ServerSecurityStack is a comprehensive Docker Compose stack designed to help home server owners secure their environment. This stack combines several best-in-class security applications that work together seamlessly to protect your server from unauthorized access and malicious activities.

This stack provides:

• Secure authentication with Authelia
• Real-time threat detection with CrowdSec
• Automated container updates with Watchtower
• Reverse proxy with SSL/TLS using Traefik
• Monitoring and management through Portainer and Diun
• A customizable dashboard with Homepage

You can use this stack as a foundation and add your favorite applications while maintaining strong security controls. The comprehensive security layer ensures that only authorized users and services can access your server, even when exposed to the internet.

The following applications are included in this stack:

This repository contains the complete Docker Compose stack for server security, but it doesn't contain all of the extra steps to secure your server such as:

• Setting a Static IP
• Installing and configuring Uncomplicated Firewall (UFW)
• Generating Authelia encryption secrets
• Setting up Authelia user account
• Adding Traefik as a CrowdSec bouncer
• Updating Traefik config.yml and traefik.yml (See "# TODO:" comments)
• Getting various api keys / access tokens for everything to report to Homepage

For a walkthrough setting all these up, please refer to our YouTube tutorial series:

Server Security Series on YouTube

If you prefer a more streamlined and automated process, consider using Citadel, our automated setup script. Citadel handles the tedious configuration steps for you, reducing errors and saving time. All you need to do is:

• Complete a few initial configurations
• Create Portainer Access Token for Homepage to use (Couldn't automate this)
• Import CrowdSec Cyber Threat Insights dashboard into Grafana (Couldn't automate this)

Plus Citadel sets up a bonus Grafana dashboard for CrowdSec that is not included in this repository. While you'll have to do the final import, Citadel sets up everything the dashboard needs for you.

Citadel: Your Fortress for Home Server Security

• Configurations for the server to use:
  • Custom domain name to access the server
  • Email address(es) for notifications and SSL certification generation
  • Email Relay to send emails
• Basic understanding of Docker and Docker Compose
• Basic familiarity with terminal usage
• A server with internet access

This Server Security Stack is designed to help you protect your home server while maintaining accessibility and functionality. Here are some common use cases and reasons why you'd want to use this stack:

• Access from anywhere: Safely access your server resources from any location using secure authentication and encryption.
• Protect sensitive data: Keep your personal files, media, and applications safe from unauthorized access and malicious attacks.
• Host multiple services: Add additional applications like:
  • Media servers (Plex, Emby)
  • Automation tools (N8n, Home Assistant)
  • Local AI services
  • Custom web pages and apps
  • File servers (Nextcloud, Filebrowser)
• Peace of mind: Know that your server is protected by enterprise-grade security tools while still being accessible for legitimate use.

Distributed under the MIT License. See LICENSE for more information.

Tenovan Digital LLC - https://digital.tenovan.com - [email protected]

Project Link: https://github.com/TenovanDigital/ServerSecurityStack

If you have questions or need help, feel free to ask in the repository's Discussions section or refer to our YouTube tutorials.

Special thanks to:

• The Docker community
• Authelia team
• CrowdSec developers
• Traefik maintainers
• And all other open-source contributors who made this stack possible