I built a thing: Homelab in a Box
I saw a post by a buddy of mine, the Conspicuous Technologist about how he was building a homelab, so I went to take a look at his repo, and it reminded me of a pain point I’ve experienced a number of times in my self-hosting journey.
Every time I stand up a new self-hosted service, I end up re-solving the same three problems: how does it get a hostname, how does it get HTTPS, and how do I keep the internet from wandering into it. So I finally packaged the answer into a project: Homelab in a Box — a Docker Compose starter kit that gets you from a bare machine to a fully operational home lab in minutes.
The short version: it’s an opinionated stack of the plumbing you always need, plus a menu of the apps you might want, all pre-wired to talk to each other. Clone it, set a few environment variables, and docker compose up. The scaffolding is already done.
The always-on core
Four services form the foundation, and they’re the ones that make everything else easy:
- Nginx Proxy Manager — the reverse proxy and front door. It handles hostnames and automatic SSL/TLS certificates from Let’s Encrypt, renewals included, through a web UI.
- Authelia — single sign-on and two-factor authentication. Any app that doesn’t have real auth of its own can be put behind it.
- Redis — session storage for Authelia.
- Portainer — a web interface for managing the containers themselves.
Everything shares a single Docker network, so services find each other by container name instead of brittle IP addresses. That’s the trick that turns “a pile of containers” into “a stack.”
A menu, not a mandate
The rest is modular. The main docker-compose.yml uses include: statements, so turning an app on or off is a matter of uncommenting a line. The current menu covers most of what a home lab wants:
- Vaultwarden for passwords
- Home Assistant for home automation
- Pi-hole for network-wide ad blocking
- Plex and Navidrome for media
- MySQL with Adminer
- Uptime Kuma for monitoring
- n8n for automation
- OliveTin for safe one-click command running
- Homepage as a dashboard, with auto-discovery of the other services
Disabling an app leaves its data on disk, so flipping something off isn’t destructive — you can turn it back on later and pick up where you left off.
Why a starter kit and not a tutorial
There are plenty of guides that walk you through wiring a reverse proxy to an SSO layer to a dozen apps. I’ve followed a lot of them. The problem is that a guide leaves you owning every integration point by hand, and the interesting part — actually running the apps — is buried under an hour of glue work.
This flips it around. The glue is the deliverable. Each app ships with a /docs guide for its specific quirks, but the networking, the proxy, and the auth middleware are already connected before you touch anything. You spend your time deciding what to run, not re-deriving how to run it.
It’s MIT-licensed, so fork it, gut it, rearrange the menu to taste. If you want to stand up your own, the README walks through the whole path — network, environment, DNS records, and proxy hosts. As always, I’d love to hear if it’s useful, or if I’ve missed an app that belongs in the box.