Script to periodically clean Jellyfin’s “Continue Watching” section
Hey everyone,
I got a bit annoyed with my Continue Watching section filling up with abandoned episodes/movies started by mistake, so I wrote a small bash script to clean it up.
What it does:
Runs in two passes:
1. Per-series cleanup
Keeps the furthest reached episode (default)
Keeps the latest watched episode (maybe you've fallen asleep and moved back a few episodes to rewatch - let's keep it)
Resets resume position for older episodes in the same series (usually dangling trash)
2. Age-based cleanup
Resets resume positions for items (movies/series) abandoned for more than `MAX_DAYS` (default: 7)
Does not mark anything as watched
Dry-run mode by default (prints what would be cleaned)
--apply flag required to actually modify the DB
⚠️ Note: I’ve only tested this on a single-user Jellyfin setup.
If this sounds useful, feel free to check it out / adapt it.
It's been tested on two separate Jellyfin instances and worked well for a longer period of time (just added it as a cron job)
Remember to change the DB path to your own.
Here's the link to github gist:
https://gist.github.com/rybycy/caddacc50b799f345c86d2a0bed22371
https://redd.it/1qjy6sq
@r_SelfHosted
Updates to Jellify - a FOSS music player for Jellyfin!
https://github.com/Jellify-Music/App
https://redd.it/1qjvlbk
@r_SelfHosted
Managarr (A Servarr CLI and TUI) now supports Lidarr!
https://redd.it/1qja9c1
@r_SelfHosted
Is it just me, or is "field-ready" IoT hardware still stuck in the dark ages?
Honestly, I’m getting frustrated. I’ve been trying to set up a simple, reliable sensor node for my uncle’s farm (we need basic soil moisture and GPS tracking for some equipment), and I feel like I'm hitting a wall.
On one hand, you have the classic ESP32/Pico breadboard mess. It’s fun for a desk project, but one heavy rainstorm or a ride on a vibrating tractor and the whole thing is guaranteed to fall apart.
On the other hand, you have these massive, over-engineered industrial PLCs that cost $500+ and lock you into a proprietary cloud with a $20/month subscription per device. Is there seriously nothing in between?
I just want a rugged, IP67-rated, USB-powered dongle that I can connect to a Pi or a PC and write my own MicroPython or C++ code for. Something that handles a stable RS485 connection without me having to solder a bunch of jumpers and pray it works.
Does anyone know of a professional-grade dongle that isn't a total "black box"? I need something I can deploy in a field and not worry about it melting in the sun or dying after a week.
https://redd.it/1qjgkq6
@r_SelfHosted
Don't want Nextcloud...
...What other light file storage self hosted app with a decent ui do you recommend?
https://redd.it/1qj95ft
@r_SelfHosted
MOD ANNOUNCEMENT: Introducing Vibe Code Friday
The recent influx of AI has lowered the barrier to entry to create your own projects. This development in itself is very interesting and we're curious to see how it'll change our world of SelfHosting in the future.
The negative side of this however is the influx of AI generated posts, vibe-coded projects over a weekend and many others. Normally, the community votes with its voice. But with the high amount of posts flooding in every day, we've noticed a more negative and sometimes even hostile attitude towards these kinds of projects.
The stance of the SelfHosted moderation team is that the main focus of this sub should be on services that can be selfhosted and their related topics. For example, but not limited to: alternatives to popular services, taking back control over your data and privacy, containerization, networking, security, etc.
In order to bring back the focus on these main points of SelfHosting, we're introducing "Vibe code Friday". This means that anything AI-assisted or vibe-coded in relation to SelfHosting can be posted only on Fridays from here on out.
Throughout the week, any app or project that falls within the category will be removed. Repeat-offenders will be timed out from posting.
This is to reduce the flood of these personal projects being posted all the time. And hopefully bring back the focus to more mature projects within the community.
In order to determine the difference (as going by code & commits alone can be a great indicator but by itself does not make a great case for what constitutes a vibe-coded or AI-assisted project) we've set the following guidelines:
- Any project younger than a month old
- With only one real collaborator (known AI persona's do not count, or are an even better indicator)
- With obvious signs of vibe-coding*
Will only be allowed on Vibe-code Fridays.
We'll run this as a trial for at least a month.
Sincerely, /r/SelfHosted mod team.
https://redd.it/1qfp2t0
@r_SelfHosted
I _also_ built yet another modern, self hoosted IPTV player .... because I didn't know the other 2 guys already did.
https://streamable.com/a8bvrg
https://redd.it/1qeobvd
@r_SelfHosted
So how are you guys handling the spotify/yt music "knowing what you like" problem?
My current setup: Ive got a library of roughly 40k songs, currently hosted through jellyfin with the audiomuse plugin and musicbrainz picard. im accessing it via symphonium.
I want to get off spotify and yt music as my streamed music providers. but the issue i have is in those apps the recommendations is too spot on and i cant find a way to replicate that. (and im not referring to new music from outside my library).
i just mean the "focus" "workout" "energy" personalized playlists and ability to look up one song and it perfectly plays similar songs of artists i like while slowly fading back to the music it knows i like. meanwhile i dont have to click the "skip song" button for a few hours
meanwhile symphonium even with the mood tagging and audiomuse just feels like its throwing stuff at the wall to see what sticks, rap followed by Frank Sinatra then Justin Bieber and corn. even when it does get it right and feels moderately cohesive i think it just doesnt know what music i like and im not quite sure how to help it get there. any advice would be great. Theres lots of songs i really like in my library but i feel like im constantly skipping and the music i want to listen to it isnt playing
https://redd.it/1qe4xt8
@r_SelfHosted
push
docker stack deploy -c docker-compose.yml mystack
```
**Never use `latest` in production.** Use commit hashes or semantic versions.
**Why versioning matters:**
- Rollback becomes a one-liner: `docker service update --image yourapp:v1.2.3 mystack_app`
- You know exactly what's running on each node
- Audit trails for compliance
- No more "but it worked on my machine" mysteries
---
## Useful Commands
```bash
# Node management
docker node ls # List all nodes
docker node update --availability=drain docker2.domain.io # Maintenance mode
docker node update --availability=active docker2.domain.io # Back to active
docker node inspect docker2.domain.io --pretty # Node details
# Stack operations
docker stack deploy -c docker-compose.yml mystack # Deploy/update stack
docker stack services mystack # List services in stack
docker stack ps mystack # List tasks (containers)
docker stack rm mystack # Remove stack
# Service operations
docker service scale mystack_web=4 # Scale to 4 replicas
docker service logs -f mystack_web # Follow logs
docker service logs --tail 100 mystack_web # Last 100 lines
docker service update --force mystack_web # Force redeploy
docker service update --image yourapp:v2 mystack_web # Update image
# Debugging
docker service ps mystack_web --no-trunc # Full error messages
docker inspect $(docker ps -q -f name=mystack_web) # Container details
```
**Pro tip:** `docker stack deploy` is idempotent. Run it again to update - no need to `rm` first.
---
## Common Gotchas
These issues have cost me hours. Learn from my pain.
**Containers can't communicate between nodes:**
1. Verify overlay network exists: `docker network ls`
2. Check it's attached to your service in compose file
3. Verify DNS config in `/etc/systemd/resolved.conf` on each node
4. Ensure ports 7946 (TCP/UDP) and 4789 (UDP) are open between nodes
5. If using `--opt encrypted`, try without it first (NAT issues)
**Service stuck in "Pending":**
```bash
docker service ps myservice --no-trunc
```
Common causes:
- Resource constraints - scheduler can't find a node with enough CPU/memory
- Image doesn't exist or can't be pulled (check registry auth)
- Placement constraints can't be satisfied
- All nodes are drained or paused
**Rolling update hangs:**
Health checks are usually the culprit. Your container might be healthy but Swarm doesn't know it.
```yaml
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s # Give your app time to start!
```
**"No such network" errors:**
Create networks BEFORE deploying stacks:
```bash
docker network create --driver overlay --attachable mynetwork
docker stack deploy -c compose.yml mystack
```
**Secrets not updating:**
Secrets are immutable. To update:
1. Create new secret with different name: `docker secret create app_secrets_v2 ./secrets.json`
2. Update compose to reference new secret name
3. Redeploy stack
---
## Final Tips
1. **Use Portainer** - Free and makes Swarm management much easier. Deploy it first.
2. **Always use external networks** - Create overlay networks before deploying stacks
3. **Tag images properly** - Never `latest` in production. Use commit hashes or semver.
4. **Set resource limits** - Always. A runaway container will take down your node.
5. **Test your rollback** - Deploy a broken image intentionally to verify auto-rollback works
6. **Monitor from day one** - Prometheus + Grafana is free and catches issues early
7. **Document your setup** - Future you will thank present you
8. **Start small** - 2 nodes is enough to learn. Scale when you need it.
---
## Backup Your Swarm State
Swarm state lives on manager nodes. Back it up:
```bash
# Stop Docker (on manager)
sudo systemctl stop docker
# Backup the Swarm state
sudo tar -cvzf swarm-backup-$(date +%Y%m%d).tar.gz /var/lib/docker/swarm
# Start
S3, etc.)
We run Swarm on AWS EC2 because we're already deep in the AWS ecosystem. If you're starting fresh, a dedicated VPS provider is simpler and cheaper.
---
## Setting Up Your Production Environment
### Install Docker (Ubuntu)
```bash
# Add Docker's official GPG key and repo
sudo apt-get update
sudo apt-get install ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo usermod -aG docker $USER
```
**Important:** Use `docker compose` (space), not `docker-compose` (deprecated).
### Initialize the Swarm
```bash
# Get your internal IP
ip addr
# Initialize on manager (use YOUR internal IP)
docker swarm init --advertise-addr 10.10.1.141:2377 --listen-addr 10.10.1.141:2377
# Join token for workers (save this!)
docker swarm join --token SWMTKN-1-xxxxx... 10.10.1.141:2377
```
**Critical:** Use a fixed IP for advertise address. Dynamic IPs will break your cluster on restart.
---
## DNS Configuration (This Will Save You Hours)
**CRITICAL**: DNS issues cause 90% of Swarm networking problems.
Edit `/etc/systemd/resolved.conf` on each node:
```ini
[Resolve]
DNS=10.10.1.122 8.8.8.8
Domains=~yourdomain.io
```
Then reboot. Docker runs its own DNS at `127.0.0.11` for container-to-container resolution.
**Rule:** Never hardcode IPs in Swarm. Use service names - Docker handles routing.
---
## Network Configuration
Create an overlay network (mandatory for multi-node):
```bash
docker network create \
--opt encrypted \
--subnet 172.240.0.0/24 \
--gateway 172.240.0.254 \
--attachable \
--driver overlay \
awsnet
```
| Flag | Purpose |
|------|---------|
| `--opt encrypted` | IPsec encryption. Optional but recommended. **Note:** Can cause issues with NAT - use internal VPC IPs |
| `--subnet` | Prevents conflicts with VPC ranges |
| `--attachable` | Allows standalone containers to connect |
### Required Ports
- **TCP 2377**: Cluster management
- **TCP/UDP 7946**: Node communication
- **TCP/UDP 4789**: Overlay network traffic
---
## Production Compose File
```yaml
version: "3.8"
services:
nodeserver:
dns:
- 10.10.1.122
init: true # Proper signal handling, zombie cleanup
environment:
- NODE_ENV=production
- API_KEY=${API_KEY}
deploy:
mode: replicated
replicas: 6
placement:
max_replicas_per_node: 3
update_config:
parallelism: 2
delay: 10s
failure_action: rollback
order: start-first
rollback_config:
parallelism: 2
delay: 10s
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
window: 120s
resources:
limits:
cpus: '0.50'
memory: 400M
reservations:
cpus: '0.20'
memory: 150M
image: "yourregistry/nodeserver:latest"
ports:
- "61339"
networks:
awsnet:
secrets:
- app_secrets
secrets:
app_secrets:
external: true
networks:
awsnet:
external: true
```
**Key settings:**
- `init: true` - Runs tini as PID 1 for proper signal handling
- `failure_action: rollback` - Auto-rollback on failed deployments
- `order: start-first` - New containers start before old ones stop (zero downtime)
- **Always set resource limits** - A runaway container can kill your node
---
## Dockerfile Best Practices
### Multi-Stage Build (Node.js)
```dockerfile
# syntax=docker/dockerfile:1
FROM node:20-bookworm-slim AS base
WORKDIR /app
RUN apt-get update && apt-get install -y --no-install-recommends python3 make g++ && rm -rf /var/lib/apt/lists/*
COPY package.json
The Complete Docker Swarm Production Guide for 2026: Everything I Learned Running It for Years
📸 View FULL version on GITHUB website
## V1: Battle-Tested Production Knowledge
TL;DR: I've been running Docker Swarm in production on AWS for years and I'm sharing everything I've learned - from basic concepts to advanced production configurations. This isn't theory - it's battle-tested knowledge that kept our services running through countless deployments.
What's in V1:
- Complete Swarm hierarchy explained
- VPS requirements and cost planning across providers
- DNS configuration (the #1 cause of Swarm issues)
- Production-ready compose files and multi-stage Dockerfiles
- Prometheus + Grafana monitoring stack
- Platform comparison (Portainer, Dokploy, Coolify, CapRover, Dockge)
- CI/CD versioning and deployment workflows
- GitHub repo with all configs
---
## Why Docker Swarm in 2026?
Before the Kubernetes crowd jumps in - yes, I know K8s exists. But here's the thing: Docker Swarm is still incredibly relevant in 2026, especially for small-to-medium teams who want container orchestration without the complexity overhead.
Swarm advantages:
- Native Docker integration (no YAML hell beyond compose files)
- Significantly lower learning curve
- Perfect for 2-20 node clusters
- Built-in service discovery and load balancing
- Rolling updates out of the box
- Works with your existing Docker Compose files (mostly)
If you're not running thousands of microservices across multiple data centers, Swarm might be exactly what you need.
---
## Understanding the Docker Swarm Hierarchy
Swarm → Nodes → Stacks → Services → Tasks (Containers)
docker build in production.
i made an overseer for lidarr called aurral
https://redd.it/1qe1gy3
@r_SelfHosted
Shoutout to the Booklore team!
I just connected my Kobo e-reader with my Booklore instance and I’m blown away, both by the open config file on the kobo, but first and foremost by the amazing work the Booklore team did: The process of getting my local books on my e-reader couldn’t be smoother & the documentation is also great. Thank you very much for your work, I really appreciate it.
https://redd.it/1qdtmz4
@r_SelfHosted
What is your docker container backup method?
I just compress the folder with the data into a zip or tar file. I will probably make a script that copies the compose file into the data folder then compress the data directory and moves it to another directory that is synced with my hetzner storage box
I didn't have containers fail on me hard yet. The ones that maybe failed at some point was unifi network I used it's backup feature to fix an issue I was having.
My system is a pi 4 8gb with an external ssd
Edit: when im taking a back up im first stopping the containers i want to take a backup
https://redd.it/1qdkr1x
@r_SelfHosted
PSA to newbie ZFS + Usenet users
I spent a significant number of hours yesterday debugging why SABnzbd would fully download an NZB, even extract a working .mkv, yet still mark the job as FAILED and make Radarr re-grab the same movie over and over. I’ve been running torrents for a while with the *Arr stack and never hit this, but Usenet is different because SABnzbd typically unpacks via 7zz, and 7zz tries to set file attributes on extract.
On TrueNAS/ZFS this can bite you if your downloads live on a dataset using the SMB/NFSv4 (Samba-style) preset. In that setup, chmod / “set file attribute” operations can be restricted, so 7zz throws errors like “Cannot set file attribute / Operation not permitted” and SABnzbd flags the job as failed even if the video file looks OK.
Easiest fix was to change the dataset's "ACL Mode" from "Restricted" to "Passthrough". After allowing chmod/attribute changes on that dataset, SABnzbd unpacking and Radarr importing worked normally.
https://redd.it/1qdmc5u
@r_SelfHosted
Ah the joys of running your own mail server
https://redd.it/1qjimfi
@r_SelfHosted
What do you use for your 'local' backup?
I have my main NAS in RAIDZ1 (not backup ;)), which is encrypted then sent weekly to Backblaze B2 for remote backup.
What do people use for their in-between backup? Maybe some kind of storage device that only spins up once a day to backup the main NAS? What sort of device are you using?
https://redd.it/1qjpeqf
@r_SelfHosted
Any recommendations for single sign on for all the services?
Hello! I'm just tipping my toes in selfhosting and very quickly had the problem that pretty much all services have their own authentication. So i'm looking for something like one login page and all services automatically logged in after that. Do things like that exists and are they difficult to set up? And have any good recommendations?
Otherwise it's been fulfilling to have control over everything!
https://redd.it/1qjo5pw
@r_SelfHosted
AudioMuse-AI - Behind the scene
Hi All,
this is a behind the scene of AudioMuse-AI, to describe what I'm actually doing in the last months and show the effort but also the love behind the development of this software.
First of all, for who don't know, AudioMuse-AI exploit machine learning algorithm to analyze raw audio song in order to create smart playlist. It is not "AI" instead is try to rapresent the music througt vector thanks to neural network and then play with cosine similarity between vector. Basically say that if the distance between two vector is low, the song are similar.
When you're able to say that two song are similar, than you can construct on it and do different functionality to automatically create playlist on the major music server like Jellyfin, Navidrome, LMS, Emby, Lyrion and so on.
Till now all is simple, but where this machine learning appear? because I'm not just calling an API, here it is all Seflhostable first, privacy first AND reliability first: if your server work you don't need external service to keep working.
I started from an existing ML model, the MSD Musicnn model from MTG Essentia. MTG is one of the leading research group in the world about Music, not just Oldrock on reddit. They got the Muscinn (another wonderfull project) and they distill their model. Using their model is a first quick win. Imagine that also Plex started with them, just to name one. And for this I need to say thanks to Violet from the Jellify project to inspire me to move in that direction.
But with Essentia model I can only input a song, and have in output similar one. Chaphasilor from the FInamp project named me CLIP, that was able to transform word in vector, and image in vector, so that you can do similarity between Text and Audio. Do some search I found CLAP, that worked for song. More precisely LAION CLAP that is totally opensource (CC0 1.0).
All this big word to say that I integrated a second model in AudioMuse-AI, that is CLAP, on top of MSD Musicnn from MTG Essentia.
What' I'm doing NOW? I found out that CLAP is a bit heavy, at least for who run it on a single machine maybe not so recent and maybe with very big song collection. So in the last two month I'm trying to do the distillation process that practically try to re-create a tiny version LAION CLAP, that still reach good result.
Just to say some number we are try to moving from a model of 80 million parameter to 8 million. And here again I'm following an University Research study that did TinyClap, a distillation of (Microsoft) clap, but for sound. Here I'm trying to do for Music.
I don't know if I'll get success (till now I already did different fail, but only with fail you can learn, no?) but I'm still trying.
TL;DR: if everything work the next things will be having the same, but smaller and faster.
Why all this story? because behind a project like this there is a person, there is try, time spent, research, university study, a lot of passion and love for it, and I would like to transmit a bit of this love.
If you still don't know AudioMuse-AI then take a try, is all free and open source and you can find it here:
https://github.com/NeptuneHub/AudioMuse-AI
And in topic of naming people that help and inspire me I also want to say thanks to Kilian, from Jellyfin Intro Skipper, that help me to understand how to create the AudioMuse-AI Jellyfin plugin. He was extremly patience with me, so really big thanks!
If you like it, the only contribution that I search is a star on the github repo.
Thank you all for reading me in all this months, and thanks all for help me reaching 1000+ star on the repository!
If you're interested in any details of how AudioMuse-AI is developer or work, please feel free to ask
https://redd.it/1qjcyk9
@r_SelfHosted
My New App Stingray - Jellyfin for Apple TV
https://apps.apple.com/us/app/stingray-streaming/id6756280505
https://redd.it/1qizrq2
@r_SelfHosted
Dashboards are the worst thing that happened to self hosting
I think dashboards low key ruined self hosting for a lot of people.
Not the tools themselves. The mindset they create.
Once you add a dashboard, you stop asking why you need a service and start asking why its missing from the dashboard.
Suddenly you are running
a media server you barely use
a note app you forget exists
three monitoring tools watching each other
metrics for things that have never once failed
All green lights. Zero value.
I noticed I was spending more time looking at my setup than actually using it. Clicking tiles. Refreshing stats. Updating containers that nobody depends on.
The worst part is dashboards make complexity feel productive. If it looks clean and organized, your brain assumes its justified.
I unplugged my dashboard for a week.
Nothing bad happened.
Nothing broke.
I didnt miss a single service.
Now I only self host things that have users. Even if that user is just future me at 3am actually needing it.
Everything else is just digital shelf decor.
Curious how many people here would lose nothing if their dashboard disappeared tomorrow.
https://redd.it/1qez1l7
@r_SelfHosted
MusicGrabber - A self-hosted app for grabbing singles without the Lidarr drama
https://gitlab.com/g33kphr33k/musicgrabber
https://redd.it/1qef78k
@r_SelfHosted
Docker
sudo systemctl start docker
```
Store backups off-node. If all managers die simultaneously (rare but possible), this is your recovery path.
---
## When NOT to Use Swarm
To be fair, Swarm isn't always the answer:
- **Need advanced scheduling?** K8s has more sophisticated options
- **Running 50+ services?** K8s ecosystem is more mature at scale
- **Need service mesh?** Istio/Linkerd integrate better with K8s
- **Team already knows K8s?** Stick with what you know
For everything else - small teams, 2-20 nodes, wanting to move fast - Swarm is hard to beat.
---
## GitHub Repo
All compose files, Dockerfiles, and configs mentioned in this guide:
**[github.com/TheDecipherist/docker-swarm-guide](https://github.com/TheDecipherist/docker-swarm-guide)**
The repo includes:
- Complete monitoring stack compose file
- Production-ready multi-stage Dockerfiles
- Network configuration examples
- Portainer deployment scripts
---
## What's Coming in V2
Based on community feedback, V2 will cover:
- Deep dive into monitoring (Prometheus, Grafana, DataDog comparison)
- Blue-green deployments in Swarm
- Logging strategies (ELK, Loki, etc.)
- Traefik integration for automatic SSL
---
*What's your Swarm setup? Running it in production? Home lab? What providers are you using? Drop your configs and war stories below — I'll incorporate the best tips into V2.*
*Questions? I'll be in the comments.*
https://redd.it/1qe7wue
@r_SelfHosted
package-lock.json ./
FROM base AS compiled
RUN npm ci --omit=dev
FROM node:20-bookworm-slim AS final
RUN ln -snf /usr/share/zoneinfo/America/New_York /etc/localtime
WORKDIR /app
COPY --from=compiled /app/node_modules /app/node_modules
COPY . .
EXPOSE 3000
ENTRYPOINT ["node", "./server.js"]
```
**Why multi-stage?** Build tools stay in temp stage. Final image is clean and small.
### Key Rules
1. **Run in foreground** - `CMD ["nginx", "-g", "daemon off;"]` (official nginx image handles this)
2. **Pin base images** - `FROM ubuntu:22.04` not `FROM ubuntu:latest`
3. **Include health checks** - Swarm uses these for rolling updates
4. **Use .dockerignore** - Exclude `.env`, `node_modules`, `.git`
### Sample .dockerignore
```
.git
.gitignore
.env
.env.*
node_modules
npm-debug.log
Dockerfile*
docker-compose*
.dockerignore
*.md
.vscode
.idea
```
This keeps your build context small and prevents secrets from accidentally ending up in images.
---
## Monitoring Stack (Prometheus + Grafana)
Full compose file in the [GitHub repo](https://github.com/TheDecipherist/docker-swarm-guide). Key points:
| Service | Purpose | Mode |
|---------|---------|------|
| Grafana | Dashboards | 1 replica on manager |
| Prometheus | Metrics collection | 1 replica on manager |
| cAdvisor | Container metrics | Global (all nodes) |
| Node Exporter | Host metrics | Global (all nodes) |
Use `mode: global` for monitoring agents - runs ONE instance on EVERY node.
**Quick setup tip:** Start with cAdvisor + Node Exporter first. Add Prometheus when you need historical data. Add Grafana when you need pretty dashboards for your team.
---
## Docker Management Platforms
Managing Swarm via CLI is powerful, but GUIs improve visibility significantly.
### Portainer
**Best for:** Teams wanting visual management without changing workflows.
```bash
# Deploy Portainer agent on each node
docker service create --name portainer_agent \
--publish mode=host,target=9001,published=9001 \
--mode global \
--mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock \
--mount type=bind,src=//var/lib/docker/volumes,dst=/var/lib/docker/volumes \
portainer/agent:latest
# Deploy Portainer server on manager
docker service create --name portainer \
--publish 9443:9443 --publish 8000:8000 \
--replicas=1 --constraint 'node.role == manager' \
--mount type=volume,src=portainer_data,dst=/data \
portainer/portainer-ce:latest
```
**Pricing:** CE is completely free with no node limits. Business Edition adds enterprise features.
**Why Portainer?** It shows you container logs, resource usage, network topology, and lets you manage stacks visually. Perfect for teams where not everyone is a CLI wizard.
### Platform Comparison
| Platform | Swarm Support | Git Deploy | Auto SSL | Best For |
|----------|---------------|------------|----------|----------|
| **Portainer** | Full | No | No | Visual management |
| **Dokploy** | Full | Yes | Yes | Heroku-style on Swarm |
| **Coolify** | Experimental | Yes | Yes | 280+ templates, great UI |
| **CapRover** | Full (native) | Yes | Yes | Proven Swarm PaaS |
| **Dockge** | None | No | No | Simple Compose management |
**My setup:** Portainer for visibility + custom CI/CD + Prometheus/Grafana for monitoring.
**Note on Coolify:** Their Swarm support is experimental. Works for basic setups but I've hit edge cases. Great project though - watch this space.
---
## Secret Management
**Stop using environment variables for secrets.**
```yaml
secrets:
app_secrets:
external: true # Created via CLI or Portainer
services:
app:
secrets:
- app_secrets
```
Create secrets:
```bash
docker secret create app_secrets ./secrets.json
```
Secrets appear as files in `/run/secrets/SECRET_NAME`. They're encrypted at rest, not visible in `docker inspect`, and only sent to nodes that need them.
---
## CI/CD Versioning
```bash
BUILD_VERSION=$(cat ./buildVersion.txt)
LONG_COMMIT=$(git rev-parse HEAD)
docker compose build --build-arg GIT_COMMIT=$LONG_COMMIT --build-arg BUILD_VERSION=$BUILD_VERSION
docker compose
The Complete Docker Swarm Production Guide for 2026: Everything I Learned Running It for Years
📸 **[View FULL version on GITHUB website](https://thedecipherist.github.io/docker-swarm-guide/?utm_source=reddit&utm_medium=post&utm_campaign=docker-swarm-guide&utm_content=v1-guide)**
## V1: Battle-Tested Production Knowledge
**TL;DR:** I've been running Docker Swarm in production on AWS for years and I'm sharing everything I've learned - from basic concepts to advanced production configurations. This isn't theory - it's battle-tested knowledge that kept our services running through countless deployments.
**What's in V1:**
- Complete Swarm hierarchy explained
- VPS requirements and cost planning across providers
- DNS configuration (the #1 cause of Swarm issues)
- Production-ready compose files and multi-stage Dockerfiles
- Prometheus + Grafana monitoring stack
- Platform comparison (Portainer, Dokploy, Coolify, CapRover, Dockge)
- CI/CD versioning and deployment workflows
- [GitHub repo](https://github.com/TheDecipherist/docker-swarm-guide) with all configs
---
## Why Docker Swarm in 2026?
Before the Kubernetes crowd jumps in - yes, I know K8s exists. But here's the thing: **Docker Swarm is still incredibly relevant in 2026**, especially for small-to-medium teams who want container orchestration without the complexity overhead.
Swarm advantages:
- Native Docker integration (no YAML hell beyond compose files)
- Significantly lower learning curve
- Perfect for 2-20 node clusters
- Built-in service discovery and load balancing
- Rolling updates out of the box
- Works with your existing Docker Compose files (mostly)
If you're not running thousands of microservices across multiple data centers, Swarm might be exactly what you need.
---
## Understanding the Docker Swarm Hierarchy
```
Swarm → Nodes → Stacks → Services → Tasks (Containers)
```
- **Swarm**: Your entire cluster. Only works with **pre-built images** - no `docker build` in production.
- **Nodes**: Managers (handle state/scheduling) and Workers (run containers). Use 3 or 5 managers for HA.
- **Stacks**: Groups of related services from a compose file.
- **Services**: Manage replicas, rolling updates, health monitoring, auto-restart.
- **Tasks**: A Task = Container. 6 replicas = 6 tasks.
---
## VPS Requirements & Cost Planning
Docker Swarm is lightweight - minimal overhead compared to Kubernetes.
### Infrastructure Presets
| Preset | Nodes | Layout | Min Specs (per node) | Use Case |
|--------|-------|--------|---------------------|----------|
| **Minimal** | 1 | 1 manager | 1 vCPU, 1GB RAM, 25GB | Dev/testing only |
| **Basic** | 2 | 1 manager + 1 worker | 1 vCPU, 2GB RAM, 50GB | Small production |
| **Standard** | 3 | 1 manager + 2 workers | 2 vCPU, 4GB RAM, 80GB | Standard production |
| **HA** | 5 | 3 managers + 2 workers | 2 vCPU, 4GB RAM, 80GB | High availability |
### Approximate Monthly Costs (2025/2026)
| Provider | Basic (2 nodes) | Standard (3 nodes) | HA (5 nodes) |
|----------|-----------------|--------------------|--------------|
| **Hetzner** | ~€8-12 | ~€20-30 | ~€40-60 |
| **Vultr** | ~$12-20 | ~$30-50 | ~$60-100 |
| **DigitalOcean** | ~$16-24 | ~$40-60 | ~$80-120 |
| **Linode** | ~$14-22 | ~$35-55 | ~$70-110 |
**Why these numbers?**
- **1GB RAM minimum**: Swarm itself uses ~100-200MB, but you need headroom for containers
- **3 or 5 managers for HA**: Raft consensus requires odd numbers for quorum
- **2 vCPU for production**: Single core gets bottlenecked during deployments
### My Recommendation
For most small-to-medium teams:
1. **Start with Basic (2 nodes)** - 1 manager + 1 worker on Vultr or Hetzner
2. **Budget ~$20-40/month** for a production-ready setup
3. **Add nodes as needed** - Swarm makes scaling easy
If you need HA from day one, the **Standard (3 nodes)** preset gives you redundancy without breaking the bank.
### What About AWS/GCP/Azure?
Cloud giants work fine with Swarm, but:
- **More expensive** for equivalent specs
- **More complexity** (VPCs, security groups, IAM)
- **Better if** you need other AWS services (RDS,
Updates to Mediora (open-source Apple TV Jellyfin/Sonarr/Radarr client): Playback fixes, UI polish, and better discovery/search
https://apps.apple.com/us/app/mediora/id6757345487
https://redd.it/1qdz0zc
@r_SelfHosted
How are you handling secrets?
I have made the mistake of going down the secrets management rabbit hole over the last few days and intend to do something to address my obvious shortcomings. Things I am looking to secure:
* Environment variables (both in Docker Compose and regular .env files)
* DNS API keys (e.g. acme.sh)
* Sensitive creds in configuration files, e.g. OIDC client secret.
At this point, it seems my options are between Infiscal and OpenBao but I have no experience with either.
Would love to hear the challenges others have faced, how the challenges were overcome and any recommendations or advice from those who have walked this path before me. Thank you!
https://redd.it/1qdwnzf
@r_SelfHosted
Why hard drives becoming so expensive in 2026?
I was checking on hard drives with a minimum storage capacity of 20TB and was shocked when I saw the prices. I think that the prices increased by at least 20%. What is happening? I thought China had entered the market, but it seems like they're not.
https://redd.it/1qdsu88
@r_SelfHosted
Looking for a self hosted meal planning app with some specific features
I know I have seen something like this, but I can't seem to find what I need. Any help is appreciated.
Here is what I am trying to do:
\- Set a genre of food for each day of the week (Sunday = American, Monday = Italian, Tuesday = Mexican, etc.)
\- Then for each day a handful of random but different (not like 5 lasagna recipes), highly rated recipes (with possibly ingredient limits) are offered
\- After a recipe for each day is selected, a shopping list of what is required for the week/all recipes is generated
\- Ability to print recipes out
Totally cool if this hooks up to other recipe services, as long as it is free or selfhosted.
Thanks!
https://redd.it/1qdoxdo
@r_SelfHosted
Introducing Sendinator - a self-hosted web-based file sharing app
Hi Everyone!
Somewhat inspired by XKCD I wanted to make a self-hosted app that solves the simple problem of sharing a file (or many files) too big to e-mail. Like in the comic; even in 2026, most users would probably use something like google drive or dropbox. It seems dumb that we have to rely on tech giants hosting our files for what should be a pretty basic task.
So my design goals are:
You can share the file before it's finished uploading. I accomplish this by breaking the file or collection into 16MB blocks. The downloader can start getting the blocks before they're all there and gracefully wait. This makes it a LOT more convenient to send large files because you don't have to wait around for the upload before you share.
Handle large file sizes (like 100GB plus)
Handle many files/folders at once (like a million)
Browser only; no plugins or apps
Resilient downloads -- even sleeping your laptop or an extended internet outage won't break the managed downloader
quotas to prevent accidental runaway bandwidth usage. You can issue an upload key of arbitrary amount
Ease of use on all platforms
Easy to deploy (For this community this is probably true, but I think I could make it easier. Currently the easy way to install is to fire up a container or VM; and stick a reverse proxy in front of it like nginx proxy manager. You really want https otherwise browser security breaks things
screenshot: A folder with almost 10,000 files I uploaded with no issues. It even gets decent speed on small files due to chunking them into 16MB blocks
It uses webauthn (passkeys) for dead-simple secure administration
screenshot: admin login
screenshot: admin panel
github
demo instance
key: e4RjTkPX52xJXZDknwSh < I made a limited key so if it runs out, test it on your own server.
demo download of ubuntu iso
FAQ:
Q: Why no end to end encryption?
A: Because E2EE in javascript is bullshit. Why? Because even if the cryptography is properly implemented; there are no guarantees that this isn't randomly disabled for a targeted user. See, the point of E2EE is to secure against even the people who run the server. The problem with that is that if you run the server, you can change the crypto library any time you want. You could disable encryption or steal keys and your browser wouldn't warn you.
Sendinator configured with https encrypts data in transit and then you just have to trust the server you run it on. Don't trust a server, run your own.
https://redd.it/1qdm50e
@r_SelfHosted