# Services

We can install cloud software on our new server now that it's up and running.

# What is a Service?

Access from anywhere – at any time – over the global connected Internet infrastructure is the purported goal of [global cloud computing](https://hub.subspace.services/books/your-personal-cloud/page/what-is-the-cloud "What is the Cloud?"). Through the cloud, anyone can access data stored on remote servers no matter where they are in the globe. With an internet connection, you can use software installed on someone else's computer system without needing to maintain hardware or setup software yourself.

## Business By Proxy

For corporations, a service might be considered many different things and falls along a spectrum. On one end, this may be "[bare metal](https://en.m.wikipedia.org/wiki/Bare_machine)" hardware infrastructure or a Docker instance that is rented per month. On the other, a company may subscribe to web-based software or discrete functions that are pay-per-use.

<div drawio-diagram="971"><img src="https://hub.subspace.services/uploads/images/drawio/2025-04/drawing-3-1744928449.png" alt=""/></div>

This business model is commonly referred to as "[Anything as a Service](https://en.m.wikipedia.org/wiki/As_a_service)" where, instead of owning a product outright, a service provider licenses access to a maintained environment for a lump sum or subscription fee. These services are fully accessible over the internet and do not require businesses to have physical access to hardware systems they maintain themselves.

<div drawio-diagram="818"><img src="https://hub.subspace.services/uploads/images/drawio/2025-04/drawing-3-1743915574.png" alt=""/></div>

Many cloud services are built on top of an [API](https://en.m.wikipedia.org/wiki/API) (Application Programming Interface) – or established specifications that allow multiple services to communicate with each other through a common language. Through an API, clients and servers alike can request and receive information from a central location.

<div drawio-diagram="970"><img src="https://hub.subspace.services/uploads/images/drawio/2025-04/drawing-3-1744928222.png" alt=""/></div>

In practice, this allows consumers to uniformly access services like [Proton Mail](https://proton.me/mail) through numerous, isolated experiences – like their website, mobile apps, and desktop software. Functionally, this also means there is only one true version of the software available – the software API server. Even though the mobile and desktop software have different version numbers, they all connect to the central API server under the control of the software provider.

## Digital Autonomy

By 2025, this business model has extended from technology conglomerates to an estimated 96% of corporations with over 60% of all corporate data stored in the cloud. By proxy, these cloud services have taken over most of the consumer-connected World Wide Web. It is [quite literally impossible to avoid them](https://gizmodo.com/i-cut-the-big-five-tech-giants-from-my-life-it-was-hel-1831304194).

The Cloud is used to invisibly control the flow of consumer data between "[front-end](https://en.m.wikipedia.org/wiki/Frontend_and_backend)" clients – such as the Google Drive website or the Pages app for iOS – and the provider's labyrinthian "[back-end](https://en.m.wikipedia.org/wiki/Frontend_and_backend)" of interconnected networks and systems located around the globe.

You can never own a physical CD with the service stored on it, available for you to install on your computer in the future. Instead, these software services often require signing up for a provider-specific account – after which, access to the product is free or follows a "[freemuim](https://en.m.wikipedia.org/wiki/Freemium)" business model.

This weakens digital autonomy by making access to software contingent on agreement to predatory end-user licenses and data practices. [79% of global corporations](https://www.statista.com/statistics/1172965/firms-collecting-personal-data/) leverage user accounts to [collect information about consumers](https://en.m.wikipedia.org/wiki/Surveillance_capitalism). This data – ranging from birthdays and addresses all the way to comprehensive dossiers about physical, behavioral and psychological profiles – can be sold to or shared with advertisers for a profit. Not even subscribing to a service will save you from surveillance capitalism and, depending on the platform, you may be specifically targeted.

[Self-Hosting](https://en.m.wikipedia.org/wiki/Self-hosting_(web_services)) is the practice of managing your own server and hosting your own services [on-premises](https://en.m.wikipedia.org/wiki/On-premises_software) instead of subscribing to a cloud provider. By managing your own infrastructure, your data stays in your possession. Much of the software available for self-hosting are created by open-source communities. This enables everyone to create their own personal cloud for themselves or a small group – like your immediate family or a small business.

This uses the same technologies as cloud computing companies, just on a smaller scale for a single home server instead of a distributed global data center infrastructure. While you are fully in control of your data, it also becomes your responsibility to maintain your server's hardware and software. While there may be an upfront investment in hardware, but results in lower overall monthly fees. You may never achieve perfect service availability, but smart planning now can minimize downtime in the future.

While most cloud services are based on the [client and server model](https://hub.subspace.services/books/world-wide-web/page/what-are-computer-networks "What are Computer Networks?") – where a central server responds to client applications – there are more self-hosted services exploring the concept of [federation](https://en.m.wikipedia.org/wiki/Federation_(information_technology)). Instead of a single designated server, each service instance behaves as an equal within a peer-to-peer network and communicate through a shared API language. For example, this allows your [OwnCloud](https://hub.subspace.services/books/owncloud "OwnCloud •") server to communicate and share files with a friend's [OwnCloud](https://hub.subspace.services/books/owncloud "OwnCloud •") server.

<div drawio-diagram="966"><img src="https://hub.subspace.services/uploads/images/drawio/2025-04/drawing-3-1744847302.png" alt=""/></div>

There are [so many open-source software projects](https://awesome-selfhosted.net/) available for self-hosting on the internet. Many services provide their own browser-based web applications, as well as platform-specific software such as an Android app. Some services – like [Radarr](https://hub.subspace.services/books/radarr "Radarr •") for managing a movie collection – operate as a single user environment. Many services offer true multi-user support with individually-customizable accounts. These generally come with an administrative panel for managing user access and configuring the service for them.

<div drawio-diagram="964"><img src="https://hub.subspace.services/uploads/images/drawio/2025-04/drawing-3-1744847060.png" alt=""/></div>

Increasingly, these disparate software packages are improving support for "[Single Sign-On](https://en.m.wikipedia.org/wiki/Single_sign-on)" services like [Authelia](https://hub.subspace.services/books/authelia "Authelia •") that offer unified user accounts across multiple self-hosted services. These services leverage open standards like [OpenID](https://openid.net/) to ensure security and privacy. Practically, this means that signing in for one service will open access to all of your self-hosted services without needing to log in again.

# Considerations

By hosting a service, we must act as designers, developers and systems administrators. Whether it is on the open internet, available to a select few, or only for your personal use – we must make sure we consider how we can safely approach it.

Hosting your own personal cloud server can provide a great deal of digital utility, but maintaining one can come with a great deal of responsibility. We must be proactive in maintaining privacy and security – for ourselves and any community whose trust we are seeking to maintain.

We will be exploring these important considerations and what we can do to address them. Depending on how you'll be using your services, you may not need to take the same measures as someone else. Making these decisions requires we consider our needs, our audience and how we'll balance the security with convenience for our server.

[![1000000719.png](https://hub.subspace.services/uploads/images/gallery/2025-06/scaled-1680-/1000000719.png)](https://hub.subspace.services/uploads/images/gallery/2025-06/1000000719.png)

Learning to balance security and privacy while creating an intuitive and approachable experience can be a difficult task, but it is perhaps the most important. While building a digital ecosystem, you'll quickly find that every decision is a trade-off between security and convenience.

Along one end, security allows us to prevent unauthorized access so we can protect private and sensitive information. We can take proactive measures by using strong randomly generated passwords, enforcing data encryption and enabling two-factor authentication.

However, as we add more steps to the process, the user experience can become more difficult to use. Remembering multiple unique passwords and entering a constantly changing authentication code every time we log in can be annoying.

The more secure we create a system, the more restricting it will generally become. It is not uncommon for the hardest part of secure tools being that they're simply hard to learn to use. If we were to use the most secure enterprise tools available, we'd have to sacrifice usability and convenience – both for setup and continued usage.

In practice, there cannot be a system that is fully secure because then we would never be able to access it. To that end, convenience is important to consider because it can affect and inform how people will use that system.

When a user is frustrated by the inconvenience of remembering multiple random passwords, they may seek to remove a step in the process by writing down the password and attaching them to the monitor. People may hunt down insecure ways to access a system – decreasing security for everyone.

We need to find an ideal medium between our control over a system and our ability to use it. [Threat modeling](https://en.m.wikipedia.org/wiki/Threat_model) is a necessity to understand that balance point for our purposes. Through four targeted questions, we will explore how these apply to us.

## Threat Models

Security is not a checklist of steps to be completed, but an active and ongoing discussion's. When stopping to consider the largest and most likely threats to our security, we have begun to create a [threat model](https://en.m.wikipedia.org/wiki/Threat_model). They are a vitally important step to building a relationship with security.

In cyber security, a threat is any event undermines your ability to keep your data private and system secure. This can be the intentional actions of a malicious actor, an accidentally unsecured website offering a backdoor, or people intentionally getting around confusing security measures.

It's impossible to plan for every potential edge case, which is why a threat model focuses on the most probable and critical threats. Once we have a better understanding of these weaknesses, we can [create safeguards and prioritize countermeasures](https://learn.microsoft.com/en-us/previous-versions/commerce-server/ee823878(v=cs.20)?redirectedfrom=MSDN).

The [threat model outlines a defensive gameplan](https://www.threatmodelingmanifesto.org//) that provides a systematic overview. This covers what the system will be, who will have access, who might attack and why, as well as what they're hoping to acquire and how they might do it.

<table border="1" class="align-left" id="bkmrk-stylus_laser_pointer" style="border-collapse: collapse; width: 600px; border-width: 0px; height: 261.6px; border-spacing: 5px;"><colgroup><col style="width: 7.02367%;"></col><col style="width: 92.9744%;"></col></colgroup><tbody><tr style="height: 43.6px;"><td class="align-center" style="height: 43.6px; border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Orbit</span>

</td><td class="align-left" style="height: 43.6px; border-width: 0px; padding: 5px;">**System**

This covers what exactly we are trying to protect – what it does, how it does it, and why it is important to us. This will help us understand the boundaries of the [system](https://en.m.wikipedia.org/wiki/System) we need to work on protecting.

</td></tr><tr style="height: 43.6px;"><td class="align-center" style="height: 43.6px; border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Encrypted</span></td><td class="align-left" style="height: 43.6px; border-width: 0px; padding: 5px;">**Authorized Access**

By having a greater understanding of who should be [authorized](https://en.m.wikipedia.org/wiki/Authorization) to access our system, we can begin to setup [access controls](https://en.m.wikipedia.org/wiki/Access_control) that define who has the ability to use different parts of the system.

</td></tr><tr style="height: 43.6px;"><td class="align-center" style="height: 43.6px; border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Report</span></td><td class="align-left" style="height: 43.6px; border-width: 0px; padding: 5px;">**Malicious Actor**

Once we know who is allowed to interact with our system, we'll be better able to describe who shouldn't be. A [threat actor](https://en.m.wikipedia.org/wiki/Threat_actor) is any person or collective that attempt to exploit [vulnerabilities](https://en.m.wikipedia.org/wiki/Vulnerability) in order to gain unauthorized access that allows them to perform a targeted attack to extract data or disrupt operations.

</td></tr><tr style="height: 43.6px;"><td class="align-center" style="height: 43.6px; border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Trophy</span></td><td class="align-left" style="height: 43.6px; border-width: 0px; padding: 5px;">**Motivation**

It is important to consider why a malicious actor might choose to commit [cyber crime](https://en.m.wikipedia.org/wiki/Cybercrime). While hackers may be state- or corporate-sponsored, there are also more personally motivated reasons: stealing money, extracting private data, fulfilling an agenda or simply for the thrill of getting away with hacking.

</td></tr><tr><td style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Target</span></td><td style="border-width: 0px; padding: 5px;">**Target**

An important facet to consider while deciphering an attackers motivation is their target and what they're hoping to acquire. When a hacker is seeking money, they may steal it directly – or extort it through malware that encrypts personal data behind a paywall.

</td></tr><tr><td style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Bomb</span></td><td style="border-width: 0px; padding: 5px;">**Attack Vector**

When a malicious actor has made the decision to attack to get their desired target, they will need to figure out how. Depending on what they're after, there are various strategies they can employ – each informed by what they're hoping to achieve.

</td></tr></tbody></table>

While considering these facets of security, you might start to see the ways it can be broken. By [creating a threat model](https://www.privacyguides.org/en/basics/threat-modeling/), we can identify key weaknesses and implement safeguards throughout its lifetime. This is not checklist, but instead an ongoing discussion to surface any potential (and emergent) flaws.

Through a series of questions, we will explore the potential weaknesses within the systems outlined within these guides. Alongside exploring how to proactively protect against these potential attack vectors, you will need to explore whether they're the right option for you.

### How Large is Your Community?

This is important to identify because it can help us draw boundaries around potential malicious actors. When hosting a small server for your own personal use, there are far fewer people you need to worry about overall. Meanwhile, orchestrating several websites each catering to a hundred people has much more risk involved.

The cloud server systems provided by this guide are similar techniques to large companies – but they have a magnitude of scale more computing power. Realistically, a refurbished workstation and the tools provided herein will work decently well for supporting up to twenty-five people. The quality of their service depends on several factors:

<table border="1" class="align-left" id="bkmrk-language-internet-co" style="border-collapse: collapse; width: 600px; border-width: 0px; height: 261.6px; border-spacing: 5px;"><colgroup><col style="width: 7.02367%;"></col><col style="width: 92.9744%;"></col></colgroup><tbody><tr style="height: 43.6px;"><td class="align-center" style="height: 43.6px; border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Language</span>

</td><td class="align-left" style="height: 43.6px; border-width: 0px; padding: 5px;">**Internet Connection**

When hosting a web server, one key component is the quality of your Internet connection. This is imperative for maintaining performance, stability and a pleasant user experience.

Imagine that your home's internet connection is a pipe connecting you to a service provider. You can measure how fast data moves through the pipe, as well as how wide the pipe is – effectively transporting more data over time.

[![1000000835.jpg](https://hub.subspace.services/uploads/images/gallery/2025-06/scaled-1680-/1000000835.jpg)](https://hub.subspace.services/uploads/images/gallery/2025-06/1000000835.jpg)

[![1000000837.png](https://hub.subspace.services/uploads/images/gallery/2025-06/scaled-1680-/1000000837.png)](https://hub.subspace.services/uploads/images/gallery/2025-06/1000000837.png)

This is the difference between speed and bandwidth. While speed is often concretely measured in M/bits, bandwidth can be more difficult to define. For a residential connection, the bandwidth may be shared among multiple homes or families. Additionally, the connection technology – like cable or mobile broadband – can dictate how much data can be transmitted concurrently.

</td></tr><tr style="height: 43.6px;"><td class="align-center" style="height: 43.6px; border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Power</span></td><td class="align-left" style="height: 43.6px; border-width: 0px; padding: 5px;">**Power Requirements**

Hosting a computer server and operating all of the required peripherals requires electricity. This may change over time as your needs evolve and you add hardware to fulfill them.

The more powerful the computer, the greater those requirements – while a mini PC may need 150W, a workstation can requires upwards of 600W. This can [cause a strain on house wiring and greatly increase your monthly power bill](https://hub.subspace.services/books/your-personal-cloud/page/power "Power").

<p class="callout info">When possible, try to spread out your power draw among multiple sockets.</p>

</td></tr><tr style="height: 43.6px;"><td class="align-center" style="height: 43.6px; border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Moving</span></td><td class="align-left" style="height: 43.6px; border-width: 0px; padding: 5px;">**Scaling**

When it comes to hosting a digital space, it is important to consider how needs will grow. Our requirements have a tendency to scale over time – more storage, extra power and faster internet.

[![1000000838.png](https://hub.subspace.services/uploads/images/gallery/2025-06/scaled-1680-/1000000838.png)](https://hub.subspace.services/uploads/images/gallery/2025-06/1000000838.png)

When hosting a media server, digital files can require more hard drive storage. Providing service to more people requires greater bandwidth and more powerful hardware – all of which costs additional money. While these necessities take some time to surface, it can be helpful to plan for upgrades going in.

</td></tr><tr style="height: 43.6px;"><td class="align-center" style="height: 43.6px; border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Gavel</span></td><td class="align-left" style="height: 43.6px; border-width: 0px; padding: 5px;">**Legal Concerns**

Depending on what you will be using your server for, there may be legal concerns that must be considered. By offering services to people over the internet, we are entering a contract with our community.

- ***Privacy Laws:*** When running a website, the host must follow all relevant laws about use privacy – such as the [General Data Protection Regulation](https://gdpr.eu/what-is-gdpr/) and [California Consumer Privacy Act](https://oag.ca.gov/privacy/ccpa). This can include writing an accessible [privacy policy](https://en.m.wikipedia.org/wiki/Privacy_policy).
- ***Do Not Track:*** When using [cookies](https://en.m.wikipedia.org/wiki/HTTP_cookie) with your website, you are required to inform the user.
- ***Intellectual Property:*** When making digital content available over the internet, adding a [copyright notice](https://en.m.wikipedia.org/wiki/Copyright_notice) allows you to retain control.
- ***Copyright Responsibility:*** Web hosts are responsible for the content they provide – including copyrighted media made available on it illegally by community members. The Digital Millennium Copyright Act outlines the the laws associated with sharing works without permission by the creator.
- ***Accessibility:*** There are legal requirements for providing digital content as regulated by the Americans with Disabilities Act. The [Web Content Accessibility Guidelines](https://www.w3.org/WAI/standards-guidelines/wcag/) explores making accessible web content.
- ***Data Security:*** When hosting a website that stores the private information of community members, it is your responsibility to ensure that you follow security best practices.
- ***E-commerce Regulations:*** When handling financial information over the internet, there are [rules regarding how it can be conducted](https://en.m.wikipedia.org/wiki/E-commerce).
- ***Defining Expectations:*** While operating a service, it can be helpful to cover your bases by defining [terms and conditions](https://en.m.wikipedia.org/wiki/Contractual_term) – such as an [acceptable use policy](https://en.m.wikipedia.org/wiki/Acceptable_use_policy).

</td></tr><tr><td style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Diversity\_3</span></td><td style="border-width: 0px; padding: 5px;">**Community Dynamics**

When offering services to a community, you must keep in mind the support you will need to provide. This will manifest differently depending on the services you are hosting.

- ***Code of Conduct:*** When creating a public space where people interact, it is necessary to state [norms, rules and responsibilities](https://en.m.wikipedia.org/wiki/Code_of_conduct).
- ***Moderation:*** Enabling communication within a community necessitates the enforcement of the rules to ensure a safe space for all.
- ***Tech Support:*** In the event that something goes wrong, you'll need to offer the time to help get it working again.
- ***Outreach:*** Growing a platform requires an investment in community relationships.

</td></tr></tbody></table>

### What is Your Attack Surface?

When dealing with a software environment powered by physical hardware – such as hosting a server – you need to consider your level of exposure. There are often many [vectors](https://en.m.wikipedia.org/wiki/Attack_vector) that [malicious actors](https://en.m.wikipedia.org/wiki/Threat_actor) can exploit to attack software systems. An [attack surface](https://en.m.wikipedia.org/wiki/Attack_surface) is the sum total of all possible vulnerabilities within the system being examined.

The goal of [cybersecurity](https://en.m.wikipedia.org/wiki/Computer_security) is an [attack surface that is as small as possible](https://www.cs.cmu.edu/afs/cs/usr/wing/www/publications/ManadhataWing04.pdf) with [proactive protection against known weaknesses](https://commons.erau.edu/jdfsl/vol12/iss2/8/). The digital landscape continues to change rapidly, only increasing the necessity of systematic threat analysis.

Measuring your attack surface is an ongoing process that can expand over time – often unevenly. As you add more hardware, the more potential you have for encountering vulnerability within the system.

As you provide community services and offer access to broader audiences, your threats deepen. While you may be able to exert control over a private cloud server, members have their own autonomy – to enforce or eschew best security practices. More moving parts invites more risk: can you ensure that your friend will use a strong password?

When approaching security in software development, there are two important philosophies that inform the choices made:

<table border="1" class="align-left" id="bkmrk-lens_blur-security-t" style="border-collapse: collapse; width: 600px; border-width: 0px; height: 261.6px; border-spacing: 5px;"><colgroup><col style="width: 7.02367%;"></col><col style="width: 92.9744%;"></col></colgroup><tbody><tr><td style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Castle</span>

</td><td style="border-width: 0px; padding: 5px;">**Security By Design**

This [paradigm](https://en.m.wikipedia.org/wiki/Secure_by_design) enables the creation foundationally secure software. Developers often [employ best practices](https://ieeexplore.ieee.org/document/7958491) focused on:

- **[Privacy](https://en.m.wikipedia.org/wiki/Privacy):** When we hold the power to make our own decisions about data, we assert the fundamental right to selective seclusion.
- **[Integrity](https://en.m.wikipedia.org/wiki/Data_integrity):** When data is ensured to be accurate and reliable, we can build systems that we place our trust into.
- ***[Stability](https://en.m.wikipedia.org/wiki/Stability_model):*** When software's foundation is well-defined and resistant to change, it is more difficult to exploit reliably.
- ***[Robustness](https://en.m.wikipedia.org/wiki/Robustness):*** When a system can withstand the unexpected, it can remain secure even when under attack.
- ***[Safety](https://en.m.wikipedia.org/wiki/Safety):*** When the ultimate goal is freedom from harm, we consider our choices much more carefully.
- ***[Accountability](https://en.m.wikipedia.org/wiki/Accountability):*** When you know who made what changes to software, you can dissuade malicious actors
- ***[Usability](https://en.m.wikipedia.org/wiki/Usability):*** When a person can understand your software, they put themselves in charge of their own security.

It is not uncommon to employ [open security](https://en.wikipedia.org/wiki/Open_security) practices that leverage the community. While closed software relies on keeping flaws hidden, open security relies on the oversight of everyone who uses and contributes to the software.

</td></tr><tr style="height: 43.6px;"><td class="align-center" style="height: 43.6px; border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Lens\_blur</span>

</td><td class="align-left" style="height: 43.6px; border-width: 0px; padding: 5px;">**Security By Obscurity**

This [paradigm](https://en.wikipedia.org/wiki/Security_through_obscurity) relies on concealing how the software works as a proactive security measure. While security traditionally constitutes physical locks or safeguards, this approach relies on [sleight of hand](https://en.m.wikipedia.org/wiki/Sleight_of_hand) – such as a key obscured by shadows as it rests on a car tire.

[![1000000853.jpg](https://hub.subspace.services/uploads/images/gallery/2025-07/scaled-1680-/1000000853.jpg)](https://hub.subspace.services/uploads/images/gallery/2025-07/1000000853.jpg)

This philosophy assumes that secrets with remain secret – but this is often not the case. This is heavily employed by proprietary software by obscuring source code. While this can complement an already robust system, it is deeply discouraged as the sole security.

</td></tr></tbody></table>

Confidentiality, integrity and availability are the [core underlying of security](https://en.m.wikipedia.org/wiki/CIA_triad). Ensuring there is no unauthorized access or modification while keeping systems always available requires careful planning.

#### Step 1: Visualize Systems

Before we can correct any potential vulnerabilities, we need to [take stock of our hardware and software systems](https://web.archive.org/web/20170306025153/https://www.skyboxsecurity.com/sites/default/files/Attack%20Surface%20Visualization.pdf). This will include making a list of internet-connection electronic devices, such as:

<table border="1" class="align-left" id="bkmrk-desktop_windows-comp" style="border-collapse: collapse; width: 600px; border-width: 0px; height: 261.6px; border-spacing: 5px;"><colgroup><col style="width: 7.02367%;"></col><col style="width: 92.9744%;"></col></colgroup><tbody><tr><td style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Desktop\_windows</span>

</td><td style="border-width: 0px; padding: 5px;">**Computers**

These devices – often using x86 processors – are connected to the Internet using a variety of local (physical) means.

- Workstations
- Desktops
- Laptops

</td></tr><tr style="height: 43.6px;"><td class="align-center" style="height: 43.6px; border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Smartphone</span>

</td><td class="align-left" style="height: 43.6px; border-width: 0px; padding: 5px;">**Mobile Devices**

These devices generally focus on a "cloud-first" approach and wireless connection methods for improved portability.

- Cellphones
- Tablets
- Smart Watches

</td></tr><tr><td style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Terminal</span>

</td><td style="border-width: 0px; padding: 5px;">**Software**

User applications add more variability to the defined standards of operating systems.

- Servers
- Drivers

</td></tr><tr><td style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Router</span>

</td><td style="border-width: 0px; padding: 5px;">**Communication**

Computers process information independently and often transmit their data over a network – either local or regional in scale.

- Wired Networks
- Wireless Networks
- Personal Area Networks
- Networking Devices

</td></tr><tr><td style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Home\_iot\_device</span>

</td><td style="border-width: 0px; padding: 5px;">**Internet-of-Things Smart Devices**

These devices often contain system-on-a-chip computers that enable updates over the Internet.

- Appliances
- Climate Control
- Lighting
- Sensors
- Speakers
- Microphones
- Security Devices

</td></tr></tbody></table>

\[\[Basic diagram of some devices and the ways they connect\]\]

Your digital attack surface will change shape from day-to-day and continue to morph over time. While computers may shut off at night or disconnect from the Internet, a server will always be a beacon visible over the network.

As the number of vulnerable points grow and opens potential for attacks, defenses become even more important. In the worst case clscenario, [malicious actors only need one exploit](https://web.archive.org/web/20170306025153/https://www.skyboxsecurity.com/sites/default/files/Attack%20Surface%20Visualization.pdf) to gain unauthorized access. These are some common elements:

<table border="1" class="align-left" id="bkmrk-person-user-%C2%A0-this-p" style="border-collapse: collapse; border-width: 0px; height: 261.6px; border-spacing: 5px;"><colgroup><col style="width: 42px;"></col><col style="width: 558px;"></col></colgroup><tbody><tr><td style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Host</span>

</td><td style="border-width: 0px; padding: 5px;">**Physical Access**

When a malicious actor gains physical access to the hardware – such as your server or network router – they have the potential to cause damage. This can be to the physical hardware components as well as the digital systems that they embody.

Computer ports that are used for communication and data transmission may come with their own flaws that can create unintended vulnerabilities. Ethernet ports can be used to deliver [destructive electrical shocks](https://en.m.wikipedia.org/wiki/USB_killer) and USB can be used to [log every key you press](https://en.m.wikipedia.org/wiki/Hardware_keylogger) on your keyboard.

</td></tr><tr style="height: 43.6px;"><td class="align-center" style="height: 43.6px; border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Lan</span>

</td><td class="align-left" style="height: 43.6px; border-width: 0px; padding: 5px;">**Local Network Access**

By gaining access to the networks that computers use to communicate, it is possible to [piggyback](https://en.m.wikipedia.org/wiki/Piggybacking_(security)) access to connected systems. This allows malicious actors to use your secure credentials to gain unauthorized access.

There are varying types of local networks ranging from personal devices to household electronics. This can include connecting a device directly to your router through Ethernet, gaining access to your Wi-Fi network or connecting over Bluetooth.

</td></tr><tr><td style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Captive\_portal</span>

</td><td style="border-width: 0px; padding: 5px;">**Remote Access**

Gaining the ability to control your computer over the Internet can involve compromising hardware, as well as leveraging exploits within software. There are so many applications available and each may come with their own vulnerabilities.

In addition to holes with an application's defenses leaving you open to an attack, malicious software can be distributed by hackers with the explicit intentions of gaining unauthorized remote access. There are numerous tactics that can be employed to reach the desired goal:

- ***[Malware](https://en.m.wikipedia.org/wiki/Malware):*** This "malicious software" is an umbrella term for programs created to cause digital disruptions.
- ***[Worm](https://en.m.wikipedia.org/wiki/Computer_worm):*** This malware can replicate itself onto other devices in the local network.
- ***[Virus](https://en.m.wikipedia.org/wiki/Computer_virus):*** This malware can be used to modify the way another program operates by infecting them with unauthorized program code.
- ***[Trojan](https://en.m.wikipedia.org/wiki/Trojan_horse_(computing)):*** This malware claims to perform a beneficial function, but instead can be used to compromise security.
- ***[Ransomware](https://en.m.wikipedia.org/wiki/Ransomware):*** This malware encrypts personal data until a ransom is paid to the perpetrating actor.
- ***[Keylogger](https://en.m.wikipedia.org/wiki/Keyloggers):*** This malware can be used to covertly record every key press on your keyboard and report back to the hacker.

</td></tr><tr><td style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Settings\_alert</span>

</td><td style="border-width: 0px; padding: 5px;">**Misconfiguration**

When software is configured incorrectly – such as accidentally enabling a feature that you don't monitor – can lead to unexpected consequences. When you don't accurately know the perimeter of your attack surface, malicious actors can find entry points that not even you were aware of.

This can be as simple as using an insecure password that is easy to guess, or as critical as forgetting to secure your Wi-Fi network. While many software programs come with accessible "out-of-the-box" configuration, they are not often [hardened for security](https://en.m.wikipedia.org/wiki/Hardening_(computing)).

While there are many ways that a system can become misconfigured, they all result in the same threat: vulnerability to authorized access to your private data. These are common areas:

- ***Permissive Rules:*** Software can come with permissive rules that default to allowing access for convenience rather than requiring authorization.
- ***Access Control:*** Linux files can have complex file permissions governing who can access files
- ***Identity Management:*** which provides attackers easy access to applications.
- ***Directory Server:*** which exposes administrator and domain credentials.
- ***File Servers:*** smb, by making them available without security to a local network, even a Linux server can spread viruses across windows machines.
- ***SSL Certificates:*** These are used to ensure secure communication between two servers, such as through a web browser using HTTPs.
- ***API Access:*** which leaves unrestricted endpoints and unprotected files.
- ***Networking:*** which is incorrect configuration of an information system.
- ***Web Server:*** which often includes unnecessary default and sample files.

</td></tr><tr><td style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Domino\_mask</span>

</td><td style="border-width: 0px; padding: 5px;">**Privacy**

[WHOIS](https://en.m.wikipedia.org/wiki/WHOIS) registration

You will be sharing your public IP address with the world.

Domain registration

Credit card payments

Things that are tied back to you by address, name and money.

</td></tr><tr><td class="align-center" style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Deployed\_code</span></td><td style="border-width: 0px; padding: 5px;">**Dependencies**

[Web Frameworks](https://en.m.wikipedia.org/wiki/Web_framework "Web framework") (PHP, Apache, Java, etc.)

[Web Server](https://en.m.wikipedia.org/wiki/Web_Server "Web Server") Services (email, database, applications)

</td></tr><tr><td class="align-center" style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Psychology</span></td><td style="border-width: 0px; padding: 5px;">**Social Engineering**

Phishing

</td></tr></tbody></table>

<sup class="reference" id="bkmrk-%5B4%5D-4"></sup>

#### Step 2. Define Boundaries 

**Step 2: Find indicators of exposures.** The second step is to correspond each indicator of a vulnerability being potentially exposed to the visualized map in the previous step. IOEs include "missing security controls in systems and software".<sup class="reference" id="bkmrk-%5B4%5D-2">[<span class="cite-bracket">\[</span>4<span class="cite-bracket">\]</span>](https://en.m.wikipedia.org/wiki/Attack_surface#cite_note-:0-4)</sup>

Define your boundaries

Who do I want to protect it from?

What do you consider an attack?

<table border="1" class="align-left" id="bkmrk-cloud_off-denial-of-" style="border-collapse: collapse; border-width: 0px; height: 261.6px; border-spacing: 5px;"><colgroup><col style="width: 42px;"></col><col style="width: 558px;"></col></colgroup><tbody><tr><td style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Cloud\_off</span>

</td><td style="border-width: 0px; padding: 5px;">**Denial of Service**

DDos

</td></tr><tr style="height: 43.6px;"><td class="align-center" style="height: 43.6px; border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Gpp\_maybe</span>

</td><td class="align-left" style="height: 43.6px; border-width: 0px; padding: 5px;">**Unauthorized Access**

Malicious Actor

limiting user access

Strong and or randomly generated passwords

Different passwords for different services

  
Physical security

Firewall

</td></tr><tr><td style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Water\_lock</span>

</td><td style="border-width: 0px; padding: 5px;">**Data Leaks**

Docker vs vm vs bare metal

When running all your services through your bare operating system, such as on Debian, there is possibility for a vulnerability in that application to breach containment and effect other applications. By using a docker container, these processes are virtually separated into different operating systems that make it more difficult for a vulnerability in one container to affect the others.

Phishing  
SQL injection  
Xss attacks

Phishing  
Social engineering

</td></tr><tr><td style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Swords</span>

</td><td style="border-width: 0px; padding: 5px;">**Brute Force Attack**

Brute force

[https://en.m.wikipedia.org/wiki/Brute-force\_attack](https://en.m.wikipedia.org/wiki/Brute-force_attack)

In [cryptography](https://en.m.wikipedia.org/wiki/Cryptography "Cryptography"), a **brute-force attack** or **exhaustive key search** is a [cryptanalytic attack](https://en.m.wikipedia.org/wiki/Cryptanalytic_attack "Cryptanalytic attack") that consists of an attacker submitting many possible [keys](https://en.m.wikipedia.org/wiki/Key_(cryptography) "Key (cryptography)") or [passwords](https://en.m.wikipedia.org/wiki/Password "Password") with the hope of eventually guessing correctly. This strategy can theoretically be used to break any form of encryption that is not [information-theoretically secure](https://en.m.wikipedia.org/wiki/Information-theoretically_secure "Information-theoretically secure").<sup class="reference" id="bkmrk-%5B1%5D-1">[<span class="cite-bracket">\[</span>1<span class="cite-bracket">\]</span>](https://en.m.wikipedia.org/wiki/Brute-force_attack#cite_note-FOOTNOTEPaarPelzlPreneel20107-1)</sup> However, in a properly designed cryptosystem the chance of successfully guessing the key is negligible.

</td></tr><tr style="height: 43.6px;"><td class="align-center" style="height: 43.6px; border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Pest\_control</span></td><td class="align-left" style="height: 43.6px; border-width: 0px; padding: 5px;">**Web Crawler**

bots and web crawlers

[https://en.m.wikipedia.org/wiki/Web\_crawler](https://en.m.wikipedia.org/wiki/Web_crawler)

**Web crawler**, sometimes called a **spider** or **spiderbot** and often shortened to **crawler**, is an [Internet bot](https://en.m.wikipedia.org/wiki/Internet_bot "Internet bot") that systematically browses the [World Wide Web](https://en.m.wikipedia.org/wiki/World_Wide_Web "World Wide Web") and that is typically operated by search engines for the purpose of [Web indexing](https://en.m.wikipedia.org/wiki/Web_indexing "Web indexing") (*web spidering*).<sup class="reference" id="bkmrk-%5B1%5D-4">[<span class="cite-bracket">\[</span>1<span class="cite-bracket">\]</span>](https://en.m.wikipedia.org/wiki/Web_crawler#cite_note-1)</sup>

Crawlers consume resources on visited systems and often visit sites unprompted. Issues of schedule, load, and "politeness" come into play when large collections of pages are accessed. Mechanisms exist for public sites not wishing to be crawled to make this known to the crawling agent. For example, including a `<a href="https://en.m.wikipedia.org/wiki/Robots.txt" title="Robots.txt">robots.txt</a>` file can request [bots](https://en.m.wikipedia.org/wiki/Software_agent "Software agent") to index only parts of a website, or nothing at all.

Claude ai bots

https://en.m.wikipedia.org/wiki/Claude\_(language\_model)

</td></tr></tbody></table>

<sup class="reference" id="bkmrk--22"></sup>

#### Step 3. Create Safeguards

**Step 3: Find indicators of compromise.** This is an indicator that an attack has already succeeded.<sup class="reference" id="bkmrk-%5B4%5D-3">[<span class="cite-bracket">\[</span>4<span class="cite-bracket">\]</span>](https://en.m.wikipedia.org/wiki/Attack_surface#cite_note-:0-4)</sup>

<sup class="reference"><span class="cite-bracket">Add safeguards</span></sup>

One of the most simple and important ways to protect data and security is through encryption.

Encryption

[https://en.wikipedia.org/wiki/Encryption](https://en.wikipedia.org/wiki/Encryption)

[![1000000718.jpg](https://hub.subspace.services/uploads/images/gallery/2025-06/scaled-1680-/1000000718.jpg)](https://hub.subspace.services/uploads/images/gallery/2025-06/1000000718.jpg)

In [cryptography](https://en.m.wikipedia.org/wiki/Cryptography_law "Cryptography law"), **encryption** (more specifically, [encoding](https://en.m.wikipedia.org/wiki/Code "Code")) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as [plaintext](https://en.m.wikipedia.org/wiki/Plaintext "Plaintext"), into an alternative form known as [ciphertext](https://en.m.wikipedia.org/wiki/Ciphertext "Ciphertext"). Despite its goal, encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor.

<table border="1" class="align-left" id="bkmrk-domino_mask-data-at-" style="border-collapse: collapse; border-width: 0px; height: 261.6px; border-spacing: 5px;"><colgroup><col style="width: 42px;"></col><col style="width: 558px;"></col></colgroup><tbody><tr><td style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Circle</span>

</td><td style="border-width: 0px; padding: 5px;">**Data at Rest**

disk encryption

encryption at rest

[https://en.wikipedia.org/wiki/Data\_at\_rest](https://en.wikipedia.org/wiki/Data_at_rest)

**Data at rest** in [information technology](https://en.m.wikipedia.org/wiki/Information_technology "Information technology") means data that is housed physically on [computer data storage](https://en.m.wikipedia.org/wiki/Computer_data_storage "Computer data storage") in any digital form (e.g. [cloud storage](https://en.m.wikipedia.org/wiki/Cloud_storage "Cloud storage"), [file hosting services](https://en.m.wikipedia.org/wiki/File_hosting_service "File hosting service"), [databases](https://en.m.wikipedia.org/wiki/Database "Database"), [data warehouses](https://en.m.wikipedia.org/wiki/Data_warehouse "Data warehouse"), [spreadsheets](https://en.m.wikipedia.org/wiki/Spreadsheet "Spreadsheet"), archives, tapes, off-site or cloud backups, [mobile devices](https://en.m.wikipedia.org/wiki/Mobile_device "Mobile device") etc.). Data at rest includes both structured and unstructured data.<sup class="reference" id="bkmrk-%5B1%5D-5">[<span class="cite-bracket">\[</span>1<span class="cite-bracket">\]</span>](https://en.m.wikipedia.org/wiki/Data_at_rest#cite_note-1)</sup> This type of data is subject to threats from hackers and other malicious threats to gain access to the data digitally or physical theft of the data storage media. To prevent this data from being accessed, modified or stolen, organizations will often employ security protection measures such as password protection, data encryption, or a combination of both. The security options used for this type of data are broadly referred to as **data-at-rest protection** (**DARP**).<sup class="reference" id="bkmrk-%5B2%5D-2">[<span class="cite-bracket">\[</span>2<span class="cite-bracket">\]</span>](https://en.m.wikipedia.org/wiki/Data_at_rest#cite_note-2)</sup>

</td></tr><tr style="height: 43.6px;"><td class="align-center" style="height: 43.6px; border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Bubble</span>

</td><td class="align-left" style="height: 43.6px; border-width: 0px; padding: 5px;">**Data in Use**

encryption in use

This can be difficult without specialized hardware that employs active encryption, such as ram and a processor. Software provides some data in use security.

<span class="ct-span oxy-stock-content-styles" id="bkmrk-encrypting-in-use-da">Encrypting in-use data is computationally intensive. The process requires the computer to encrypt and decrypt data in [real-time](https://phoenixnap.com/glossary/real-time-technology), which often introduces performance overhead. This issue is a major reason why most adopters process data in the public cloud, a strategy that grants access to sufficiently powerful [hardware](https://phoenixnap.com/glossary/what-is-hardware).</span>

https://en.wikipedia.org/wiki/Data\_in\_use

[https://phoenixnap.com/blog/encryption-in-use](https://phoenixnap.com/blog/encryption-in-use)

**Data in use** is an [information technology](https://en.m.wikipedia.org/wiki/Information_technology "Information technology") term referring to active [data](https://en.m.wikipedia.org/wiki/Data "Data") which is stored in a non-persistent digital state or [volatile memory](https://en.m.wikipedia.org/wiki/Volatile_memory "Volatile memory"), typically in computer [random-access memory](https://en.m.wikipedia.org/wiki/Random-access_memory "Random-access memory") (RAM), [CPU caches](https://en.m.wikipedia.org/wiki/CPU_cache "CPU cache"), or [CPU registers](https://en.m.wikipedia.org/wiki/CPU_register "CPU register").<sup class="reference" id="bkmrk-%5B1%5D-7">[<span class="cite-bracket">\[</span>1<span class="cite-bracket">\]</span>](https://en.m.wikipedia.org/wiki/Data_in_use#cite_note-:0-1)</sup>

[Scranton, PA](https://en.m.wikipedia.org/wiki/Scranton,_PA "Scranton, PA") data scientist Daniel Allen in 1996 proposed *data in use* as a complement to the terms *[data in transit](https://en.m.wikipedia.org/wiki/Data_in_transit "Data in transit")* and *[data at rest](https://en.m.wikipedia.org/wiki/Data_at_rest "Data at rest")*, which together define the three states of [digital data](https://en.m.wikipedia.org/wiki/Digital_data "Digital data").

Protecting data in use  
  
Data in use could be handled in protected memory or the data can be transformed for use. An example would be the use of a hash of the original data for comparison purposes like when performing password verifications.  
  
Example: password verification  
  
 The user password is protected at rest through hashing (usually with a salt)  
 The user's entered password is protected in use through hashing  
 The user's password hash is protected in transit between the authentication requesting system and the centralised authentication server over an encrypted channel (TLS, SSH)  
  
The best way to secure data in use is to restrict access by user role, limiting system access to only those who need it. Even better would be to get more granular and restrict access to the data itself.

</td></tr><tr><td style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Animation</span>

</td><td style="border-width: 0px; padding: 5px;">**Data in Transit**

Https enceyption

encryption in transit

[https://en.wikipedia.org/wiki/Data\_in\_transit](https://en.wikipedia.org/wiki/Data_in_transit)

**Data in transit**, also referred to as **data in motion**<sup class="reference" id="bkmrk-%5B1%5D-6">[<span class="cite-bracket">\[</span>1<span class="cite-bracket">\]</span>](https://en.m.wikipedia.org/wiki/Data_in_transit#cite_note-1)</sup> and **data in flight**,<sup class="reference" id="bkmrk-%5B2%5D-3">[<span class="cite-bracket">\[</span>2<span class="cite-bracket">\]</span>](https://en.m.wikipedia.org/wiki/Data_in_transit#cite_note-2)</sup> is data en route between source and destination, typically on a [computer network](https://en.m.wikipedia.org/wiki/Computer_network "Computer network").

Data in transit can be separated into two categories: information that flows over the public or untrusted network such as the Internet and data that flows in the confines of a private network such as a corporate or enterprise [local area network](https://en.m.wikipedia.org/wiki/Local_area_network "Local area network") (LAN).<sup class="reference" id="bkmrk-%5B3%5D-2">[<span class="cite-bracket">\[</span>3<span class="cite-bracket">\]</span>](https://en.m.wikipedia.org/wiki/Data_in_transit#cite_note-3)</sup>

Data in transit is used as a complement to the terms *[data in use](https://en.m.wikipedia.org/wiki/Data_in_use "Data in use")*, and *[data at rest](https://en.m.wikipedia.org/wiki/Data_at_rest "Data at rest")* which together define the three states of [digital data](https://en.m.wikipedia.org/wiki/Digital_data "Digital data").<sup class="reference" id="bkmrk-%5B4%5D-5">[<span class="cite-bracket">\[</span>4<span class="cite-bracket">\]</span>](https://en.m.wikipedia.org/wiki/Data_in_transit#cite_note-4)</sup>

end to end encryption

</td></tr></tbody></table>

using all three to ensure data is always encrypted.

On top of this foundation, we can add targeted defenses to help shore up security from specific angles

<table border="1" class="align-left" id="bkmrk-verified_user-authen" style="border-collapse: collapse; border-width: 0px; height: 261.6px; border-spacing: 5px;"><colgroup><col style="width: 42px;"></col><col style="width: 558px;"></col></colgroup><tbody><tr><td style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Verified\_user</span>

</td><td style="border-width: 0px; padding: 5px;">**Authentication**

This can be on the local server by restricting it only to the administrator.

This can also mean limiting access to services behind a tool like Authelia.

two factor  
totp

Vpn vs proxy

[How to Remotely Connect](https://hub.subspace.services/books/world-wide-web/page/how-to-remotely-connect "How to Remotely Connect")

A VPN requires preconfigured authentication to access the server, whereas a proxy server provides access to the general public that can then have layers of security added.

</td></tr><tr style="height: 43.6px;"><td class="align-center" style="height: 43.6px; border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Shield\_toggle</span>

</td><td class="align-left" style="height: 43.6px; border-width: 0px; padding: 5px;">**Proper Configuration**

disable robots

</td></tr><tr><td style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Encrypted</span>

</td><td style="border-width: 0px; padding: 5px;">**Physical Security**

Lock case

Restrict access to server

Remove keyblard and mouse unless needed

</td></tr><tr><td style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Policy</span>

</td><td style="border-width: 0px; padding: 5px;">**Monitoring**

intrusion protection services

Monitoring services  
Swag dashboard  
Fail2ban

</td></tr><tr><td style="border-width: 0px; padding: 5px;"><span class="material-symbols-outlined">Security</span>

</td><td style="border-width: 0px; padding: 5px;">**Isolation**

LAN access vs server only access (127.0.0.1:80:80) vs 80:80

Within docker, containers can be configured to be accessible over the local network to all computers, as well as restricted to access from only the local machine. This means you can open it while using a browser on the server computer, but your other computers cannot access it over the network.

</td></tr></tbody></table>

kill switch

[https://en.m.wikipedia.org/wiki/Kill\_switch](https://en.m.wikipedia.org/wiki/Kill_switch)

A **kill switch**, also known more formally as an **emergency brake**, **emergency stop** (**E-stop**), **emergency off** (**EMO**), or **emergency power off** (**EPO**), is a [safety](https://en.m.wikipedia.org/wiki/Safety "Safety") mechanism used to shut off [machinery](https://en.m.wikipedia.org/wiki/Machine "Machine") in an [emergency](https://en.m.wikipedia.org/wiki/Emergency "Emergency"), when it cannot be shut down in the usual manner. Unlike a normal shut-down [switch](https://en.m.wikipedia.org/wiki/Switch "Switch") or shut-down procedure, which shuts down all systems in order and turns off the machine without damage, a kill switch is designed and configured to abort the operation as quickly as possible (even if it damages the equipment) and to be operated simply and quickly (so that even a [panicked](https://en.m.wikipedia.org/wiki/Panic "Panic") operator with impaired [executive functions](https://en.m.wikipedia.org/wiki/Executive_functions "Executive functions") or a bystander can activate it). Kill switches are usually designed to be noticeable, even to an untrained operator or a bystander.

### What is The Value of Your Data?

- What do I want to protect?
- How likely is it that I will need to protect it?
- How bad are the consequences if I fail?
- What is the value of the data? Does a hacker care about Joe Schmo? Probably not. But do you have confidential company data, or are you an important stakeholder? Well, now you've suddenly become a bigger target.
- How important is it to someone else, and how important is it to you, your security, identity and privacy?
- Privacy ensures that unauthorized parties do not have access to your information and that you continue to control your personally identifiable information (PII). Therefore, Data privacy primarily deals with procedures and policies governing the collection, storage, and use of PII and proprietary company information such as trade secrets, personnel, and internal processes. PII is highly confidential because of the civil and criminal liability companies and individuals face if improper disclosure is allowed overtly or due to unintended data security breaches.  
      
    To ensure privacy, you need more than a specific technology or set of technologies. This includes training all employees who have access to sensitive data about approved data protection processes. Just as airline pilots use checklists to ensure that essential items are checked before a flight and monitored during flight, IT professionals must also be willing to use privacy policies and other resources to protect PII and other sensitive information. In particular, to ensure privacy, IT professionals must have a set of policies, and processes detailing how organizations and their employees collect, store, and use sensitive data on all systems. This privacy policy aims for all employees to recognize the importance of privacy, understand how to prevent inappropriate disclosure of information, and deal with privacy issues and policy violations.  
      
    Data breaches are no longer just embarrassing or inconvenient for businesses. Currently, privacy laws such as GDPR impose penalties for failing to protect the privacy of PII and other sensitive personal information. These compliance standards may impose financial penalties and criminal charges for PII's intentional and, in some cases, unintentional disclosures. GDPR imposes privacy standards and legal requirements on all companies that store or process the personal information of EU residents.
- What Is Data Security?
    
    Data security uses physical and logical strategies to protect information from data breaches, cyber-attacks, and accidental or intentional data loss. Specifically, technologies and techniques used to prevent:
    
    
    - Unauthorized access
    - The deliberate loss of sensitive data
    - Accidental loss or corruption of sensitive data
    
    Examples of measures to ensure data security include data encryption, both at rest and in transit, and physical and logical access control to prevent unauthorized access. Specific techniques include multi-factor authentication, multiple layers of network and application-level access control, and detection and isolation of rogue devices after connecting to the network. Regular backups and a proven disaster recovery plan are essential parts of data security.  
      
    In short, data security is based on a technically sophisticated and comprehensive approach to protecting all networks, applications, devices, and data stores within an enterprise IT infrastructure.
- The best way to understand the difference between data security and privacy is to look at the mechanisms used in your data security and privacy policies. Privacy policies control how data is collected, processed, and stored. While your organization's data security is more robust, detailing physical and logical controls to secure data. The way you collect, store, or distribute that data can violate your privacy policy. For example, enterprises can ensure that sensitive information is encrypted, masked, and restricted adequately to authorized parties. However, improper collection of this data, such as not obtaining informed consent from the data owner before collecting the data, does not change the security of the data but violates data privacy rules.
- Is this a vulnerable community?
- Vulnerable communities are groups within a population that face a higher risk of negative health, social, or economic outcomes due to various factors. These factors can include social, economic, political, and environmental components, as well as limitations due to illness or disability. Examples include people with disabilities, low-income individuals, racial and ethnic minorities, and those experiencing homelessness.
- Social:  
    Poverty, lack of access to healthcare, discrimination, limited English proficiency, and social isolation can all increase vulnerability.   
    Economic:  
    Low income, unemployment, and lack of access to financial resources can make individuals more susceptible to hardship.   
    Political:  
    Marginalization, lack of political representation, and policies that disproportionately affect certain groups can contribute to vulnerability.   
    Environmental:  
    Living in areas prone to natural disasters, pollution, or lack of access to clean water can create vulnerability.   
    Health-related:  
    Disabilities, chronic illnesses, and mental health conditions can limit an individual's ability to cope with challenges.
- Examples of Vulnerable Communities:  
      
     People with disabilities:  
     May face physical and social barriers, limiting their access to employment, healthcare, and other essential services.   
      
    Racial and ethnic minorities:  
    May experience discrimination, systemic barriers, and disparities in health and socioeconomic outcomes.   
    Low-income individuals and families:  
    May struggle to afford basic necessities, access healthcare, and live in safe environments.   
    Individuals experiencing homelessness:  
    Face high risks of health problems, violence, and social exclusion.   
    Elderly individuals:  
    May be more susceptible to illness, social isolation, and financial hardship.   
    Children:  
    May be particularly vulnerable to neglect, abuse, and the effects of poverty and environmental hazards.   
    LGBTQIA+ individuals:  
    May face discrimination and social stigma, leading to increased risks of mental health issues and violence.   
    Migrant workers:  
    May be vulnerable to exploitation, low wages, and lack of access to legal protections.
- Prisoners
- Should this data be accessible to the outside world, should it even be digitized?
- Is this information about your personal media collection or is it access to all of your financial data?
- Physical and digital security
- Physically locking down a computer

### How Much Effort Are You Willing to Spend?

- How much trouble am I willing to go through to try to prevent potential consequences?
- How much time, money and effort are you willing to put into your security? Remember, there are entire companies dedicated to security, and entire SOC's whose sole job is monitoring for security incidents and even they don't catch everything. These organizations have multiple experts, layers of defense and constant monitoring, but the data they protect is worth it (see #2 above). How much effot you're willing to put in determines how many steps you need to take.
- Documentation
- Resources
- Updates &amp; Upgrades
- Hardware and software
- Integration
- what you can handle yourself vs what you need a dedicated professi me
- onal for.

# Evaluating Safety

This is how we evaluate software.

How to identify safe open source applications

Open source vs freeware

We have tested the software described here.

[https://github.com/ossf/wg-best-practices-os-developers/blob/main/docs/Concise-Guide-for-Evaluating-Open-Source-Software.md](https://github.com/ossf/wg-best-practices-os-developers/blob/main/docs/Concise-Guide-for-Evaluating-Open-Source-Software.md)  
^ helpful

[![1000000162.png](https://hub.subspace.services/uploads/images/gallery/2025-05/scaled-1680-/1000000162.png)](https://hub.subspace.services/uploads/images/gallery/2025-05/1000000162.png)

## Assessment   


Verify authenticity

Consider necessity. every new service increases the attack surface

Open source license type

Does the software require an account, especially one that requires you to provide information like your name or email? Many oss rely on email to build a community by few reputable projects require them.

Typosqiatting obs

Privacy statement

## Maintenance &amp; Sustainability

Is there a docker image?

Is it developer created community created or user created?

Activity level

Active community

Open to feedback

Regular updates  
  
Multiple developers

Alpha , beta, stable,

How old is the project

Do they have a testing channel or just main

Is the software a proof of concept or a refined software model?

Maintainers and developers are after unpaid. They are passion projects. While some open source software is funded by foundations, many are small community projects that are self funded by donations.

Code quality reports, code maintenance

Is it maintained  
  
GitHub badges. Is it compiling? Etc

Do they offer a way to deploy using docker?

## Usability &amp; Security   


Assessment framework

Security vs convenience

Ux/ui

Trusted repository such as GitHub or gitlab

Security audits

Security Through Transparency  
  
It’s How You Implement Software That Matters

Certifications

Secure defaults

Security is not necessarily incorporated into the design and development of OSS.   
  
Many large organizations support OSS projects. However, these projects may rely on work conducted by smaller, volunteer-run OSS projects. For smaller OSS projects, volunteers may have less time to fix problems or conduct security testing. Also, these projects may not receive the funding needed to hire expert security auditors.

The blueprints (source code) reveal the layout, but they don’t tell you where the alarm system is located or the combination to the safe.

Can you report vulnerabilities?

## Community

DOCUMENTATION: open or private editor docs? Code markup generator

Stability; number of open issue reports and or very active forums

What about the forums? Are they publicly accessible

How much do they ask for support and in what ways? Are they building community or exploiting it?

What is their community like? Where is it located? Reddit vs forum

Do they meet in person

History of development team

Company or community group

Business or consumer focused

Mission, vision, statement

What is the diversity of the developers

Are they open to outside contribution?

# Selecting Your Services

There are a wide range of services you can self-host for yourself. Many more are available through [Docker Hub](https://hub.docker.com/), [linuxserver.io](https://www.linuxserver.io/), and [awesome-selfhosted](https://awesome-selfhosted.net/). These are just the ones we've tested.

# Quick-Start Bundles

These pre-bundled templates can help you quickly get up and running with commonly-used combinations. Host a private office suite, manage your multimedia, build a professional website and more.

## Office Suite

<span class="icon-header"><span class="material-symbols-outlined" style="background-color: #268bd2;">Docs</span></span>

<p class="callout info">Includes: [OwnCloud](https://hub.subspace.services/books/owncloud "OwnCloud") and [Collabora](https://hub.subspace.services/books/collabora "Collabora")</p>

[![Screen Shot 2025-03-07 at 13.34.49.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-07-at-13-34-49.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-07-at-13-34-49.png)

Host your own private cloud solution with [OwnCloud](https://hub.subspace.services/books/owncloud "OwnCloud") to remotely access your files or securely share them with friends. Integrate [Collabora](https://hub.subspace.services/books/collabora "Collabora") to edit your documents right in your web browser.

Leverage OwnCloud apps to manage your own calendar, contacts, notes and even your music collection.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/quick-bundles/page/office-suite "See the World Wide Web Guide")

---

## Smart Family

<span class="icon-header"><span class="material-symbols-outlined" style="background-color: #268bd2;">House</span></span>

<p class="callout info">Includes: [Grocy](https://hub.subspace.services/books/grocy "Grocy"), [Actual Budget](https://hub.subspace.services/books/actual-budget "Actual Budget"), and [Home Assistant](https://hub.subspace.services/books/home-assistant "Home Assistant")</p>

[![Screen Shot 2025-03-07 at 18.19.42.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-07-at-18-19-42.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-07-at-18-19-42.png)

With [Grocy](https://hub.subspace.services/books/home-family/chapter/grocy "Grocy") you can manage your kitchen's inventenory, build a recipe book, organize weekly chores, and assign one-time tasks. Take control of your finances with [Actual Budget](https://hub.subspace.services/books/home-family/chapter/actual-budget "Actual Budget") and sync directly with your bank. Finally, add [Home Assistant](https://hub.subspace.services/books/home-family/chapter/home-assistant "Home Assistant") to control smart devices and design a family dashboard.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/quick-bundles/page/smart-home "See the World Wide Web Guide")

---

## Security &amp; Privacy

<span class="icon-header"><span class="material-symbols-outlined" style="background-color: #268bd2;">Encrypted</span></span>

<p class="callout info">Includes: [VaultWarden](https://hub.subspace.services/books/vaultwarden "BitWarden"), [Duplicati](https://hub.subspace.services/books/duplicati "Duplicati"), and [AdGuard Home](https://hub.subspace.services/books/adguard-home "Smart Home")</p>

[![Capture.PNG](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/capture.PNG)](https://hub.subspace.services/uploads/images/gallery/2025-03/capture.PNG)

Take control of your family's password manager using [BitWarden](https://hub.subspace.services/books/security/chapter/bitwarden "BitWarden") and keep your private data secure. Handle your own multifactor authentication and audit your passwords for security breaches. Bolster your internet privacy by using [AdGuard Home](https://hub.subspace.services/books/security/chapter/adguard-home "AdGuard Home") to perform your own web lookups and stop snooping. Create a secure off-site backup solution using [Duplicati](https://hub.subspace.services/books/duplicati "Duplicati") and make sure you never risk losing important data.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/quick-bundles/page/security-privacy "See the World Wide Web Guide")

---



## Media Managers

<span class="icon-header"><span class="material-symbols-outlined" style="background-color: #268bd2;">Media\_link</span></span>

<p class="callout info">Includes: [Radarr](https://hub.subspace.services/books/radarr "Radarr"), [Sonarr](https://hub.subspace.services/books/sonarr "Sonarr"), [Lidarr](https://hub.subspace.services/books/lidarr "Lidarr"), [Readarr](https://hub.subspace.services/books/readarr "Readarr") and [Bazarr](https://hub.subspace.services/books/bazarr "Readarr")</p>

[![Screen Shot 2025-03-06 at 22.20.53.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/bWcscreen-shot-2025-03-06-at-22-20-53.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/bWcscreen-shot-2025-03-06-at-22-20-53.png)

Curate your movie, television, music and book collections and make sure they have up-to-date metadata for your media servers.

Integrate [Radarr](https://hub.subspace.services/books/radarr "Radarr"), [Sonarr](https://hub.subspace.services/books/sonarr "Sonarr"), [Lidarr](https://hub.subspace.services/books/lidarr "Lidarr") and [Readarr](https://hub.subspace.services/books/readarr "Readarr") with a [torrent download server](https://hub.subspace.services/books/quick-bundles/page/torrent-download-server "Torrent Download Server") to search for media automatically. Using [Bazarr](https://hub.subspace.services/books/bazarr "Bazarr"), find subtitles for your movie and television collection.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/quick-bundles/page/media-managers "See the World Wide Web Guide")

---

## Torrent Server

<span class="icon-header"><span class="material-symbols-outlined" style="background-color: #268bd2;">Cloud\_download</span></span>

<p class="callout info">Includes: [qBittorrent](https://hub.subspace.services/books/qbittorrent "qBittorrent"), [Gluetun](https://hub.subspace.services/books/gluetun "Gluetun"), [Flood](https://hub.subspace.services/books/flood "Flood"), and [Prowlarr](https://hub.subspace.services/books/prowlarr "Prowlarr")</p>

[![Screen Shot 2025-03-07 at 23.14.16.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-07-at-23-14-16.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-07-at-23-14-16.png)

Securely access the popular peer-to-peer torrent network through a virtual private network. [Prowlarr](https://hub.subspace.services/books/prowlarr "Prowlarr") can search across multiple indexers at once and find the perfect torrent. Download it with a [qBittorrent](https://hub.subspace.services/books/qbittorrent "qBittorrent") server, keep it private using [Gluetun](https://hub.subspace.services/books/gluetun "Gluetun") and manage your seeds with the modern [Flood](https://hub.subspace.services/books/flood "Flood") interface.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/quick-bundles/page/torrent-download-server "See the World Wide Web Guide")

---

## Professional

<span class="icon-header"><span class="material-symbols-outlined" style="background-color: #268bd2;">Work</span></span>

<p class="callout info">Includes: [WordPress](https://hub.subspace.services/books/wordpress "WordPress") and [Reactive Resume](https://hub.subspace.services/books/reactive-resume "Reactive Resume")</p>

[![Screen Shot 2025-03-08 at 17.31.43.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-08-at-17-31-43.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-08-at-17-31-43.png)

Create a professional website using [WordPress](https://hub.subspace.services/books/wordpress "WordPress") and build yourself a [Reactive Resume](https://hub.subspace.services/books/reactive-resume "Reactive Resume").

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/quick-bundles/page/professional "See the World Wide Web Guide")

---

## Streamer

<span class="icon-header"><span class="material-symbols-outlined" style="background-color: #268bd2;">Stream</span></span>

<p class="callout info">Includes: [OwnCast](https://hub.subspace.services/books/owncast "OwnCast"), [WordPress](https://hub.subspace.services/books/wordpress "WordPress"), and [Kill Bill](https://hub.subspace.services/books/kill-bill "Kill Bill")</p>

[![Screen Shot 2025-03-08 at 16.37.17.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-08-at-16-37-17.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-08-at-16-37-17.png)

Create a blog for yourself using [WordPress](https://hub.subspace.services/books/wordpress "WordPress") and host your own stream with [OwnCast](https://hub.subspace.services/books/owncast "OwnCast"). Take control of your own subscription service using [Kill Bill](https://hub.subspace.services/books/kill-bill "Kill Bill").

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/quick-bundles/page/streamer "See the World Wide Web Guide")

---

## Online Community

<span class="icon-header"><span class="material-symbols-outlined" style="background-color: #268bd2;">Diversity\_2</span></span>

<p class="callout info">Includes: [WordPress](https://hub.subspace.services/books/wordpress "WordPress"), [Flarum](https://hub.subspace.services/books/flarum "Flarum"), [Fider](https://hub.subspace.services/books/fider "Fider"), and [Umami](https://hub.subspace.services/books/umami "Umami")</p>

[![1000006361.png](https://hub.subspace.services/uploads/images/gallery/2025-02/scaled-1680-/1000006361.png)](https://hub.subspace.services/uploads/images/gallery/2025-02/1000006361.png)

Create a website using [WordPress](https://hub.subspace.services/books/wordpress "WordPress") and engage an online community with a [Flarum](https://hub.subspace.services/books/flarum "Flarum") discussion forum. Navigate community decision making with [Fider](https://hub.subspace.services/books/fider "Fider") and track user engagement using [Umami](https://hub.subspace.services/books/umami "Umami").

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/quick-bundles/page/community "See the World Wide Web Guide")

# Personal Media

Automatically curate your digital media collection – including movies, television, music, books and comics – using metadata found in open online repositories. Search peer-to-peer clients and social networks for any media missing from your collection. Remotely stream all of your media over the internet for yourself, friends and family.

## Media Servers

<span class="icon-header"><span class="material-symbols-outlined" style="background-color: #268bd2;">Connected\_tv</span></span>

Keep your digital media organized and remotely access it over the internet.

### Jellyfin

[![Screen Shot 2025-03-08 at 15.28.05.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-08-at-15-28-05.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-08-at-15-28-05.png)

[Jellyfin](https://jellyfin.org/) is community-built open-source media server that lets you stream your media to all of your devices.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/jellyfin "Learn More")

---

### Audiobookshelf

[![Screen Shot 2025-03-08 at 16.09.13.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-08-at-16-09-13.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-08-at-16-09-13.png)

[Audiobookshelf](https://www.audiobookshelf.org/) is an (audio)book and podcast media server with a dedicated Android apps and fully-functional web interface.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/audiobookshelf "Learn More")

---

### Kavita

[![Screen Shot 2025-03-08 at 22.58.50.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-08-at-22-58-50.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-08-at-22-58-50.png)

[Kavita](https://www.kavitareader.com/) is a book and comic server with a fully-functional web interface for enjoying your media.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/kavita "Learn More")

---

### Stash

[![1000006436.png](https://hub.subspace.services/uploads/images/gallery/2025-02/scaled-1680-/1000006436.png)](https://hub.subspace.services/uploads/images/gallery/2025-02/1000006436.png)

[Stash](https://stashapp.cc/) is a media server for streaming and organizing your private (and pornographic) media.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/stash "Learn More")

---

## Media Managers

<span class="icon-header"><span class="material-symbols-outlined" style="background-color: #268bd2;">Media\_link</span></span>

Curate your digital media and ensure everything has the correct metadata, pulled directly from community-curated repositories. Combined with a peer-to-peer download client, media managers can find missing episodes or movies.

### Radarr

[![Screen Shot 2025-03-06 at 22.20.53.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/bWcscreen-shot-2025-03-06-at-22-20-53.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/bWcscreen-shot-2025-03-06-at-22-20-53.png)

[Radarr](https://radarr.video/) is a movie collection manager that uses open repositories to keep your media organized.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/radarr "Learn More")

---

### Sonarr

[![Screen Shot 2025-03-07 at 00.05.38.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-07-at-00-05-38.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-07-at-00-05-38.png)

[Sonarr](https://sonarr.tv/) is a television collection manager that uses open repositories to keep your media organized.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/sonarr "Learn More")

---

### Lidarr

[![Screen Shot 2025-03-07 at 00.32.31.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-07-at-00-32-31.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-07-at-00-32-31.png)

[Lidarr](https://lidarr.audio/) is a music collection manager that uses open repositories to keep your media organized.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/lidarr "Learn More")

---

### Bazarr

[![Screen Shot 2025-03-07 at 00.43.56.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-07-at-00-43-56.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-07-at-00-43-56.png)

[Bazarr](https://www.bazarr.media/) is a media manager for movies and television that uses open repositories to find subtitles and fix them.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/bazarr "Learn More")

---

### Readarr

[![1000006440.png](https://hub.subspace.services/uploads/images/gallery/2025-02/scaled-1680-/1000006440.png)](https://hub.subspace.services/uploads/images/gallery/2025-02/1000006440.png)

[Readarr](https://readarr.com/) is an (audio)book collection manager that uses open repositories to keep your media organized.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/readarr "Learn More")

---

### Mylar

[![Screen Shot 2025-03-09 at 15.42.46.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-09-at-15-42-46.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-09-at-15-42-46.png)

[Mylar](https://mylarcomics.com) is a comic book collection manager that can download comic releases and keep them organized.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/mylar "Learn More")

---

### LazyLibrarian

[![Screen Shot 2025-03-09 at 14.43.46.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-09-at-14-43-46.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-09-at-14-43-46.png)

[LazyLibrarian](https://gitlab.com/LazyLibrarian/LazyLibrarian) is an (audio)book and magazine collection manager that uses open repositories to keep your media organized.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/lazylibrarian "Learn More")

---

## Download Servers

<span class="icon-header"><span class="material-symbols-outlined" style="background-color: #268bd2;">Cloud\_download</span></span>

Download media from peer-to-peer and peer-based media services for your own personal archival purposes.

### Prowlarr

[![Screen Shot 2025-03-07 at 23.53.35.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-07-at-23-53-35.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-07-at-23-53-35.png)

[Prowlarr](https://prowlarr.com/) is a torrent aggregator that searches multiple indexes at once to find digital resources.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/prowlarr "Learn More")

---

### aMule

[![emule2.PNG](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/emule2.PNG)](https://hub.subspace.services/uploads/images/gallery/2025-03/emule2.PNG)

[aMule](http://www.amule.org/) is a browser-based interface for the peer-to-peer ED2K media download service, commonly known as [eDonkey](https://en.m.wikipedia.org/wiki/EDonkey_network).

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/amule "Learn More")

---

### Slskd

[![Screen Shot 2025-03-09 at 00.39.28.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-09-at-00-39-28.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-09-at-00-39-28.png)

[Slskd](https://github.com/slskd/slskd) is a browser-based interface for the [Soulseek](https://en.m.wikipedia.org/wiki/Soulseek) peer-to-peer file sharing network.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/slskd "Learn More")

---

### Flood

[![Screen Shot 2025-03-07 at 23.14.16.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-07-at-23-14-16.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-07-at-23-14-16.png)

[Flood](https://flood.js.org/) is a sleek and modern interface for most torrent services, including [qBittorrent](https://hub.subspace.services/books/qbittorrent "qBittorrent •").

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/flood "Learn More")

---

### MeTube

[![Capture.PNG](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/NSycapture.PNG)](https://hub.subspace.services/uploads/images/gallery/2025-03/NSycapture.PNG)

[MeTube](https://github.com/alexta69/metube) is a web-based interface to archive content from peer-based media sites using ytdlp.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/metube "Learn More")

---

### qBittorrent

[![Screen Shot 2025-03-07 at 23.19.03.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-07-at-23-19-03.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-07-at-23-19-03.png)

[qBittorrent](https://www.qbittorrent.org/) is an open-source server for managing torrents on the peer-to-peer BitTorrent network.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/qbittorrent "Learn More")

---

### Sabnzbd

[![Screen Shot 2025-03-09 at 00.44.59.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-09-at-00-44-59.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-09-at-00-44-59.png)

[Sabnzbd](https://sabnzbd.org/) is an open-source download client for the peer-to-peer Usenet network.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/sabnzbd "Learn More")

# Personal Cloud

Take control of your personal files and digital sphere by self-hosting your own personal cloud. Manage your family, finances and smart home without needing to compromise your security and privacy.

## Productivity

<span class="icon-header"><span class="material-symbols-outlined" style="background-color: #268bd2;">Edit\_document</span></span>

Manage your calenders, track your to-do list, and organize your documents.

### OwnCloud

[![Screen Shot 2025-03-07 at 13.34.49.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-07-at-13-34-49.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-07-at-13-34-49.png)

[OwnCloud](https://owncloud.com/) is a personal cloud service for remotely accessing and editing files on your home server.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/owncloud "Learn More")

---

### PhotoPrism

[![Screen Shot 2025-03-10 at 14.28.09.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-10-at-14-28-09.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-10-at-14-28-09.png)

[PhotoPrism](https://www.photoprism.app/) is a personal cloud for your personal photos and videos.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/photoprism "Learn More")

---

### CommaFeed

[![Screen Shot 2025-03-09 at 20.41.57.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-09-at-20-41-57.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-09-at-20-41-57.png)

[CommaFeed](https://www.commafeed.com/#/welcome) is an open-source news feed reader that uses Really Simple Syndication (RSS) and can sync between apps with Fever.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/commafeed "Learn More")

---

### Vikunja

[![Screen Shot 2025-03-10 at 19.00.45.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-10-at-19-00-45.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-10-at-19-00-45.png)

[Vikunja](https://vikunja.io/) is a collaborative project planner that can manage your to-dos and calendar.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/vikunja "Learn More")

---

### Collabora

[![Screen Shot 2025-03-07 at 16.16.05.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-07-at-16-16-05.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-07-at-16-16-05.png)

[Collabora](https://www.collaboraonline.com/) is a service that lets you create and edit your documents directly in your web browser.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/collabora "Learn More")

---

### Paperless-ngx

[![Screen Shot 2025-03-09 at 18.48.59.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-09-at-18-48-59.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-09-at-18-48-59.png)

[Paperless-ngx](https://docs.paperless-ngx.com/) allows you to organize your document collection with a digital filing cabinet.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/paperless-ngx "Learn More")

---

### I, Librarian

[![Screen Shot 2025-03-09 at 23.59.59.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-09-at-23-59-59.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-09-at-23-59-59.png)

[I, Librarian](https://i-librarian.net/) lets you organize and search your academic research collection.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/i-librarian "Learn More")

---

### vscode

[![Screen Shot 2025-03-10 at 19.18.26.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-10-at-19-18-26.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-10-at-19-18-26.png)

[vscode](https://github.com/coder/code-server) lets you create and compile software code directly in your web browser.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/vscode "Learn More")

---

### Joplin

[![1000006461.jpg](https://hub.subspace.services/uploads/images/gallery/2025-02/scaled-1680-/1000006461.jpg)](https://hub.subspace.services/uploads/images/gallery/2025-02/1000006461.jpg)

[Joplin](https://joplinapp.org/) lets you jot down ideas and organize them into a collection of digital notebooks.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/joplin "Learn More")

---

### ArchiveBox

[![Screen Shot 2025-03-09 at 19.21.01.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-09-at-19-21-01.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-09-at-19-21-01.png)

[ArchiveBox](http://archivebox.io/) helps you create your own archival backups of web pages and internet media.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/archivebox "Learn More")

---

## Family &amp; Home

<span class="icon-header"><span class="material-symbols-outlined" style="background-color: #268bd2;">House</span></span>

Manage your family and smart home devices from your browser.

### Grocy

[![Screen Shot 2025-03-07 at 17.28.42.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-07-at-17-28-42.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-07-at-17-28-42.png)

[Grocy](https://grocy.info/) lets you manage a digital inventory, organize a recipe book, keep track of recurring chores and create one-time tasks.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/grocy "Learn More")

---

### Actual Budget

[![Screen Shot 2025-03-07 at 17.55.05.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-07-at-17-55-05.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-07-at-17-55-05.png)

[Actual Budget](https://actualbudget.org/) helps manage your budget with financial information pulled directly from your bank.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/actual-budget "Learn More")

---

### Home Assistant   


[![Screen Shot 2025-03-07 at 18.19.42.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-07-at-18-19-42.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-07-at-18-19-42.png)

[Home Assistant](https://www.home-assistant.io/) can create a dashboard for your connected smart home and all it's devices.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/home-assistant "Learn More")

---

### Recipe Buddy

[![Screen Shot 2025-03-09 at 00.52.30.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-09-at-00-52-30.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-09-at-00-52-30.png)

[Recipe Buddy](https://github.com/georgegebbett/recipe-buddy) can import recipes from the internet into your [Grocy](https://hub.subspace.services/books/grocy "Grocy") recipe books.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/recipe-buddy "Learn More")

---

## Home Page

<span class="icon-header"><span class="material-symbols-outlined" style="background-color: #268bd2;">Dashboard</span></span>

Build yourself a landing page with quick access to all of your services.

### Organizr

[![Capture2.PNG](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/xDlcapture2.PNG)](https://hub.subspace.services/uploads/images/gallery/2025-03/xDlcapture2.PNG)

[Organizr](https://github.com/causefx/Organizr) can build a landing page with smart plugins and access them all through a sleek tabbed interface.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/organizr "Learn More")

# World Wide Web

Create a presence on the open internet using self-hosted personal and professional services. Whether you're using a basic website or a content management system, you can get up and running quickly.

## Basic Websites

<span class="icon-header"><span class="material-symbols-outlined" style="background-color: #268bd2;">Web</span></span>


These no-frills options can create a basic website for personal or professional needs.

### nginx   


[![Capture.PNG](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/2ZVcapture.PNG)](https://hub.subspace.services/uploads/images/gallery/2025-03/2ZVcapture.PNG)

[nginx](https://nginx.org/) is a multi-purpose web engine that functions as an HTTP web server, as well as a reverse proxy and load balancer.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/nginx "Learn More")

---

### Reactive Resume

[![1000006359.jpg](https://hub.subspace.services/uploads/images/gallery/2025-02/scaled-1680-/1000006359.jpg)](https://hub.subspace.services/uploads/images/gallery/2025-02/1000006359.jpg)

[Reactive Resume](https://rxresu.me/) allows you to quickly build your own self-hosted customizable resume.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/reactive-resume "Learn More")

---

## Database Storage

<span class="icon-header"><span class="material-symbols-outlined" style="background-color: #268bd2;">Database</span></span>


Self-hosted applications often require access to a relational database server for long-term data storage, organization and recall.

### MariaDB

[![IMG_20250311_013659_239.jpg](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/img-20250311-013659-239.jpg)](https://hub.subspace.services/uploads/images/gallery/2025-03/img-20250311-013659-239.jpg)

[MariaDB](https://mariadb.org/) is an open-source fork of the MySQL relational database used by many applications.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/mariadb "Learn More")

---

### PostgreSQL

[![1000006619.jpg](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/1000006619.jpg)](https://hub.subspace.services/uploads/images/gallery/2025-03/1000006619.jpg)

[PostgreSQL](https://www.postgresql.org/) is a flexible, open-source relational database that can be leveraged by some software applications.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/postgresql "Learn More")

---

### Adminer

[![Screen Shot 2025-03-09 at 19.11.23.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-09-at-19-11-23.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-09-at-19-11-23.png)

[Adminer](https://www.adminer.org/) is a full-featured database management tool compatible with popular database formats.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/adminer "Learn More")

---

## Content Management System

<span class="icon-header"><span class="material-symbols-outlined" style="background-color: #268bd2;">Wysiwyg</span></span>

Create a website, incorporate plugins and manage resources using a unified backend interface that simplifies running a site.



### MODx

[![Screen Shot 2025-03-10 at 13.13.24.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-10-at-13-13-24.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-10-at-13-13-24.png)

[MODx](https://modx.com/) is an advanced web platform with powerful tools for developing intricate data systems.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/modx "Learn More")

---

### Grav

[![Screen Shot 2025-03-09 at 19.58.55.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-09-at-19-58-55.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-09-at-19-58-55.png)

[Grav](https://getgrav.org/) is a [flat-file](https://en.m.wikipedia.org/wiki/Flat-file_database) CMS with a simple, intuitive interface and a basic administrator panel.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/grav "Learn More")

---

### WordPress

[![Screen Shot 2025-03-08 at 17.31.43.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-08-at-17-31-43.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-08-at-17-31-43.png)

[WordPress](https://wordpress.org/) lets you manage your own websites and quickly create a publicly accessible blog.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/wordpress "Learn More")

---

## Knowledge Management

<span class="icon-header"><span class="material-symbols-outlined" style="background-color: #268bd2;">Collections\_bookmark</span></span>



Powerful tools for producing and sharing information, allowing anyone to build personal and community knowledge.

### BookStack

[![Screen Shot 2025-03-09 at 20.32.07.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-09-at-20-32-07.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-09-at-20-32-07.png)

[BookStack](https://www.bookstackapp.com/) is a simplified wiki software that uses a bookshelf analogy for knowledge organization.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/bookstack "Learn More")

---

### MediaWiki

[![Capture.PNG](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/GS5capture.PNG)](https://hub.subspace.services/uploads/images/gallery/2025-03/GS5capture.PNG)

[MediaWiki](https://www.mediawiki.org/wiki/MediaWiki) lets you create an in-depth wiki using the same software that powers Wikipedia.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/mediawiki "Learn More")

---

## Communication &amp; Community

<span class="icon-header"><span class="material-symbols-outlined" style="background-color: #268bd2;">Forum</span></span>

Build a connection within your community through forums, feedback and public relations.


### Flarum

[![Screen Shot 2025-03-09 at 21.16.37.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-09-at-21-16-37.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-09-at-21-16-37.png)

[Flarum](https://flarum.org/) is a basic forum software to facilitate online discussion and knowledge creation.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/flarum "Learn More")

---

### Monica

[![Screen Shot 2025-03-10 at 00.55.26.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-10-at-00-55-26.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-10-at-00-55-26.png)

[Monica](https://www.monicahq.com/) is a personal relationship manager and journal software.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/monica "Learn More")

---

### Rallly

[![Screen Shot 2025-03-10 at 17.59.53.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-10-at-17-59-53.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-10-at-17-59-53.png)

[Rallly](https://rallly.co/) is a digital polling service for scheduling collaborative events.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/rallly "Learn More")

---

### Fider

[![Screen Shot 2025-03-09 at 20.50.10.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-09-at-20-50-10.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-09-at-20-50-10.png)

[Fider](https://fider.io/) can engage your project's community with this feedback and feature polling platform.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/fider "Learn More")

---

### Matrix

[![1000006491.webp](https://hub.subspace.services/uploads/images/gallery/2025-02/scaled-1680-/1000006491.webp)](https://hub.subspace.services/uploads/images/gallery/2025-02/1000006491.webp)

[Matrix](https://matrix.org/) lets you self-host your own personal, encrypted digital messaging server.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/matrix-synapse "Learn More")

---

### OwnCast

[![Screen Shot 2025-03-08 at 16.37.17.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-08-at-16-37-17.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-08-at-16-37-17.png)

[OwnCast](https://owncast.online/) can create a digital broadcast and live chat for all your web streaming needs.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/owncast "Learn More")

---

### Umami

[![Screen Shot 2025-03-10 at 18.36.16.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-10-at-18-36-16.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-10-at-18-36-16.png)

[Umami](https://github.com/umami-software/umami) is a privacy-focused analytics platform providing insights about traffic to your websites.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/umami "Learn More")

# Administration

Take control of your digital services by monitoring and administrating your server through the web.

## Monitoring

<span class="icon-header"><span class="material-symbols-outlined" style="background-color: #268bd2;">Monitoring</span></span>

Keep an eye on the availability of your server and individual services.


### Uptime Kuma

[![Screen Shot 2025-03-10 at 18.57.59.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-10-at-18-57-59.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-10-at-18-57-59.png)

[Uptime Kuma](https://github.com/louislam/uptime-kuma) can ensure that all of your services are online through a unified dashboard interface.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/uptime-kuma "Learn More")

---

### SWAG Dashboard

[![Screen Shot 2025-03-10 at 18.15.13.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-10-at-18-15-13.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-10-at-18-15-13.png)

[SWAG Dashboard](https://www.linuxserver.io/blog/introducing-swag-dashboard) lets you verify your SWAG relay server configuration and monitor basic usage metrics.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/swag "Learn More")

---

### Ward

[![Capture.PNG](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/5eYcapture.PNG)](https://hub.subspace.services/uploads/images/gallery/2025-03/5eYcapture.PNG)

[Ward](https://github.com/Rudolf-Barbu/Ward) is a basic dashboard to monitor your server's hardware resource usage.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/ward "Learn More")

---

## Control

<span class="icon-header"><span class="material-symbols-outlined" style="background-color: #268bd2;">Touchpad\_mouse</span></span>

Perform maintenance tasks and create canned scripts for controlling basic server needs.

### OliveTin

[![Screen Shot 2025-03-10 at 14.09.25.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-10-at-14-09-25.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-10-at-14-09-25.png)

[OliveTin](https://www.olivetin.app/) enables basic server maintenance tasks performed at the press of a button.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/olivetin "Learn More")

---

### Cockpit

[![1000006501.png](https://hub.subspace.services/uploads/images/gallery/2025-02/scaled-1680-/1000006501.png)](https://hub.subspace.services/uploads/images/gallery/2025-02/1000006501.png)

[Cockpit](https://cockpit-project.org/) is an advanced dashboard for the management of a Linux server.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/cockpit "Learn More")

---

### Guacamole

[![Screen Shot 2025-03-09 at 21.24.24.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-09-at-21-24-24.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-09-at-21-24-24.png)

[Guacamole](https://guacamole.apache.org/) lets you access computers on your local network remotely through your web browser.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/guacamole "Learn More")

---

## Security

<span class="icon-header"><span class="material-symbols-outlined" style="background-color: #268bd2;">Encrypted</span></span>

Protect yourself and your identity while self-hosting your own services on the internet.

### VaultWarden

[![Capture.PNG](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/capture.PNG)](https://hub.subspace.services/uploads/images/gallery/2025-03/capture.PNG)

[VaultWarden](https://bitwarden.com/) is a cross-platform password management and secure document storage.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/vaultwarden "Learn More")

---

### AdGuard Home

[![Screen Shot 2025-03-07 at 21.54.41.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-07-at-21-54-41.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-07-at-21-54-41.png)

[AdGuard Home](https://adguard.com/en/adguard-home/overview.html) can block ads network-wide and improve data privacy by performing your own DNS lookups.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/adguard-home "Learn More")

---

### Authelia

[![Screen Shot 2025-03-09 at 19.32.54.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-09-at-19-32-54.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-09-at-19-32-54.png)

[Authelia](https://www.authelia.com/) is an open-source single-sign on (SSO) and identity management for a small server.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/authelia "Learn More")

---


### Duplicati

[![Screen Shot 2025-03-07 at 21.10.42.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-07-at-21-10-42.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-07-at-21-10-42.png)

[Duplicati](https://github.com/duplicati/duplicati) can encrypt and backup your important data to remote backup services to give you security and peace of mind.

[<button class="nav-button" type="button">Learn More</button>](https://hub.subspace.services/books/duplicati "Learn More")

# Managing Services

Once you've decided which services you would like to have running on your server, you can use the supplied Docker Compose code to [create the stack using Portainer](https://hub.subspace.services/books/portainer/page/creating-a-new-stack "Creating a New Stack").

[![1000006140.png](https://hub.subspace.services/uploads/images/gallery/2025-02/scaled-1680-/1000006140.png)](https://hub.subspace.services/uploads/images/gallery/2025-02/1000006140.png)

## Installing Services

Each available service has preparation instructions to ensure you have all the information going into the stack creation process, such as randomly generated passwords or other required information.

This will include any volumes that need to be mounted within the containers like persistent storage, media files or download folders. Through Docker, we assign ports to each service that we want to have network access to.

These services may come with environmental variables which are used to configure the stack. Some are only used to get the stack set up the first time it starts while other are always required to ensure updates are applied correctly.

## Updating Services

Each stack of services will have their own instructiona for updating. For many of the services provided through this library, you can update the service by simply [re-deploying the stack through Portainer](https://hub.subspace.services/books/portainer/page/updating-a-stack "Updating a Stack"). This allows you to download a new Docker image that has the updated software

# Home Page

Heimdall

Organizr

Homarr

Editing relay proxy to allow iframe embedding

# Next Steps

Now that we have installed a service to see how it works, we need to keep an eye on our server and make sure we maintain it.

[<button class="nav-button" type="button">See the Monitoring &amp; Maintenance Guide</button>](https://hub.subspace.services/books/monitoring-maintenance "Next Steps")