How-Tos: Add (opinionated) tutorial how to host coolify on home server (in local network)

[TimKochDev]

Hi, I love Coolify. I used it at worked deployed on a Hetzner VPS. Now I repurposed my old laptop to run as a home server. I deployed nextcloud on it accessible from the outside through a cloudflare tunnel. I deployed paperless-ngx acceessible only from within my network. Add-on: I used tailscale so that "my network" in fact is a meshed VPN so my connected devices can access paperless-ngx even from abroad. I will definitely publish some kind of article about my project because I would have loved to read one before I delve into this adventure because using Coolify in a local/private network needs some tweaks that are currently not documented in a single location yet.

IMHO the best place for such a documentation would be the "How-Tos" section in the coolify documentation. If you don't like the idea, I will publish it on my medium blog.

Do you think this idea is worth a pull request?

---

My unpolished brain-dump notes. OF COURSE this is only the pool of information I would source from when writing a documentation! 🤣

Ubuntu server. Download. Balena etcher to flash. Boot from usb. Try or install ubuntu server.
Installed coolify as root User
disable suspend on lid closing
installed tailscale. Named laptop "homeserver". installed tailscale on my main machine. Were able to access coolify on home server with http://homeserver:8000
[why not headscale? Because it is by far not as user friendly as tailscale (yet)!]

try installing nextcloud
nextcloud with postgres template but a) official Image, b) expose port
-> works

But I want the official nextcloud all in one deployment:

sudo docker run
--init
--sig-proxy=false
--name nextcloud-aio-mastercontainer
--restart always
--publish 33001:8080
--env APACHE_PORT=33000
--env APACHE_IP_BINDING=0.0.0.0
--env SKIP_DOMAIN_VALIDATION=true
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config
--volume /var/run/docker.sock:/var/run/docker.sock:ro
nextcloud/all-in-one:latest

[Why APACHE_PORT? Because nextcloud-aio by Default serves on port 80/443 but since we use coolify we have multiple Services on the same machine -> traefik(or Caddy) already Acts as reverse Proxy. APACHE_PORT is a badly named env variable just defining on which port the NextCloud should listen]

Then navigate to https://100.104.232.29:33001/ (not via Domain. Ignore tls warning)
Install containers.

Cloudflare tunnel: nextcloud.bookglds.com -> http://localhost:33000
With coolify cloudflared Service initiated with token from Cloudflare Dashboard

Decided not to use oidc but would consult https://schiessle.eu/en/articles/2023/07/04/nextcloud-and-openid-connect/

Decided not to Play around with storage paths (I thought About having everything in a /nextcloud Folder). Doesn't seem to be worth it.

Backups:
Configure aio's built-in backup solution to back up to /home/myname/nextcloud/backups
use syncthing to duplicate the backup from the homeserver to an offsite Location
syncthing Needs root Access because backups are created as root

services:
syncthing:
image: 'lscr.io/linuxserver/syncthing:latest'
environment:
- SERVICE_FQDN_SYNCTHING_8384
- PUID=0
- PGID=0
- 'TZ=${TZ:-Etc/UTC}'
volumes:
- 'syncthing_config:/config'
- '/home/tim/nextcloud/backups:/data/nextcloud_backups:ro' # read-only access to your backups
ports:
- "8384:8384"
- '22000:22000/tcp'
- '22000:22000/udp'
- '21027:21027/udp'
healthcheck:
test:
- CMD-SHELL
- 'wget -qO- http://127.0.0.1:8384/'
interval: 5s
timeout: 20s
retries: 10

-- From here not nextcloud-specific any more. In fact, I set up paperless-ngx here ---

About DNSs in my tailscale Setup:
Contrary to what ClaudeAI says, it is not possible to add dns records directly to tailscale dns (https://tailscale.com/kb/1054/dns#:~:text=It%27s%20not%20possible%20to%20add%20arbitrary%20records%20to%20MagicDNS.)
But I can add the tailscale local ip of my homeserver to my public dns records on Cloudflare. So coolify.timkoch.dev Points to the tailscale ip of my homeserver.

Problem: no https. https recommended here: https://grumpy.systems/2023/using-https-in-your-homelab-and-why-its-important/

Solution: Coolify's Default config for traefik includes using lets encrypt with http challenge (which Needs the Server to be publicly available). However, we can also configure it to use a dns record challenge. See: https://ananthanandanan.vercel.app/blog/setting-up-coolify-with-a-custom-domain-and-ssl-certificates-using-traefik-and-cloudflare-a-comprehensive-guide
Make sure to use https:// when Setting Domains in coolify as otherwise no Certificate seems to be generated.

Addon: When I want Coolify to serve apps on different Domains (personal.com, mystartup.com) and if they belong to two different Cloudflare accounts (with two different cloudfalre api Tokens) we can use cnames on the "Primary" Domain to validate the other Domain as well.

Backups: At the lowest Level, back up your Server without any regards to docker. Only for those Services that are more problematic regarding being in an invalid state amidst a persistence Operation, create service-specific snapshots to the local drive (for databases use db-specific Export commands. If containers Need to be stopped, consider offen/docker-volume-backup) Then, These snapshots will be picked up by the server-Level backup.
How? I tried volume-level backups (mounting my volumes into duplicati). Very tedious. And when I think about it now; it probably didn't even work because the volumes in coolify are prefixed anyway...
I tried it without docker (borgmatic, rclone). Very tedious. Lots of errors. Didn't trust it.
Now I try duplicati/kopia again (easily deployable via docker, web gui) but mount the whole filesystem into it. Kopia can't directly clone to OneDrive. So I am back to duplicati. I verified it by backing up and restoring my paperless instance. Yey!

[TimKochDev]

I published https://medium.com/@timkochdev/coolify-in-a-local-network-221dd2353240. Would you be interested in a Pull Request for a documentation focusing on remote access, DNS setup, and https certificates for Coolify in local networks?