Containers

Best Docker Containers for Home Server in 2024

Learn about the best Docker containers for home server in 2024. Easily spin up new applications and manage containers with Docker Compose.

Brandon LeeMarch 26, 2024Last Updated: August 24, 2024

12 minutes read

Best docker containers for home server in 2024

There are so many great containerized solutions and container images out there freely available for running applications and services in a virtualization environment. Using a simple Docker Compose file, you can quickly and easily spin up new applications in your home lab and manage containers, even in multiples, using Docker Compose code. Also, you can use Traefik or Nginx Proxy Manager to manage all SSL certificates to your services automatically in your containerization environment. Let’s look at the best Docker containers for home server in 2024 and example code for spinning up the containers.

Prerequisites
Best Docker Containers for Home Server – General
Best Docker Containers – Security
Best DevOps Containers
Best DevOps Monitoring containers
Wrapping up

Prerequisites

Install Docker on your Docker container host or LXC containers
Install Docker Compose
Have a user with sudo permissions and in the Docker group
Have access to create files and folders on your Docker host

Let’s look at the best Docker containers for home server and the Docker Compose files needed to spin up the solutions for the feel of a serverless solution for your self-hosted apps.

Best Docker Containers for Home Server – General

Below are general containers that you can run in your home lab or home server environment and make up some of the best Docker containers for home server in 2024 (IMHO).

Learn more about Kasm Workspaces here: Kasm Workspaces | The Container Streaming Platform (kasmweb.com)

1. Kasm Workspaces

Kasm Workspaces is one of the coolest Docker container solutions I have stumbled on this year. It provides a browser-based platform that allows secure and convenient access to applications and full Linux desktops running inside a Docker container.

Provisioning Kasm with Docker Compose is straightforward. However, we do this, not with Docker Compose code, but by pulling down an install script we run from the Bash prompt.

You run the following Linux shell script from the command line:

cd /tmp

curl -O https://kasm-static-content.s3.amazonaws.com/kasm_release_1.15.0.06fdc8.tar.gz

tar -xf kasm_release_1.15.0.06fdc8.tar.gz
sudo bash kasm_release/install.sh

Read my full write up on how to install and configure Kasm in your home network:

Kasm Workspaces Install: 5 Steps to Run your Linux Desktop inside a Docker container

2. Plex

Plex is arguably the most popular solution for self-hosting streaming your media. It allows you to transform your server into a powerful entertainment server. Docker Compose makes the Plex installation script easy without complex commands.

Learn more about Plex here: Stream Movies & TV Shows | Plex

version: '3'
services:
  plex:
    image: plexinc/pms-docker:latest
    ports:
      - "32400:32400"
    volumes:
      - /path/to/plex/database:/config
      - /path/to/media:/data

3. Jellyfin

Jellyfin is another open-source alternative for media management and streaming. It enables you to have complete control over your digital media library. Docker Compose allows you to easily deploy Jellyfin.

Learn more about Jellyfin here: The Free Software Media System | Jellyfin

version: '3'
services:
  jellyfin:
    image: jellyfin/jellyfin
    ports:
      - "8096:8096"
    volumes:
      - /path/to/config:/config
      - /path/to/cache:/cache
      - /path/to/media:/media

4. Emby

Emby is another media solution that makes organizing your content and streaming across multiple devices easy. Docker Compose streamlines Emby’s setup.

Learn more about Emby here: Emby – The open media solution

version: "2.3"
services:
  emby:
    image: emby/embyserver
    container_name: embyserver
    runtime: nvidia # Expose NVIDIA GPUs
    network_mode: host # Enable DLNA and Wake-on-Lan
    environment:
      - UID=1000 # The UID to run emby as (default: 2)
      - GID=100 # The GID to run emby as (default 2)
      - GIDLIST=100 # A comma-separated list of additional GIDs to run emby as (default: 2)
    volumes:
      - /path/to/programdata:/config # Configuration directory
      - /path/to/tvshows:/mnt/share1 # Media directory
      - /path/to/movies:/mnt/share2 # Media directory
    ports:
      - 8096:8096 # HTTP port
      - 8920:8920 # HTTPS port
    devices:
      - /dev/dri:/dev/dri # VAAPI/NVDEC/NVENC render nodes
      - /dev/vchiq:/dev/vchiq # MMAL/OMX on Raspberry Pi
    restart: on-failure

5. Nextcloud

For those who want to self-host their file storage solution, Nextcloud is one of the best-known self-hosted cloud file storage solutions. It mirrors cloud functionalities with better privacy and enhanced security. Docker Compose allows you to spin up your Nextcloud server experience easily.

Learn more about Nextcloud here: Nextcloud – Open source content collaboration platform

version: '2'

volumes:
  nextcloud:
  db:

services:
  db:
    image: mariadb:10.6
    restart: always
    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
    volumes:
      - db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=
      - MYSQL_PASSWORD=
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud

  app:
    image: nextcloud
    restart: always
    ports:
      - 8080:80
    links:
      - db
    volumes:
      - nextcloud:/var/www/html
    environment:
      - MYSQL_PASSWORD=
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=db

6. Pi-Hole

Pi-Hole is arguably one of the most well-known and popular ad-blocking solutions out there at least that I have seen. It does what it does by using network-wide adblocking by way of DNS sinkholing. So you point your client to Pi-Hole and it will block DNS lookups to ad networks, malicious sites, etc. It allows you to easily install Pi-Hole, point your DHCP server to the IP of your Pi-Hole server.

Learn more about Pi-Hole here: Pi-hole – Network-wide Ad Blocking.

version: "3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "80:80/tcp"
    environment:
      TZ: 'America/Chicago'
      # WEBPASSWORD: 'set a secure password here or it will be random'
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
    restart: always

7. Home Assistant

Home Assistant is the home automation solution that you need to check out if you are interested in one that is popular, supported, and has many of the standard features that you would look for with home automation soltuions. It allows you to manage all of your smart devices and IoT devices in one interface.

Learn more about Home Assistant here: Home Assistant (home-assistant.io)

version: '3'
services:
  home-assistant:
    container_name: homeassistant
    image: homeassistant/home-assistant:stable
    volumes:
      - /PATH_TO_YOUR_CONFIG:/config
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped
    network_mode: host

8. Bitwarden

Bitwarden is an open-source password manager. It lets you to have a secure location to store your usernames and passwords for web-based logins. Docker Compose makes it easy to install Bitwarden and this helps in securing your passwords with ease on your own server.

Learn more about Bitwarden here: The password manager trusted by millions | Bitwarden.

version: '3'
services:
  bitwarden:
    image: bitwardenrs/server:latest
    volumes:
      - /path/to/bitwarden/data:/data
    ports:
      - "80:80"
      - "443:443"
    restart: always

This Docker Compose snippet sets up Bitwarden on your home server, providing a secure environment for managing passwords across your devices.

9. Ghost

Ghost is a blogging platform designed for professional publishing and is gaining popularity in the way you can use it to publish content using Git versioning. Docker Compose enables you to host your own instance of Ghost, and gives you control over your content and presentation.

Learn more about Ghost here: Ghost: Independent technology for modern publishing.

version: '3.1'
services:
  ghost:
    image: ghost:latest
    ports:
      - "2368:2368"
    volumes:
      - /path/to/ghost/data:/var/lib/ghost/content
    environment:
      url: http://your-website-url.com

10. Gitea

Gitea is an easy-to-install Git service. It is perfect for self-hosted software development. With Docker Compose, Gitea enables streamlined version control and collaboration.

Learn more about Gitea here: Gitea Official Website.

version: "3"

networks:
  gitea:
    external: false

services:
  server:
    image: gitea/gitea:1.20.5
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
    restart: always
    networks:
      - gitea
    volumes:
      - ./gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "222:22"

11. Dashy

Dashy is a customizable home lab dashboard solution and provides a homepage for your server, whether this is a single server or multiple servers across your lab. You can use it for organizing your web apps and services in one place. Note the following Docker compose code for standing up Dashy.

Learn more about Dashy here: Dashy | Dashy.

version: "3.8"
services:
  dashy:
    # To build from source, replace 'image: lissy93/dashy' with 'build: .'
    # build: .
    image: lissy93/dashy
    container_name: Dashy
    # Pass in your config file below, by specifying the path on your host machine
    # volumes:
      # - /root/my-config.yml:/app/public/conf.yml
    ports:
      - 4000:80
    # Set any environmental variables
    environment:
      - NODE_ENV=production
    # Specify your user ID and group ID. You can find this by running `id -u` and `id -g`
    #  - UID=1000
    #  - GID=1000
    # Specify restart policy
    restart: unless-stopped
    # Configure healthchecks
    healthcheck:
      test: ['CMD', 'node', '/app/services/healthcheck']
      interval: 1m30s
      timeout: 10s
      retries: 3
      start_period: 40s

12. Uptime Kuma

Uptime Kuma is quickly gaining popularity for self-hosted monitoring, especially for web servers. You can stand up Uptime Kuma and have it monitor your dockerized services and apps via Docker compose.

Learn more about Uptime Kuma here: GitHub – louislam/uptime-kuma: A fancy self-hosted monitoring tool.

version: '3.8'

services:
  uptime-kuma:
    image: louislam/uptime-kuma:1
    container_name: uptime-kuma
    volumes:
      - uptime-kuma:/app/data
    ports:
      - "3001:3001"  # <Host Port>:<Container Port>
    restart: always

volumes:
  uptime-kuma:

13. Mailrise

I have totally replaced my SMTP solution and configuration using public SMTP servers like Gmail, with Mailrise. Using Mailrise, you can have a solution that is a drop in replacement for your SMTP server and it allows legacy devices that only have SMTP as their notification capability to use modern push notification APIs for sending messages.

Learn more about Mailrise here: GitHub – YoRyan/mailrise: An SMTP gateway for Apprise notifications..

version: '3'
services:
  mailrise:
    image: yoryan/mailrise
    ports:
      - "8025:8025"
    volumes:
      - ~/mailrise/etc/mailrise.conf:/etc/mailrise.conf

14. Adguard

Adguard Home is another solution like Pi-Hole. It also lets you have a DNS sinkhole solution to block network ads, malware, phishing, ransomware, and it helps to protect your privacy by blocking trackers, even with default settings.

Learn more about Adguard here: AdGuard Home | Network-wide software for any OS: Windows, macOS, Linux.

version: '3'
services:
  adguardhome:
    image: adguard/adguardhome
    container_name: adguardhome
    ports:
      - 53:53/tcp
      - 53:53/udp
      - 784:784/udp
      - 853:853/tcp
      - 3000:3000/tcp
      - 80:80/tcp
      - 443:443/tcp
    volumes:
      - ./workdir:/opt/adguardhome/work
      - ./confdir:/opt/adguardhome/conf
    restart: unless-stopped

      config:
        - subnet: 172.19.0.0/16

15. FreshRSS

FreshRSS is one of the best RSS aggregator containers I have used. I have tried other solutions, but I always come back to FreshRSS. If you want to combine many different RSS feeds and have an easy way to view these, FreshRSS is one of the best you can self-host.

Learn more about FreeRSS here: FreshRSS, a free, self-hostable feeds aggregator.

version: "2.1"
services:
freshrss:
image: lscr.io/linuxserver/freshrss:latest
container_name: freshrss
environment:
- PUID=1000
- PGID=1000
- TZ: America/Chicago
- CRON_MIN: '3,33'
volumes:
- /path/to/data:/config
ports:
- 80:80
restart: always

Best Docker Containers – Security

Below are some of the best Docker containers for security focused tasks, such as general Docker security, lining, and vulnerability scanning.

1. SonarQube

SonarQube stands as a beacon for code quality, offering detailed insights and identifying vulnerabilities within your codebase. Docker Compose enables a straightforward setup, embedding this crucial tool into your development pipeline.

Learn more about Sonarqube here: Code Quality, Security & Static Analysis Tool with SonarQube | Sonar (sonarsource.com).

version: '3'
services:
  sonarqube:
    image: sonarqube:latest
    ports:
      - "9000:9000"  # SonarQube web interface
    volumes:
      - sonarqube_data:/var/sonarqube/data  # Persistent storage for SonarQube data
volumes:
  sonarqube_data: {}

2. Sysdig Secure

Sysdig Secure provides security scanning, compliance checks, and runtime defense mechanisms. We can use Docker Compose to use Sysdig to secure the infrastructure against threats. It is a paid solution as well.

Learn more about Sysdig here: Sysdig | Security for Containers, Kubernetes, and Cloud.

3. Falco

Falco is a cloud-native security tool that continuously monitors system calls with containers. If it sees activity that is out of the ordinary that could be malware or other threats, it can identify and remediate the attacks before they progress.

Learn more about Falco here: Falco.

docker run --rm -i -t \
--privileged \
-v /var/run/docker.sock:/host/var/run/docker.sock \
-v /dev:/host/dev \
-v /proc:/host/proc:ro \
-v /boot:/host/boot:ro \
-v /lib/modules:/host/lib/modules:ro \
-v /usr:/host/usr:ro \
-v /etc:/host/etc:ro \
falcosecurity/falco:latest

4. Hadolint

Hadolint is a Dockerfile linter that helps enforce best practices in Dockerfiles. For developers aiming to optimize their Docker container images, it is a must-have linting tool.

Learn more about Hadolint here: Releases · hadolint/hadolint (github.com).

docker run --rm -i hadolint/hadolint < Dockerfile
# OR
docker run --rm -i ghcr.io/hadolint/hadolint < Dockerfile

5. Trivy

Trivy scans for vulnerabilities in your container images. It can give you detailed reports and integration into your CI/CD pipeline. It protects your container images from known vulnerabilities in packages.

Learn more about Trivy here: Trivy Home – Trivy.

version: '3'
services:
trivy-scanner:
image: aquasec/trivy:0.49.1
command: ["trivy", "image", "<your-image-name>"] # Replace with the image you want to scan

Best DevOps Containers

If you are getting into DevOps and wanting to use your home lab as a playground for learning more DevOps skills, the following are the best DevOps containers you need to know about for learning things like git and CI/CD.

1. GitLab

GitLab is one of the best self-hosted git repositories I think you can host in your home lab. To me, it is intuitive and has tons of features. You can run the enterprise edition totally free also. It includes a container registry you can turn on as well as CI/CD features and capabilities to run your own pipelines.

Learn more about Gitlab here: The most-comprehensive AI-powered DevSecOps platform | GitLab.

gitlab:
    image: gitlab/gitlab-ee:latest
    hostname: 'gitlab.mydomain.com'
    restart: always
    volumes:
      - '~/homelabservices/gitlab/data:/var/opt/gitlab'
      - '~/homelabservices/gitlab/config:/etc/gitlab'
      - '~/homelabservices/gitlab/logs:/var/log/gitlab'

    container_name: gitlab

2. Jenkins

Jenkins is one of the best known code automation platforms. It has been around the longest and has a large base of users and community members. While it is long in the tooth, it is still the standard that many go by for DevOps and CI/CD.

Learn more about Jenkins here: Jenkins.

version: '3.8'
services:
  jenkins-master:
    image: jenkins/jenkins:lts
    container_name: jenkins-master
    user: "1001" 
    environment: 
      - PUID=1001 
      - PGID=1001
    ports:
      - "8080:8080"
      - "50000:50000"
    volumes:
      - ~/homelabservices/jenkins/jenkins-data:/var/jenkins_home
      - /var/run/docker.sock:/var/run/docker.sock
    restart: always

3. Traefik

Traefik is the de facto standard as a reverse proxy for Docker or Kubernetes clusters (orchestration, more scalability, high availability architecture). With it, you can route traffic from the outside to a specific container that exists internally and it can also terminate SSL connections in a web browser. Using Let’s Encrypt, you can automate the process of provisioning and renewing certificates.

Learn more about Traefik here: Traefik, The Cloud Native Application Proxy | Traefik Labs.

version: '3.3'

services:
  traefik2:
    image: traefik:latest
    restart: always
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
    ports:
      - 80:80
      - 443:443
    networks:
      traefik:
        ipv4_address: 172.19.0.10
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    container_name: traefik

4. HashiCorp Vault

Hashicorp Vault is a trusted solution from Hashicorp for storing your secrets. You can use it to securely store secrets, dynamically create secrets, and create policies to define how devices and users can connect to obtain secrets in the environment.

Learn more about Hashicorp Vault here: HashiCorp Vault – Manage Secrets & Protect Sensitive Data.

version: '3.6'
services:

  vault:
    image: vault:latest
    container_name: vault
    restart: on-failure:10
    ports:
      - "8201:8201"
    environment:
      VAULT_ADDR: 'https://0.0.0.0:8201'
    cap_add:
      - IPC_LOCK
    volumes:
      - vault-volume:/data
    healthcheck:
      retries: 5
    command: ./workflow-vault.sh
    networks:
      - my network

version: ‘3’ services: vault: image: vault:latest cap_add: – IPC_LOCK ports: – “8200:8200” volumes: – vault_data

5. ArgoCD

ArgoCD automates application deployment in Kubernetes clusters. If you want to align with the principles of GitOps, it simplifies application lifecycle management and ensures that your deployments match the configurations stored in Git. Docker Compose can deploy ArgoCD.

Learn more about ArgoCD here: Argo CD | Argo (argoproj.github.io).

version: '2'

services:
  argo-cd:
    image: docker.io/bitnami/argo-cd:2

Best DevOps Monitoring containers

Monitoring your containers is part of best practices in container management. Let’s consider the best DevOps monitoring containers.

1. Prometheus

Prometheus allows collecting metrics from configured targets at certain intervals. Gathering metrics from microservices is essential. Note below how you can easily stand up Prometheus using Docker Compose.

Learn more about Prometheus here: Prometheus – Monitoring system & time series database.

version: '3'
services:
  prometheus:
    image: prom/prometheus:v2.22.0
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml
    ports:
      - "9090:9090"

2. Grafana

Grafana allows visualizing metrics you are collecting with Prometheus in a very visual way with dashboards and visual query builder/analyzer.

Learn more about Grafana here: Grafana: The open observability platform | Grafana Labs.

version: '3'
services:
  grafana:
    image: grafana/grafana:latest
    volumes:
      - grafana_data:/var/lib/grafana
    environment:
      - GF_SECURITY_ADMIN_PASSWORD=secret
    ports:
      - "3000:3000"
volumes:
  grafana_data:

3. Nagios Core

Nagios Core has been around for a long while and allows you to monitor performance of network services, host resources, and servers, providing alerts for failures. Docker Compose can be used to deploy Nagios Core, as seen below:

Learn more about Nagios here: Nagios Open Source | Nagios Open Source.

version: '3'
services:
  nagios:
    image: jasonrivers/nagios:latest
    volumes:
      - /path/to/nagios/etc:/opt/nagios/etc
      - /path/to/nagios/var:/opt/nagios/var
    ports:
      - "8080:80"

4. InfluxDB

InfluxDB is a time series database for high write and query loads. It is an ideal storage solution for time series data. I have used it for monitoring many things in the home lab, including my Proxmox hosts.

Learn more about Influxdb here: InfluxDB Time Series Data Platform | InfluxData.

version: '3'
services:
  influxdb:
    image: influxdb:latest
    volumes:
      - influxdb_data:/var/lib/influxdb2
    ports:
      - "8086:8086"
volumes:
  influxdb_data:

5. Telegraf

Telegraf is an agent for collecting, processing, aggregating, and writing metrics. You can use it with InfluxDB and Grafana as part of the TICK monitoring stack. Docker Compose simplifies Telegraf’s integration into your monitoring setup.

Learn more about Telegraf here: Telegraf | InfluxData.

version: '3'
services:
  telegraf:
    image: telegraf:latest
    volumes:
      - /path/to/telegraf.conf:/etc/telegraf/telegraf.conf:ro

Wrapping up

These are a few of the best Docker containers in 2024 and show the wide range of capabilities you can have with Docker containers running apps on your home server. Keep in mind, everyone’s focus will be different on their home server and may host many different containers outside of the ones we have highlighted. Most of these solutions have really good documentation on their code repository that can help get up and running and take advantage of the solutions quickly. Let me know in the comments what Docker containers you are running.