Self-Hosting in 2026: The Complete Infrastructure Stack (82 Containers, $0 Cloud Bill)
Complete 2026 self-hosting stack running 82 production containers on bare metal with architecture breakdown.
# Self-Hosting in 2026: The Complete Infrastructure Stack
We run 82 production containers on a single physical server. Grafana, Prometheus, Gitea, Directus CMS, n8n automation, Loki logging, PostgreSQL, Redis, FalkorDB, multiple AI models, and dozens of web applications. Our monthly cloud bill is zero dollars.
This isn't a hobby project. This is a production infrastructure serving real users, with 99.9% uptime over the last year, automated backups, monitoring that pages us before users notice issues, and CI/CD that deploys on every push.
The 2026 self-hosting stack is a fundamentally different proposition than it was even two years ago. The tooling has matured. Docker Compose handles orchestration that once required Kubernetes. Cloudflare Tunnels provide zero-trust access without opening any ports. Reverse proxies auto-provision SSL certificates. And the economics have shifted — cloud costs have risen 15-20% while hardware costs have dropped.
Here's the exact stack, why we chose each component, and the real numbers.
The Hardware Layer
Proxmox VE as the hypervisor. Running LXC containers for lightweight isolation between tenants. The host server has 13GB RAM, NVMe storage across multiple logical volumes, and an NVIDIA GTX 1650 for AI inference workloads.
Why Proxmox over bare Linux? Live migration, snapshot-based backups, web UI for emergency management, and proper resource isolation between workloads. It's the enterprise hypervisor that's actually free.
Storage layout:
/mnt/containers (148GB): Docker data root — all container images and volumes/mnt/projects (84GB): Git repositories, CI/CD artifacts, application code/mnt/databases (15GB): PostgreSQL, Redis, FalkorDB, SQLite databasesThe Networking Layer
Traefik as the reverse proxy. Auto-discovers Docker containers via labels, provisions Let's Encrypt SSL, handles routing, load balancing, and rate limiting. Configuration is entirely label-based — no nginx configs to maintain.
Cloudflare Tunnels for zero-trust access. No ports open on the firewall. Not 80, not 443, not SSH. Everything routes through Cloudflare's network, which handles DDoS protection, CDN caching, and access control. This is genuinely more secure than most cloud deployments.
Authelia for single sign-on. One login across all 82 services. TOTP two-factor authentication. Session management. Access policies per-service. No paying $15/user/month for Auth0 or Okta.
The networking stack gives us: automatic SSL, zero-trust access, SSO, DDoS protection, and CDN caching. Total cost: $0 (Cloudflare free tier + open-source tools).
The Monitoring Stack
Prometheus scrapes metrics from every container every 15 seconds. Recording rules pre-compute expensive queries. 90-day retention.
Grafana visualizes everything. Three-tier dashboard hierarchy: overview, service detail, and debug dashboards. Burn-rate alerts instead of static thresholds to minimize false alarms.
Loki + Promtail for centralized logging. Every container's stdout goes to Loki, queryable via the same Grafana interface. LogQL queries correlate logs with metrics during incidents.
Uptime Kuma for external monitoring. 28 monitors checking every service from outside the network. If our server is unreachable, we know within 60 seconds.
Alert routing: Prometheus → Grafana → ntfy push notifications → phone. Average alert-to-acknowledgment time: 3 minutes.
The CI/CD Layer
Gitea as the Git host. Self-hosted GitHub alternative with Actions support. All repositories push-mirror to GitHub for redundancy, but Gitea is the primary for development.
Gitea Actions for CI/CD. Docker-based runners execute on the same host. Build, test, security scan, deploy — all triggered on push. Average pipeline: 90 seconds from push to production.
Docker Registry (self-hosted). Built images stay local. No pulling from Docker Hub on every deploy. Faster, more reliable, no rate limits.
The Data Layer
PostgreSQL for relational data. Shared across services with schema-level isolation. Daily automated backups with point-in-time recovery.
Redis for caching and session storage. Sub-millisecond reads. Pub/sub for real-time features.
FalkorDB for graph data. Knowledge graphs, relationship mapping, semantic search. Runs on the Redis wire protocol.
SQLite for lightweight applications that don't need a full PostgreSQL database. Sometimes the right answer is the simplest one.
All databases back up nightly to an off-site location. Retention: 30 days of daily snapshots.
The AI/ML Layer
Ollama running Gemma and other open-source models. Local inference on the GTX 1650 — 4GB VRAM is enough for 7B models quantized to 4-bit.
vLLM for production inference endpoints. OpenAI-compatible API. Model swapping without downtime.
This is why the GTX 1650 is in the server. For $200 in hardware, we have unlimited local AI inference with no per-token API costs. Classification, summarization, embedding generation — all free after the hardware purchase.
The Automation Layer
n8n for workflow automation. 14 active workflows handling: content scheduling, email processing, social media posting, webhook routing, and monitoring integrations.
Cron + systemd for lightweight scheduling. Anything that doesn't need n8n's visual builder runs as a systemd timer.
Custom scripts for domain-specific automation. LinkedIn growth engine, content pipeline dispatcher, analytics collection — all containerized, all monitored.
The Real Cost Comparison
Here's what the equivalent infrastructure would cost on AWS:
|-----------|-------------|----------------|-----------------|
That's $30,360 per year in cloud costs eliminated. The server hardware (roughly $2,000) paid for itself in the first month.
When Self-Hosting Is Wrong
Self-hosting isn't for everyone. Don't do this if:
Self-hosting makes sense when you have sustained workloads, predictable traffic, a team that can maintain infrastructure, and a desire for full control and zero vendor lock-in.
Getting Started
The 2026 self-hosting starter path:
1. Start small. One used mini-PC ($200-400), Proxmox, Docker Compose with Traefik + monitoring. 2. Add services incrementally. Move one cloud service at a time. Start with the expensive ones. 3. Cloudflare Tunnel from day one. Zero-trust access without port forwarding. Secure by default. 4. Monitor everything. Prometheus + Grafana + alerting before you add any production workloads. 5. Backup to external storage. Never have all your eggs in one physical location.
The complete Docker Compose file for our 82-service stack is available in the guide linked below. It's opinionated, tested in production for over a year, and ready to deploy.
---
*At TechSaaSTechSaaShttps://www.techsaas.cloud/services/, we help teams design and implement self-hosted infrastructure that matches or exceeds cloud reliability. Whether you're repatriating from cloud or building from scratch, we bring the architecture expertise so your team doesn't have to learn through expensive mistakes.*
Need help with infrastructure?
TechSaaS provides expert consulting and managed services for cloud infrastructure, DevOps, and AI/ML operations.