post-script:


go to http://your-server-ip:5001, make an account and log in.

you can see all of your docker stacks here, with the exception of mailcow, you can bring them all up.

next, we have to configure all these services, this is all done through their respective GUIs.

the first one we're going to do is the Nginx reverse proxy, as this is how you'll be able to reach all of your other services. For this, you'll need to set up your DNS:

log into your DNS provider's panel

configure the following two records:

name: @ type: A value: your-public-ip
name: * type: CNAME value: @

this will make every subdomain point to your public ip, routing can then be configured in the proxy:

navigate to http://your-server-ip:81, make an account and log in

first, we'll set up a certificate. navigate to certificates and add a letsencrypt certificate via http

in the domain names box, fill in every subdomain you want to use, here's the list:

yourdomain.tld
www.yourdomain.tld
dash.yourdomain.tld
docker.yourdomain.tld
proxy.yourdomain.tld
dozzle.yourdomain.tld
convert.yourdomain.tld
cloud.yourdomain.tld
vpn.yourdomain.tld
status.yourdomain.tld
tools.yourdomain.tld
docs.yourdomain.tld
browser.yourdomain.tld
download.yourdomain.tld
video.yourdomain.tld
office.yourdomain.tld
vault.yourdomain.tld
dns.yourdomain.tld
test.yourdomain.tld
temp.yourdomain.tld
dozzle.yourdomain.tld

fill these all in, pressing enter between each one. then press save. this will request the certificate. If you set up your domain correctly, this will succeed.


next we're going to create an access list to restrict access to specific networks.

add an access list, name it "Admin" and turn on "satisfy any".

head to the "rules" tab.
add the following allows:
your-public-ip
10.0.0.0/8
192.168.0.0/16
172.16.0.0/12

this will give access to any client reaching out from a local IP or from your public ip. if you have multiple public ips or want to access these services from other locations, you can add the public ip for that network here.

we can choose to apply or not apply this control list to any of our services, if no access list is applied, the service is available publicly, but you do not want to have this for administrative services as there's no reason someone should access them outside of the network.

in case you do need to access these services while not on an allowed network, you can make use of the VPN service we'll set up later to access your services.


now, we can start making proxy hosts. head to the hosts > proxy hosts tab.

when adding a proxy host, the following information is needed:

domain name: this is which domain name gets routed to the server
forward hostname/ip: this should contain either A: the internal ip of your server if you are forwarding to a service with a publicly exposed port or B: the internal docker hostname/ip
forward port: the port on which the service is accessed
access list: for now, set this to admin for everything, some of your sites still show a "make account" field for the admin account, and you do not want someone else accessing this first. 

for all services, leave cache assets and block common exploits off for now, turn on websockets support and in the SSL tab, select your certificate and enable "force SSL"

format:

DN: domainname, HN: forwardhostname, FP: port

DN: browser.yourdomain.tld, HN: browser, FP: 80
DN: cloud.yourdomain.tld, HN: owncloud_server, FP: 8080
DN: convert.yourdomain.tld, HN: convertx, FP: 3000
DN: dash.yourdomain.tld, HN: dashboard, FP: 80
DN: docker.yourdomain.tld, HN: your-server-ip, FP: 5001
DN: docs.yourdomain.tld, HN: bookstack, FP: 80
DN: download.yourdomain.tld, HN: your-server-ip, FP: 3000
DN: office.yourdomain.tld, HN: documentserver, FP: 80
DN: proxy.yourdomain.tld, HN: your-server-ip, FP: 81
DN: status.yourdomain.tld, HN: uptime-kuma, FP: 3001
DN: tools.yourdomain.tld, HN: it-tools, FP: 80
DN: vault.yourdomain.tld, HN: vaultwarden, FP: 80
DN: video.yourdomain.tld, HN: jellyfin, FP: 8096
DN: vpn.yourdomain.tld, HN: wireguard, FP: 51821
DN: www.yourdomain.tld, HN: site, FP: 80
DN: dozzle.yourdomain.tld, HN: dozzle, FP: 8080
DN: dns.yourdomain.tld, HN: pihole, FP: 80


now that this is set up, we can start heading to sites and setting them up:

go to status.yourdomain.tld, choose "embedded mariadb" and make an account


go to video.yourdomain.tld, set your jellyfin server name and make an account. add the /media folder as a mixed shows and movies folder for now, leave everything else default.

go to vault.yourdomain.tld and create your account. 

open the "browser" application in dockge, and look at the logs. it will say "user admin initialized with randomly generated password: passwordhere"

log in on browser.yourdomain.tld with username admin and the password you got from the logs.

in filebrowser, head to settings > user management and change the user password (and username if you want) for the admin user

within filebrowser, you should see the "stacks" folder, which you can use to access all the storage folders for the other containers. this is how you'll be able to upload videos to jellyfin as well as modify your main site.


go to docs.yourdomain.tld, log in with user admin@admin.com and password "password", then click on the user icon and go to "my account > access and security", reset your password here. you can also change the email and username in profile details.




at this point, the following services are ready-to-use:

convert, cloud, dash, docker, download, office, proxy, status, tools, vault, video, vpn, docs, browser.

for cloud:

log into your admin account and go to the market

from the market, you'll at least need to install tools > onlyoffice, but i'd recommend looking through all of the categories and installing anything you feel is useful to you.

then, under settings > additional, fill in https://office.yourdomain.tld in the docs address. 

for the secret key, you can get it from the compose setup on docker.yourdomain.tld, it's the JWT_SECRET.

go through your settings for any other add-ins that need configuration.



for status.yourdomain.tld, we're going to set up monitors for all of the services

click on "add new monitor", fill in both the friendly name and url, set the retries to 10 and enable both expiry notifications. 

repeat this for every site, you can reference your proxy for a list of sites.

once you've done this, go to "status pages" and create a status page with slug "default". in the page that is created, add all of your services. 


for dash.yourdomain.tld, go to users on the bottom right and edit the admin user, set a password and enable "allow public access to front".

now go to application list and add an application. you'll repeat the following for each of your sites:

click application type
search for the application (for example, owncloud)
fill in the URL (for example, https://cloud.yourdomain.tld)
alter the title, colour and icon if no application was found

now when you go to dash.yourdomain.tld, you'll get a dashboard with all of your applications. 


lastly: go to dns.yourdomain.tld and log in with your admin password.

go to settings > dns and enable expert mode. change the interface settings to "permit all origins" so the DNS server can be reached.

then in your router and on any computers with a static network configuration, change your DNS to your server's IP.

you now have access to all of the following:

a full cloud environment via cloud.yourdomain.tld
file conversion via convert.yourdomain.tld
a wireguard VPN via vpn.yourdomain.tld
a password manager via vault.yourdomain.tld
status monitoring at status.yourdomain.tld/status
an ad-blocking, privately managed DNS (managed via dns.yourdomain.tld/admin)
documentation via docs.yourdomain.tld
a youtube downloader via download.yourdomain.tld
an IT toolkit via tools.yourdomain.tld
video streaming via video.yourdomain.tld
a dashboard to access everything via dash.yourdomain.tld

you also have your own site (www.yourdomain.tld), which you can access and edit via browser.yourdomain.tld under stacks > site > config > www, simply place your site files here.

for management, you have access to the following (it is recommended to keep these behind your admin access list):

dozzle.yourdomain.tld - monitoring for your logs
dns.yourdomain.tld - administration for your DNS
docker.yourdomain.tld - management of your services
proxy.yourdomain.tld - management of proxy routing

for each multi-user service, you can make accounts quite easily within the UI, so you can easily give your entire family an account. 



to add more features to your cloud, simply follow this pattern:

#1: find a docker compose example for the service you want

#2: on docker.yourdomain.tld, make a new stack by pressing the compose button, paste the example in and alter it based on the instructions for the service.

#3: change the following section:

ports:
  - 1234:5678

with:

networks:
  - dockge_default
  
do make sure to note the ports on the right side. (so 5678 in this case)

also, check that each of the volumes mounted start with ./ so they show up inside the stacks directory.

once the service is up, in your proxy, set up a dns name, fill in the service name as the forward hostname and fill in that port you noted from earlier.

you may have to request a new certificate for this service, so do that inside the SSL tab.

your new service is now up and ready to use, be sure to follow any setup guidance from the service creator.