer variables
EXPLORER_HOSTNAME=explorer.mydomain.com
# Let's Encrypt Variables
[email protected]
Note that all hostnames used must already have DNS entries configured with your domain provider in order for certificate generation to function properly.
Edit the Nitter configuration file:
Nitter
hostname
, replaceTwitter
, and replaceYouTube
values with the relevant hostnamesSearXNG
sed -i "s|ReplaceWithARealKey\!|$(openssl rand -base64 33)|g" settings.yml .env
P2Pool
sudo sysctl vm.nr_hugepages=3072
sudo bash -c "echo vm.nr_hugepages=3072 >> /etc/sysctl.conf"
Note: If your VPS or Server does not have enough RAM you can reduce it by using 1168 instead of 3072
#Change to root domain if desired
to the root domain, otherwise keep the subdomain everywhere elsehttps://domain.tld/.well-known/matrix/*
to https://subdomain.domain.tld/.well-known/matrix/:splat
Start-up the services with Docker Compose:
docker-compose up -d
Currently Monero, P2Pool, Nitter, SearXNG, Invidious, Libretranslate, and Teddit get default Tor support, but I will likely expand that in the future. To list Onion services, simply run:
docker exec -ti tor onions
Automatic updates are provided by the Watchtower container that watches and updates base images of services when available. It will automatically search for, download, and migrate your services to updated images whenever available.
If you find yourself in need of viewing logs for a given service, simply run the following to tail all logs:
docker-compose logs --follow
To view the logs of a single service, run:
docker-compose logs --follow <service_name>
i.e.:
docker-compose logs --follow monerod
As this simply helps you get these services running, using each service is outside of the scope of this project. However, below are some links for getting started with each:
If you decide to run this and use these services, please don't forget to donate to those people making these services a reality!