
A core set of privacy-preserving services that can be easily self-hosted via Docker Compose.

Primary LanguageShell


This repository contains everything you need to start self-hosting a core set of privacy-preserving services that I have found helpful, all run via a common Docker Compose configuration using Let's Encrypt for SSL certificates.


  • Git
  • Docker Engine
  • Docker Compose
  • Ports 80/tcp, 443/tcp, 18080/tcp, 18083/tcp, 3333/tcp, 37889/tcp, and 18089/tcp exposed/forwarded to the host
  • DNS entries for your top-level domain and each desired sub-domain

Included Services

  • Nextcloud
    • A self-hosted server for hosting files, photos, backups, contacts, calendars, and much more
  • Uptime-kuma
    • It is a self-hosted monitoring tool like "Uptime Robot"
  • Libretranslate
    • Free and Open Source Machine Translation API, entirely self-hosted
  • SearXNG
    • a privacy-respecting, hackable metasearch engine
  • Send
    • a fork of Mozillas's Firefox Send, which was an encrypted file sharing tool
  • Wordpress
    • WordPress is a free and open-source content management system (Website Builder)
  • Cryptpad
    • CryptPad is a collaboration suite that is end-to-end-encrypted and open-source
  • P2Pool
    • Decentralized pool for Monero mining
  • Invidious
    • Invidious is an alternative front-end to YouTube
  • Monero
    • A self-sovereign, private-by-default, digital cash
    • This service runs a pruned Monero node, allowing you to connect your own Monero wallet(s) directly to your own node
  • Nitter
    • A privacy-preserving Twitter front-end
  • PrivateBin
    • A privacy-preserving and encrypted-by-default pastebin
  • Teddit
    • A privacy-preserving Reddit front-end
  • Wallabag
    • A privacy-preserving article reader in the vein of Pocket
  • Monero blockchain explorer
    • A self-hosted Monero blockchain explorer
  • Jellyfin
    • A software media system with no strings attached, no premium licenses or features, and no hidden agendas

NOTE: If you do not want to run one of the services above simply comment out or delete the relevant service section from docker-compose.yml.

How does it work?

This repo relies on Docker Compose to configure and run all of the above services, leveraging Traefik to automatically expose each service, request and maintain Let's Encrypt certificates for SSL, and handle all proxying.

Starting the Services

You will need to clone this repository to the host you want running these services first:

git clone https://github.com/sethforprivacy/self-hosted-services.git
cd self-hosted-services

Once cloned, set the necessary passwords and desired sub-domains in the .env file (PLEASE DO NOT COPY THE FOLLOWING CONFIG, CHANGE THE PASSWORDS AND HOSTNAMES APPROPRIATELY IN YOUR LOCAL .env FILE):

# Nextcloud Variables

# Wallabag Variables

# Teddit Variables

# Nitter Variables

# Traefik Variables

# Heimdall Variables
DASHBOARD_TZ=America/New York

# Privatebin Variables

# Monero explorer variables

# Let's Encrypt Variables

Note that all hostnames used must already have DNS entries configured with your domain provider in order for certificate generation to function properly.

Edit the Nitter configuration file:

  • Nitter

    • Replace the hostname, replaceTwitter, and replaceYouTube values with the relevant hostnames
  • SearXNG

    • Generate MORTY_KEY sed -i "s|ReplaceWithARealKey\!|$(openssl rand -base64 33)|g" settings.yml .env
    • go into the settings.yml file and replace the searx.mydomain.com at the bottom of the file with your domain.
  • P2Pool

    • Hugepages are very important for optimal mining performance. You need to enable them first using the following commands:
sudo sysctl vm.nr_hugepages=3072
sudo bash -c "echo vm.nr_hugepages=3072 >> /etc/sysctl.conf"

Note: If your VPS or Server does not have enough RAM you can reduce it by using 1168 instead of 3072

Start-up the services with Docker Compose:

  • docker-compose up -d

Tor Support

Currently Monero, P2Pool, Nitter, SearXNG, Invidious, Libretranslate, and Teddit get default Tor support, but I will likely expand that in the future. To list Onion services, simply run:

  • docker exec -ti tor onions


Automatic updates are provided by the Watchtower container that watches and updates base images of services when available. It will automatically search for, download, and migrate your services to updated images whenever available.


If you find yourself in need of viewing logs for a given service, simply run the following to tail all logs:

docker-compose logs --follow

To view the logs of a single service, run:

docker-compose logs --follow <service_name>


docker-compose logs --follow monerod

Getting Started

As this simply helps you get these services running, using each service is outside of the scope of this project. However, below are some links for getting started with each:


If you decide to run this and use these services, please don't forget to donate to those people making these services a reality!

Additional Resources

Additional Credits