Now, sure, you could use something like KeePass and keep it local to your machine. That works great if you’re mostly tied to one device. But if you’re like me—always bouncing between machines, phones, and maybe even the occasional tablet, you’ll probably want something a little more accessible.

That’s where Vaultwarden comes in. It’s a lightweight, self-hosted fork of Bitwarden, the open-source password manager. With Vaultwarden, you get to use the official Bitwarden mobile apps and browser extensions, but with a leaner backend that’s easier to run on your own server. It’s fast, minimal, and you keep control of your own data.

The Setup

You’ll need a few things before we get started:

• A server with Docker installed
• The Apache web server
• A domain name
• An SSL certificate (we’ll use Let’s Encrypt)
• Port 443 open on your firewall (or another port if you’re using a custom setup)

If you’re already running services on your host’s port 443 like I am, you can remap Vaultwarden’s container to a different internal port and let Apache handle the HTTPS proxying.

Apache

Once you’ve got Docker, Apache, and your domain ready, it’s time to configure your reverse proxy.

Create a new config file for Vaultwarden at /etc/apache2/sites-available/vaultwarden.conf. Here is a template you can use for your setup.

<IfModule mod_ssl.c>
<VirtualHost *:80>
    ServerName your_domain
    Redirect permanent / https://your_domain/
</VirtualHost>

<VirtualHost *:443>
    ServerName your_domain

    SSLEngine on
    SSLProxyEngine on

    SSLCertificateFile /etc/letsencrypt/live/your_domain/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/your_domain/privkey.pem

    ProxyPreserveHost On
    ProxyRequests Off

    ProxyPass / http://127.0.0.1:8443/
    ProxyPassReverse / http://127.0.0.1:8443/

    # WebSocket support
    RewriteEngine On
    RewriteCond %{HTTP:UPGRADE} ^(.*)$ [NC]
    RewriteCond %{HTTP:CONNECTION} ^(.*Upgrade.*)$ [NC]
    RewriteRule ^/?(.*) "ws://127.0.0.1:8443/$1" [P,L]

    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Port "443"

    ErrorLog ${APACHE_LOG_DIR}/vaultwarden-error.log
    CustomLog ${APACHE_LOG_DIR}/vaultwarden-access.log combined
</VirtualHost>
</IfModule>

<IfModule mod_ssl.c>
<VirtualHost *:80>
    ServerName your_domain
    Redirect permanent / https://your_domain/
</VirtualHost>

<VirtualHost *:443>
    ServerName your_domain

    SSLEngine on
    SSLProxyEngine on

    SSLCertificateFile /etc/letsencrypt/live/your_domain/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/your_domain/privkey.pem

    ProxyPreserveHost On
    ProxyRequests Off

    ProxyPass / http://127.0.0.1:8443/
    ProxyPassReverse / http://127.0.0.1:8443/

    # WebSocket support
    RewriteEngine On
    RewriteCond %{HTTP:UPGRADE} ^(.*)$ [NC]
    RewriteCond %{HTTP:CONNECTION} ^(.*Upgrade.*)$ [NC]
    RewriteRule ^/?(.*) "ws://127.0.0.1:8443/$1" [P,L]

    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Port "443"

    ErrorLog ${APACHE_LOG_DIR}/vaultwarden-error.log
    CustomLog ${APACHE_LOG_DIR}/vaultwarden-access.log combined
</VirtualHost>
</IfModule>

Then enable the required Apache modules:

• a2enmod proxy
• a2enmod proxy_http
• a2enmod proxy_wstunnel
• a2enmod ssl
• a2enmod rewrite

Now all you should need to do is enable your site and restart apache.

Docker

Next all you need to do is to setup the docker container. Below is a template for the command to set it up. Once it’s running, visit https://your_domain in your browser. You should be greeted with the account creation screen. Go ahead and register your account. After that, be sure to disable public signups by either updating the container or setting SIGNUPS_ALLOWED=false in your Docker environment.

sudo docker run -d   --name vaultwarden   -v /vw-data:/data   -p 8443:80   -e WEBSOCKET_ENABLED=true   -e SIGNUPS_ALLOWED=true   -e DOMAIN=https://your_domain   vaultwarden/server:latest

sudo docker run -d   --name vaultwarden   -v /vw-data:/data   -p 8443:80   -e WEBSOCKET_ENABLED=true   -e SIGNUPS_ALLOWED=true   -e DOMAIN=https://your_domain   vaultwarden/server:latest

Email Setup (optional)

If you want features like password reset links for other accounts on your server, account verification emails, admin invites, and emergency access notifications, you’ll want to hook up SMTP.

Here’s how to do it with a Gmail account (you’ll need to generate an App Password):

-e SMTP_HOST=smtp.gmail.com
-e SMTP_FROM=your_account@gmail.com
-e SMTP_PORT=587
-e SMTP_USERNAME=your_account@gmail.com
-e SMTP_PASSWORD=your_gmail_app_password
-e SMTP_SECURITY=starttls

-e SMTP_HOST=smtp.gmail.com
-e SMTP_FROM=your_account@gmail.com
-e SMTP_PORT=587
-e SMTP_USERNAME=your_account@gmail.com
-e SMTP_PASSWORD=your_gmail_app_password
-e SMTP_SECURITY=starttls

Add those to your docker run command or define them in a .env file if you’re using docker-compose.

Once email is working, you’ll be able to:

• Send password reset links to other users on your server
• Verify email addresses
• Invite users to your instance
• Get alerts for emergency access requests

It’s a small step that adds a ton of functionality.

Enjoy Being Secure

And that’s it. You’ve got a secure, open-source, cloud-accessible password manager running on your own terms, with all the modern comforts like mobile and browser integration. No monthly fees. No trusting a third-party service with your credentials. Just you, your server, and full control over your security.

Welcome to the self-hosted club.

I love that reading is free, you can do it anywhere. You can do it on the train… uh, don’t do it while you’re driving

– James Pumphrey

When I was younger I used to avidly enjoy reading in my free time. From adventures in a galaxy far, far away (shoutout Karen Traviss), to the neo-Greek mythology of the Percy Jackson series, I tore through books like it was my job. However, as I’ve gotten older that’s no longer the case. Between work and school, most of my reading now consists of dry technical manuals, textbooks, and reviews for whatever power tool I want to buy next.

So the goal of this project is to make whatever book I’m reading:

1. Easily accessible
2. Simple to pick up right where I left off
3. Replaceable when I’m ready to crack open the next one

Join me as we Make Reading Great Again so I have no excuse not to be well-read.

Picking a Platform

Obviously, the first thing I could do to achieve this goal would be to open up my wallet and head to the nearest app store to get an e-reader service like Bezos’s Kindle or Google’s Shelf and start building a digital library that I don’t really own. But the easy way has some huge red flags. For example, say they lose the licensing or worse, 1984 comes to pass and certain books get banned and poof, there goes my book and my money.

Also, if you’ve read any of my posts so far you’re probably aware that I’m definitely a DIY kind of guy, and like with most things I’m going to do it myself.

So what are the options for self-hosting this kind of service? As you can tell from the title, I went with Kavita for its multi-user support, anywhere access, and mainly because I liked the UI the most. But there are other great options I stumbled upon that might suit your needs better:

• Calibre for its wider format support and plugins.
• Komga if your main focus is comics and manga.
• Polar Bookshelf if you just want to install a Snap package and enjoy books locally.

The Set Up

For this setup I’ll be using Kavita’s Docker image. There are plenty of ways to set it up, but for that I’ll refer you to their instructional page here: https://wiki.kavitareader.com/getting-started/.

I like using Portainer to set up and manage my Docker containers since it’s simple and easy. Remember to create your volume first, set your port mapping to 5000, and set the network adapter to bridge before pulling and creating the container.

Once it’s up and running you’re good to go to http://your-server-ip:5000, and you should be greeted with a simple sign-in screen to create your admin account. After you create your account and log in, the last thing is to load up something to read and create your libraries. Kavita supports formats like PDF, EPUB, and a variety of comic/manga formats.

To make this all work you’ll need to create a folder and place each file in that folder. For example, my copy of Pride and Prejudice from epubbooks.com is mounted like this:

/storage/books/'Pride and Prejudice (Illustrated)'/austen-pride-and-prejudice-illustrations.epub

Now that you have your books loaded up, create a library by clicking on the gear icon in the top left, navigating to the Libraries tab under Server, and clicking on the Add Library button. In the popup, give it a name and point it to the folder you mounted with your media. I decided to split my libraries into books, comics, and manga.

Mr. Worldwide

You can stop here if you only want access to your e-library locally, but I decided to take it a step further. To access the library securely from anywhere in the world, I created a domain name with NO-IP, used Certbot to generate some SSL certificates, and created and enabled my .conf file.

That’s right, eriks-library (e-library for short) can now be accessed anywhere with an internet connection.

If you want to do this too, there are more detailed instructions in Kavita’s setup guide I linked earlier. Or if you’re using Apache2, you can copy, edit, and enable the slightly trimmed-down config file I made for the reverse proxy:

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName your.domain.com

    SSLEngine on
    SSLProxyEngine on
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off

    # Use Let's Encrypt certificate paths
    SSLCertificateFile /etc/letsencrypt/live/your.domain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/your.domain.com/privkey.pem

    ErrorLog ${APACHE_LOG_DIR}/proxy-error.log
    CustomLog ${APACHE_LOG_DIR}/proxy-access.log combined

    ProxyPass / http://SERVER_IP_ADDR:5000/
    ProxyPassReverse / http://SERVER_IP_ADDR:5000/

    ProxyPreserveHost On
    ProxyRequests Off

    # WebSocket support
    RewriteEngine On
    RewriteCond %{HTTP:UPGRADE} ^.*WebSocket.*$ [NC]
    RewriteCond %{HTTP:CONNECTION} ^.*Upgrade.*$ [NC]
    RewriteRule .* ws://SERVER_IP_ADDR:5000%{REQUEST_URI} [P]

    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Port "443"
    RequestHeader set X-Forwarded-For "%{REMOTE_ADDR}e"
</VirtualHost>
</IfModule>

On the Go

The last step was figuring out how I’m going to access and enjoy my library from my phone. Currently, there’s only a third-party app called Kavita Blue, but when I tried it, it kept freezing and ruined the UI I like. So I just opened up Chrome on my phone, navigated to my domain, and set it up as a web app on my home screen. Sure, I could have paid for a Kindle subscription, but where’s the fun in that? Besides, now I get to say my library runs on Docker and that sounds way cooler at parties anyways.

The internet is not something that you just dump something on, it’s not a big truck, it’s, it’s a series of tubes!

-U.S. Senator Ted Stevens

My home lab has been a fun, though sometimes time-consuming, hobby I’ve built up over the last few years. Currently, my self-hosted services include network wide ad blocking, cloud storage, multiple websites, media streaming, smart home controls, and even a local LLM. That’s right, the post you’re reading right now is hosted locally from my home office! But how did I get into all of this, and is it really worth it? [Cue Vsauce theme music]

We All Start Somewhere…

Back in 2021, I started self-hosting a cloud storage solution, Nextcloud, in a virtual machine to replace my Google Drive and Photos since I was running out of space. After running it for a while and making small tweaks, I finally decided to invest in dedicated hardware, funded by selling off my DIY mining rigs. To save some cash, I sourced as many second-hand parts as possible. In total I think I have spent around $1800 for all of the hardware, networking equipment, and battery backups.

Current Parts List

Current Setup and Services

I’m running Ubuntu Server as the OS for my home server. It’s connected to a CyberPower 900W UPS and is configured to gracefully shut down after five minutes of power loss and automatically restart when power is restored.

Here’s a quick overview of what’s running:

Nextcloud

Nextcloud has been my longest-running self-hosted service. I started with the Snap package, moved to the Docker container, and now run it directly on bare metal. It’s been my dedicated data storage and sharing solution for years, helping me centralize family photos and documents for sharing and safe keeping. With the addition of the Nvidia A2000 GPU, I also integrated facial recognition software to organize photos by faces and objects, all handled locally! Nextcloud is a great way to secure, share, and store your data.

WordPress

WordPress is my CMS of choice for both my website and my significant other’s. It helps me create, organize, and publish content like this post! With a massive library of plugins, you can do almost anything, provided you’re willing to learn. I’m also looking forward to my web development class next semester to better customize my site using PHP!

If you’re thinking about doing something similar, it’s totally doable in an afternoon:

1. Set up a LAMP server
2. Register a domain
3. Grab SSL certificates through Let’s Encrypt
4. And you’re off and running!

Docker

Docker is a must-have tool for any home lab. I use Portainer to manage my containers, including Home Assistant, which runs most of my smart home, and the web portal for Ollama. Eventually, I plan to phase out my Nest Hubs and replace them with local Home Assistant voice devices. With Ollama, I’ve set up a local AI interface where I can interact with various models like R1, Ollama3, and Arena to quickly access information, all without relying on the cloud!

Plex

Plex has been my go-to media streaming solution for years. I even bought the lifetime pass to support the developers and unlock hardware encoding. But lately, the Android app has become a mess, and the new UI is cluttered with freemium TV services I didn’t ask for. I’m considering switching to Emby or Jellyfin, but for now Plex still does the job for enjoying and sharing my media collection with my friends and family.

The Net…

I know this post is getting long, so let’s wrap it up with a quick overview of my network gear. I recently upgraded to a Ubiquiti system with the USG-MAX and U7-XGS AP. This setup lets me segment my network with VLANs, secure traffic using IPS, and enjoy blazing-fast Wi-Fi 7 speeds, up to 1300 Mbps up and down on my LAN. On top of that, I’m running a Raspberry Pi 2B as a network-wide ad blocker using Pi-hole.

That’s All Folks…

Building out my home lab has been a fun and rewarding experience that’s expanded my skills and deepened my understanding of the “series of tubes” that is the internet. Self-hosting is a great way to learn, gain practical experience, and even save money in the long run. I’ll probably write more detailed posts on each of these services in the future, but for now thanks for reading! I hope this gives you some ideas for building out your own home lab.

Links To Get Started…

• Nextcloud: https://docs.nextcloud.com/server/latest/admin_manual/installation/
• Plex: https://support.plex.tv/articles/200288586-installation/
• Home Assistant: https://www.home-assistant.io/getting-started
• Pi-Hole: https://pi-hole.net/
• Ollama: https://ollama.com/download