Overview
This document covers the setup of my personal website after I made some major improvements to it in May 2025. My website consists of a blog, which is a GitHub pages website, as well as some self-hosted apps.
Requirements
- Easy setup and maintenance of website and applications.
- Flexible setup so that I can deploy custom applications if I want
- Allow exposing services over the internet securely
- Use valid HTTPS certificates for both public and internal applications.
Non-Goals
- Host email (too complicated)
- Add a ton of new apps to try (maybe later)
- Add search capabilities (maybe later)
- Add social media sites (maybe later)
- Single Sign On (maybe later)
Design
Summary
My website jonms.com currently consists of a GitHub pages website (blog.jonms.com) as well as a series of self-hosted apps on subdomains of jonms.com. The self-hosted apps are all apps running on an Asustor NAS (AS6508T) that sits in my living room. Some of my apps were installed from Asustor App Central, and some are creating via docker compose. I also run a Traefik reverse proxy, which gives me HTTPS on all my apps. Finally, I have a CloudFlare tunnel, which allows me to expose individual services to the public internet.
System Diagram
This diagram shows a user can access sites through the public internet via the Cloudflare tunnel, or directly if they are attached to the intranet. Not all services are available publicly due to security reasons.
graph LR user[🌐 User] intranet-user["🏠 User (over intranet)"] tunnel[CloudFlare Tunnel] traefik[Traefik Reverse Proxy] home["Homepage (home.jonms.com)"] asustor-portal["Asustor Portal (portal.jonms.com)"] gitea["Gitea (gitea.jonms.com)"] immich["Immich (photos.jonms.com)"] resilio["Resilio Sync (resilio.jonms.com)"] adguard["AdGuard (adguard.jonms.com)"] blog["Jon's Blog (GitHub pages)"] user-->tunnel intranet-user-->|*.jonms.com| traefik tunnel-->|*.jonms.com| traefik traefik-->home traefik-->asustor-portal traefik-->gitea traefik-->immich traefik-->resilio traefik-->adguard user-->|blog.jonms.com| blog
Design Choices
I had a few different overall solutions in mind when setting up my new site. This table summarizes a few self-hosting options.
| Solution | Description |
|---|---|
| Asustor NAS + Docker Compose | This is the greatest and simplest solution! Since I am deploying all
apps via docker, it is easy and supported to run them on Asustor.
Also, it gives easy access to the NAS for storage since I just have
to mount the /share/Docker/<app> directory to each
docker container. I also don't have to get or maintain additional
hardware for this. The only con is my Asustor NAS only has 8GiB of
memory, which may eventually cause issues. (Immich recommends 6 by
itself, and I'm already using 2GiB without Immich). |
| Yunohost Deployment | Yunohost is a great solution where you just click a button to install an app. It is an extremely simple way to host, even simpler than docker compose. However, I played around with this and found that some apps didn't work. So, I still need docker-compose for some apps. Also, this would require an additonal machine since Yunohost is installed on Debian machines, and can't be installed on top of Asustor. Adding another machine would complicate my setup. |
| Austor NAS + Proxmox with Proxmox VE Scripts | https://community-scripts.github.io/ProxmoxVE/ The only problem with this one is that it seems that not all apps are supported. For example, Immich is not in the list. Also, I would have to mount NAS shares onto the Proxmox VMs to store data back on the NAS, which is additional complexity. |
Hardware, Tools, Services
GitHub Pages - My personal blog (blog.jonms.com) is a GiHub pages website created with Hugo.
Dashboard app - home.jonms.com is an app launcher dashboard I created with plain html and css.
Asustor NAS - Base server that I deploy all other services on. This is essentially an off-the-shelve pre-made NAS hardware, where you just slide in some hard drives and you are ready to go.
Ansible - I use Ansible to copy docker-compose files to my NAS from a source directory on my dev laptop. The same source directory also contains some of the service config files.
Traefik Reverse Proxy - Reverse proxy. Traefik makes it easy for me to host each app on its own subdomain and get HTTPS certificates.
Gitea - Git server. I use this for my coding projects if they are private. Public repos go on GitHub. I also backup my Obsidian notes to this server so I have version history.
Adguard - service that blocks ads and unwanted websites at the DNS level. It also serves DNS to allow me to connect more directly to my services over the intranet.
Immich - Easy, self-hosted Google photos alternative. I store my pictures on this server.
Resilio Sync - Peer to peer file sync solution. It syncs files straight to a folder on all my devices. I use this to sync the working copy of my ~/Notes folder, where I have my Obsidian notes. It also syncs some of my other folders, like my ~/Documents folder.
Syncthing - Another file sync app. It is a bit redundant, but I use this to sync my .thunderbird config and a few other configs. Syncthing has version history enabled on my NAS, so I have backups of stuff I sync over with Syncthing.
Wallabag - Read Later app. When researching a subject, it allows you to browse, save a bunch of pages, then read or skim later when you have more time.
FreshRSS - My current RSS reader.
Appendix
Alternatives Considered
Homer for my self-hosted home page/app launcher. Homer seems good and light weight, but I had already created a plain html home page and didn’t feel like setting this up yet. The nice thing about Homer is that it easily allows multiple tabs, so I could put the admin services on a different page. It also has built-in search to make it easier to find apps.
Remote Access via Tailscale. Based on the Tailscale docs, it seems like WireGuard or CloudFlare tunnels is a fine choice:
We suspect that using WireGuard directly will be most appealing if you have a small, stable number of Linux servers whose connections you want to secure.
Forgejo - Git server. I think about using this over Gitea due to philosophy of having all open source. It seems like there is currently no advantage over Gitea though right now, but they are working on adding federation features. For now, I don’t feel like migrating over philosophical differences.
Future Work
Offsite Backups - Right now, my notes have geo-redundant backups since they are synced to my NAS, multiple computers, and my phone. However, most of the data, like my images, really does not have any backups. It would be good to setup offsite backups to Google Cloud Archive storage or similar for safety reasons. May 2025 pricing for Google Cloud Storage Archive is a mere $0.0015 per GB per month = $1.5 per TB per month. That is very cheap for peace of mind!
Monitoring - The monitoring I have right now tells me about CPU usage, memory usage, disk usage. It is from the built-in Asustor portal. However, it would be great if I could also get an email notification or similar if a site goes down.
More apps - There are a number of self-hosted apps that I would be interested in trying. For example, some of the self-hosted finance apps, or self-hosted AI apps. Some apps I am interested in are the Asustor Mail Server, Mattermost, Dokuwiki, Calibre web, Archive box, Jellyfin, Portainer.
VPN (WireGuard) - A VPN would give me access to all my internal sites remotely, even when I don’t want to expose them to the internet. This would be nice, but I don’t feel the need to do so very often so far.
SSO - Single sign on would simplify user management at the expense of being another app to setup and maintain. I didn’t set it up so far because I was worried that if it breaks, then I wouldn’t be able to sign in to anything. Also, I just didn’t feel like setting it up at the time. However, it is a nice to have.
Nextcloud - Currently, I use Microsoft OneDrive and Microsoft Office. Therefore, I don’t need Nextcloud. Eventually, I would like to also own my office documents and use Nextcloud.
Fediverse social media such as Mastadon.
Matrix server.
Easy Hosting Providers
- https://etke.cc/ - “We help you host your own Matrix chat server.”
- Pika Pods - Click a couple buttons to deploy self-hosted apps in the cloud.
- Yunohost - YunoHost: garden your own piece of the Internet!
- Ansible NAS - Easily build a homelab or NAS replacement with an Ubuntu server and some basic hardware.
- Asustor App Central
- True NAS Scale Apps
Self-Hosting Resources
- Ansible Documentation: https://docs.ansible.com/
- Docker Compose Documentation: https://docs.docker.com/compose/
- ForgeJo documentation: https://forgejo.org/docs/latest/
- https://github.com/awesome-selfhosted/awesome-selfhosted
- https://github.com/mikeroyal/Self-Hosting-Guide
- https://github.com/Lissy93/awesome-privacy
- https://github.com/DaveStephens/ansible-nas
- https://github.com/awesome-selfhosted/awesome-selfhosted?tab=readme-ov-file#self-hosting-solutions
- https://github.com/borjapazr/mars-server/tree/main/services
- Scripts to make deploying services on Proxmox very easy: https://community-scripts.github.io/ProxmoxVE/scripts
- Resources for setting up home pages:
- https://iconduck.com/ - Has many icons that can be downloaded.
- https://selfh.st/icons/ - Has multiple formats of app logos for many apps.
- https://selfh.st/apps/ - List of apps that might be interesting for self-hosting.