Apps

These are the productivity apps in Infinity Tools. Note that unlike in the previous chapter, there is no specific order to these apps. You can choose what you need. The chapter numbers are only for organizational purposes.

8: Vaultwarden - Password Manager

Vaultwarden is a self-hosted password manager that lets you store and manage all your passwords securely on your own server. It's compatible with all Bitwarden apps, so you can use it with your phone, computer, and web browser. For comprehensive usage instructions and advanced features, please refer to the official Vaultwarden documentation.

What is Vaultwarden?

Vaultwarden is like a digital safe for all your passwords. Instead of remembering dozens of different passwords, you only need to remember one master password to access all your accounts.

Why Vaultwarden is useful:

Think of it like this: Instead of writing passwords on sticky notes or using the same password everywhere, Vaultwarden keeps them all safe in one encrypted vault that only you can access.

Prerequisites

Before installing Vaultwarden, make sure you have:

Why These Prerequisites Matter

Traefik: Provides secure HTTPS access to your password manager

Docker: Runs Vaultwarden in a secure container

Domain name: Makes it easier to access and more secure

Email: Required for SSL certificates to keep your passwords safe

Step 1: Start Infinity Tools

Make sure you're connected to your server via SSH, then start Infinity Tools:

sudo infinity-tools

Using the Infinity Tools GUI

When you start Infinity Tools, you'll see the main menu. Look for the 📱 APPLICATIONS section - this is where all your apps are located.

Step 2: Navigate to Vaultwarden

In the Infinity Tools menu:

  1. Use your arrow keys to navigate to 📱 APPLICATIONS
  2. Press Enter to open the Applications menu
  3. Look for Vaultwarden in the list
  4. Select it and press Enter

Understanding the Application Menu

The Applications section shows you all available apps:

Look for the turquoise cursor - it shows what you're about to select!

Step 3: Install Vaultwarden

When you select Vaultwarden, you'll see installation options. Choose Install Vaultwarden.

What Happens During Installation

Vaultwarden installation will:

This usually takes 2-3 minutes.

Step 4: Configure Vaultwarden

During installation, you'll be asked several questions:

SSL Configuration

You'll see a prompt like:

🌐 SSL Certificate Configuration
===============================
Do you want to use Traefik for SSL certificates and domain routing?

Y) Yes (default) - Use Traefik with Let's Encrypt SSL and domain
N) No - Standalone with self-signed certificate and direct port access

Choose "Y" (Yes) - This uses Traefik for secure HTTPS access (recommended).

Domain Configuration

You'll be asked for your domain name:

Enter the domain name for Vaultwarden:
[vault.example.com]

What to enter: Use a subdomain like vault.yourdomain.com or passwords.yourdomain.com

Examples:

User Signup Policy

You'll be asked about user signups:

👥 User Signup Policy
==================
Do you want to allow new users to sign up?

Y) Yes - Allow anyone to create an account
N) No - Only admin can create accounts (recommended)

For beginners: Choose "N" (No) - This keeps your password manager private and secure.

Step 5: Wait for Installation

After answering the questions, Vaultwarden will install and start. You'll see messages like:

📦 Installing Vaultwarden...
🔧 Creating configuration...
🌐 Setting up SSL certificates...
🔐 Generating admin token...
✅ Vaultwarden installed successfully!

Step 6: Get Your Admin Token

After installation, you'll see important information:

🔐 Vaultwarden Admin Information
===============================

Admin Token: abc123def456ghi789...
Web Vault: https://vault.yourdomain.com
Admin Panel: https://vault.yourdomain.com/admin

Save Your Admin Token

IMPORTANT: Save your admin token in a safe place! You'll need it to:

How to save it:

Step 7: Verify Vaultwarden is Working

Let's make sure Vaultwarden is running properly.

Check Status in Infinity Tools

In the Infinity Tools menu, go to:

You should see Vaultwarden listed as "RUNNING" or "ACTIVE".

Using the Status Dashboard

The Status & Health section shows you:

Look for the green checkmarks - they indicate everything is working properly!

Test Your Web Vault

Open your web browser and visit your Vaultwarden URL:

Step 8: Create Your First Account

Now it's time to set up your password manager!

Sign Up Process

  1. Visit your Vaultwarden URL in your browser
  2. Click "Create Account"
  3. Enter your email address
  4. Create a strong master password
  5. Confirm your password
  6. Click "Create Account"

Choosing a Strong Master Password

Your master password protects all your other passwords. Make it:

Example: MyDog@2024!Loves#Treats

Step 9: Understanding What Was Created

Vaultwarden installation creates several important files and configurations:

Data Storage

Your password data is stored in:

Web Access

Vaultwarden provides:

Security Features

Vaultwarden includes:

What's Next?

Congratulations! You now have your own password manager running securely on your server.

Next Steps

Getting Help

For detailed usage instructions, advanced features, and troubleshooting, please refer to the official Vaultwarden documentation.

Troubleshooting

Can't Access Vaultwarden

If you can't access your Vaultwarden:

SSL Certificate Issues

If you see security warnings:

Can't Create Account

If signup is disabled:

Quick Reference

Check Vaultwarden status:

docker ps | grep vaultwarden

View Vaultwarden logs:

docker logs vaultwarden

Restart Vaultwarden:

docker restart vaultwarden

Access admin panel:

https://vault.yourdomain.com/admin

You're Ready!

Vaultwarden is now installed and running! You have your own secure password manager that you control completely.

What you accomplished:

Next step: Download the Bitwarden apps for your devices and start using your new password manager!

What You Learned

You now have a professional-grade password manager running on your own server!

Next: Installing Your Next Application (Coming Soon)

9: Passbolt - Team Password Manager

Passbolt is a team-oriented, self-hosted password manager built on OpenPGP. It lets you securely store and share passwords with your team. For comprehensive usage instructions, browser extension setup, and advanced features, please refer to the official Passbolt documentation.

What is Passbolt? (Simple Explanation)

Passbolt helps teams store and share passwords securely. It uses strong encryption and a browser extension to keep your secrets safe and easy to use.

Why Passbolt is useful:

Prerequisites

Before installing Passbolt, make sure you have:

Why These Prerequisites Matter

Traefik: Provides secure HTTPS access

Docker: Runs Passbolt securely in containers

Borgmatic: Automatically backs up your Passbolt data and database

Subdomain: Easy, secure access for your team

Step 1: Start Infinity Tools

Connect via SSH and start Infinity Tools:

sudo infinity-tools

Using the Infinity Tools GUI

From the main menu, go to the 📱 APPLICATIONS section.

Step 2: Install Passbolt

  1. Open 📱 APPLICATIONS
  2. Select Passbolt
  3. Choose Install Passbolt

What Happens During Installation

Step 3: Configure Passbolt

SSL & Domain

You'll be asked whether to use Traefik and for your domain. Recommended:

Admin Account

After installation, you'll finish setup in the browser by creating the first admin user and installing the Passbolt browser extension.

Step 4: Open Passbolt

Once installation completes:

Step 5: Verify and Basics

Troubleshooting

Can't Access the Site

Database Issues

Quick Reference

Web UI: https://pass.yourdomain.com

Data directory: /opt/speedbits/passbolt/

Database credentials: /opt/speedbits/passbolt/db_password.txt

You're Ready!

Passbolt is now installed and ready for your team. Manage users and shared passwords from the web interface and browser extension.

Next: Add your team, create groups, and start sharing passwords securely. For how-to guides and best practices, see the official Passbolt documentation.

10: Syncthing - File Synchronization

Syncthing keeps folders on your devices in sync (PCs, servers, laptops). It’s private, fast, and peer‑to‑peer. For detailed usage and device pairing guides, see the official Syncthing documentation.

Dependency check

What is Syncthing? (Simple Explanation)

Syncthing lets you pick a folder (e.g., Documents) and keep it automatically synchronized between your devices. You choose which devices and folders to sync—nothing is uploaded to third‑party clouds.

Interdependencies

Optional but recommended: Traefik for secure HTTPS access with your domain (easier to reach your server). Borgmatic will back up Syncthing data as part of your regular backups.

Prerequisites

Step 1: Start Infinity Tools

sudo infinity-tools

Step 2: Install Syncthing

  1. Go to 📱 APPLICATIONS
  2. Select Syncthing
  3. Choose Install Syncthing

Using the Infinity Tools GUI

Step 2.1: Choose SSL Mode

You’ll be asked how you want to access Syncthing’s web interface:

Rule of thumb: Use Traefik if you have a domain. Otherwise use Standalone HTTPS for local networks.

Step 3: Open Syncthing

Step 4: First‑Time Basics

  1. Change the GUI password: In Settings → GUI, set a username/password
  2. Set the device name: Give your server a friendly name (e.g., “Home‑Server”)
  3. Create your first folder: Click “Add Folder” → pick a folder path (e.g., /opt/speedbits/syncthing/Documents)

Step 5: Pair a Device

  1. Install Syncthing on your computer/phone (see official downloads)
  2. On your device, copy the Device ID (a long string)
  3. On the server web UI, click “Add Remote Device” → paste the Device ID → give it a name
  4. Accept the pairing request on the other device
  5. Share a folder: Select your folder → “Share With Devices” → pick the device you added

Step 6: Verify It Works

Troubleshooting

Quick Reference

You’re ready to keep your files in sync across devices—privately and securely.

11: Nextcloud - Private Cloud

Nextcloud is a self-hosted cloud platform for files, photos, calendars, and more — think of it like your own private Dropbox or Google Drive. For full usage instructions and advanced features, please refer to the official Nextcloud documentation.

What is Nextcloud? (Simple Explanation)

Nextcloud lets you store and share files, view photos, sync calendars and contacts, and access everything from mobile and desktop apps — all running on your own server, under your control.

Prerequisites

Before installing Nextcloud, make sure you have:

Interdependencies: Backups for Nextcloud use Borgmatic (Chapter 6). Borgmatic notifications rely on Apprise (Chapter 5). If you skip backups now, you can add them later.

Step 1: Start Infinity Tools

Connect to your server via SSH and start Infinity Tools:

sudo infinity-tools

Using the Infinity Tools GUI

In the main menu, go to the 📱 APPLICATIONS section.

Step 2: Open Nextcloud in Applications

  1. Go to 📱 APPLICATIONS
  2. Select Nextcloud
  3. Choose Install Nextcloud

What the installer does

Step 3: Choose HTTPS Mode

When asked about SSL/HTTPS:

Use Traefik for SSL? (Y/n)

Step 4: Enter Your Domain (Traefik Mode)

Example domains:

If you’re not using a domain, the installer will ask you to pick a port for local access.

Step 5: Set Default Storage Quota

The installer offers to set a default per-user quota.

Step 6: Wait for Installation

First-time setup takes about 2–5 minutes. The installer will show progress while Nextcloud initializes.

Step 7: Save Your Admin Credentials

When installation finishes, you’ll see an admin username and password. Write them down and keep them safe.

You can also find them in /opt/speedbits/nextcloud/.env (root-only).

Step 8: Open Nextcloud

Step 9: Verify It’s Running

In Infinity Tools, go to 📊 STATUS & HEALTH → STATUS. You should see Nextcloud and its database running.

Troubleshooting

Can’t access the site

Running out of disk space

SSL warning in standalone HTTPS

Self-signed certificates show a browser warning. Click “Advanced → Proceed” to continue, or switch to Traefik with a real domain for trusted HTTPS.

Quick Reference

Check containers:

docker ps | grep -E "nextcloud|nextcloud-db"

View logs:

docker logs nextcloud

Restart service:

cd /opt/speedbits/nextcloud && docker compose restart

Helpful Resources

12: WordPress - Build Your Website

WordPress is the most popular platform for building websites and blogs. With Infinity Tools, you can install WordPress securely on your own server with just a few steps. For everything beyond installation and basic usage, see the official WordPress documentation.

What is WordPress? (Simple Explanation)

WordPress lets you create a website or blog using themes and plugins — no coding required. You manage posts, pages, and media from a friendly dashboard, and extend features with plugins (contact forms, SEO, e‑commerce, and more).

Prerequisites

Before installing WordPress, make sure you have:

Interdependencies: WordPress uses a database (MariaDB). Database backups integrate with Borgmatic (Chapter 6), and Borgmatic notifications rely on Apprise (Chapter 5).

Step 1: Start Infinity Tools

Connect to your server via SSH and start Infinity Tools:

sudo infinity-tools

Open Applications

  1. Go to 📱 APPLICATIONS
  2. Select WordPress
  3. Choose Install WordPress

Step 2: Choose HTTPS Mode

When prompted:

Use Traefik for SSL? (Y/n)

Step 3: Enter Your Domain (Traefik Mode)

Examples:

No domain? Pick a port when asked (for local access only).

Step 4: Optional Redis Cache

You can enable a performance cache called Redis. If you enable it during installation, Infinity Tools sets up a Redis container for you.

Install the free plugin Redis Object Cache to speed up WordPress:

Redis Object Cache plugin (wordpress.org)

Step 5: Wait for Installation

Setup usually takes a few minutes. WordPress, the database, and (optionally) Redis will be created.

Step 6: Open Your Site

Complete the WordPress setup wizard and create your admin account.

Step 7: Verify It’s Running

In Infinity Tools, go to 📊 STATUS & HEALTH → STATUS. You should see WordPress, the database, and (if used) Redis running.

Where Your Data Lives

Troubleshooting

Can’t access the site

Database connection error

Enable HTTPS in standalone mode

Standalone HTTPS uses a self‑signed certificate and may show a browser warning. Click “Advanced → Proceed”, or switch to Traefik for trusted HTTPS.

Quick Reference

Check containers:

docker ps | grep -E "wordpress|wp-db|redis"

View logs:

docker logs wordpress

Restart services:

cd /opt/speedbits/wordpress && docker compose restart

Helpful Resources

13: Matomo - Privacy‑Friendly Analytics

Matomo is a self‑hosted web analytics platform (an alternative to Google Analytics) that lets you track website visits while keeping full control of your data. For detailed usage and advanced features, please refer to the official Matomo documentation.

What is Matomo? (Simple Explanation)

Matomo shows you how people use your website: how many visitors you have, what pages they view, where they come from, and more — all without sending data to third parties.

Prerequisites

Before installing Matomo, make sure you have:

Interdependencies: Matomo uses a MariaDB database. Database backups are handled by Borgmatic (Chapter 6). Borgmatic notifications rely on Apprise (Chapter 5).

Step 1: Start Infinity Tools

Connect to your server via SSH and start Infinity Tools:

sudo infinity-tools

Open Applications

  1. Go to 📱 APPLICATIONS
  2. Select Matomo
  3. Choose Install Matomo

Step 2: Choose HTTPS Mode

When prompted:

Use Traefik for SSL? (Y/n)

Step 3: Enter Your Domain (Traefik Mode)

Examples:

No domain? The installer will ask you to pick a port for local access.

Step 4: Wait for Installation

First‑time setup takes a few minutes. Matomo and its database will be created and started.

Step 5: Open Matomo and Complete the Wizard

Follow the Matomo setup wizard:

  1. System check → Next
  2. Database setup → The installer shows your database credentials
  3. Create your admin account
  4. Add your first website to track
  5. Copy the tracking code (you’ll paste it into your website later)

Step 6: Verify It’s Running

In Infinity Tools, go to 📊 STATUS & HEALTH → STATUS. You should see Matomo and its database running.

Cron for Archiving (Recommended)

Add this to your server’s crontab to keep reports up‑to‑date:

*/5 * * * * docker exec matomo /usr/local/bin/php /var/www/html/console core:archive >/dev/null 2>&1

Troubleshooting

Can’t access the site

Database connection error

Quick Reference

Check containers:

docker ps | grep -E "matomo|matomo-db"

View logs:

docker logs matomo

Restart services:

cd /opt/speedbits/matomo && docker compose restart

Helpful Resources

14: Webmin - Visual Server Management

Webmin is a web-based interface for managing your Linux server. Instead of using the command line, you can manage users, services, files, system settings, and more through a friendly web browser interface. Think of it as a control panel for your entire server.

For advanced features, module documentation, and detailed guides, see the official Webmin documentation.

Why Webmin?

Prerequisites

Note: Webmin is typically accessed via SSH tunnel for security. The installation script will guide you through this. Traefik mode is optional and allows direct web access.

Step 1: Start Infinity Tools

sudo infinity-tools

Step 2: Install Webmin

  1. Go to 📱 APPLICATIONS
  2. Select Webmin
  3. Choose Install Webmin

Using the Infinity Tools GUI

Step 2.1: Choose SSL Mode

You'll see two options. Here's what each means:

Simple rule of thumb: Use Standalone for security (SSH tunnel), or Traefik if you want direct web access.

Step 2.2: If You Choose Traefik

  1. Enter your subdomain, e.g., webmin.yourdomain.com
  2. Ensure the subdomain's DNS A record points to your server (see Chapter 4.5)
  3. Infinity Tools will configure HTTPS automatically via Let's Encrypt

After install: Your Webmin will be available at https://webmin.yourdomain.com

Step 2.3: If You Choose Standalone

  1. Pick a port (default: 8443)
  2. You'll access Webmin via SSH tunnel (instructions shown after installation)

Step 2.4: Host Filesystem Access

You'll be asked about host filesystem access. This controls whether Webmin can browse files on your actual server (not just inside the container).

What Happens During Installation

Step 3: Access Webmin

If Using Traefik

  1. Wait 30-60 seconds for SSL certificate generation
  2. Open https://webmin.yourdomain.com in your browser
  3. Login with the credentials shown after installation

If Using Standalone (SSH Tunnel)

⚠️ IMPORTANT: Webmin requires an SSH tunnel for secure access. You cannot access it directly from the internet.

On your local computer (not the server), run:

ssh -L 8443:localhost:10000 your-username@your-server-ip

Replace:

Then in your browser, open:

https://localhost:8443

You'll see a security warning (normal for self-signed certificates). Click "Advanced" → "Proceed" to continue.

Step 4: Login to Webmin

After installation, you'll see credentials like:

⚠️ CRITICAL: Write down or save this password immediately! It will NOT be shown again. Use a password manager (like Vaultwarden from Chapter 7) to store it securely.

Login Steps

  1. Enter username: webminadmin
  2. Enter the password shown after installation
  3. Click "Login"

Note: Any user with sudo privileges can also login to Webmin using their system username and password.

Step 5: Understanding the File Manager

⭐ IMPORTANT: When you first open Webmin's File Manager, you're browsing files inside the Webmin container, not your actual server!

How to Access Host System Files

To browse files on your actual server (the host system), you need to navigate to the /host/ folder:

  1. Go to OtherFile Manager in Webmin
  2. You'll see the container's filesystem (usually empty or minimal)
  3. To access host files: Type /host/ in the path bar at the top
  4. Press Enter or click "Go"
  5. Now you'll see your actual server's filesystem!

Understanding the Path Structure

Examples

💡 Tip: Bookmark /host/ or add it to your favorites in Webmin for quick access!

File Access Modes

Depending on what you chose during installation:

What You Can Do in Webmin

System Management

File Management

Monitoring

Security Recommendations

Troubleshooting

Can't Access Webmin

Can't Login

Can't See Host Files

SSH Tunnel Not Working

Where to Find Webmin After Install

You're Ready!

Webmin is now installed and ready to use. You can manage your Linux server visually through the web interface. Remember:

Next steps: Explore Webmin's features, manage your server users, browse files, and configure system settings. Webmin makes server management much easier than using the command line!

15: BookStack - Documentation Platform / Wiki

BookStack is a beautiful, simple documentation and wiki platform. It helps you organize information into Books, Chapters, and Pages - just like a real book! You can write documentation, create knowledge bases, and share information with your team or the world.

For advanced features, API documentation, and customization options, see the official BookStack documentation.

Why BookStack?

Prerequisites

Note: BookStack works best with Traefik and a domain name. It's designed for sharing documentation, so having a friendly URL like docs.yourdomain.com makes it much easier to access.

Step 1: Start Infinity Tools

sudo infinity-tools

Step 2: Install BookStack

  1. Go to 📱 APPLICATIONS
  2. Select BookStack
  3. Choose Install BookStack

Using the Infinity Tools GUI

Step 2.1: Choose SSL Mode

You'll see two options. Here's what each means:

Simple rule of thumb: Use Traefik if you have a domain and want to share your documentation. Use Standalone HTTPS only for testing or private use.

Step 2.2: If You Choose Traefik

  1. Enter your subdomain, e.g., docs.yourdomain.com
  2. Ensure the subdomain's DNS A record points to your server (see Chapter 4.5)
  3. Enter your email address (for SSL certificate notifications)
  4. Infinity Tools will configure HTTPS automatically via Let's Encrypt

After install: Your BookStack will be available at https://docs.yourdomain.com

Step 2.3: If You Choose Standalone

  1. Pick a port (default: 8092)
  2. You'll access BookStack via https://SERVER_IP:8092
  3. Accept the browser security warning (it's safe for private use)

What Happens During Installation

Step 3: Access BookStack

If Using Traefik

  1. Wait 30-60 seconds for SSL certificate generation
  2. Open https://docs.yourdomain.com in your browser
  3. You'll see the BookStack welcome page

If Using Standalone

  1. Open https://SERVER_IP:8092 in your browser
  2. You'll see a security warning (normal for self-signed certificates)
  3. Click "Advanced" → "Proceed to site" to continue
  4. You'll see the BookStack welcome page

Step 4: First Login

⚠️ CRITICAL SECURITY STEP: BookStack comes with default admin credentials that MUST be changed immediately!

Default Credentials (First Time Only)

⚠️ CHANGE THESE IMMEDIATELY! These are public defaults - anyone can guess them!

Login Steps

  1. Click "Login" in the top right corner
  2. Enter email: admin@admin.com
  3. Enter password: password
  4. Click "Log In"

Change Your Password Immediately

  1. After logging in, click your name in the top right corner
  2. Select "My Profile"
  3. Click "Change Password"
  4. Enter your current password (password)
  5. Enter a strong new password (use a password manager!)
  6. Confirm the new password
  7. Click "Save"

💡 Tip: Use a password manager (like Vaultwarden from Chapter 7) to generate and store a strong password!

Step 5: Create Your First Book

Now that you're logged in, let's create your first documentation book!

Creating a Book

  1. Click "Create Book" (usually a big button on the home page)
  2. Enter a book name, e.g., "My Server Documentation"
  3. Add a description (optional but helpful)
  4. Click "Save Book"

Adding Chapters

  1. Inside your book, click "Add Chapter"
  2. Enter a chapter name, e.g., "Getting Started"
  3. Add a description (optional)
  4. Click "Save Chapter"

Creating Pages

  1. Inside a chapter, click "Add Page"
  2. Enter a page title
  3. Start writing! Use the editor toolbar to format text, add images, create lists, etc.
  4. Click "Save Page" when done

Using the Editor

The BookStack editor is like Word or Google Docs:

What You Can Do in BookStack

Content Organization

Content Features

Sharing & Export

Security Recommendations

Troubleshooting

Can't Access BookStack

Can't Login

Slow Loading

Lost Password

Where to Find BookStack After Install

Backing Up Your Documentation

Your BookStack content is stored in:

To backup:

cd /opt/speedbits
tar czf bookstack-backup.tar.gz bookstack/

To restore: Extract the backup and restart BookStack containers.

Email Configuration (Optional)

After installation, you'll be asked if you want to configure email (SMTP). This is optional but useful for:

You can skip this and configure it later from the Infinity Tools menu or web interface.

You're Ready!

BookStack is now installed and ready to use. You can start creating beautiful documentation! Remember:

Next steps: Create your first book, write some pages, upload images, and explore all the features. BookStack makes documentation fun and easy!

16: Uptime Kuma - Uptime Monitoring & Status Pages

Uptime Kuma is a beautiful, self-hosted monitoring tool that watches your websites, servers, and services 24/7. It tells you immediately when something goes down, shows you uptime statistics, and can even create public status pages (like status.github.com) to show your users that everything is working.

For advanced features, API documentation, and customization options, see the official Uptime Kuma documentation.

Why Uptime Kuma?

Prerequisites

Note: Uptime Kuma works great with Traefik and a domain name. Having a friendly URL like status.yourdomain.com makes it easy to access your monitoring dashboard and share status pages.

Step 1: Start Infinity Tools

sudo infinity-tools

Step 2: Install Uptime Kuma

  1. Go to 📱 APPLICATIONS
  2. Select Uptime Kuma
  3. Choose Install Uptime Kuma

Using the Infinity Tools GUI

Step 2.1: Choose SSL Mode

You'll see two options. Here's what each means:

Simple rule of thumb: Use Traefik if you have a domain and want secure access. Use Standalone HTTP only for testing or private use.

Step 2.2: If You Choose Traefik

  1. Enter your subdomain, e.g., status.yourdomain.com
  2. Ensure the subdomain's DNS A record points to your server (see Chapter 4.5)
  3. Infinity Tools will configure HTTPS automatically via Let's Encrypt

After install: Your Uptime Kuma will be available at https://status.yourdomain.com

Step 2.3: If You Choose Standalone

  1. Pick a port (default: 3001)
  2. You'll access Uptime Kuma via http://SERVER_IP:3001

Step 2.4: Docker Container Monitoring (Optional)

You'll be asked if you want to enable Docker container monitoring:

Step 2.5: Timezone (Optional)

You can set your timezone for monitoring logs and graphs. Examples:

Leave empty for UTC (default).

What Happens During Installation

Step 3: Access Uptime Kuma

If Using Traefik

  1. Wait 30-60 seconds for SSL certificate generation
  2. Open https://status.yourdomain.com in your browser
  3. You'll see the Uptime Kuma setup wizard

If Using Standalone

  1. Open http://SERVER_IP:3001 in your browser
  2. You'll see the Uptime Kuma setup wizard

Step 4: Create Your Admin Account

⚠️ CRITICAL: Uptime Kuma requires you to create admin credentials on your FIRST login. There is NO default password!

Setup Steps

  1. You'll see: "Create your admin account"
  2. Enter a username (choose any username you like)
  3. Enter a password:
    • Minimum: 8 characters
    • Recommended: 12+ characters
    • Best: 20+ characters (use a password manager!)
  4. ⚠️ WRITE DOWN YOUR CREDENTIALS IMMEDIATELY!
    • This is your ONLY chance to set the initial password
    • There is NO "forgot password" on first setup!
    • Use a password manager (like Vaultwarden from Chapter 7) to store it securely
  5. Click "Create"
  6. ✅ Done! You'll see the monitoring dashboard

If You Forget Your Password

Don't worry! You can reset it using the command line:

  1. Run: docker exec -it uptime-kuma npm run reset-password
  2. Enter your username
  3. Enter a new password
  4. Log in with your new password

Step 5: Add Your First Monitor

Now that you're logged in, let's start monitoring something!

Adding a Monitor

  1. Click "Add New Monitor" (big button on the dashboard)
  2. Choose monitor type:
    • HTTP(s) - Monitor websites and APIs
    • TCP Port - Monitor if a port is open (SSH, databases, etc.)
    • Ping - Check if a server responds
    • Docker Container - Monitor Docker containers (if enabled)
    • DNS - Check DNS records
    • And more!
  3. Enter the URL or IP address to monitor
  4. Set check interval (default: 60 seconds - how often to check)
  5. Click "Save"

Example: Monitor Your Website

  1. Type: HTTP(s)
  2. URL: https://yourdomain.com
  3. Check interval: 60 seconds
  4. Click "Save"

Uptime Kuma will now check your website every 60 seconds and show you if it's up or down!

Step 6: Set Up Notifications

To get alerts when something goes down, you need to configure notifications.

Setting Up Notifications

  1. Go to: SettingsNotifications
  2. Click "Setup Notification"
  3. Choose a provider:
    • Discord - Get alerts in Discord
    • Slack - Get alerts in Slack
    • Telegram - Get alerts via Telegram
    • Email - Get alerts via email
    • Apprise - Use Apprise for 80+ services (if you have Apprise installed)
    • And 80+ more!
  4. Follow the setup instructions for your chosen provider
  5. Test the notification
  6. Click "Save"

Using Apprise (If Installed)

If you have Apprise installed (Chapter 5), you can use it for notifications:

  1. Type: Apprise (Self-hosted)
  2. URL: http://apprise:8000/notify/{YOUR-KEY}
  3. This lets you use all 80+ Apprise notification services!

Step 7: Create a Status Page (Optional)

Status pages let you show your users that your services are working. They're public (no login required) and look professional.

Creating a Status Page

  1. Go to: Status Pages
  2. Click "New Status Page"
  3. Enter a name, e.g., "My Services Status"
  4. Choose which monitors to display publicly
  5. Customize the appearance (colors, logo, etc.)
  6. Click "Save"
  7. Share the public URL with your users!

What You Can Monitor

Monitor Types

What You'll See

Security Recommendations

Troubleshooting

Can't Access Uptime Kuma

Can't Create Admin Account

Monitors Not Working

Notifications Not Sending

Where to Find Uptime Kuma After Install

Backing Up Your Monitoring Data

Your Uptime Kuma data is stored in:

To backup:

cd /opt/speedbits
tar czf uptime-kuma-backup.tar.gz uptime-kuma/

To restore: Extract the backup and restart the Uptime Kuma container.

Or use Uptime Kuma's built-in backup: Go to Settings → Backup → Download Backup

You're Ready!

Uptime Kuma is now installed and ready to monitor your services! Remember:

Next steps: Add monitors for your websites and services, configure notifications, and create a status page. Uptime Kuma will help you keep everything running smoothly!

17: Netdata - Real-time Performance Monitoring

Netdata is a powerful, real-time monitoring tool that shows you exactly what's happening on your server right now. It displays beautiful graphs of CPU, memory, disk, network, and Docker containers - updating every single second! Think of it as a real-time health dashboard for your entire server.

For advanced features, API documentation, and customization options, see the official Netdata documentation.

Why Netdata?

Prerequisites

Note: Netdata works great with Traefik and a domain name. Having a friendly URL like monitor.yourdomain.com makes it easy to access your monitoring dashboard.

Step 1: Start Infinity Tools

sudo infinity-tools

Step 2: Install Netdata

  1. Go to 📱 APPLICATIONS
  2. Select Netdata
  3. Choose Install Netdata

Using the Infinity Tools GUI

Step 2.1: Choose SSL Mode

You'll see two options. Here's what each means:

Simple rule of thumb: Use Traefik if you have a domain and want secure access. Use Standalone HTTP only for testing or private use.

Step 2.2: If You Choose Traefik

  1. Enter your subdomain, e.g., monitor.yourdomain.com
  2. Ensure the subdomain's DNS A record points to your server (see Chapter 4.5)
  3. Infinity Tools will configure HTTPS automatically via Let's Encrypt

After install: Your Netdata will be available at https://monitor.yourdomain.com

Step 2.3: If You Choose Standalone

  1. Pick a port (default: 19999)
  2. You'll access Netdata via http://SERVER_IP:19999

Step 2.4: Multi-Server Monitoring (Optional)

You'll be asked if you want to stream metrics to a Netdata Director (parent server):

Step 2.5: Apprise Notifications (Optional)

If you have Apprise installed (Chapter 5), you can enable alert notifications:

What Happens During Installation

Step 3: Access Netdata

If Using Traefik

  1. Wait 30-60 seconds for SSL certificate generation
  2. Open https://monitor.yourdomain.com in your browser
  3. You'll see the Netdata dashboard immediately!

If Using Standalone

  1. Open http://SERVER_IP:19999 in your browser
  2. You'll see the Netdata dashboard immediately!

⚠️ IMPORTANT SECURITY NOTE: Netdata has NO username/password protection by default! Anyone who can access the URL can see your monitoring data. If using Traefik, strongly consider adding Basic Auth protection. If using standalone mode, keep it on a private network only!

Step 4: Understanding the Dashboard

When you first open Netdata, you'll see a beautiful dashboard with lots of graphs. Here's what everything means:

Main Sections

Reading the Graphs

Key Metrics to Watch

Step 5: Docker Container Monitoring

One of Netdata's best features is automatic Docker container discovery and monitoring!

What You'll See

How to Use It

  1. Click on "Docker" in the left sidebar
  2. You'll see all your containers listed
  3. Click on any container to see its detailed metrics
  4. Watch for containers using too much CPU or RAM

Step 6: Alert Notifications (If Enabled)

If you enabled Apprise notifications, Netdata will automatically send alerts when:

How Alerts Work

  1. Netdata detects a problem (e.g., CPU too high)
  2. Sends alert to Apprise
  3. Apprise forwards to your configured channels (Discord, Slack, Email, etc.)
  4. You get notified immediately!

Customizing Alerts

You can customize alert thresholds by editing configuration files:

nano /opt/speedbits/netdata-client/netdata/health.d/cpu_usage.conf

Change the warning/critical thresholds to your preferences.

Security Recommendations

Adding Basic Auth Protection

If using Traefik, you can add username/password protection:

  1. Run: sudo bash Infrastructure/websiteprotection.sh
  2. Select "netdata"
  3. Enter username and password
  4. Now your dashboard is protected!

Troubleshooting

Can't Access Netdata

No Docker Containers Showing

Alerts Not Working

High Resource Usage

Where to Find Netdata After Install

Useful Features

Historical Data

Netdata stores historical data so you can see trends over time:

Exporting Data

You can export graphs and data:

Custom Dashboards

Netdata allows you to create custom dashboards:

You're Ready!

Netdata is now installed and monitoring your server in real-time! Remember:

Next steps: Explore the dashboard, check your Docker containers, set up alerts, and use Netdata to keep your server running smoothly!

18: Netdata Director - Multi-Server Monitoring Hub

Netdata Director is a centralized monitoring dashboard that lets you monitor multiple servers from one place. Instead of opening separate dashboards for each server, you get one unified view showing all your servers' metrics, alerts, and performance data. Think of it as a command center for all your infrastructure!

⚠️ IMPORTANT: Netdata Director is a Pro+ feature that requires a license. For single-server monitoring, use regular Netdata (Chapter 17) which is free.

For advanced features, API documentation, and customization options, see the official Netdata documentation.

Why Netdata Director?

Director vs Regular Netdata

Regular Netdata (Free)

Netdata Director (Pro+)

Prerequisites

Note: Netdata Director works best with Traefik and a domain name. Having a friendly URL like monitoring.yourdomain.com makes it easy to access your centralized dashboard.

How It Works

Netdata Director uses a parent-child architecture:

Director (Parent)

Child Nodes

Step 1: Verify Pro+ License

Before installing, make sure you have a Pro+ license. The installation script will check for this automatically.

If you don't have a Pro+ license:

Step 2: Start Infinity Tools

sudo infinity-tools

Step 3: Install Netdata Director

  1. Go to 📱 APPLICATIONS
  2. Select Netdata Director
  3. Choose Install Netdata Director

Using the Infinity Tools GUI

Step 3.1: Choose SSL Mode

You'll see two options. Here's what each means:

Step 3.2: If You Choose Traefik

  1. Enter your subdomain, e.g., monitoring.yourdomain.com
  2. Ensure the subdomain's DNS A record points to your server (see Chapter 4.5)
  3. Infinity Tools will configure HTTPS automatically via Let's Encrypt

After install: Your Netdata Director will be available at https://monitoring.yourdomain.com

Step 3.3: Apprise Notifications (Optional)

If you have Apprise installed (Chapter 5), you can enable centralized alert notifications:

Step 3.4: Save Your Stream API Key

⚠️ CRITICAL: During installation, a Stream API Key will be generated. This key is used to connect child nodes to the Director.

What Happens During Installation

Step 4: Access Netdata Director

If Using Traefik

  1. Wait 30-60 seconds for SSL certificate generation
  2. Open https://monitoring.yourdomain.com in your browser
  3. You'll see the Director dashboard!

If Using Standalone

  1. Open http://SERVER_IP:19999 in your browser
  2. You'll see the Director dashboard!

⚠️ IMPORTANT SECURITY NOTE: Netdata Director has NO username/password protection by default! However, you CANNOT use Basic Auth because it blocks child nodes from streaming data. Instead, use firewall rules, VPN access, or Netdata Cloud for security.

Step 5: Connect Child Nodes

Now that Director is running, you need to connect your other servers (child nodes) to it.

On Each Server You Want to Monitor

  1. SSH into the server
  2. Run: sudo infinity-tools
  3. Go to 📱 APPLICATIONSNetdataInstall
  4. When asked about streaming, choose Yes
  5. Enter Director details:
    • Director hostname/IP: The Director server's IP or domain
    • Director port: 19999 (or your custom port)
    • Stream API key: The key you saved during Director installation
  6. Complete the installation

What Happens Next

Step 6: Using the Director Dashboard

Switching Between Servers

  1. Open the Director dashboard
  2. Look for a dropdown menu (usually top-left or top-right)
  3. Select a server from the dropdown
  4. Dashboard updates to show that server's metrics

What You'll See

Security Recommendations

Security Options

Since Basic Auth doesn't work with Director, use these alternatives:

Troubleshooting

Can't Access Director

Child Nodes Not Appearing

Lost API Key

Where to Find Netdata Director After Install

Useful Features

Data Retention

Director stores historical data for all servers:

Centralized Alerts

If Apprise is enabled, you'll get alerts from all servers:

You're Ready!

Netdata Director is now installed and ready to monitor multiple servers! Remember:

Next steps: Connect your first child node, verify it appears in the dashboard, and start monitoring all your servers from one place!

19: Installing WireGuard - Secure VPN Access

WireGuard is a modern, fast, and secure VPN (Virtual Private Network) that lets you access your server and its services securely from anywhere. Once connected, you can access internal services, manage your server, and browse securely - all encrypted and protected!

For advanced features, API documentation, and technical details, see the official WireGuard documentation.

Why WireGuard?

Prerequisites

Note: WireGuard works great with Traefik and a domain name. Having a friendly URL like vpn.yourdomain.com makes it easy to access the web management interface.

Step 1: Start Infinity Tools

sudo infinity-tools

Step 2: Install WireGuard

  1. Go to 📱 APPLICATIONS
  2. Select WireGuard
  3. Choose Install WireGuard

Using the Infinity Tools GUI

Step 2.1: Network Configuration

You'll be asked to configure two networks:

VPN Network (Default: 10.13.13)

Host Network (Default: 10.13.14)

💡 Tip: Unless you have a specific reason, accept the defaults (just press Enter).

Step 2.2: DNS Configuration

WireGuard will automatically detect your server's DNS settings. This ensures VPN clients use the same DNS as your server for consistency.

Usually, you can just accept the auto-detected DNS (press Enter).

Step 2.3: Choose SSL Mode

You'll see two options. Here's what each means:

Simple rule of thumb: Use Standalone for most cases. Use Traefik if you have a domain and want trusted SSL.

Step 2.4: VPN Port Configuration

You'll be asked for the UDP port for VPN connections:

Step 2.5: Server Endpoint

You'll be asked for your server's public IP address or domain name:

What Happens During Installation

Step 3: Open Firewall Port

⚠️ CRITICAL: You MUST open the VPN port in your firewall, or clients cannot connect!

Opening the Port

sudo ufw allow 51820/udp

Replace 51820 with your custom port if you chose a different one.

Why This Matters

Step 4: Access WireGuard Web Interface

If Using Traefik

  1. Wait 30-60 seconds for SSL certificate generation
  2. Open https://vpn.yourdomain.com in your browser
  3. You'll see the WireGuard login page

If Using Standalone

  1. Open https://SERVER_IP:8445 in your browser
  2. You'll see a security warning (normal for self-signed certificates)
  3. Click "Advanced" → "Proceed to site" to continue
  4. You'll see the WireGuard login page

Step 5: Login to Web Interface

⚠️ CRITICAL: During installation, a random password was generated and displayed. Save it immediately!

Default Credentials

If You Lost the Password

You can retrieve it from:

cat /opt/speedbits/wireguard/web-password.txt

Login Steps

  1. Enter username: admin
  2. Enter the password shown during installation
  3. Click "Login"
  4. You'll see the WireGuard dashboard!

Step 6: Create Your First VPN Client

Now that you're logged in, let's create your first VPN client!

Adding a Client

  1. Click "Add Client" or the "+" button
  2. Enter a name for your device, e.g., "My Phone", "Laptop", "Work PC"
  3. Configure settings (or use defaults):
    • Allowed IPs: Usually auto-filled (VPN network + Host network)
    • Use Server DNS: Usually enabled (recommended)
  4. Click "Save" or "Create"
  5. You'll see a QR code and download options!

What You'll Get

Step 7: Set Up WireGuard on Your Device

Windows

  1. Install WireGuard from Microsoft Store
  2. Open WireGuard app
  3. Click "Add Tunnel""Import from file"
  4. Select the downloaded .conf file
  5. Click "Activate" to connect

Android/iOS/macOS

  1. Install WireGuard app from Play Store/App Store
  2. Open WireGuard app
  3. Tap "+""Create from QR code"
  4. Scan the QR code from the web interface
  5. Tap "Activate" to connect

Linux

  1. Install WireGuard: sudo apt install wireguard
  2. Copy the .conf file to: /etc/wireguard/wg0.conf
  3. Start WireGuard: sudo wg-quick up wg0
  4. Enable auto-start: sudo systemctl enable wg-quick@wg0

Step 8: Understanding VPN Networks

WireGuard creates two networks for different purposes:

VPN Network (10.13.13.0/24)

This network is for WireGuard clients and Docker services:

Host Network (10.13.14.0/24)

This network is for accessing host services (services running directly on the server):

What You Can Access via VPN

Docker Services (VPN Network)

Host Services (Host Network)

Security Recommendations

Firewall Best Practices

After setting up WireGuard, you can close other public ports:

# Close Webmin public access (access via VPN instead)
sudo ufw delete allow 8443

# Close Apprise public access (access via VPN instead)
sudo ufw delete allow 8444

# Close WireGuard web UI public access (access via VPN instead)
sudo ufw delete allow 8445

Now access everything securely via VPN!

Troubleshooting

Can't Connect to VPN

Can't Access Web Interface

Can't Access Services via VPN

Lost Web UI Password

Where to Find WireGuard After Install

Managing VPN Clients

Adding More Clients

Simply repeat Step 6 for each device you want to connect. Each device gets its own unique IP address.

Disabling Clients

In the web interface, you can disable clients without deleting them. This is useful if you temporarily don't want a device to connect.

Viewing Connection Stats

The web interface shows connection statistics for each client, including data transferred and connection time.

You're Ready!

WireGuard is now installed and ready to use! Remember:

Next steps: Create your first client, set up WireGuard on your device, test the connection, and start accessing your services securely from anywhere!

20: Warpgate - Secure SSH Gateway

Warpgate is a secure SSH gateway (also called a "bastion host") that provides a web interface for managing SSH access to your server. Instead of connecting directly to your server, you connect through Warpgate, which adds an extra layer of security and makes it easier to manage who can access what.

For advanced features, API documentation, and technical details, see the official Warpgate documentation.

Why Warpgate?

Prerequisites

Note: Warpgate works great with Traefik and a domain name. Having a friendly URL like warpgate.yourdomain.com makes it easy to access the web management interface.

Step 1: Start Infinity Tools

sudo infinity-tools

Step 2: Install Warpgate

  1. Go to 📱 APPLICATIONS
  2. Select Warpgate
  3. Choose Install Warpgate

Using the Infinity Tools GUI

Step 2.1: Choose SSL Mode

You'll see two options. Here's what each means:

Simple rule of thumb: Use Traefik if you have a domain (recommended). Use Standalone if you don't have a domain.

Step 2.2: Domain Configuration (Traefik Mode)

If you chose Traefik, you'll be asked for your domain:

Step 2.3: Port Configuration (Standalone Mode)

If you chose Standalone, you'll be asked for a port:

What Happens During Installation

Step 3: Set Up Admin Account

After installation, Warpgate will run an interactive setup. You'll be prompted to create an admin account:

Admin Setup Prompts

  1. Admin username: Choose a username for the admin account (e.g., admin)
  2. Admin password: Choose a strong password (you'll use this to log into the web interface)
  3. Confirm password: Enter the password again to confirm

⚠️ IMPORTANT: Save these credentials immediately! You'll need them to access the web interface.

Step 4: Access Warpgate Web Interface

If Using Traefik

  1. Wait 30-60 seconds for SSL certificate generation
  2. Open https://warpgate.yourdomain.com in your browser
  3. You'll see the Warpgate login page

If Using Standalone

  1. Open https://SERVER_IP:8888 in your browser
  2. You'll see a security warning (normal for self-signed certificates)
  3. Click "Advanced" → "Proceed to site" to continue
  4. You'll see the Warpgate login page

Step 5: Login to Web Interface

  1. Enter the admin username you created during setup
  2. Enter the admin password you created during setup
  3. Click "Login"
  4. You'll see the Warpgate dashboard!

Step 6: Understanding Warpgate

Warpgate acts as a gateway (or "bastion") between you and your server:

How It Works

What You Can Do

Step 7: Add Your First Target (Server)

Before users can connect, you need to add a "target" (the server they'll connect to):

Adding a Target

  1. In the web interface, go to "Targets" or "Servers"
  2. Click "Add Target" or the "+" button
  3. Enter target details:
    • Name: A friendly name (e.g., "My Server")
    • Host: The server's IP address or hostname (usually localhost or 127.0.0.1 for the same server)
    • Port: SSH port (usually 22)
    • Username: The SSH username (e.g., your server username)
  4. Click "Save" or "Create"

For Same-Server Access

If Warpgate is running on the same server you want to access:

Step 8: Add Users

Now add users who can connect through Warpgate:

Adding a User

  1. In the web interface, go to "Users"
  2. Click "Add User" or the "+" button
  3. Enter user details:
    • Username: A username for Warpgate (e.g., "john")
    • Password: A password for this user
    • Email: Optional email address
  4. Click "Save" or "Create"

Granting Access

After creating a user, grant them access to targets:

  1. Go to the user's profile
  2. Find "Access" or "Targets" section
  3. Select which targets this user can access
  4. Save the changes

Step 9: Connect via SSH Through Warpgate

Now you can connect to your server through Warpgate:

SSH Connection

ssh -p 2222 warpgate-user@warpgate.yourdomain.com

Or if using standalone mode:

ssh -p 2222 warpgate-user@SERVER_IP

What Happens

  1. You connect to Warpgate on port 2222
  2. Warpgate asks for your Warpgate username and password
  3. After authentication, Warpgate shows you available targets
  4. You select which target (server) you want to connect to
  5. Warpgate connects you to that server

First-Time Connection

On your first connection, you'll see:

  1. Warpgate login prompt
  2. Enter your Warpgate username and password
  3. List of available targets
  4. Select a target to connect
  5. You're now connected to your server!

Step 10: Security Best Practices

Close Direct SSH Access

Once Warpgate is working, you can close direct SSH access to your server:

# Close port 22 (direct SSH)
sudo ufw delete allow 22/tcp

# Keep port 2222 open (Warpgate SSH)
sudo ufw allow 2222/tcp

⚠️ WARNING: Only do this after testing Warpgate! Make sure you can connect through Warpgate before closing port 22.

Firewall Configuration

User Management

Troubleshooting

Can't Access Web Interface

Can't Connect via SSH

Forgot Admin Password

Target Connection Fails

Where to Find Warpgate After Install

Managing Warpgate

Adding More Users

Simply repeat Step 8 for each user you want to add. Each user can have access to different targets.

Adding More Targets

Add more servers by repeating Step 7. Users can then be granted access to these new targets.

Viewing Sessions

The web interface shows active SSH sessions, including who's connected and what they're doing.

Session Recording

Warpgate can record SSH sessions for security auditing. Check the settings in the web interface to enable this.

You're Ready!

Warpgate is now installed and ready to use! Remember:

Next steps: Add your first target, create users, grant access, test SSH connection through Warpgate, and optionally close direct SSH access (port 22) for better security!