This repository contains a highly optimized, production-grade, and resilient multi-container Docker Compose layout designed for home-lab services. It includes search, media streaming, downloads, change detection, and headless browsing engines bound together by a robust, secure environment overriding system.
- SearXNG: A privacy-respecting, self-hosted metasearch engine.
- Valkey: A high-performance, open-source key-value database (fully API-compatible Redis fork) acting as SearXNG's caching and rate-limiting (bot-protection) backend.
- qBittorrent: A lightweight, secure torrent downloader (includes automated, custom Python search engine setups).
- Jellyfin: The ultimate voluntary media system for organizing and streaming your private libraries (configured with host-networking and AMD hardware acceleration).
- ChangeDetection.io: (Optional) Powerful self-hosted website change monitoring engine.
- Flaresolverr: (Optional) Proxy server to bypass DDoS protection mechanisms for scraping and indices.
This compose stack is built with the highest standards of production container orchestration:
All service definitions support a modern, 4-layered environment file hierarchy. Variables are evaluated sequentially (later files override/supersede earlier ones), allowing host-specific overrides to be kept strictly separate from the base configurations:
env_file:
- path: ../.env # Global default settings
required: false
- path: ../.env.local # Global machine-specific overrides
required: false
- path: .env # Service-specific default settings
required: false
- path: .env.local # Service-specific machine-specific overrides
required: false- Zero Hardcoded Secrets: Cryptographic keys like
SEARXNG_SECRETare passed dynamically from.envusing environment variables. No secrets are stored insettings.yml. - Privacy-Friendly Directory Mounts: Your physical host storage directories (e.g.
/mnt/...) are kept in your local.envand are strictly excluded from version control via.gitignore. - Clean
.env.example: A fully commented template is provided for a seamless open-source setup experience.
Every container is capped with memory and CPU boundaries using Docker's deploy.resources.limits configuration to prevent memory leaks or background loop bugs from freezing your host system.
To protect your host disk from filling up, all containers are constrained to standard JSON file logging rotations (max-size: "10m", max-file: "3").
Containers running headless Chromium instances (browser-sockpuppet-chrome and flaresolverr) are configured with init: true. This invokes the lightweight Docker init-system to automatically reap zombie child processes.
- Clone this repository to your host machine.
- Copy the template file to
.env:cp .env.example .env
- Open the newly created
.envfile and customize the volume paths (MEDIA_BOOKS,DOWNLOADS_DIR, etc.) to point to your storage directories. - Generate a unique, cryptographically secure key for SearxNG and add it to your
.envunderSEARXNG_SECRET:openssl rand -hex 32
Bring up the entire stack in the background:
docker compose up -dCheck the health status of all running containers:
docker compose ps| Service | Host Port | Internal Port | Environment Override Key |
|---|---|---|---|
| SearXNG | 8888 |
8888 |
SEARXNG_PORT |
| qBittorrent | 8080 |
8080 |
QBITTORRENT_PORT |
| ChangeDetection | 5000 |
5000 |
CHANGEDETECTION_PORT |
| Flaresolverr | 8191 |
8191 |
FLARESOLVERR_PORT |
| Jellyfin | Host Network | 8096 |
Managed via Host Net |