Building a home data center involves many applications. This article takes my home environment as an example and sorts out the applications that need to be used for your reference.

Personal blog

My home data center application is published on a group website based on my personal blog. I chose WordPress for my personal blog. WordPress currently has the highest market share among CMSs. It supports a wide range of plug-in extensions and has a large number of online tutorials, making it suitable for beginners. This article is published on WordPress.

See the article:Docker series uses Docker to set up a blog slave site based on WordPress and implement regular backup of master-slave site configuration.

web server

Many applications on Github are provided as source code and require a web server for deployment. For my web server, I chose nginx (deploying nginx via Docker, manually compiling and installing, or using the Linux panel is up to your preference). The main reason for this choice is that I use nginx for reverse proxy, and it's very user-friendly. Furthermore, nginx supports extended features like Layer 4 reverse proxy, load balancing, and can be used as a Kubernetes ingress. Who knows if I'll need it in the future? Having support is always good.

See the article:Docker series single container nginx, single container php (one version) multi-site sharing,Linux panel series based on Baota panel to deploy V free of charge in source codeas well asDocker series uses Docker to build a graphical nginx based on nginx Web UI.

php

Depending on application requirements, different versions of php-fpm can be provided using docker.

See the article:Docker series single container nginx, single container php (one version) multi-site sharing.

cache

The Redis used is mainly based on the needs of the application. At present, it seems that many applications rely on Redis for acceleration (WordPress, NextCloud, Cryptgeon, OnlyOffice, JumpServer, etc.).

Image hosting

There are actually many options for image hosting services. Numerous online providers offer image hosting services, and even COS services from various cloud providers can be used as image hosting services. However, for someone like me with a dual-stack IPv4 and IPv6 home broadband, building my own image hosting service is the most cost-effective and effective solution. So, I chose the free version of Chevereto, an open-source image hosting service. I haven't tried other image hosting services yet, but for now, Chevereto's free version is sufficient for my needs.

See the article:Docker series uses Docker to build your own image bed based on Chevereto.

---

In addition: One of the major principles I follow when building a home data center is to control costs to the minimum: as long as the needs are met, I will never pay if I can; if I have to pay (for filing, CDN to solve the 443 port problem, etc.), I will pay the minimum and never pay a cent more.

So, the main premise for my app selection is either completely free, or, even if there's a paid version (whether ranked first or last overall), the free version's functionality meets my needs. So, my choices aren't necessarily the best overall; they're just the ones that meet my needs within a reasonable price range. Therefore, for those with high demands, don't completely follow my approach; after all, it's just a budget-friendly solution.

---

Burn after reading

Because some sent files or messages have specific security requirements, they require a defined validity period or number of accesses (a single access means they will self-destruct after reading). There are many options for this requirement, but some more complex ones require a database. My requirements weren't that complex, so I ultimately chose the simple Cryptgeon. Its content can only be stored in memory and is lost after a reboot. It doesn't support authentication and doesn't require a database, just Redis. It supports setting the validity period and number of accesses for access links, as well as supporting small file uploads. In short, it's simple, with simple setup requirements and simple functionality.

For detailed deployment, please refer to my other article:Docker series: Use Docker to build your own self-destructing application based on cryptgeon.

Personal cloud storage

I didn't really have much choice when it came to personal cloud storage, so I just used NextCloud. Seafile also has a community version, but honestly, it's not on the same level as NextCloud. I started using the community version of Seafile. I haven't used the enterprise version, so I won't comment on it. But after using NextCloud, I realized that cloud storage is more than just a cloud storage. Putting aside various plug-ins, it also provides online document editing capabilities with OnlyOffice, supporting various formats. See the article:Docker series uses Docker to build your own personal network disk based on nextcloud (make up homework)andDocker series deploys onlyoffice container for nextcloud

Turn nextcloud into a music player through plug-ins;

It offers full-text content retrieval alongside Elasticsearch... and a comprehensive range of clients for various platforms. So, I'd say there's really no real choice when it comes to personal cloud storage. However, a key issue with setting up a personal cloud storage system is bandwidth. If you frequently transfer large files, the limited bandwidth of your cloud server will definitely not be enough. Therefore, it's best to use a home broadband connection with a public IP address and high uplink bandwidth.

Visual Docker management

When it comes to visual Docker management tools, there's Docker Desktop for Mac on macOS and Docker Desktop for Win on Windows. On Linux, you can choose between Portainer and Docker UI. I use Portainer. Compared to Docker Desktop, Portainer offers more detailed features (for example, you can modify environment parameters directly in the corresponding container on the web interface and then regenerate the container). For more information, see the article:Docker series builds a graphical Docker management interface based on portainer.

In addition, some Linux panels also come with a simple docker graphical management interface, such as the Baota Linux panel

Apple Push Notification Service

Because I'm basically a full-on Apple user, the perfect messaging solution for me is bark-server. My own bark-server can run in my home data center or on a cloud server. By installing the bark client on iOS, PadOS, or macOS, I can receive real-time messaging push notifications, which is incredibly convenient.

See the article:Docker series builds a message push server based on bark server

Application health check

My application health check mainly relies on uptime-kuma, which is deployed in two locations: the uptime at home is used to detect applications deployed on Tencent's lightweight server and the overseas access domain name corresponding to my personal blog, which is accelerated by CloudFlare; the uptime on the Tencent Cloud server is used to detect the health of the source station of the home data center and the applications deployed on Tencent CDN.

See the article:Docker series builds a real-time health monitoring and alarm system for applications based on uptime and bark.

Website traffic monitoring

I use umami to implement the traffic monitoring part, and the functional part is as follows:

It doesn’t have many functions, but it is compact and capable, which is good for a personal site. For specific construction reference articles:Docker series builds a website traffic monitoring system based on umami.

database

The deployment of many applications requires database support. Since MySQL was acquired by Oracle, the open source mariaDB has become the strongest alternative to MySQL (the default software library of Debian11 has replaced MySQL with mariaDB. When I built the Trinitycore 3.3.5 version of the World of Warcraft server, mariaDB had compatibility issues with the 22061 server at the time, which screwed me over badly. In the end, I had to hard-install MySQL to solve it). Therefore, I also used mariaDB (docker deployment) and adopted a single database to support multiple applications. Because of this, when the application I build requires database support, I will not use docker-compose to deploy it (unless there is no other way). For the construction of the mariaDB database, please refer to the article:Docker series uses Docker to set up a blog slave site based on WordPress and implement regular backup of master-slave site configuration.
In addition, you need to build a postgreSQL database as a supplement, some applications use this database. Reference articles for building a postgreSQL database:Docker series builds a private video sharing platform based on peertube (Part 1)
.

Long chain to short chain tool

Actually, converting long links to short links is not necessary, and it can be used just as well without it. However, sometimes when I need to quote a link on my blog or share a link with others, seeing a long string of garbled text is really uncool, so I ended up making one myself. There are many such tools, and after comparing them, I finally chose shlink.

See the article:Docker series builds a long-chain to short-chain tool based on shlink.

Object Storage (COS)

I originally wanted to use Tencent Cloud's COS, which is not too expensive. But after looking at the fee structure and thinking that if I play a lot of videos in the future, it would cost a lot of money, I finally decided to build one myself.

There is not much room for choice here, so I used the open source minio, which has relatively simple functions and a relatively crude sharing method, but it can basically meet my requirements.

See the article:Docker series builds a private COS platform based on minio/technology/docker632/.

Personal video library

Managing and distributing hundreds of terabytes of resources is an unavoidable challenge for me. Without a good solution, not only would it be inconvenient to watch them, but even keeping count of the number of resources (movies, TV series, cartoons, etc.) would be difficult. The best solutions for this are Emby and Plex, and I ultimately chose Emby. (Jellyfin is the open-source version of Emby, so if you're not willing to spend money, this is your only option.)

See the article:Why did I choose emby instead of plex?.

Linux Panel

I also used 1panel for a while, but in the end I chose Baota Linux Panel.

See the article:Linux Panel Series Pagoda Panel Introduction.

Virtual Networking

There are many virtual networking options, with various paid options, but that's definitely not my choice. The best virtual networking technology right now is based on Wireguard, allowing you to directly set up the server side. However, configuration is relatively complex and requires a basic understanding of Linux. I recommend another Wireguard-based solution: Tailscale. This solution is open source on the client side, but closed on the server side. Its biggest advantage is that it handles the tedious server setup process for you, requiring you to register and log in to each client. Tailscale also offers numerous features, including DNS resolution and security (seamlessly integrated with NextDNS), file transfer (the most efficient way to share files between Tailscale clients, regardless of network limitations), node sharing between different Tailscale accounts, and more. It supports multiple platforms (Windows, Linux, and macOS), and also offers dedicated NAS clients (Synology and QNAP).

Virtual networking is a very important component of home data center solutions, whether it is setting up a source station on a home broadband without a public IP, remote operation and maintenance, or using the magic of home cloud hosting (see article:A powerful local proxy tool from the Qiji series: proxychains), sharing home resources with other friends, etc., all rely on the support of virtual networking technology.

The disadvantage is that there is no official relay server in China, but you can set up your own. See the article:Debian series build tailscale DERP server (relay server).

WAF

All applications released to the public in a home data center require basic security protection. Since these applications are typically published via HTTP(S), a Web Application Firewall (WAF) is essential. While there aren't many free WAFs to choose from, there's a surprising surprise: the community edition of Changting Leichi.

Honestly, the free version is quite impressive. I searched GitHub for a free version with a GUI and found httpwaf. However, I discovered that httpwaf only supports one site by default, forcing me to manually configure the underlying configuration to support multiple sites. Now with the Changting Leichi Community Edition, I can finally breathe a sigh of relief.

The only limitation is that the community edition can only be deployed as a reverse proxy, but this doesn't affect me much.

Load Balancing

In my home data center solution, load balancing isn't a must-have component. After all, it's generally not possible to deploy multiple instances of an application. However, since I have two environments, I decided to include a load balancing component. Generally speaking, HAProxy and Nginx are both good choices, but for someone like me with obsessive-compulsive disorder, not having a good GUI is unacceptable. After searching for open source load balancing options, I finally found the community version of Zevenet:

Although the community edition only supports LSLB (local server load balancing), it is enough for me. However, I have to complain that although the language option supports Chinese, the translation is really hard to describe. I think it is better to use the English version directly.

So I found nginxWebUI, which is much lighter and simpler:

Then set it in the reverse proxy menu:

Which one you choose depends on your preference.

Use nginx Web UI to build load balancing, see the article:Docker series uses Docker to build a graphical nginx based on nginx Web UI.

Remote Operation and Maintenance

There are two main types of remote operation and maintenance options.

One is to use a bastion host. There are many open source bastion host solutions. After looking around, it seems that the most comprehensive and comprehensive one is jumpserver, but it is more enterprise-oriented and many features are not needed for personal use. The lightweight and simple one is next terminal, which is more suitable for personal use (see article:Docker series builds an open source bastion machine based on next-terminalThe advantage of this method is that it has no requirements for the client. As long as you can log in to the bastion host through the network, it will be fine. An Internet cafe host will also be fine. In fact, for individual users, the simplest way to implement a bastion host is to find an internal network device that is always online (a virtual machine with a Windows system is best), configure SSH access for all devices in advance using SSH client software, and then bookmark the URLs of all web login devices through the browser. Finally, you only need to enable remote desktop access to this Windows device. This can be regarded as the simplest prototype of a bastion host.

The second is to support virtual networking (see:Application of virtual networking technology in home data center series) and pre-configured dedicated clients, such as mobile phones, tablets, and laptops. At this point, a professional SSH client software (such as Termius) and a browser can achieve direct access to all devices in the virtual network from any location (I'm currently trying to use an iPad mini6 as the center for remote operation and maintenance. With a foldable keyboard, I don't need to bring my MacBook when I go out, which is really a great tool for showing off).

Mail Server

The mail server is built using poste, which supports webmail, sending and receiving mails using mail clients, and docker deployment. It does not consume much resources and is suitable for personal use in terms of functionality (see article:Docker series builds a mail server based on poste.io)).

The above are the key applications I am currently involved in when building a home data center. I will add to them as needed in the future.

However, I later found that setting up a mail server on my own was a thankless task, so I switched to using the electronic routing function provided by CloudFlare. If I only use it to receive emails, it is much easier than setting up my own mail server. See the article:Home Data Center Series Use Cloudflare to create a small mailbox with your own domain suffix.

DNS server

The DNS server is implemented through bind on webmin. In fact, you can also install bind directly, but because of my obsession with GUI, I chose to implement it through webmin, but the use is the same (see article:Docker series builds a DNS server based on bind9).

In addition, if it is only used as a DNS forwarder for the intranet, ADguard home is more suitable, and it also provides functions such as advertisement filtering (see article:Docker series uses Docker to build its own ad-free, pollution-free and DOH (DOT)-supported DNS server based on ADguard home).

Reverse Proxy

Reverse proxy is a very important unified and unique entry point for publishing home data center applications. There are many ways to implement it: nginx with various panels, such as Baota Panel, 1panel Panel, and npm. I use Baota Linux Panel to implement reverse proxy, but other methods can also be used, such as NPM and nginxWebUI. For details, please refer to the article:Linux panel series configure reverse proxy and use non-443 port for publishingandDocker series uses Docker to build its own reverse proxy based on NPMas well asDocker series uses Docker to build a graphical nginx based on nginx Web UI.

Video sharing platform

If you want to host your videos on major platforms, such as Bilibili, Douyin, Youku, or even YouTube, you have to pay for it, and there are also issues with content review. So, for example, you can build your own YouTube-like video platform and then quote the videos on your own video platform on your blog. That's peertube. For the specific construction process, see:Docker series builds a private video sharing platform based on peertube (Part 1).

Lightweight file sharing platform

If you simply want to share small files, object storage is inefficient and inconvenient. In this case, you can use pingvin-share. In addition to being easy to set up and having a simple file storage structure, the embedded database also reduces the trouble of initialization. Most importantly, you can share the entire directory with just one link, and you can update the files in the directory at any time without regenerating the sharing link. Its "reverse sharing" function allows others to upload files through a link, which is also very effective in some situations. For specific setup and usage results, see:Docker series uses Docker to deploy a lightweight file sharing platform based on pingvin-share.

One-stop SSL certificate management

As the number of SSL certificates I use and the number of locations I deploy them in increases, reducing management and maintenance costs becomes a challenge: I use Let's Encrypt certificates for multiple accelerated domains on Tencent Cloud's CDN. I also deploy multiple sites on the Baota panel at home and on Tencent Cloud's lightweight cloud servers, also using Let's Encrypt certificates (for multiple primary domains). OHTTPS, a one-stop solution, can successfully address the automatic renewal and one-stop management of SSL certificates deployed across multiple sites and locations. For detailed usage instructions, please see:Home Data Center Series SSL Certificate One-Stop Management Tool OHTTPS Usage Tutorial.

Centralized operation and maintenance platform

While uptime-kuma can provide simple application health checks and external detection-based failure notifications, we often need a centralized platform to uniformly monitor the real-time resource consumption of all hosts and applications, as well as the health of some applications that cannot be checked through external detection (such as applications on 127.0.0.1). Therefore, we need a centralized operations and maintenance interface that supports agent-server deployment, and wgcloud meets our needs.

For specific construction and use, see:Home Data Center Series Deploy Your Own Operation and Maintenance Monitoring System Through wgcloud (Part 1): ConstructionandHome data center series deploys its own operation and maintenance monitoring system through wgcloud (Part 2): Functional part.