Webnestify Docker Project Templates

Production-ready Docker Compose templates for self-hosting open-source applications. Each template includes security hardening, health checks, and automatic updates via Watchtower.

---

Table of Contents

• Available Templates
• Prerequisites
• Quick Start
• Directory Structure
• Common Configuration
• Security Features
• About Webnestify
• Contributing
• Support
• License

---

Available Templates

Productivity & Automation

Template	Description	Docs
n8n	Workflow automation platform (Zapier alternative) with PostgreSQL	README
Baserow	No-code database platform (Airtable alternative) with PostgreSQL	README
DocuSeal	Document signing and forms platform	-

Media & Entertainment

Template	Description	Docs
Jellyfin	Free media server for movies, TV, and music	README
Navidrome	Self-hosted music server (Subsonic/Airsonic compatible)	-
qBittorrent	Feature-rich BitTorrent client with web UI	README

Infrastructure & DevOps

Template	Description	Docs
Portainer CE	Docker container management UI	README
Portainer Agent	Remote Docker environment management	README
NGINX Proxy Manager	Reverse proxy with SSL management UI	README
Watchtower	Automatic Docker container updates	README
Uptime Kuma	Self-hosted monitoring and status pages	README
WireGuard VPN Stack	WireGuard + Pi-hole + Unbound with Quad9 DNS-over-TLS	README

Identity & Security

Template	Description	Docs
Authentik	Identity provider with SSO, OAuth2, SAML, LDAP	README

Communication & Collaboration

Template	Description	Docs
Zulip	Threaded team chat (Slack alternative)	-
Open WebUI	Web interface for LLMs (ChatGPT alternative)	README

Content & Information

Template	Description	Docs
FreshRSS	Self-hosted RSS feed aggregator	README
SerpBear	SEO rank tracking tool	-
Nextcloud AIO	All-in-one file sync and collaboration platform	README

---

Prerequisites

• Docker v20.10 or higher
• Docker Compose v2.0 or higher
• A reverse proxy (Caddy, Nginx Proxy Manager, or Traefik) for HTTPS termination
• A Docker network for inter-container communication

Create a Docker Network

Before deploying any template, create an external network:

docker network create your-network

Replace your-network with your preferred network name and update all docker-compose.yml files accordingly.

---

Quick Start

1. Clone the repository

   git clone https://github.com/wnstify/docker.git
   cd docker

2. Choose a template and navigate to its directory

   cd n8n

3. Configure environment variables

   cp .env.example .env   # If .env.example exists
   nano .env              # Edit with your values

4. Update the docker-compose.yml

   • Replace your-network with your Docker network name
   • Update domain names, paths, and credentials marked with # Change Value

5. Deploy the stack

   docker compose up -d

6. Set up your reverse proxy (see Caddyfile examples in template directories)

---

Directory Structure

docker/
├── README.md
├── SECURITY.md
├── LICENSE
├── .gitignore
│
├── authentik/
│   ├── docker-compose.yml
│   ├── .env
│   └── README.md
│
├── baserow/
│   ├── docker-compose.yml
│   ├── .env
│   ├── init-data.sh
│   ├── Caddyfile
│   └── README.md
│
├── docuseal/
│   ├── docker-compose.yml
│   ├── .env
│   └── init-data.sh
│
├── freshrss/
│   ├── docker-compose.yml
│   └── README.md
│
├── jellyfin/
│   ├── docker-compose.yml
│   └── README.md
│
├── n8n/
│   ├── docker-compose.yml
│   ├── .env
│   ├── init-data.sh
│   ├── Caddyfile
│   └── README.md
│
├── navidrome/
│   └── docker-compose.yml
│
├── nextcloud-aio/
│   ├── docker-compose.yml
│   └── README.md
│
├── npm/
│   ├── docker-compose.yml
│   └── README.md
│
├── openwebui/
│   ├── docker-compose.yml
│   └── README.md
│
├── portainer-agent/
│   ├── docker-compose.yml
│   └── README.md
│
├── portainer-ce/
│   ├── docker-compose.yml
│   └── README.md
│
├── qbittorrent/
│   ├── docker-compose.yml
│   └── README.md
│
├── serpbear/
│   └── docker-compose.yml
│
├── uptime-kuma/
│   ├── docker-compose.yml
│   ├── .env
│   └── README.md
│
├── watchtower/
│   ├── docker-compose.yml
│   └── README.md
│
├── wg-setup/
│   ├── docker-compose.yml
│   ├── .env
│   ├── setup.sh
│   ├── README.md
│   ├── USAGE.md
│   ├── SECURITY.md
│   ├── CONTRIBUTING.md
│   └── unbound/
│       └── unbound.conf
│
└── zulip/
    ├── docker-compose.yml
    └── .env

---

Common Configuration

Environment Variables

Each template uses .env files for sensitive configuration. Never commit real credentials to version control.

Example .env structure:

POSTGRES_USER=changeUser
POSTGRES_PASSWORD=changePassword
POSTGRES_DB=appname

Reverse Proxy

All templates bind to 127.0.0.1 (localhost only) and require a reverse proxy for external access.

Caddy example:

your-domain.com {
    reverse_proxy http://localhost:5678
}

NGINX Proxy Manager: Use the included npm template for a GUI-based approach.

Automatic Updates

Templates include Watchtower labels for automatic updates:

labels:
  - "com.centurylinklabs.watchtower.enable=true"

Deploy the Watchtower template to enable automatic container updates.

PostgreSQL Initialization

Several templates (n8n, Baserow, DocuSeal) include an init-data.sh script that creates a non-root database user on first run. This follows the principle of least privilege.

---

Security Features

All templates are configured with security best practices:

Feature	Description
no-new-privileges:true	Prevents privilege escalation inside containers
Localhost binding	Services only accessible via reverse proxy
Non-root database users	Principle of least privilege for database access
Health checks	Ensures dependencies are ready before starting services
External networks	Isolated networking between container stacks
PUID/PGID settings	Consistent file permissions across containers

For security concerns or vulnerability reports, please see our Security Policy.

---

About Webnestify

Webnestify empowers businesses and developers with tools for managing web infrastructure. We believe in:

• Saving Money — Reduce reliance on costly SaaS tools
• Owning Your Data — Privacy-focused, self-hosted solutions
• Simplifying Management — Intuitive tools and educational resources

What We Offer

• Managed Services — Email servers, Cloudflare configuration, dedicated hosting
• Educational Content — Tutorials, livestreams, and courses on YouTube
• Open-Source Advocacy — Tailored solutions that give you full control

Learn more at webnestify.cloud

---

Contributing

Contributions are welcome! Here's how you can help:

1. Fork the repository
2. Create a feature branch (git checkout -b feature/new-template)
3. Commit your changes (git commit -m 'Add new template')
4. Push to the branch (git push origin feature/new-template)
5. Open a Pull Request

Template Guidelines

When adding new templates, please include:

• docker-compose.yml with security options and Watchtower labels
• .env.example with placeholder values (no real credentials)
• README.md with setup instructions and links to official docs
• Caddyfile example for reverse proxy configuration (if applicable)
• Bind ports to 127.0.0.1 for reverse proxy setups
• Use no-new-privileges:true security option

---

Support

• YouTube Tutorials: @webnestify
• Discord Community: Join Discord
• Contact: webnestify.cloud/contact

Connect With Us

---

License

This project is licensed under the MIT License — see the LICENSE file for details.

---

Webnestify – Your partner in simplifying web infrastructure.