How to Self-Host Everything: A 2026 Beginner's Guide

How to Self-Host Everything: A 2026 Beginner's Guide

Learn how to self-host your apps, data, and services from scratch. This comprehensive guide covers VPS setup, Docker, reverse proxies, SSL, and deploying your first self-hosted stack.

#self-hosting #beginners #docker #tutorials #linux

You’re paying $50+ per month for cloud services — email, file storage, password managers, project management tools, and more. What if you could replace all of that with a single $5/month server that you control?

Welcome to self-hosting: the practice of running your own services on your own hardware (or rented servers). In 2026, it’s easier than ever. You don’t need a CS degree or a rack of servers in your basement. You need a VPS, some Docker knowledge, and about an hour of your time.

This guide will take you from zero to a fully functional self-hosted stack.

Why Self-Host in 2026?

The case for self-hosting has never been stronger:

  • Privacy regulations are tightening, but companies keep finding loopholes. Your data on your server? Problem solved.
  • SaaS prices keep climbing. Notion, Slack, GitHub — they all started cheap and got expensive. Self-hosted alternatives stay free.
  • AI is everywhere, and most SaaS products now train on your data unless you opt out (and sometimes even then).
  • Enshittification is real. Products degrade over time as companies optimize for shareholders over users.

Self-hosting is the antidote. Let’s get started.

What You’ll Need

Here’s the shopping list:

1. A VPS (Virtual Private Server)

A VPS is a virtual machine in the cloud that you rent. Think of it as your own little server.

Recommended providers:

ProviderCheapest PlanRAMStorageLocation
Hetzner~€4.50/mo2 GB20 GBEU/US
Netcup~€3.50/mo2 GB40 GBEU
Oracle CloudFree tier1 GB50 GBGlobal
DigitalOcean$6/mo1 GB25 GBGlobal

For beginners, Hetzner offers the best price-to-performance ratio. Their 2GB ARM servers are perfect for self-hosting and cost under €5/month.

Pro tip: Start with 2 GB RAM minimum. Many self-hosted apps run on Docker, and you’ll want headroom for multiple containers.

2. A Domain Name

You’ll need a domain to point at your server. A .dev domain costs about $12/year. Use Cloudflare as your registrar — they sell domains at cost with no markup.

3. Basic Terminal Knowledge

You’ll need to SSH into your server and run commands. If cd, ls, and nano aren’t in your vocabulary yet, spend 30 minutes with a Linux basics tutorial first.

Step 1: Set Up Your VPS

After purchasing your VPS, you’ll get an IP address and SSH credentials.

Connect via SSH

ssh root@your-server-ip

Secure Your Server

First things first — security:

# Update everything
apt update && apt upgrade -y

# Create a non-root user
adduser deploy
usermod -aG sudo deploy

# Set up SSH key authentication
mkdir -p /home/deploy/.ssh
# Copy your public key
echo "your-ssh-public-key" >> /home/deploy/.ssh/authorized_keys
chmod 700 /home/deploy/.ssh
chmod 600 /home/deploy/.ssh/authorized_keys
chown -R deploy:deploy /home/deploy/.ssh

# Disable root login and password auth
nano /etc/ssh/sshd_config
# Set: PermitRootLogin no
# Set: PasswordAuthentication no
systemctl restart sshd

Set Up the Firewall

# Install and configure UFW
apt install ufw -y
ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp    # SSH
ufw allow 80/tcp    # HTTP
ufw allow 443/tcp   # HTTPS
ufw enable

Install Fail2ban

apt install fail2ban -y
systemctl enable fail2ban
systemctl start fail2ban

Fail2ban automatically bans IPs that show malicious signs (like too many failed login attempts).

Step 2: Install Docker

Docker is the backbone of modern self-hosting. It lets you run applications in isolated containers — no dependency conflicts, easy updates, simple backups.

# Install Docker
curl -fsSL https://get.docker.com | sh

# Add your user to the docker group
sudo usermod -aG docker deploy

# Install Docker Compose
sudo apt install docker-compose-plugin -y

# Verify installation
docker --version
docker compose version

Log out and back in for the group changes to take effect.

Step 3: Set Up a Reverse Proxy

A reverse proxy sits in front of your apps and handles SSL certificates, routing, and load balancing. Traefik is the gold standard for Docker-based setups.

Create a Docker network for Traefik:

docker network create proxy

Create the Traefik configuration:

mkdir -p ~/traefik
cd ~/traefik
# docker-compose.yml
services:
  traefik:
    image: traefik:v3.3
    container_name: traefik
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yml:/etc/traefik/traefik.yml:ro
      - ./acme.json:/acme.json
    networks:
      - proxy

networks:
  proxy:
    external: true
# traefik.yml
api:
  dashboard: false

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: ":443"

providers:
  docker:
    exposedByDefault: false

certificatesResolvers:
  letsencrypt:
    acme:
      email: [email protected]
      storage: /acme.json
      httpChallenge:
        entryPoint: web
# Create the certificate storage file
touch acme.json
chmod 600 acme.json

# Start Traefik
docker compose up -d

Traefik will now automatically discover your Docker containers and provision SSL certificates from Let’s Encrypt.

Step 4: Deploy Your First App

Let’s deploy Uptime Kuma — a beautiful, self-hosted monitoring tool. It’s the perfect “first app” because it immediately provides value.

mkdir -p ~/apps/uptime-kuma
cd ~/apps/uptime-kuma
# docker-compose.yml
services:
  uptime-kuma:
    image: louislam/uptime-kuma:1
    container_name: uptime-kuma
    restart: unless-stopped
    volumes:
      - ./data:/app/data
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.uptime.rule=Host(`status.yourdomain.com`)"
      - "traefik.http.routers.uptime.tls=true"
      - "traefik.http.routers.uptime.tls.certresolver=letsencrypt"

networks:
  proxy:
    external: true

Point your DNS (status.yourdomain.com) to your server’s IP, then:

docker compose up -d

Within a minute, you’ll have a fully functional monitoring dashboard at https://status.yourdomain.com with a valid SSL certificate. No configuration beyond this is needed.

Step 5: Build Your Stack

Now that you have the pattern down (Docker Compose + Traefik labels), you can deploy anything. Here’s a recommended starter stack:

Essential Apps

AppReplacesRAM Usage
VaultwardenBitwarden/1Password~50 MB
NextcloudGoogle Drive/Dropbox~200 MB
Uptime KumaPingdom/UptimeRobot~100 MB
PlausibleGoogle Analytics~200 MB
Gitea/ForgejoGitHub (private repos)~150 MB

All of these fit comfortably on a 2 GB VPS. Add them one by one, following the same Docker Compose pattern.

Example: Vaultwarden (Password Manager)

# ~/apps/vaultwarden/docker-compose.yml
services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: unless-stopped
    volumes:
      - ./data:/data
    environment:
      - SIGNUPS_ALLOWED=false
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.vault.rule=Host(`vault.yourdomain.com`)"
      - "traefik.http.routers.vault.tls=true"
      - "traefik.http.routers.vault.tls.certresolver=letsencrypt"

networks:
  proxy:
    external: true

Security note: Set SIGNUPS_ALLOWED=false after creating your account. You don’t want strangers creating accounts on your password manager.

Step 6: Backups (Don’t Skip This!)

Self-hosting without backups is like driving without a seatbelt. Here’s a simple backup strategy:

Automated Docker Volume Backups

#!/bin/bash
# backup.sh — Run daily via cron

BACKUP_DIR="/home/deploy/backups"
DATE=$(date +%Y-%m-%d)

mkdir -p "$BACKUP_DIR"

# Stop containers, backup volumes, restart
for app in uptime-kuma vaultwarden nextcloud; do
    cd "/home/deploy/apps/$app"
    docker compose stop
    tar czf "$BACKUP_DIR/${app}-${DATE}.tar.gz" ./data
    docker compose start
done

# Keep only last 7 days
find "$BACKUP_DIR" -name "*.tar.gz" -mtime +7 -delete

# Optional: sync to remote storage
# rclone sync "$BACKUP_DIR" remote:backups/
# Add to crontab
crontab -e
# Add: 0 3 * * * /home/deploy/backup.sh

For offsite backups, use rclone to sync to Backblaze B2 (cheap object storage) or another VPS.

Step 7: Updates and Maintenance

Keeping your self-hosted apps updated is crucial for security.

Watchtower (Automatic Docker Updates)

# ~/apps/watchtower/docker-compose.yml
services:
  watchtower:
    image: containrrr/watchtower
    container_name: watchtower
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - WATCHTOWER_CLEANUP=true
      - WATCHTOWER_SCHEDULE=0 0 4 * * *  # 4 AM daily
      - WATCHTOWER_NOTIFICATIONS=shoutrrr

Careful: Some people prefer manual updates for critical services like password managers. You can exclude containers from Watchtower with labels.

System Updates

# Weekly system update (add to cron)
sudo apt update && sudo apt upgrade -y

The Easier Path: Use a Platform

If Docker Compose and Traefik feel overwhelming, consider using a self-hosting platform that handles the complexity for you:

  • Coolify — Open-source Heroku/Vercel alternative. Beautiful UI, one-click deployments.
  • CapRover — Slightly more DIY but very capable.
  • Dokku — Heroku-style CLI experience on your own server.

These platforms handle reverse proxying, SSL, deployments, and more — all through a web interface. Check out our Coolify vs CapRover vs Dokku comparison for a detailed breakdown.

Common Pitfalls to Avoid

  1. Don’t expose admin panels to the internet without authentication. Use Traefik’s basic auth middleware or a tool like Authelia.
  2. Don’t forget DNS propagation takes time (up to 48 hours, usually minutes).
  3. Don’t run everything as root. Use a dedicated user for Docker.
  4. Don’t skip firewall setup. Open only the ports you need.
  5. Don’t ignore resource limits. Monitor your VPS with htop and set up alerts with Uptime Kuma.

What’s Next?

You’ve got the foundation. From here, you can:

  • Add more apps to your stack (check our 5 Apps You Should Self-Host Right Now article)
  • Set up monitoring and alerting
  • Configure automated backups to offsite storage
  • Add SSO with Authelia or Authentik
  • Set up a VPN with WireGuard for secure remote access

Self-hosting is a journey, not a destination. Start small, learn as you go, and enjoy the freedom of running your own infrastructure.

Welcome to the self-hosted life. 🖥️

Stay in the loop 📬

Get self-hosting tutorials, tool reviews, and infrastructure tips delivered to your inbox. No spam, unsubscribe anytime.

Join 0 self-hosters. Free forever.

#self-hosting #beginners #docker #tutorials #linux