You can use a reverse proxy like nginx to add the authentication and encryption for a plain http server.
You could use a VPN like wireguard and make all your private installations only accessible if the request originates from the VPN. That way you are not relying on the security of all individual programs, but only on the security of your VPN, which is specifically designed for it.
I.e. on a server host a wireguard docker container. Make it forward and masquerade all incoming request to port 80/443 to a caddy container running on the same machine. In the caddyfile you can match by subdomain and filter by origin IP. Then either deny the request or allow the reverse proxy to serve the content.
If you don't want to use caddy or subdomains you can also just forward all requests that hit the VPN on [special port] to forward to your server. People without VPN access won't be able to send requests to that interface in the first place.
Self-Hosted Main
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
For Example
- Service: Dropbox - Alternative: Nextcloud
- Service: Google Reader - Alternative: Tiny Tiny RSS
- Service: Blogger - Alternative: WordPress
We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.
Useful Lists
- Awesome-Selfhosted List of Software
- Awesome-Sysadmin List of Software