Self-Hosted Docker Image Registries

AFFiNE is a collaborative knowledge base and productivity suite designed as a private-first, local-first platform. It provides an integrated workspace that combines structured documents with an infinite digital canvas, allowing users to organize complex information through a block-based model. By prioritizing local data persistence, the platform ensures immediate responsiveness and data sovereignty while maintaining a distributed state for real-time synchronization across multiple devices. The platform distinguishes itself through a canvas-integrated database engine that enables transitions between free-form whiteboarding and structured tabular views. It utilizes conflict-free replicated data types to manage concurrent edits, ensuring consistent collaboration. Users can extend the workspace with modular artificial intelligence integrations, which use natural language prompts to generate, summarize, and transform content into various visual or structured formats. The software is built for self-hosting, allowing teams to maintain full control over their data and infrastructure. It supports container-orchestrated deployment, providing tools for managing private workspaces, authentication, and production-ready environments. The system is designed to be installed and configured on personal or team-managed infrastructure, ensuring that all sensitive information remains within a private, secure, and scalable environment.

Automatisch is an open-source, self-hosted automation platform designed to orchestrate multi-stage workflows across various third-party web services. It functions as a no-code integration engine that allows users to connect disparate applications, enabling the automated movement of data and the execution of tasks without manual intervention. By running the platform on private infrastructure, users maintain full control over their data and ensure compliance with internal security policies. The platform distinguishes itself through a focus on secure, local credential management and flexible integration capabilities. It supports standard authentication methods like OAuth and API keys, storing all third-party credentials in an encrypted format within the local environment. Users can define custom integrations using declarative metadata, allowing the system to handle complex operations such as automatic pagination for large datasets, polling for state changes, and immediate execution via webhooks. Beyond core orchestration, the platform provides a comprehensive suite of utilities for processing and transforming data between workflow steps. It supports the execution of custom HTTP requests to bridge gaps between services that lack native support, and it offers tools for conditional logic and task scheduling. The system is designed for transparency and privacy, allowing administrators to configure environment variables and opt out of telemetry to keep all system metrics and data movement entirely internal.

Dive is a command-line tool designed for the analysis and optimization of container images. It functions as a layered storage inspector, allowing users to decompose image manifests to examine individual filesystem layers and identify opportunities to reduce total image size. The tool features a filesystem diffing engine that calculates net changes between sequential layers to highlight redundant data and storage inefficiencies. Users interact with this data through a terminal-based dashboard that provides keyboard-driven navigation of complex file structures and layer metadata. By abstracting the underlying container runtime, the tool maintains compatibility across various storage formats and engine environments. Beyond manual inspection, the software supports automated quality gates for continuous integration pipelines. It evaluates image metadata against user-defined performance thresholds to validate efficiency and prevent the deployment of suboptimal builds. Configuration files allow for the adjustment of logging levels, interface layouts, and engine preferences to suit specific development workflows.

Blinko is a personal knowledge management system and an LLM-powered knowledge base that enables users to capture and organize thoughts through a bi-directional knowledge graph. It functions as a RAG-enabled note-taking application and a self-hosted Markdown editor, allowing for the creation of permanent documentation and fleeting notes. The project distinguishes itself by integrating retrieval-augmented generation to provide conversational querying and AI-powered analysis of private document libraries. It supports both cloud-based and local AI model integration, enabling users to perform semantic searches across multimodal content, including PDFs and images, while maintaining data privacy. The system covers a broad surface of capabilities, including hierarchical tagging, bidirectional linking, and a plugin-based extensibility framework with a dedicated marketplace. It manages data through a combination of hub-based and peer-to-peer synchronization, with support for S3-compatible object storage and automated archiving. The application is available for cross-platform deployment on macOS, Windows, Linux, and Android, and can be self-hosted using Docker containers.

Docker Compose is a tool for defining and running multi-container applications through declarative configuration files. It functions as an application lifecycle manager, coordinating the startup, shutdown, and scaling of interconnected services within isolated environments. By using a standardized configuration format, it enables infrastructure as code, allowing developers to manage complex application stacks and their dependencies in a single, repeatable file. The project distinguishes itself by integrating directly with the broader Docker platform, leveraging a client-server architecture where a command-line interface communicates with a persistent daemon to manage container lifecycles. It supports advanced development workflows by providing specialized AI agent frameworks, microVM-based sandboxing for secure code execution, and cloud-based offloading for container builds. These capabilities allow for consistent development environments that mirror production configurations while providing integrated security analysis and supply chain guardrails. Beyond core orchestration, the platform encompasses a comprehensive suite of tools for image distribution, automated builds, and enterprise-grade administration. It provides extensive support for managing container runtimes, storage drivers, and registry interactions, ensuring compatibility with standardized container interfaces. The project is supported by a wide range of documentation, including guides, API references, and interactive workshops designed to assist with local development and scalable deployment.

Watchtower is a container-based solution designed to automate the lifecycle management of Docker applications. It functions as a background service that monitors running containers, detects when new base image versions are available in registries, and automatically redeploys the containers to ensure they remain synchronized with the latest builds. The project distinguishes itself through its ability to orchestrate complex deployment workflows and maintain service availability during updates. It interacts directly with the container runtime to manage service dependencies and restart sequences, ensuring that dependent containers are handled in the correct order. Users can further customize the update process by defining lifecycle hooks that execute shell commands before or after a container is replaced, allowing for tailored initialization and cleanup tasks. Beyond automated updates, the tool provides extensive infrastructure observability and flexible management options. It supports event-driven updates via HTTP webhooks, declarative filtering to target specific containers, and secure remote management through encrypted communication and private registry authentication. Operational statistics can be exported to external monitoring systems, and the service can be configured to run in a passive observation mode to track image changes without performing automated redeployments.

Kotaemon is an orchestration framework designed for building modular, agentic workflows that integrate document processing, retrieval-augmented generation, and multi-step reasoning. It provides a comprehensive platform for developing document-based question answering systems, allowing users to chain language models, prompt templates, and external tools into complex, automated pipelines. The system distinguishes itself through a highly modular architecture that emphasizes component-based composition and schema-driven data exchange. It supports autonomous agents capable of decomposing complex queries through iterative processing and tool-calling, while its hybrid retrieval orchestration combines vector similarity and full-text search with re-ranking to improve the accuracy of retrieved context. The framework also features event-driven streaming, which delivers incremental results from long-running pipelines to the user interface in real-time. Beyond its core reasoning capabilities, the platform includes a suite of functional modules for the entire lifecycle of document-based applications. This includes multi-modal parsing for extracting text, tables, and visual elements from diverse file formats, as well as administrative tools for managing document collections, vector stores, and multi-user access. The system is designed to be interface-agnostic, allowing developers to wrap third-party libraries and external services into standardized, reusable processing units. The project provides a web-based user interface for interactive querying and configuration, and it supports deployment of private, isolated instances through predefined templates.

This project is a comprehensive, community-driven directory that serves as a centralized discovery hub for the container ecosystem. It functions as a structured knowledge base, aggregating a wide array of software tools, educational materials, and technical resources designed to assist developers and operators in mastering containerization technologies. The repository distinguishes itself through a meticulously organized taxonomy that maps the entire container lifecycle, from initial development and image building to orchestration, security, and infrastructure operations. By curating disparate external links and documentation into a single, version-controlled collection, it provides a clear navigation path for users seeking specialized utilities, ranging from runtime engines and registry tools to advanced supply chain security and observability solutions. Beyond its role as a tool index, the directory supports professional growth by offering a broad surface of learning resources, including tutorials, best practices, and community-vetted guides. It covers essential operational domains such as multi-container workload management, image hardening, and workflow optimization, ensuring that both newcomers and experienced practitioners have access to a reliable reference for modern containerized systems.

Olares is a comprehensive suite of self-hosted identity, storage, AI, and orchestration services designed for private infrastructure management. It functions as a Kubernetes home server orchestrator, enabling the deployment of containerized applications, AI models, and GPU resources on local hardware to replace third-party cloud services. The platform distinguishes itself through a combination of self-hosted AI infrastructure for running large language models and image generators, alongside a decentralized identity manager that uses cryptographic keys and OIDC for trustless authentication. It further provides a secure remote access gateway and a private cloud storage suite utilizing S3-compatible storage and POSIX-compliant file access. The system covers broad capability areas including container cluster orchestration via a permissionless application marketplace, home automation for smart device coordination, and network traffic management using encrypted tunnels and reverse proxies. It also integrates relational and vector data storage, system health monitoring, and application sandboxing for secure software execution. Management of the cluster and its hosted applications is performed through a command-line interface and a background daemon.

Minikube is a command-line tool designed for local Kubernetes development, enabling users to provision and manage full-featured container clusters directly on a workstation. It serves as a local orchestrator that automates the lifecycle of isolated environments, allowing developers to start, stop, pause, and delete clusters to support testing and integration workflows. The project distinguishes itself through its flexible architecture, which supports multiple virtualization drivers and container runtimes to accommodate diverse host environments. It provides deep integration between the host and the cluster, including bidirectional filesystem mounting, service tunneling for local access, and the ability to build or load container images directly into the cluster runtime. Furthermore, it supports multi-node cluster management and profile-based configuration, allowing users to maintain separate, isolated environments for different projects. Beyond core orchestration, the tool covers a broad range of operational capabilities including dynamic storage provisioning, network policy enforcement, and hardware acceleration for specialized workloads like artificial intelligence. It also includes administrative features such as audit logging, secure authentication, and a web-based dashboard for monitoring cluster health and resource status. The project is distributed as a command-line utility that provides versioning to ensure compatibility between the management interface and the running cluster.

Mealie is a self-hosted recipe management platform designed for personal data ownership and household meal planning. It functions as a digital kitchen assistant that allows users to import, organize, and digitize culinary content from websites, images, and videos into a structured, searchable database. The application supports multi-user collaboration through household management, enabling shared access to recipes and meal plans while maintaining distinct permissions. The platform distinguishes itself through extensive automation and integration capabilities. It features a programmatic interface that supports webhooks and custom actions, allowing users to synchronize shopping lists, trigger external workflows, and display menu information on home automation dashboards. The system also incorporates advanced ingestion tools, including AI-powered ingredient parsing and automated recipe extraction, to streamline the digitization of diverse culinary sources. Beyond core management, the application provides a robust infrastructure for security and extensibility. It supports enterprise-grade authentication through OpenID Connect and LDAP, alongside granular role-based access control. The system is built for flexible deployment, offering containerized packaging and support for both lightweight file-based storage and high-concurrency relational databases. The software is distributed as a containerized application, facilitating consistent deployment across various host environments.

Awesome Compose is a collection of resources designed to demonstrate the orchestration of multi-container applications. It serves as a practical reference for using declarative configuration files to define, manage, and deploy complex software stacks, ensuring that services run consistently across development, testing, and production environments. The project highlights the capabilities of container lifecycle management by providing examples of how to bundle software with its dependencies into isolated, portable units. It emphasizes the use of multi-stage build pipelines to optimize image sizes and the integration of environment variables to decouple application logic from host-specific settings. By leveraging these patterns, users can standardize development workspaces and automate the maintenance of interconnected service architectures. Beyond basic orchestration, the repository covers the broader surface of container infrastructure, including the management of image registries, network configurations, and storage drivers. It also demonstrates how to execute build-time commands and embed complex scripts directly into configuration files to streamline the assembly of containerized environments.

axe-core is an automated accessibility testing engine and compliance auditor designed to scan web and mobile interfaces for violations of industry accessibility standards. It functions as a programmatic scanner and linter that analyzes HTML and source code to identify barriers and verify compliance with accessibility guidelines. The project distinguishes itself by combining a DOM-based rule engine with computer vision and machine learning to detect complex violations that evade traditional analysis, such as visual heading discrepancies and informative images. It provides specialized capabilities for analyzing custom components, verifying text contrast via screenshots, and detecting missing focus indicators. The system covers a broad range of capabilities including real-time accessibility linting in code editors, automated gating within CI/CD pipelines, and guided manual testing for non-experts. It also supports accessibility monitoring through centralized reporting, commit-linked result tracking, and programmatic integration with project management tools.

Maybe is a self-hosted financial platform designed for private deployment, providing a centralized interface to track investments, budgets, and net worth. By running the application on your own infrastructure, you maintain full control over your sensitive financial data and privacy. The platform is delivered as a containerized application suite, utilizing a declarative configuration framework to manage service lifecycles. It distinguishes itself through a structured approach to version control, allowing users to pin specific release tags to ensure environment consistency and perform controlled updates by pulling updated images from a remote registry. The system includes comprehensive tools for managing the application lifecycle, including database volume maintenance and the ability to reset persistent storage states. Deployment is handled through container orchestration, which ensures that the service remains portable and consistent across diverse hosting environments.

Compiler Explorer is an online tool and analysis platform used to translate source code into assembly in real time. It functions as a cross-compiler analysis tool, allowing users to examine how various compilers and versions translate the same source code into machine code to analyze optimizations and generation patterns. The platform supports low-level language debugging and the comparison of assembly output across different compiler toolchains. It also provides a self-hosted environment option for users who need to run private deployments with custom binaries or operate within secure offline networks. The system integrates a remote-execution backend that runs compiler binaries in sandboxed processes and a web-based frontend. It includes a network interface for querying compiler data and retrieving assembly output via an API.

CasaOS is a lightweight software stack designed to transform standard Linux distributions into a comprehensive personal cloud platform. It functions as a management layer that sits atop the host operating system, providing a unified graphical dashboard to deploy, monitor, and administer containerized applications and local hardware resources. By automating the lifecycle of isolated software services, it enables users to maintain a private and secure digital infrastructure on their own hardware. The platform distinguishes itself through a declarative configuration model that continuously reconciles the actual state of services against defined system files. It features a virtualized file system abstraction that aggregates multiple physical storage drives into a single, accessible directory structure, simplifying data organization and network file sharing. A centralized application programming interface gateway translates web-based requests into system commands, ensuring that storage, networking, and container management remain accessible through a single, cohesive interface. Beyond its core management capabilities, the system incorporates an event-driven message bus to coordinate internal communication and real-time hardware updates. It supports modular extensibility, allowing for the dynamic loading of external packages to broaden the platform's functionality. The software is designed for installation across diverse hardware architectures, providing a consistent environment for hosting media collections and self-hosted applications.

This project is a container image registry and server-side storage system designed to house container images, layers, and manifests. It functions as an OCI compliant registry server that adheres to the Open Container Initiative Distribution Specification to store and deliver content over HTTP. The system provides a self-hosted solution for managing private libraries of container images within professional-grade infrastructure. It is designed to enable the development of custom registries by extending a base toolkit with specialized libraries and business logic. The registry covers image distribution and hosting, utilizing a standardized API to serve container content to clients. It manages the storage and delivery of images and manifests to support streamlined application deployment.

K3s is a lightweight Kubernetes distribution designed for resource-constrained environments, edge computing, and simplified deployment across diverse hardware architectures. It functions as a container orchestration engine that automates the deployment, scaling, and management of containerized applications. By bundling all necessary control plane components and dependencies into a single binary, it minimizes the system footprint and streamlines the installation process. The project distinguishes itself through a flexible architecture that supports both high-availability clustering and minimal, single-node setups. It provides options for using an embedded SQLite datastore for small deployments or external databases for larger, resilient environments. Security is integrated into the core, featuring token-based node authentication, encrypted communication between nodes, and support for mandatory access control policies like SELinux. The platform covers a broad operational surface, including automated cluster version upgrades, manifest-based resource deployment, and integrated Helm chart management. It offers extensive configuration capabilities for networking, certificate management, and storage backends, allowing administrators to tailor the environment to specific infrastructure requirements. The system is designed to maintain consistent operational standards across distributed locations, ensuring that management remains centralized even when hardware resources are limited.

This project is a community-curated directory of open-source software designed for deployment in private server environments and home labs. It serves as a comprehensive resource for discovering independent, self-hosted alternatives to mainstream cloud services, enabling users to maintain full data ownership and control over their digital infrastructure. The directory is structured through a hierarchical taxonomy that organizes a vast collection of applications into logical categories, ranging from media management and data analytics to private communication and team productivity tools. It distinguishes itself through a collaborative peer-review process, where community members validate the quality and relevance of each submission to ensure the directory remains accurate and reliable. The project covers a broad capability surface, including infrastructure automation, container-based service deployment, and declarative configuration management. These tools assist users in maintaining reproducible server environments and managing complex service dependencies across private hardware. The directory is maintained as a version-controlled repository, ensuring that all updates and community-driven changes are tracked and transparent.

Podman is a container engine designed for managing containerized applications and images without the need for a persistent background daemon. By utilizing a fork-exec process model, it executes container management commands as direct child processes of the host system, ensuring that container lifecycles are handled through standard host-level process control. The project distinguishes itself through a focus on rootless security and cross-platform compatibility. It employs user namespace mapping to allow unprivileged users to manage isolated workloads without requiring administrative system access. On non-Linux operating systems, it integrates with lightweight virtual machines to provide a native command-line experience for container development. The engine supports the full container lifecycle, including image management, registry interaction, and orchestration of background or interactive services. It adheres to open industry standards for container runtimes and includes capabilities for checkpointing and restoring the memory and process state of running containers to facilitate workload migration.