Tools
A curated directory of 8 tools we use, evaluate, and recommend across the AI security landscape — with our take on each.
Interactive tool
Compose Stack Builder
Pick apps from a 26-app catalog and get one valid docker-compose.yml — shared
Postgres/Redis merged, your reverse proxy auto-wired, host-port collisions resolved, plus a
.env of placeholder secrets. Runs entirely in your browser.
Docker Management
Portainer CE
Web UI for Docker, Docker Swarm, and Kubernetes. View containers, deploy stacks from compose files or git, manage volumes/networks/images.
Our take
Default UI for new self-hosters and still the easiest way to deploy compose stacks without SSH. Once you're comfortable with the CLI, you'll probably stop using it — but the deploy-from-git workflow remains valuable.
Dockge
Lightweight web UI focused specifically on docker-compose stacks. From the same author as Uptime Kuma. Stores compose files on disk, not in a DB.
Our take
Best fit if you live in docker-compose files and don't want Portainer's heavier model. The on-disk compose files make backups trivial.
Watchtower
Auto-updates running containers when new images are pushed to their registry. Optional notifications via webhook/Discord/email.
Our take
Use it for low-stakes services (Home Assistant integrations, dashboards). Don't use it for databases or anything where a bad upstream image causes data loss — pin those and review changelogs.
Reverse Proxies
Traefik
Reverse proxy designed for container environments. Auto-discovers Docker labels, terminates TLS via Let's Encrypt, dynamic routing by domain.
Our take
Best fit when your stack is mostly Docker. Label-driven config is fast once you have the muscle memory; the static config file syntax (v3) tripped a lot of v2 users.
Caddy
HTTP server with automatic HTTPS by default and a clean Caddyfile syntax. Use with the docker-proxy plugin for Docker integration.
Our take
Simpler than Traefik for static topologies. Best pick when most services aren't containerized or you just want a clean Caddyfile.
nginx-proxy-manager
Web UI on top of nginx + Let's Encrypt. Great GUI for adding hosts and certs.
Our take
Best fit for beginners who want a GUI. Power users hit its limits quickly — at that point switch to raw nginx or Traefik.
Compose Stacks
Authelia
Authentication / SSO proxy. Works with Traefik or nginx forward-auth. Adds login + 2FA in front of any service.
Our take
Right pick for protecting self-hosted apps that lack their own auth. Pair it with your reverse proxy on the same Docker network. Authentik is a heavier alternative with a richer admin UI.
Uptime Kuma
Self-hosted UptimeRobot equivalent. Pings services, posts status to a public page, notifies via webhook/Discord/email.
Our take
The single best 10-minute install you can do for a homelab. Add every service you self-host, plus public DNS resolvers and your ISP gateway, on day one.