Key Features

HomeDock OS includes a range of powerful features designed to simplify cloud management while ensuring high security, flexibility, and reliability. Below is an overview of the key features currently available:

Universal Multi-Platform Support

HomeDock OS is designed to run seamlessly across all major platforms, providing a consistent experience regardless of your deployment environment:

Platform	Deployment Type	Description
Linux	Native/Headless	Full server deployment with `/DATA/HomeDock` storage
macOS	Desktop App	Native experience via HomeDock OS Desktop with `~/HomeDock` storage
Windows	Desktop App	Native experience via HomeDock OS Desktop with `C:\HomeDock` storage
Docker	Container	Docker-in-Docker support with automatic host detection
Raspberry Pi	Native	Optimized for ARM architecture and lightweight hardware

The platform is automatically detected at runtime and all paths, configurations, and features adapt accordingly. When running inside Docker, HomeDock OS uses host.docker.internal for seamless communication with the host Docker daemon, enabling full container management capabilities even from within a container.

_{HomeDock OS automatically detects your platform and configures storage paths, network settings, and feature availability. No manual configuration required.}

Application Update Notifications

HomeDock OS includes an intelligent update detection system that monitors your installed applications for available updates:

Automatic Digest Comparison: Every 3 hours, a background thread compares local Docker image manifests against remote registry digests
:latest Tag Support: Applications using :latest tags are automatically checked for newer versions
Visual Indicators: The taskbar displays a badge showing the number of applications with available updates
One-Click Updates: Click on any update notification to trigger the update process
Update Queue: Multiple updates are queued and processed sequentially to prevent system overload
Real-Time Progress: Visual feedback shows update progress for each application

_{The update system uses manifest digest comparison, not just tag checking. This means even if an image uses the same tag, HomeDock OS will detect when the actual image content has changed.}

Two-Factor Authentication (2FA)

HomeDock OS supports Time-based One-Time Password (TOTP) authentication for enhanced account security:

TOTP Support: Compatible with Google Authenticator, Authy, and other TOTP apps
Backup Codes: 10 single-use backup codes generated during setup for emergency access
Device Trust: Trusted devices can be remembered for 30 days using secure SHA256 hashes
Rate Limiting: Maximum 3 failed 2FA attempts per 5-minute window to prevent brute force
Secure Storage: 2FA secrets are stored securely in the server configuration

Seamless SSL Integration

HomeDock OS is designed to automatically integrate SSL certificates natively, which are essential for secure HTTPS connections across applications. For self-hosted environments, users must configure a renewal hook to transfer SSL certificates to /DATA/SSLCerts upon renewal. Both HomeDock OS and any deployed applications automatically recognize certificates in this directory, enabling secure connections regardless of the port on which each application runs. This centralized approach to SSL handling ensures a simplified, consistent, and secure setup across all instances. Check how to set up SSL certificates for Linux, macOS and Windows.

Shield Mode

HomeDock OS includes an advanced security feature called Shield Mode, which protects against coordinated attacks and unauthorized access attempts. Shield Mode monitors login attempts and activates if it detects unusual login behavior from multiple IP addresses within a specific timeframe.

How Shield Mode Works

Activation Thresholds: Shield Mode activates if:
- There are 3 failed logins from different IPs within 1 minute.
- There are 7 failed logins from different IPs within 1 hour.
- There are 24 failed logins from different IPs within 24 hours.
Timed Lockouts: Once activated, Shield Mode enforces access restrictions for varying time periods, depending on the severity level:
- Level 1: 1-hour lock for low-level threats.
- Level 2: 3-hour lock for moderate threats.
- Level 3: 12-hour lock for high-level threats.

This mode provides an additional layer of security by automatically blocking suspicious access attempts while ensuring legitimate users can access the platform safely.

View more information about Shield Mode.

User-Friendly Interface

HomeDock OS boasts an intuitive and accessible interface, designed to streamline navigation and enhance usability for users of all technical levels. The dashboard is structured to allow easy access to critical management features, from application monitoring to user settings, so that users can quickly locate and manage their resources.

Direct Updates from GitHub

HomeDock OS features an automated update system that ensures you are always running the latest version with minimal effort. The platform periodically checks for new releases directly from our public GitHub repository , keeping your system up to date with the latest improvements, security patches, and new features.

How It Works

Automatic Version Checks:
- HomeDock OS periodically verifies if a new version is available.
- This check happens in the background without interrupting your workflow.
Update Notifications:
- When a new release is detected, a notification appears in the Notifications Tab.
- The notification provides details about the update, including the new version available.
One-Click Update Process:
- Clicking the notification triggers an automatic update.
- HomeDock OS downloads and applies the update without manual intervention.
- The update process is designed to be seamless, minimizing downtime.
Automatic System Restart:
- Once the update is complete, the system automatically restarts.
- Services are restored in seconds, ensuring continuous availability.

This streamlined approach allows users to keep their HomeDock OS installations secure, stable, and up to date without needing to manually check for updates or perform complex upgrade procedures.

Advanced Security

HomeDock OS implements multiple layers of security to ensure the protection of user data, authentication credentials, and system integrity. These security measures include dynamic encryption for logins, volatile key-based HTTPS emulation, secure file storage, and hardened authentication mechanisms.

To protect login credentials even in non-HTTPS environments, HomeDock OS generates a volatile RSA key pair (4096-bit) upon each system restart. The login process works as follows:

Upon accessing the login page, the client retrieves the public key from the backend.
The password is encrypted client-side using this public key before being sent to the server.
On the server, the password is decrypted in-memory only using the private key, ensuring that credentials are never stored or transmitted in plaintext.

This mechanism kind of emulates HTTPS encryption even when running on an insecure network, preventing credentials from being exposed to packet sniffing or MITM attacks. Breaking a 4096-bit RSA key with current classical computers would take longer than the age of the universe, well over 10^100 years. Even with today’s most advanced quantum computers, decrypting it is still impossible, as they lack the millions of stable qubits required to run Shor’s algorithm effectively.

Drop Zone File Encryption

Drop Zone, the encrypted file storage system of HomeDock OS, guarantees total data privacy through per-user encryption and zero plaintext persistence. It uses:

AES-256 GCM encryption, with a unique random nonce per file, ensuring both confidentiality and integrity. Even identical files will have different encrypted outputs.
Per-user derived encryption keys via PBKDF2-HMAC-SHA256 using a unique salt and 1,200,000 iterations, making brute-force attacks computationally unfeasible even if the key file is compromised.
In-memory encryption: Files are encrypted before being written to disk and decrypted only in RAM upon legitimate access by the file owner.
Legacy compatibility with files previously encrypted using AES-CBC, which are transparently upgraded to the new format upon access.

Each user’s encryption key is derived from a secure, randomly generated base key and a user-specific salt. This ensures strong cryptographic isolation between users, while offering robust protection against dictionary attacks, collisions, and unauthorized access even in shared or multi-tenant environments.

Drop Zone’s encryption model isn’t just built for today’s threats. It’s designed to remain secure well into the future. Brute-forcing a single user’s key would take 2.2 × 10⁵⁶ trillion years (a 22 followed by 65 zeros) with traditional computing. Even with a quantum computer, cracking it would require over 100 trillion billion billion years making unauthorized access mathematically implausible by brute force.

Drop Zone keeps your data sealed with military-grade encryption, the same standard required by the U.S. government to protect Top Secret information. Files are encrypted in memory before they ever touch disk, and only you can access them. Not even HomeDock OS can see what’s inside.

_{And all that... Securely processed even on lightweight hardware like a Raspberry Pi Zero and fully cross-platform, running seamlessly on Windows, macOS, and Linux.}

Secure Password Storage & Authentication

HomeDock OS secures user passwords using bcrypt with strong hashing parameters. Features include:

Per-user salt generation to prevent rainbow table attacks.
Rate-limiting login attempts and Shield Mode activation upon multiple failed login attempts.
CSRF protection to prevent session hijacking and unauthorized requests.

Hardened Content Security Policy (CSP)

HomeDock OS enforces an ultra-strict and granular CSP (Content Security Policy) that dynamically adjusts per endpoint to mitigate potential security threats such as XSS, data injection, and clickjacking attacks.

This endpoint-aware CSP ensures that security remains tight and adaptive, even as HomeDock OS expands.

Server Fingerprint Obfuscation

HomeDock OS implements our own HyperSpoof module, an anti-bot and anti-fingerprint system that randomizes server identifiers to mislead automated scanners and malicious bots. This is done by dynamically altering:

Server banners: Pretending to be different web servers (Apache, Nginx, IIS, LiteSpeed, etc.).
Via headers: Simulating proxy/CDN setups (Varnish, Cloudflare, Squid, etc.).
IP headers: Assigning randomized primary and secondary IP addresses.
CDN nodes: Rotating between different fake CDN edge locations.

Additionally, HomeDock OS resets these identifiers every 50 requests, ensuring continuous obfuscation against automated fingerprinting attacks.

By combining these security measures, HomeDock OS offers enterprise-grade protection for all user data and authentication processes. Even in self-hosted environments with minimal security, the system remains hardened against attacks, ensuring that sensitive data remains confidential and protected.

Progressive Web App (PWA)

HomeDock OS is also available as a Progressive Web App (PWA), allowing users to experience a more immersive, app-like interface directly from their devices. A WPA is a type of web application that offers features similar to native apps, such as offline functionality and push notifications, but runs directly in the web browser. This means users can “install” HomeDock OS on their desktop via their browser for a secure, seamless experience, or access it on iPhones and Android devices without needing a separate download.

The WPA functionality is ideal for Cloud Instances, enhancing accessibility across all devices while maintaining high security and performance.

To ensure availability as a PWA for both Cloud Instances and self-hosted environments, an SSL certificate must be correctly installed, as PWAs require a secure HTTPS connection by design. This is a necessary condition due to the inherent security requirements of PWAs.

Flexible Configuration

HomeDock OS supports a range of configuration options, allowing users to tailor the platform to their unique needs. With the ability to adjust hostname settings, customize backups, and manage certificates centrally, HomeDock OS provides flexibility without compromising ease of use or security.

Optimized Performance

Cloud Instances are hosted on our infrastructure, which is optimized for HomeDock OS, ensuring smooth and reliable performance. For self-hosted users, the platform is designed to adapt to various hardware configurations while maintaining optimal functionality.

Prism Window Manager

HomeDock OS features a full desktop-like window management system called Prism:

Multi-Window Support: Open multiple applications simultaneously in separate windows
Window Controls: Minimize, maximize, restore, and close windows with familiar controls
Drag & Resize: Move and resize windows freely with mouse or touch gestures
Z-Index Management: Automatic focus handling brings clicked windows to front
Cascade Positioning: New windows automatically offset by 30px for visibility
Minimum Size Constraints: Windows maintain readable size (400x300px minimum)
Window State Persistence: Window positions and states are preserved during session

Theme System

HomeDock OS includes a comprehensive theming system with three built-in themes:

Default: Clean, light interface with subtle borders and modern aesthetics
Noir: Dark mode with appropriate contrast and color schemes
Aero+: Modern aesthetic with backdrop blur effects and gradients

All system applications, dialogs, notifications, and UI components automatically adapt to your selected theme.

Local Network Discovery (mDNS)

HomeDock OS automatically announces itself on your local network using Zeroconf/mDNS:

Automatic Discovery: Access HomeDock OS at homedock.local on your local network
Zero Configuration: No DNS or hosts file configuration required
Cross-Platform: Works on Windows, macOS, Linux, and mobile devices

_{Local network discovery allows you to access HomeDock OS without remembering IP addresses. Just type homedock.local in your browser.}

Resource Monitoring

HomeDock OS provides comprehensive system and container resource monitoring:

System Statistics

CPU usage percentage and frequency (GHz)
CPU temperature with 5-minute rolling averages
RAM usage and availability
Disk space utilization
Network I/O statistics (download/upload rates)
Server uptime tracking

Per-Container Metrics

Real-time CPU usage percentage
Memory consumption (bytes and percentage)
Network traffic per container (RX/TX)
Container grouping for aggregate statistics

External Drive Support

HomeDock OS can detect and utilize external storage devices:

Cross-Platform Detection: Automatic discovery of USB drives and external storage
Drive Information: View total capacity, used space, and available space
Container Mounting: Map external drives to container volumes
Platform-Specific Handling: Proper path handling for Linux, macOS, and Windows

Custom Package System (HDS)

Create and distribute custom application packages with the HomeDock Service (HDS) format:

Package Creation: Bundle Docker Compose files, icons, and metadata
Category Organization: Organize apps into Media, Networking, Gaming, Development, etc.
Easy Distribution: Share .hds packages across HomeDock OS instances
App Store Integration: Custom packages appear alongside official applications

See the Packager Overview for details on creating custom packages.

Network Monitoring

HomeDock OS tracks network usage with detailed statistics:

Real-Time Monitoring: Live download and upload rate tracking
48-Hour History: Rolling window of network statistics
Per-Interface Stats: Monitor individual network adapters
Data Logging: Persistent logs for historical analysis

These features make HomeDock OS a comprehensive and secure solution for both individual users and organizations. The combination of robust security features, including seamless SSL integration and Shield Mode, alongside user-friendly management and flexible configuration, make HomeDock OS an ideal platform for secure and simplified cloud management.