Edit VPN
Changing these restarts the Media Center stack. Downloads pause for ~30 seconds while gluetun reconnects.
10.14.0.2/16, ProtonVPN 10.2.0.2/32, Mullvad 10.64.0.2/32. Copy yours exactly from your provider's WireGuard config page to be safe.
United States, Canada).
Hey there! 👋
Everything's looking good.
- Nothing's happened yet. SparkBox will log container events here as they happen.
Loading…
App Store ?
Turn features on or off like flipping a switch. Each module is a group of related services that work together.
Loading apps… (if this sticks for more than 10 seconds, try refreshing — the dashboard may be waking up its license check)
Updates
Keep your services up to date with one click. Activate a free license for automatic updates, scheduling, and rollback protection.
SparkBox Core
Current version: checking...
Last checked: Never
Click "Check for Updates" to scan for available updates.
Auto-Update Schedule ?
Set a maintenance window for automatic updates. Your server will check for and apply updates on schedule.
Update History
No update history yet.
Releases
Every version of SparkBox we've shipped to your server. This is a live product — features land on your box the day they're cut.
Loading release notes…
Live Logs
A real-time diary of what each service is doing. Mostly useful when something breaks — look for lines containing "error" in red.
Pick a service above to see its logs here.
Settings
Your server configuration.
Optional. SparkBox runs without a license. Activating enables auto-updates with rollback (the only feature gated on activation). Free for personal use — email submission, no payment.
Edit these in Server Config if you change your public hostname, move the box, or want scheduled jobs to run in a different local time.
Off (default): each *arr requires a login the first time you open it on a new browser. Auto-generated admin credentials are surfaced through the launcher modal. On: anyone on your LAN can open Sonarr / Radarr / Prowlarr without logging in — the auto-login feel from before v1.6.40. Only flip this on if your LAN is trusted (no roommates, no untrusted IoT, no guest devices on the same subnet).
Why this classification?
On: the chat widget is available, and messages route through our proxy to Anthropic's Claude API for diagnosis. Off: the chat widget is hidden and no data ever leaves your box. You can still get help in d/sparkbox.
What gets sent & what doesn't
Sent to Anthropic's API: the message you type, plus a "diagnostic context" that SparkBox assembles automatically — container names, running state, relevant knowledge-base articles, and recent container logs with secrets (tokens, JWTs, password= strings, bcrypt hashes) redacted before they ever leave your box.
Never sent: your .env values, passwords, session cookies, license key, module data (files, photos, notes, backups), or anything inside your containers. Anthropic has no network path into your server — they only see what you type + the redacted diagnostic snippet.
What we (SparkBox) store: nothing from your conversation. The proxy is a passthrough. Only artifact retained on our side is a per-license request counter for rate-limiting, which expires within 24 hours. Your chat history is kept locally on your server in state/chat-sessions/ — delete it anytime.
Please don't paste: passwords, API keys, license keys, personal email addresses, real names, or any sensitive info you wouldn't want in a public support post. Use the Settings UI for credentials.
Adds Seerr request-button injection into the Jellyfin web UI plus settings sync across the Moonfin client family (Android TV, iOS, macOS, Windows, Linux, Roku, Samsung/LG smart TV — see docs). Requires the Media module to be enabled. Plugin is third-party (github.com/Moonfin-Client/Plugin, GPL-3.0); SparkBox doesn't ship the binary, it's downloaded from upstream when you flip this on.
Stable: releases that passed their canary window. Recommended for everyone.
Canary: releases ~3 days before stable — you help find regressions first.
Same auto-rollback + freeze protections as stable.
Replay the 5-step walkthrough of how SparkBox works. Handy when you hand the box to someone else or want a refresher.
SparkBox is in free beta. If you opt in, the dashboard sends anonymous error reports when something crashes — so I (Tom) can fix bugs even if you never post on Demox. Off by default. Sunset at v2.0 launch.
What gets sent (and what doesn't)
Sent: a random install_id (UUID, never derived from anything you can identify), the SparkBox version, your network profile (nas / private / public), the failing module name, and an error fingerprint (exit code + first/last 200 chars of stderr with all IPs / file paths / hostnames / secrets stripped).
NEVER sent: .env values, hostnames, IP addresses, MAC addresses, container log bodies, paths under MEDIA_ROOT, paths under /home or /mnt, anything from state/sessions/, anything from state/portainer-admin-password.txt or other secret files, your username, anything from your data directories.
Stripping happens locally in the dashboard before anything leaves your box. Sent to api.tomsparkbox.com/crash-telemetry. 90-day retention.
Click below to see exactly what we've sent from your box.
The VPN tunnel the Media module routes downloads through. Rotate keys, change providers, or switch between WireGuard and OpenVPN here. Saving restarts the media stack so gluetun reconnects.
VPS users: Your server has a public IP — it's already reachable from anywhere on the internet. WireGuard adds an encrypted tunnel for extra security but is not required for access.
NAS users: Your server has a private IP (like 192.168.x.x) that's only reachable on your home WiFi. To access it from outside your home — your phone on mobile data, your laptop at work — you need WireGuard or Tailscale. Without one, your server is invisible to the outside world.
Loading access methods...
WireGuard Client Config
Tailscale Status
Automatically set up subdomains with SSL for your services via Nginx Proxy Manager.
Type your domain above (e.g. example.com) and click Load Suggestions. SparkBox will suggest subdomains for each enabled app and set up HTTPS via Nginx Proxy Manager.
Container Image Updates
Pull the latest versions of all your services and restart them.
Backup Center ?
Create a full backup of your configuration, secrets, and module data. Keep one copy here, one on another device, and one off-site.
Backups
Create a full backup of your configuration, secrets, and all module data (photos, documents, media). Restore any backup with one click.
SparkBox encrypts dashboard backups with a per-install key. Save it outside the box before you need a restore.
Scheduled Backups ?
Automatically create backups on a schedule. Old backups beyond the retention count are deleted after each run. Backups are stored locally on this server — if the server itself dies, these go with it. For off-site copies to cloud storage (S3, Backblaze B2, Google Drive, Dropbox, WebDAV), enable the Duplicati module from the Apps page.
For automatic cloud copies, enable the Duplicati backup module from Apps. It can ship encrypted archives to Backblaze B2, S3, WebDAV, or another NAS.
Open Apps to enable DuplicatiService Passwords ?
Passwords auto-generated at install time for your services. These are saved on the server — you don't need SSH to find them.
Health Reports ?
Weekly health reports summarize uptime, alerts, updates, and disk usage. Reports are generated automatically every Sunday at 8 AM.
No reports yet. Reports are generated weekly on Sundays.
No reports available.
Alert Settings ?
Configure auto-restart and webhook notifications for service health alerts.
Server Migration
Moving to a new server? Export your entire SparkBox configuration and import it on the new machine. Module configs, enabled apps, and settings are included. Secrets (passwords, keys) must be re-entered on the new server.
Server Management
Restart or reset your SparkBox server. Restart keeps everything running — it just bounces the containers. Reset stops everything and cleans up, but your data and settings are preserved.
Soft Reset: Stops all containers, removes them, then brings everything back up fresh. Your .env, settings, and app data are preserved. Use this when something is stuck or behaving weird.
Reset to Defaults: Disables all optional apps and goes back to just the core services. App data is preserved on disk — re-enable any app later and it comes back with its settings intact.
Factory Reset: Clean-slate everything — wipes every app's config and data, clears state, resets to core-only, boots back into the first-run wizard. Keeps your license key, admin password, backups, and media files in
/data. Use this when you want to start over without reinstalling SparkBox.
Remote Support
Open a 4-hour secure window so Tom can SSH into your server and debug a problem with you. Uses Tailscale, an industry-standard mesh VPN. Only your machine + Tom's tailnet can talk to each other; nothing is exposed to the public internet. Auto-revokes when the timer runs out, or click Close session now any time.
sparkbox-customer, and adds Tom's SSH public key to your /root/.ssh/authorized_keys with a marker so it can be cleanly removed. The marker plus the auto-disable timer mean we can never forget about a session — it always closes.
Uninstall SparkBox
To remove SparkBox entirely (containers, images, app data, and the CLI), SSH into your server and run the command below. This is deliberately CLI-only — uninstalling from the dashboard would mean killing the dashboard itself mid-operation, which tends to leave orphans.
sudo /opt/sparkbox/sparkbox reset --nuke --yes
sudo rm -rf /opt/sparkbox
sudo rm -f /usr/local/bin/sparkbox
This removes: all SparkBox-managed containers (sb-*), their images, /opt/sparkbox (code + config + state + data), and the CLI symlink. It does not touch /data bind mounts outside /opt/sparkbox (e.g. /mnt/media/*), your .env backup in your own backup location, or anything in /root.
Maintenance
Free up disk space by removing old Docker images that no app is using. This is always safe — it never touches running containers or their data. Typical first run reclaims 5–20 GB on a NAS.
Help & Learn
New to self-hosting? No worries! Here's everything you need to know.
What is SparkBox?
SparkBox is your personal privacy server. It runs a collection of apps on your server (VPS, home PC, or any machine) that give you control over your data — ad-blocking, password storage, file sync, monitoring, and more. Think of it as building your own private cloud.
What is Docker?
Docker is the technology that runs all your services. Think of it like separate apartments in a building — each service lives in its own space and can't mess with the others. If one app crashes, the rest keep running normally.
What are Modules?
Modules are groups of related services. For example, the "Privacy & Security" module includes Pi-hole for ad-blocking, Vaultwarden for passwords, and Authelia for login protection. You can turn entire modules on or off from the Apps page.
Your Services Explained
Common Questions
How do I access my services from outside?
You have two options: (1) Set up a domain name pointing to your server and use Nginx Proxy Manager to create subdomains like vault.yourdomain.com, or (2) Enable the WireGuard VPN module to securely tunnel into your server from anywhere.
What should I do if something breaks?
Go to the Logs page and check the logs for the broken service. Look for lines containing "error" or "failed". Try restarting the service from the Home page. If that doesn't help, check the service's official documentation (linked below each service description).
How do I update my services?
Open the Updates tab in the dashboard. Click Check for Updates, review what's available, then hit Update All (or update individual services with their per-row button). If you prefer the CLI, sudo sparkbox update over SSH does the same thing.
How do I change my dashboard password?
Go to Settings → Account, enter your current password, pick a new one, click Change Password. If you've forgotten your password entirely, SSH into your server and run sudo sparkbox reset-password — it prompts for a new password and restarts the dashboard.
Should I change the security keys in Settings?
No! The "Privacy" and "Cloud" sections in Settings contain automatically generated security keys. Changing them can lock you out of services or corrupt data. Only change them if you're doing a deliberate migration and know exactly what you're doing.
Going Further with Privacy
SparkBox protects your home network, but your personal data is already out there. Here are tools that complement your self-hosted setup: