Application Stack & Security
30+ Docker containers running on Unraid, secured by SWAG reverse proxy and Authelia single sign-on.
Infrastructure Philosophy
I follow a container-first approach, hosting my application stack on Unraid within a custom Docker network. By decoupling applications from the host OS, updates are isolated, rollbacks are fast, and nothing bleeds into the host.
The Secure Edge
All external traffic passes through SWAG and Authelia before reaching any backend service.
Reverse Proxy
SWAG (Nginx) — SSL/TLS Management and Secure Routing
Identity Provider
Authelia — Single Sign-On (SSO) and Global Auth Layer
MFA
WebAuthn / TOTP — Multi-Factor Authentication for external access
Core Services
Immich (Digital Asset Management)
Self-hosted photo/video backups with NVIDIA RTX 3060 hardware acceleration for ML: face detection, CLIP-based smart search. Backed by PostgreSQL with pgvector.
Nextcloud
Private cloud for document storage and file collaboration, replacing reliance on third-party providers.
Syncthing
Continuous, peer-to-peer file synchronization between my MacBook Pro, desktop, and the Unraid server for real-time redundancy.
Duplicacy
Core engine of the 3-2-1 backup strategy. Handles encrypted, deduplicated backups to local SanDisk SSD and Backblaze B2.
Heimdall
Centralized application dashboard for quick access to my most used applications and services.
Databases and Caching
MariaDB for general app data, PostgreSQL for high-concurrency and AI workloads, Redis for session caching in Authelia and Immich stacks.