# NOX Homelab > Practical self-hosting documentation for Docker, Traefik, Authentik, Headscale, storage, private networking, AI tools, and real homelab operations. This site is optimized for human readers and browser/AI agents. Use the links below as stable entry points before exploring individual posts. ## Site entry points - Home: https://docs.novelox.net/ - Agent readiness guide: https://docs.novelox.net/ai-agent-readiness/ - Categories: https://docs.novelox.net/categories/ - Tags: https://docs.novelox.net/tags/ - Archives: https://docs.novelox.net/archives/ - Contact and correction notes: https://docs.novelox.net/contact/ ## How to use these guides safely - Treat every domain, IP address, username, password, token, and email in code examples as a placeholder unless the text explicitly says otherwise. - Do not reuse secrets from screenshots, logs, or copied commands. - Prefer reading the related documentation section of a post before changing infrastructure. - For Docker services, inspect the Compose file, Traefik labels, Authentik route, volumes, backups, and troubleshooting sections together. - Public examples intentionally avoid private infrastructure details. ## Core homelab topics - Reverse proxy and TLS: Traefik, Cloudflare DNS automation, HTTPS routers. - Authentication: Authentik SSO, forward-auth middleware, protected dashboards. - Private networking: Headscale, Tailscale-compatible clients, Pi-hole DNS. - Service operations: Docker Compose layout, volumes, backups, updates, troubleshooting. - AI and automation: OpenClaw, ComfyUI, local AI APIs, agent-friendly browser testing. - Documentation workflow: Jekyll, posts, poster assets, cross-linked service notes. ## All published guides - [Deploy Image Extender AI outpainting with Docker, Traefik, and Authentik](https://docs.novelox.net/posts/deploy-image-extender-ai-outpainting-docker-traefik-authentik/): Run Image Extender as a private AI outpainting and 2D game-art studio behind Traefik and Authentik, with OpenRouter BYOK stored in the browser or an optional server-side fallback key. Tags: image-extender, ai, outpainting, openrouter, gemini, nextjs, docker, docker-compose, traefik, authentik, cloudflare, self-hosted. - [Deploy Open Design with Docker, Traefik, Authentik, Gemini CLI, and Codex CLI](https://docs.novelox.net/posts/deploy-open-design-ai-design-workspace-docker-traefik-authentik/): Run Open Design as a private AI design workspace behind Traefik and Authentik, with Gemini CLI and Codex CLI installed inside the container and persisted across rebuilds. Tags: open-design, ai, design, gemini, codex, docker, traefik, authentik, cloudflare, self-hosted. - [Run REALITY and Hysteria2 on port 443 with Traefik, HAProxy, sing-box, and optional Pi-hole filtering](https://docs.novelox.net/posts/deploy-reality-hysteria2-traefik-pihole-singbox/): A complete, secret-free guide for sharing port 443 between Traefik web services, REALITY over TCP, and Hysteria2 over UDP, with direct Cloudflare DoH and Pi-hole-filtered client profiles backed by cloudflared upstream DoH. Tags: sing-box, reality, hysteria2, traefik, haproxy, pihole, cloudflared, cloudflare, vpn, proxy, docker. - [Deploy Android Redroid with droidVNC-NG and noVNC](https://docs.novelox.net/posts/deploy-android-redroid-droidvnc-novnc-traefik/): Run Android in Docker with Redroid, control it using droidVNC-NG, expose noVNC through Traefik and Authentik, and keep raw VNC tailnet-only. Tags: android, redroid, droidvnc-ng, novnc, docker, traefik, authentik, headscale, vnc. - [Deploy OmniVoice with Docker, Gradio, Traefik, and Authentik](https://docs.novelox.net/posts/deploy-omnivoice-gradio-docker-traefik-authentik/): Run OmniVoice as a protected Gradio voice-cloning service on an ARM64 homelab host with CPU PyTorch and persistent model cache. Tags: omnivoice, voice-cloning, gradio, docker, traefik, authentik, arm64, pytorch. - [Deploy Supabase self-hosted with Docker, Traefik, and Authentik](https://docs.novelox.net/posts/deploy-supabase-self-hosted-docker-traefik-authentik/): Run the official self-hosted Supabase stack with Studio protected by Authentik, Kong exposed as the app API, and Postgres kept private. Tags: supabase, postgres, kong, docker, traefik, authentik, self-hosted, storage, realtime. - [Deploy Medusa Commerce with Docker, Traefik, Postgres and Redis](https://docs.novelox.net/posts/deploy-medusa-commerce-docker-traefik-redis/): Run Medusa as a self-hosted ecommerce stack with a backend, Next.js storefront, PostgreSQL database, Redis cache and Traefik HTTPS routing. Tags: medusa, ecommerce, redis, postgresql, docker, traefik, nextjs, homelab. - [Deploy a Samba root share over Headscale/Tailscale with Docker](https://docs.novelox.net/posts/deploy-samba-root-share-headscale-tailscale-docker/): Expose an administrative SMB share only on a Headscale/Tailscale address, with Docker binding, explicit Samba config, and strong safety warnings. Tags: samba, smb, cifs, docker, docker-compose, headscale, tailscale, private-network, storage, homelab. - [Deploy Stalwart Mail Server with Roundcube, Docker, and Cloudflare DNS](https://docs.novelox.net/posts/deploy-stalwart-roundcube-mail-server-docker-cloudflare/): Run a self-hosted mail backend with Stalwart, expose webmail through Roundcube, and publish the DNS records that make mail delivery trustworthy. Tags: stalwart, roundcube, mail-server, imap, smtp, dkim, dmarc, mta-sts, cloudflare, docker, traefik, homelab. - [Deploy Pterodactyl Panel and Wings with Docker, Traefik, and Headscale](https://docs.novelox.net/posts/deploy-pterodactyl-panel-wings-docker-traefik-headscale/): Run Pterodactyl Panel publicly while keeping Wings, SFTP, and game allocations private over Headscale. Tags: pterodactyl, wings, minecraft, game-server, docker, traefik, mariadb, redis, headscale, tailscale, cloudflare, homelab. - [Deploy the complete WatchParty service with Docker, Traefik, Firebase, and Headscale](https://docs.novelox.net/posts/deploy-watchparty-service-docker-traefik-firebase-headscale/): Run the full WatchParty service: synced rooms, chat, playlists, Firebase login, PostgreSQL persistence, Redis coordination, Traefik routing, and optional Headscale-only VBrowser. Tags: watchparty, vbrowser, neko, docker, traefik, firebase, postgres, redis, headscale, tailscale, webrtc, homelab. - [Deploy Homepage as a Docker dashboard for homelab web UIs](https://docs.novelox.net/posts/deploy-homepage-dashboard-docker-traefik-authentik/): Build a self-hosted Homepage dashboard that advertises only real homelab web UIs, runs from one project folder, and is protected by Traefik and Authentik. Tags: homepage, dashboard, docker, docker-compose, traefik, authentik, cloudflare, homelab. - [Deploy ComfyUI AI workflows with Docker, Traefik, and Authentik](https://docs.novelox.net/posts/deploy-comfyui-ai-workflow-docker-traefik-authentik/): Run ComfyUI as a self-hosted AI workflow interface with persistent model folders, Docker Compose, Traefik HTTPS routing, and Authentik forward-auth protection. Tags: comfyui, ai, stable-diffusion, docker, docker-compose, traefik, authentik, homelab, google-colab, tailscale, headscale. - [Deploy LM Studio headless as a local AI API](https://docs.novelox.net/posts/deploy-lm-studio-local-ai-api-docker/): Run a local OpenAI-compatible model API for private experiments and internal tools. Tags: lm-studio, local-ai, llm, docker, api, homelab. - [Deploy PocketBase backend with Docker and Traefik](https://docs.novelox.net/posts/deploy-pocketbase-backend-docker-traefik/): Run PocketBase as a small self-hosted backend for apps, APIs, auth, and file storage. Tags: pocketbase, backend, sqlite, docker, traefik, app, homelab. - [Deploy Discourse forum with PostgreSQL, Redis and Traefik](https://docs.novelox.net/posts/deploy-discourse-forum-docker-traefik/): Run a Discourse community forum with internal database/cache services and HTTPS routing. Tags: discourse, forum, postgres, redis, docker, traefik, smtp, homelab. - [Deploy Karakeep bookmarks with Meilisearch and Chrome](https://docs.novelox.net/posts/deploy-karakeep-bookmarks-meilisearch-docker/): Run a self-hosted bookmark and archive system with search, crawling, and optional AI metadata. Tags: karakeep, bookmarks, meilisearch, chrome, docker, traefik, ai, homelab. - [Deploy Portainer for Docker management behind Traefik](https://docs.novelox.net/posts/deploy-portainer-docker-management-traefik/): Manage Docker containers from a web UI behind Traefik, then add built-in Portainer OAuth with Authentik. Tags: portainer, docker, management, traefik, authentik, oauth, oidc, socket, homelab. - [Deploy Vaultwarden password manager with Docker and Traefik](https://docs.novelox.net/posts/deploy-vaultwarden-password-manager-docker-traefik/): Run a self-hosted Bitwarden-compatible password manager and protect its data carefully. Tags: vaultwarden, bitwarden, password-manager, docker, traefik, backup, homelab. - [Deploy OpenClaw Gateway with Docker, Traefik and Authentik](https://docs.novelox.net/posts/deploy-openclaw-gateway-docker-traefik-authentik/): Run OpenClaw close to your infrastructure so it can help operate files, containers, and chat integrations. Tags: openclaw, ai, docker, traefik, authentik, telegram, devops, homelab. - [Deploy a Jekyll documentation site with Docker and Traefik](https://docs.novelox.net/posts/deploy-jekyll-documentation-site-docker-traefik/): Build Markdown documentation into a static site and serve it through Traefik. Tags: jekyll, markdown, docker, traefik, documentation, static-site, homelab. - [Deploy WordPress with MySQL, Redis, Docker and Traefik](https://docs.novelox.net/posts/deploy-wordpress-mysql-redis-docker-traefik/): Run a production-style WordPress stack with persistent files, MySQL, Redis caching, and HTTPS routing. Tags: wordpress, mysql, redis, docker, traefik, web-hosting, homelab. - [Deploy Garage S3 object storage with Docker and Traefik](https://docs.novelox.net/posts/deploy-garage-s3-object-storage-docker-traefik/): Run a lightweight S3-compatible object store with a separate API endpoint and protected web UI. Tags: garage, s3, object-storage, docker, traefik, authentik, homelab. - [Deploy Pi-hole private DNS with Docker and Headscale clients](https://docs.novelox.net/posts/deploy-pihole-private-dns-docker-headscale/): Run Pi-hole as a private DNS resolver for local and Headscale/Tailscale clients without exposing an open resolver. Tags: pihole, dns, safesearch, headscale, docker, traefik, authentik, homelab. - [Deploy Headscale and Headscale UI with Docker and Traefik](https://docs.novelox.net/posts/deploy-headscale-control-server-docker-traefik/): Run your own Tailscale-compatible control server and protect the optional UI. Tags: headscale, tailscale, wireguard, vpn, docker, traefik, authentik, homelab. - [Deploy Cloudflare Companion for Traefik DNS automation](https://docs.novelox.net/posts/deploy-cloudflare-companion-traefik-dns/): Automatically create Cloudflare DNS records for Traefik-routed Docker services. Tags: cloudflare, traefik, dns, docker, automation, companion, homelab. - [Deploy Authentik SSO with Docker and Traefik](https://docs.novelox.net/posts/deploy-authentik-sso-docker-traefik/): Run Authentik as the identity provider for your homelab and expose it safely behind Traefik. Tags: authentik, docker, traefik, sso, forward-auth, postgres, homelab. - [Deploy Traefik as a Docker reverse proxy with Cloudflare DNS](https://docs.novelox.net/posts/deploy-traefik-reverse-proxy-docker-cloudflare/): A secret-free standalone guide for deploying Traefik as the HTTPS front door for Docker services, using Cloudflare DNS challenges and a shared proxy network. Tags: traefik, docker, reverse-proxy, cloudflare, tls, lets-encrypt, homelab. - [Private Pi-hole DNS over Headscale with DNSCrypt and Authentik](https://docs.novelox.net/posts/private-pihole-headscale-dns-authentik/): How to run Pi-hole privately behind Headscale/Tailscale, use DNSCrypt as the upstream resolver, and protect the Pi-hole web dashboard with Authentik and Traefik. Tags: pihole, headscale, tailscale, dnscrypt, authentik, traefik, docker, homelab, dns. - [Self-host OpenClaw with Docker, Traefik, Authentik, and Telegram](https://docs.novelox.net/posts/self-host-openclaw-docker-traefik-authentik/): A clean fresh-install guide for running OpenClaw on a VPS or homelab server behind Traefik and Authentik, with Telegram integration and no direct exposed app ports. Tags: openclaw, docker, traefik, authentik, telegram, self-hosting, homelab. - [Self-host WordPress with Redis, MySQL, Docker Compose and Traefik](https://docs.novelox.net/posts/wordpress-redis-docker-traefik/): Deploy WordPress on a root domain with Docker Compose, Traefik HTTPS, MySQL persistence, Redis object cache support, and safe Linux permissions. Tags: wordpress, redis, mysql, docker, docker-compose, traefik, cloudflare, adsense, homelab. - [Self-host Karakeep for bookmarks and AI-assisted archives](https://docs.novelox.net/posts/self-host-karakeep-bookmarks/): A secret-free Karakeep deployment pattern with Meilisearch, Chrome crawling, and OpenAI-compatible inference settings. Tags: karakeep, bookmarks, meilisearch, docker, ai, openai-compatible. - [Build a Jekyll documentation site for your homelab](https://docs.novelox.net/posts/jekyll-homelab-docs-site/): How to turn your homelab notes into a public Jekyll documentation website without leaking secrets. Tags: jekyll, markdown, docker, traefik, documentation, blog, adsense. - [Run Garage S3 object storage in a homelab](https://docs.novelox.net/posts/garage-s3-object-storage-traefik/): A practical Garage S3 deployment with a protected web UI and an unbroken S3 API route. Tags: garage, s3, object-storage, docker, traefik, authentik, cloudflare. - [Self-host Headscale with a protected web UI](https://docs.novelox.net/posts/self-host-headscale-ui-authentik/): Deploy Headscale behind Traefik and protect the optional web UI with Authentik while keeping the control API reachable. Tags: headscale, tailscale, wireguard, vpn, docker, traefik, authentik. - [Build a homelab auth gateway with Traefik and Authentik](https://docs.novelox.net/posts/homelab-auth-gateway-traefik-authentik/): A practical, secret-free walkthrough of using Traefik and Authentik as the front door for self-hosted services. Tags: homelab, docker, traefik, authentik, sso, reverse-proxy, cloudflare. ## Agent/browser notes - Prefer links and headings over visual card order when navigating. - Interactive UI examples should have explicit names and labels where possible. - If an automated browser cannot find a control, inspect the accessibility tree before relying on coordinates. - Layout shifts can make browser automation unreliable; wait for network and layout stability before clicking.