Skip to content
HomeDock OS

Key Features

HomeDock OS includes a range of powerful features designed to simplify cloud management while ensuring high security, flexibility, and reliability. Below is an overview of the key features currently available:

Seamless SSL Integration

HomeDock OS is designed to automatically integrate SSL certificates located in the /DATA/SSLCerts directory, which are essential for secure HTTPS connections across applications. For self-hosted environments, users must configure a renewal hook to transfer SSL certificates to /DATA/SSLCerts upon renewal. Both HomeDock OS and any deployed applications automatically recognize certificates in this directory, enabling secure connections regardless of the port on which each application runs. This centralized approach to SSL handling ensures a simplified, consistent, and secure setup across all instances.

Shield Mode

HomeDock OS includes an advanced security feature called Shield Mode, which protects against coordinated attacks and unauthorized access attempts. Shield Mode monitors login attempts and activates if it detects unusual login behavior from multiple IP addresses within a specific timeframe.

How Shield Mode Works

  • Activation Thresholds: Shield Mode activates if:
    • There are 3 failed logins from different IPs within 1 minute.
    • There are 7 failed logins from different IPs within 1 hour.
    • There are 24 failed logins from different IPs within 24 hours.
  • Timed Lockouts: Once activated, Shield Mode enforces access restrictions for varying time periods, depending on the severity level:
    • Level 1: 1-hour lock for low-level threats.
    • Level 2: 3-hour lock for moderate threats.
    • Level 3: 12-hour lock for high-level threats.

This mode provides an additional layer of security by automatically blocking suspicious access attempts while ensuring legitimate users can access the platform safely.

View more information about Shield Mode.

User-Friendly Interface

HomeDock OS boasts an intuitive and accessible interface, designed to streamline navigation and enhance usability for users of all technical levels. The dashboard is structured to allow easy access to critical management features, from application monitoring to user settings, so that users can quickly locate and manage their resources.

Direct Updates from GitHub

HomeDock OS features an automated update system that ensures you are always running the latest version with minimal effort. The platform periodically checks for new releases directly from our public GitHub repository, keeping your system up to date with the latest improvements, security patches, and new features.

How It Works

  1. Automatic Version Checks:

    • HomeDock OS periodically verifies if a new version is available.
    • This check happens in the background without interrupting your workflow.

  2. Update Notifications:

    • When a new release is detected, a notification appears in the Notifications Tab.
    • The notification provides details about the update, including the new version available.

  3. One-Click Update Process:

    • Clicking the notification triggers an automatic update.
    • HomeDock OS downloads and applies the update without manual intervention.
    • The update process is designed to be seamless, minimizing downtime.

  4. Automatic System Restart:

    • Once the update is complete, the system automatically restarts.
    • Services are restored in seconds, ensuring continuous availability.

This streamlined approach allows users to keep their HomeDock OS installations secure, stable, and up to date without needing to manually check for updates or perform complex upgrade procedures.

Advanced Security

HomeDock OS implements multiple layers of security to ensure the protection of user data, authentication credentials, and system integrity. These security measures include dynamic encryption for logins, volatile key-based HTTPS emulation, secure file storage, and hardened authentication mechanisms.

Encrypted Login System

To protect login credentials even in non-HTTPS environments, HomeDock OS generates a volatile RSA key pair (4096-bit) upon each system restart. The login process works as follows:

  • Upon accessing the login page, the client retrieves the public key from the backend.
  • The password is encrypted client-side using this public key before being sent to the server.
  • On the server, the password is decrypted in-memory only using the private key, ensuring that credentials are never stored or transmitted in plaintext.

This mechanism kind of emulates HTTPS encryption even when running on an insecure network, preventing credentials from being exposed to packet sniffing or MITM attacks.

Drop Zone File Encryption

Drop Zone, the encrypted file storage system of HomeDock OS, ensures that all files are encrypted before being stored. It uses:

  • AES-256 CBC encryption with a unique random IV per file, ensuring that identical files never have the same encrypted representation.
  • Per-user derived encryption keys, preventing unauthorized access even if a user manages to obtain another user’s encrypted files.
  • Zero plaintext storage: Files are encrypted in memory before being written to disk and are only decrypted when requested by the rightful owner.

Each user’s encryption key is derived from a secure master key using PBKDF2-HMAC-SHA256 with 100,000 iterations and a unique salt, making brute-force attacks highly impractical.

Secure Password Storage & Authentication

HomeDock OS secures user passwords using bcrypt with strong hashing parameters. Features include:

  • Per-user salt generation to prevent rainbow table attacks.
  • Rate-limiting login attempts and Shield Mode activation upon multiple failed login attempts.
  • CSRF protection to prevent session hijacking and unauthorized requests.

Hardened Content Security Policy (CSP)

HomeDock OS enforces an ultra-strict and granular CSP (Content Security Policy) that dynamically adjusts per endpoint to mitigate potential security threats such as XSS, data injection, and clickjacking attacks.

This endpoint-aware CSP ensures that security remains tight and adaptive, even as HomeDock OS expands.

Server Fingerprint Obfuscation

HomeDock OS implements our own HyperSpoof module, an anti-bot and anti-fingerprint system that randomizes server identifiers to mislead automated scanners and malicious bots. This is done by dynamically altering:

  • Server banners: Pretending to be different web servers (Apache, Nginx, IIS, LiteSpeed, etc.).
  • Via headers: Simulating proxy/CDN setups (Varnish, Cloudflare, Squid, etc.).
  • IP headers: Assigning randomized primary and secondary IP addresses.
  • CDN nodes: Rotating between different fake CDN edge locations.

Additionally, HomeDock OS resets these identifiers every 50 requests, ensuring continuous obfuscation against automated fingerprinting attacks.

By combining these security measures, HomeDock OS offers enterprise-grade protection for all user data and authentication processes. Even in self-hosted environments with minimal security, the system remains hardened against attacks, ensuring that sensitive data remains confidential and protected.

Progressive Web App (PWA)

HomeDock OS is also available as a Progressive Web App (PWA), allowing users to experience a more immersive, app-like interface directly from their devices. A WPA is a type of web application that offers features similar to native apps, such as offline functionality and push notifications, but runs directly in the web browser. This means users can “install” HomeDock OS on their desktop via their browser for a secure, seamless experience, or access it on iPhones and Android devices without needing a separate download.

The WPA functionality is ideal for Cloud Instances, enhancing accessibility across all devices while maintaining high security and performance.

To ensure availability as a PWA for both Cloud Instances and self-hosted environments, an SSL certificate must be correctly installed, as PWAs require a secure HTTPS connection by design. This is a necessary condition due to the inherent security requirements of PWAs.

Flexible Configuration

HomeDock OS supports a range of configuration options, allowing users to tailor the platform to their unique needs. With the ability to adjust hostname settings, customize backups, and manage certificates centrally, HomeDock OS provides flexibility without compromising ease of use or security.

Administration Panel

For Cloud Instances, users have access to a dedicated client panel where they can easily manage instance settings, hostname customization, SSL configurations, and backup options. This panel is designed for both simplicity and functionality, giving users full control over their instance without needing technical expertise.

Automatic Backups and Snapshots

HomeDock OS Cloud Instances offers integrated backup solutions, allowing users to create individual backups or snapshots of their instances. This feature provides data integrity and ensures quick recovery in case of any disruptions. Users can restore instances to previous states with minimal effort, ensuring operational continuity.

Optimized Performance

Cloud Instances are hosted on our infrastructure, which is optimized for HomeDock OS, ensuring smooth and reliable performance. For self-hosted users, the platform is designed to adapt to various hardware configurations while maintaining optimal functionality.

These features make HomeDock OS a comprehensive and secure solution for both individual users and organizations. The combination of robust security features, including seamless SSL integration and Shield Mode, alongside user-friendly management and flexible configuration, make HomeDock OS an ideal platform for secure and simplified cloud management.