An example of a self-hosted, microservice based, replacement for iCloud, Google Photos, Evernote, Netflix and more. Secure and monitored.
- Reduce your dependence on cloud services
- Eliminate subscription costs
- Increase your privacy
- Limit data collected by free services
- Limit your exposure to AI, advertisers, and scammers
- Own and control your data
- Prevent phone and vendor lock in
- 📺 Video Server
- 📷 Photo Gallery
- 🔄 Cloud storage, Note sync
- 🔐 SSL and Basic Auth
- ⛔ Ban bots and failed login attempts automatically
- 🚨 📊 📃 Log aggregation, dashboards and alerts
- 📈 HTTP Stats, System Stats
- ♻️ Rotate logs to preserve hard disk space
- 🍯 Honeypots for SSH, HTTP, SMB and more
- 💾 Incremental Backups
- ⚙️ Auto update docker images
- 🌀 bittorrent with VPN killswitch
- 📥 Download Managers
- A Raspberry Pi 5 with 8GB of RAM
- A free domain configured with Dynamic DNS, such as one from No-IP
- Port 443, 2283, and 32400 must be forwarded to your machine from your router
- To use "Download Managers", a paid VPN subscription is required
- Login to your VPN provider and download a wireguard.conf file
- Enable the "Port Forward" option when configuring
- Since you are using a self-signed cert, you will need to accept a security exception in your browser for each service.
Visit http://your-domain.com.local to access your home page.
WebDAV URL: https://your-domain.com/dav
- Windows
- Click on the Start icon/Windows icon
- Go into "This PC"
- In the toolbar choose the option "Computer"
- Click on "Map Network drive"
- Fill in the WebDAV URL
- Mac
- Open the Finder on your computer
- Click on the "Go" menu and select "Connect to Server"
- In the new window enter the WebDAV URL and click on "Connect"
- Linux (Gnome Desktop)
- Open Nautilus file manager
- Choose "Other Locations" from the menu on the left
- Type the WebDAV URL into "Connect to Server" field
- Change https:// to davs://
- Chromebook
sudo mount -t davfs https://your-domain.com/dav/ /home/localuser/klackcloud
- iPhone
- Download Documents: File Manager & Docs by Readdle
- Setup WebDAV using the WebDAV URL
- View your photos from any device at https://your-domain.com:2283
- Use the Immich app from the appstore on your phone
- For your email address, use
[email protected]
Setup notebook sync with Joplin
- Open the app
- Navigate to Options > synchronization
- Set "Synchronization target" to "WebDAV"
- Enter
https://your-domain.com/dav/Notesfor the "WebDAV URL" - Enter your username and password
- Click "Check synchronization configuration"
- Upon success click "Show Advanced Settings"
- Click "Re-upload local data to sync target"
You will receive alerts on the dashboard for the following:
- High CPU temp (or no temp reported)
- Low Disk space
- High Ram utilization
- High CPU utilization
- Backup failures
- Honeypot activities
- You should add encryption to your backups in Duplicati by editing the backup job.
- Videos are not backed up by default.
- Documents, Notes and Photos are automatically backed up at 1:00PM.
- If there is a backup failure, you will receive an email alert.
| Service | Port | Domain | Hosted Path | URL | Service URL | Auth Provider | Log Rotation |
|---|---|---|---|---|---|---|---|
| Plex | 32400 | your-domain.com | / | https://your-domain.com:32400/ | App | Self | |
| Immich | 2283 | your-domain.com | / | https://your-domain.com:2283/ | App | Docker | |
| WebDav | 443 | your-domain.com | /dav | https://your-domain.com/dav/ | Traefik | Docker | |
| SFTPGo UI | 4443 | sftpgo.your-domain.com.local | / | https://sftpgo.your-domain.com.local:4443/ | Traefik | Docker | |
| Traefik UI | 4443 | traefik.your-domain.com.local | / | https://traefik.your-domain.com.local:4443/ | Traefik | logrotate | |
| Grafana | 4443 | grafana.your-domain.com.local | / | https://grafana.your-domain.com.local:4443/ | App | Docker | |
| Prometheus | 4443 | prometheus.your-domain.com.local | / | https://prometheus.your-domain.com.local:4443/ | http://prometheus:9090 | Traefk | Docker |
| Loki | http://loki:3100 | Docker | |||||
| Node Exporter | 9101 | node-exp.your-domain.com.local | / | https://node-exp.your-domain.com.local:9101/metrics | IPTABLES | stdout | |
| Duplicati | 4443 | duplicati.your-domain.com.local | / | https://duplicati.your-domain.com.local:4443/ | Traefik | logrotate | |
| qBittorrent | 4443 | qbittorrent.your-domain.com.local | / | https://qbittorrent.your-domain.com.local:4443/ | App | logs disabled | |
| Jackett | 4443 | jackett.your-domain.com.local | / | https://jackett.your-domain.com.local:4443/ | http://localhost:9117 | Traefik | logs disabled |
| Sonarr | 4443 | sonarr.your-domain.com.local | / | https://sonarr.your-domain.com.local:4443/ | App | Self | |
| Radarr | 4443 | radarr.your-domain.com.local | / | https://radarr.your-domain.com.local:4443/ | App | Self | |
| Cowrie | 22,23 | logrotate | |||||
| Dionaea | Multiple | logrotate |
Is setup on the host machine due to permission issues and the requirement to send SIGHUP signals
Honeypot's cannot be accessed by localhost due to macvlan network
To use your own ca-signed certificates rename config/traefik/dynamic/certs.yml.example to config/traefik/dynamic/certs.yml and place ca.crt,server.crt, and server.key in config/traefik/certs
- Move the
backupsandcloudfolders to a safe location to preserve your data - Run
./setup.sh --clean - Remove entries from
/etc/hostson your local machine