Docker Compose Infrastructure Documentation
Overview
This infrastructure manages a comprehensive self-hosted environment including media management (Jellyfin, *arr stack), document management (Paperless-ngx), AI services (Open WebUI, LiteLLM), photo management (Immich), genealogy tools (GrampsWeb), and various utilities.
Architecture
Internal Docker Services
| Service Categories | Service | Role / Component | Web UI Port |
|---|---|---|---|
| Media & Arr Stack | Jellyfin | Media server with hardware transcoding | 8096 |
| Media & Arr Stack | Jellyseerr | Media request management | 5055 |
| Media & Arr Stack | Radarr | Movie management | 7878 |
| Media & Arr Stack | Sonarr | TV show management | 8989 |
| Media & Arr Stack | Lidarr | Music management | 8686 |
| Media & Arr Stack | Bazarr | Subtitle management | 6767 |
| Media & Arr Stack | Prowlarr | Indexer manager | 9696 |
| Media & Arr Stack | qBittorrent | Download client | 7070 |
| Data Management | Paperless | Document management interface | 8100 |
| Data Management | Stirling-PDF | PDF manipulation tools | 8090 |
| Data Management | OnlyOffice | Document collaboration server | 8091 |
| Open WebUI | LLM interface | 3000 | |
| Data Management | Immich | Photo management | 2283 |
| Data Management | Syncthing | File synchronization | 8384 |
| Management & Infrastructure | Gitea | Git service | 8418 |
| GrampsWeb Jamie | Genealogy UI | 5511 | |
| GrampsWeb Helen | Genealogy UI | 5512 | |
| Speedtest Tracker | Network performance | 8180 | |
| Management & Infrastructure | NPM Admin | NPM admin UI | 81 |
| Data Management | Maloja | Music scrobbling | 42010 |
| Data Management | Multi-Scrobbler | Cross-platform scrobbler | 9078 |
| Data Management | WYGIWYH | Financial tracking | 9008 |
| Management & Infrastructure | Portainer | Container management UI | 9443 |
| Management & Infrastructure | Homepage | Service dashboard | 7575 |
External Non-Docker Services
| Service Categories | Service | Role / Description | Web UI Port |
|---|---|---|---|
| Management & Infrastructure | adguard | DNS/ad-blocking | 3000 |
| Data Management | vaultwarden | Password manager | 80/8080 |
| Entertainment | crafty (Crafty Controller) | Minecraft server management | 3000 |
| Data Management | nextcloud | File sync and collaboration | 443 |
| Automation | homeassistant | Home automation | 8123 |
| Entertainment | foundryvtt | Foundry VTT | 30000 |
| Data Management | openmediavault | NAS management | 80/443 |
| Website Hosting | wordpress-irodori | WordPress site | 80 |
| Website Hosting | wordpress-dustin | WordPress site | 80 |
Network Segmentation
- media_net: Media services and *arr applications
- db_net: Database services (internal only)
- web_net: Web-accessible services
- internal_net: Internal service communication
Storage Structure
Local Docker Configs (/docker/)
/docker/
├── Homepage/
├── Arrs/ (Prowlarr, Radarr, Sonarr, Lidarr, Bazarr, Jellyfin, Jellyseerr)
├── qBittorrent/
├── slskd/
├── soulsync/
├── paperless/
├── stirling/
├── immich/
├── obsidian/
├── syncthing/
├── gitea/
├── gramps-jamie/
├── gramps-helen/
├── speedtest-tracker/
├── rustdesk/
├── redbot/
├── maloja/
├── scrobble/
└── litellm/
NAS Storage (/mnt/Nas-Storage/data/)
/mnt/Nas-Storage/data/
├── media/
│ ├── movies/
│ ├── tv/
│ ├── music/
│ └── images/
└── torrents/
└── soulsync/
Prerequisites
Required Environment Variables (.env file)
# System
PUID=1000
PGID=1000
TZ=Pacific/Auckland
# URLs
JELLYFIN_URL=https://your-jellyfin-domain.com
PAPERLESS_URL=https://your-paperless-domain.com
WYGIWYH_URL=https://your-wygiwyh-domain.com
HOMEPAGE_ALLOWED_HOSTS=your-homepage-domain.com
# Nginx Proxy Manager
NPM_PASSWORD=your_secure_password
# Paperless
PAPERLESS_DB_ROOT_PASSWORD=your_secure_password
PAPERLESS_DB_NAME=paperless
PAPERLESS_DB_USER=paperless
PAPERLESS_DB_PASSWORD=your_secure_password
PAPERLESS_SECRET_KEY=your_secret_key
# Immich
IMMICH_POSTGRES_PASSWORD=your_secure_password
# LiteLLM
GROQ_API_KEY=your_groq_api_key
LITELLM_MASTER_KEY=your_master_key
# Slskd
SLSKD_USERNAME=your_username
SLSKD_PASSWORD=your_secure_password
# Speedtest Tracker
SPEEDTEST_DB_NAME=speedtest
SPEEDTEST_DB_USER=speedtest
SPEEDTEST_DB_PASSWORD=your_secure_password
SPEEDTEST_APP_KEY=base64:your_generated_key
# WYGIWYH
WYGIWYH_DB_DATABASE=wygiwyh
WYGIWYH_DB_USER=wygiwyh
WYGIWYH_DB_PASSWORD=your_secure_password
WYGIWYH_SECRET_KEY=your_secret_key
WYGIWYH_ALLOWED_HOSTS=localhost,127.0.0.1,your-domain.com
# RedBot
REDBOT_TOKEN=your_discord_bot_token
System Requirements
- Docker Engine 20.10+
- Docker Compose V2
- Sufficient storage for media and databases
- Intel GPU for Jellyfin hardware transcoding (optional)
Installation
- Clone/Download this repository
- Create required directories
# See directory_structure.sh for automated setup chmod +x directory_structure.sh ./directory_structure.sh - Create .env file
cp .env.example .env # Edit .env with your values nano .env - Set correct permissions
sudo chown -R $PUID:$PGID /docker sudo chown -R $PUID:$PGID /mnt/Nas-Storage/data - Start services
docker compose up -d
Maintenance
Backup Strategy
Critical Data to Backup:
/docker/- All service configurations- Database volumes (see docker-compose.yaml)
.envfile (store securely, contains secrets)
Optional (can be regenerated):
- Media files on NAS
Updates
Watchtower automatically updates containers daily. To manually update:
docker compose pull
docker compose up -d
Logs
View logs for any service:
docker compose logs -f [service_name]
Resource Limits
- Portainer: 512MB RAM limit
- Log rotation: 10MB max, 3 files
Hardware Acceleration
Jellyfin is configured for Intel GPU transcoding:
- Device:
/dev/dri/renderD128 - Group:
104(render group)
Verify GPU access:
ls -l /dev/dri/renderD128
Security Considerations
- Secrets Management: Store
.envsecurely, never commit to version control - Network Segmentation: Database network is internal-only
- Container Security:
no-new-privileges:trueon supported services - Reverse Proxy: Use NPM for SSL termination and authentication
- Updates: Watchtower keeps containers updated
Troubleshooting
Service won't start
docker compose logs [service_name]
docker compose restart [service_name]
Database connection issues
# Check database is healthy
docker compose ps
# Verify network connectivity
docker compose exec [service] ping [db_service]
Permission errors
# Verify ownership
ls -la /docker/[service]/
# Fix if needed
sudo chown -R $PUID:$PGID /docker/[service]/
Storage full
# Check Docker disk usage
docker system df
# Clean up unused resources
docker system prune -a
Contributing Services
To add new services:
- Add service definition to appropriate section
- Assign to correct network(s)
- Add volume mounts under
/docker/[service]/ - Update this README with service description
- Add required environment variables to
.env.example
License
This is a personal infrastructure setup. Adapt as needed for your use case.
Support
For issues with specific services, consult their official documentation:
- Jellyfin: https://jellyfin.org/docs/
- Paperless-ngx: https://docs.paperless-ngx.com/
- Immich: https://immich.app/docs/
- And so on...
Last Updated: January 2026