Best Docker Containers for Your Home Server in 2026

If you’re standing up a home server for the first time — or rebuilding after the inevitable “I’ll just wipe it and start fresh” moment — picking the best docker containers for home server use is where you spend the first hour and regret for the next six months. This list is for people running an N100 mini-PC, a Beelink S12 Pro, a Synology that supports Compose, or similar modest hardware. It assumes you have docker-compose installed and can edit a YAML file without a video tutorial. When you have settled on your shortlist, the interactive compose stack builder turns it into a single ready-to-run docker-compose.yml, and the full homelab guide library collects every per-service walkthrough referenced below.

Who Should Skip This

If you’re already running a multi-node Kubernetes cluster with Flux CD syncing from GitOps, you’ve moved past this guide. Also skip it if you have under 8GB of total RAM — half these containers will fight over swap.

The Foundation Layer: Management and Reverse Proxy

Before any application container, get your management layer sorted.

Dockge (port 5001) is a Docker Compose stack manager from the creator of Uptime Kuma. It’s the right default for anyone who prefers docker-compose.yml but doesn’t want to SSH in every time a restart is needed. Portainer CE is the older, more feature-heavy alternative — it’s fine, but its RBAC model and credential management add complexity that a single-node home setup doesn’t benefit from.

For your reverse proxy, Caddy is the answer for most home server operators. Automatic HTTPS via ACME, a simple Caddyfile syntax, and no fighting with certbot renewal timers. Traefik integrates with Docker labels for dynamic per-container routing and is worth learning if you’re managing 20+ services — but the configuration surface is real. Caddy first, Traefik when you outgrow it.

Media Stack: Jellyfin and the *arr Ecosystem

Jellyfin is the default media server recommendation in 2026. Completely open-source, no account required, no telemetry, and the LinuxServer.io image ↗ handles PUID/PGID permission mapping correctly out of the box. For hardware transcoding on Intel N-series mini-PCs, mount /dev/dri:/dev/dri — Quick Sync handles 4K HEVC transcoding without pegging the CPU at all.

Plex is still a valid choice if you want its polished mobile apps and don’t mind the account requirement and telemetry. Jellyfin has closed the feature gap significantly, though.

Build the *arr automation stack around Jellyfin if you want downloads managed without manual intervention:

• Sonarr — TV show management and download automation
• Radarr — same for movies
• Prowlarr — indexer manager that feeds both
• Bazarr — automatic subtitle downloads
• Jellyseerr — a request interface for family members so they stop texting you to add things

This is more configuration work than it sounds. Budget a Saturday afternoon and two restarts.

Privacy and Networking

Pi-hole or AdGuard Home provides DNS-level ad blocking for every device on the network without touching each client individually. AdGuard Home has a cleaner UI and supports DNS-over-HTTPS natively; Pi-hole has a larger community and more documentation covering edge cases. Either runs comfortably on an N100.

Vaultwarden is a Bitwarden-compatible password server that idles at around 10MB of RAM. It has full compatibility with the official Bitwarden browser extensions and mobile apps. Self-hosting your own password manager eliminates vendor lock-in and keeps credentials off third-party servers — relevant given that techsentinel.news tracks credential service security incidents ↗ on a regular basis.

Tailscale solves remote access without port forwarding. Install the container (or the agent directly on the host), authenticate once, and every device on your Tailnet reaches your home server through an encrypted WireGuard tunnel. No DDNS, no open inbound ports, no dynamic firewall rules. The free Personal plan supports up to 6 users with unlimited devices. This is the networking answer for roughly 95% of home lab operators.

Self-Hosted Cloud

Nextcloud is mature, feature-rich, and genuinely complex to operate well. The official Docker image ↗ works, but plan for PostgreSQL and Redis from day one — SQLite collapses under any meaningful write load. The All-in-One container simplifies initial setup but reduces configurability. Budget a few hours the first time; upgrades are also more involved than most containers.

Immich is the Google Photos replacement with mobile apps that do real-time backup, face recognition, and EXIF map views. It needs more RAM than most containers on this list — plan for 2-4GB. Worth it if eliminating a cloud photo subscription matters to you.

Paperless-ngx handles scanned documents with OCR. Low resource footprint, high long-term value if you receive paper mail. Scan receipts and invoices into it and search them by content two years later.

Local AI

Ollama + OpenWebUI lets you run local large language models without routing queries through cloud APIs. Ollama handles model downloads and serves an OpenAI-compatible API endpoint; OpenWebUI provides a ChatGPT-style frontend. On 16GB RAM you can run Llama 3.1 8B locally, expect roughly 8-14 tokens per second CPU-only and 15-20-plus once you add GPU offload. An NVIDIA card with 12GB VRAM (RTX 3060 or better) takes it from “interesting experiment” to “actually replacing some cloud usage.”

The privacy case for local inference is straightforward — queries stay on-device, no conversation logging, no model fine-tuning on your data. For the deeper threat modeling around AI inference in self-hosted environments, aisec.blog covers prompt security and model access patterns ↗ in detail.

Backup and Monitoring

Uptime Kuma monitors your services and sends alerts through Slack, Telegram, email, or webhooks the moment something falls over. Five minutes to configure.

Kopia handles encrypted incremental backups with deduplication. Point it at a NAS dataset, a Samba share, or a Backblaze B2 bucket and schedule daily snapshots. Duplicati is the older alternative with broader format support if you have existing backup archives. Either works.

One standing rule: test your restore before you need it. Backups you have never restored from are assumptions.

Hardware Notes

Most containers on this list are lightweight — 50-500MB RAM each in steady state. The exceptions:

• Jellyfin transcoding: high CPU without hardware acceleration; mount /dev/dri and the load drops dramatically
• Nextcloud with PostgreSQL + Redis: budget around 2GB total for the stack
• Immich: 2-4GB RAM under load
• Ollama with any real LLM: 8-16GB RAM minimum, GPU strongly recommended

An N100 mini-PC with 16GB RAM handles the full stack minus local AI. Bump to 32GB and you can run Ollama with smaller models (7-8B parameters) comfortably. Add a NAS for media and backup storage — don’t put your media library on the same NVMe as your OS and databases.

Sources

• LinuxServer.io Jellyfin Docker Documentation ↗ — canonical configuration reference for the most widely used Jellyfin container image, covering hardware acceleration options (Intel QSV, NVIDIA, Raspberry Pi), environment variables, and volume layout.
• Nextcloud Official Docker Hub ↗ — official image documentation including database backend options, environment variable reference, and the Apache vs. FPM deployment variants with recommended production settings.
• 100+ Docker Containers for Home Server — bitdoze.com ↗ — comprehensive tiered list organized by category and resource footprint, with hardware tier recommendations for minimum, recommended, and high-performance home server builds.