daniel/furtka
1
1
Fork 0
Code Issues 1 Pull requests Projects 1 Releases 13 Packages Wiki Activity Actions
furtka/docs/competitors.md
Daniel Maksymilian Syrnicki 1f0abc464a Add competitor analysis: CasaOS, Umbrel, YunoHost 
Online research (no hands-on testing yet) covering install flow,
hardware detection, app store UX, reverse proxy/SSL, and common
user complaints for the top 3 competitors.

Key findings: device-aware install wizard and managed gateway/DNS
are both uncontested. Umbrel's PolyForm license and 4+ year refusal
of HTTPS on local UI are direct counter-positioning opportunities.
CasaOS is in maintenance mode (IceWhale moved to ZimaOS).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 19:55:26 +02:00

182 lines
20 KiB
Markdown
Raw Blame History

# Competitor Analysis: CasaOS, Umbrel, YunoHost
> Online research, 2026-04-13. No hands-on testing yet — see the roadmap item "Daniel tests CasaOS, Umbrel, YunoHost on Proxmox" for that.
## TL;DR
- **None of the three has a device-aware install wizard.** All three either drop you into a Debian-installer-style flow (YunoHost), a single-question TUI picker (Umbrel), or no OS install at all (CasaOS is a curl-to-bash overlay). Homebase's "boot USB → web wizard detects hardware → done" angle is genuinely unoccupied.
- **HTTPS/reverse-proxy story is a disaster across the board.** Umbrel has refused HTTPS on the local UI for 4+ years ([issue #546](https://github.com/getumbrel/umbrel/issues/546), open since Feb 2021, still open). CasaOS ships plain HTTP and the web UI has root filesystem access. YunoHost is the only one that does Let's Encrypt properly — but only for its own domain wizard, and the DNS/email setup is where newbies quit.
- **Umbrel's license (PolyForm Noncommercial) disqualifies it for anyone who cares about true open source.** This is the #1 complaint on r/selfhosted and the reason Citadel forked. Staying AGPL is a real differentiator against the slickest-looking competitor.
- **Storage handling is the weakest dimension for all three.** Umbrel can't use multiple drives or change storage paths per app. CasaOS mounts externals read-only by default and requires editing files to fix. YunoHost only does partitioning in "expert mode" and never revisits it after install. Homebase's drive-scoring + boot/LVM auto-assignment idea has no real competition here.
- **CasaOS is in maintenance mode.** IceWhale has moved focus to ZimaOS (paid hardware). Users on GitHub are asking whether the project is still alive ([Discussion #2386](https://github.com/IceWhaleTech/CasaOS/discussions/2386)). Momentum window is open.
---
## CasaOS
### Install flow
Not an OS — it's an overlay. Install is a single curl-to-bash one-liner (`curl -fsSL https://get.casaos.io | sudo bash`) on top of any existing Debian/Ubuntu/Raspberry Pi OS/CentOS system. The script installs Docker, CasaOS services, and drops a web UI on port 80. There is no first-boot wizard, no partitioning, no hardware detection — those are whatever the underlying distro did. First user-facing UI is a browser welcome page where you create an account ([official site](https://casaos.io/), [install guide](https://wiki.casaos.io/)).
Consequence: "time to dashboard" is fast (minutes) *if* you already have Linux running, but the hard part (installing Linux) is punted to the user.
### Hardware detection
Minimal. CasaOS has a "Storage Manager" web UI that lists attached drives and lets you mount/unmount via rclone-backed mounts ([DeepWiki: Storage Management](https://deepwiki.com/IceWhaleTech/CasaOS/6-storage-management)). No SMART monitoring, no drive scoring, no guidance on which drive to use for what.
Known issues:
- Externals mount read-only by default and require editing multiple files to override ([Issue #1103](https://github.com/IceWhaleTech/CasaOS/issues/1103)).
- "Automount USB drive" toggle doesn't reliably work ([Issue #1043](https://github.com/IceWhaleTech/CasaOS/issues/1043)).
- No way to mount an existing formatted drive without reformatting it ([Issue #1099](https://github.com/IceWhaleTech/CasaOS/issues/1099)).
### App store UX
Grid of icons, click → install. The catalog is smaller than Umbrel's and most "advanced" apps (Nextcloud with a real DB, for example) require either a third-party app store like **BigBearCasaOS** or a manual "Custom Install" flow where the user is expected to configure a MariaDB container and link it to Nextcloud ([DBT3CH guide](https://dbt3ch.com/books/nextcloud-on-casaos/page/installing-nextcloud-on-casaos)). So the "one-click" promise holds for trivial apps and breaks for anything with a dependency. Subdomains/SSL are not part of the app install flow at all — see below.
### Reverse proxy / domains
**No built-in reverse proxy or SSL.** The official wiki explicitly documents "Running CasaOS behind a webserver" as the intended HTTPS path, meaning you install nginx/Caddy yourself ([CasaOS Wiki: Behind a Webserver](https://wiki.casaos.io/en/guides/casaos-behind-webserver)). The community pattern is: install **Nginx Proxy Manager** from the CasaOS app store, point it at DuckDNS, click through its Let's Encrypt UI ([Big Bear guide](https://community.bigbeartechworld.com/t/how-to-make-casaos-apps-secure-https/1054)). Works but is two layers of work.
Open issue requesting native SSL for the CasaOS UI itself: [#1074](https://github.com/IceWhaleTech/CasaOS/issues/1074) — still open.
### Common complaints
- **Security is bad.** A [July 2025 review](https://noiseinfsharp.wordpress.com/2025/07/02/a-brief-review-of-casaos/) uninstalled CasaOS after 15 minutes after discovering: Docker runs as root, web UI has no HTTPS so LAN sniffers get the admin password, and "I had root access to the file system from the web UI. I created text file in /etc/ with literally no issue." Reviewer called it "a security vulnerability as a self-hosted service."
- **Broken routing/back button.** Same review: "The web UI didn't implement any routing or history" — deep links don't work.
- **Docker 29 incompatibility** broke installs until a workaround was found ([Issue #2407](https://github.com/IceWhaleTech/CasaOS/issues/2407)).
- **Project is in maintenance mode.** IceWhale officially pivoted to ZimaOS for their Zima hardware; CasaOS only gets stability fixes ([Discussion #2386](https://github.com/IceWhaleTech/CasaOS/discussions/2386)).
### Sources
- [CasaOS GitHub](https://github.com/IceWhaleTech/CasaOS)
- [Noise in F# review, 2025-07](https://noiseinfsharp.wordpress.com/2025/07/02/a-brief-review-of-casaos/)
- [kextcache review](https://kextcache.com/casaos-install-review-uninstall/)
- [LibHunt: CasaOS vs YunoHost](https://www.libhunt.com/compare-CasaOS-vs-yunohost)
- [r/selfhosted: "is CasaOS really that bad?"](https://www.reddit.com/r/selfhosted/comments/1fsyllh/new_to_self_hosting_is_casaos_really_that_bad/)
---
## Umbrel
### Install flow
Real ISO. Flash `umbrelos-amd64-usb-installer.iso` with Etcher, boot target machine from USB, pick internal drive by number from a list, wait ~5 minutes for first boot, then go to `http://umbrel.local` on another device to do the web-based account setup ([x86 install wiki](https://github.com/getumbrel/umbrel/wiki/Install-umbrelOS-on-x86-systems)). itsfoss describes the web UI as feeling "like a cross between iOS and Steam" ([itsfoss review](https://itsfoss.com/umbrel-review/)).
No first-boot wizard beyond "pick drive number." The target market is really Umbrel Home / Umbrel Pro hardware where this is all pre-done.
### Hardware detection
Basically none. Install-time: a text list of block devices and you type a number. Post-install: the itsfoss reviewer calls storage handling Umbrel's "weakest area" — the install drive "gets completely erased on first boot," and "users cannot add multiple drives or configure separate storage locations per application. The platform lacks RAID support." NAS/external-drive integration is forum-level manual work with symlinks ([community guide](https://community.umbrel.com/t/external-storage-mounting-and-usage-for-docker-volumes/15303), [Issue #1639](https://github.com/getumbrel/umbrel/issues/1639)).
### App store UX
This is Umbrel's strength. Apps are pre-built `docker-compose` manifests; one-click install of Nextcloud, Jellyfin, Immich, Bitcoin node, etc., with sensible defaults ([Umbrel app store](https://apps.umbrel.com/app/nextcloud)). No YAML editing, no database linking. The catalog is ~300 apps and visually polished.
Caveats: no per-app storage reconfiguration (can't point Nextcloud at a different drive from inside the UI), and Nextcloud hits "Access through untrusted domain" warnings that require manual workarounds ([community thread](https://community.umbrel.com/t/nextcloud-with-umbrel-tutorial/6599)).
### Reverse proxy / domains
**Umbrel refuses to support HTTPS on its own local UI.** [Issue #546](https://github.com/getumbrel/umbrel/issues/546) has been open since February 2021, 44 upvotes, 80+ comments. Official position: assume the local network is secure, use Tor hidden services for remote access. Community response (quoted verbatim from the issue): "all it takes is one Umbrel vuln to bring down half of the lightning network."
For per-app HTTPS/custom domains, users install **Nginx Proxy Manager** or **Zoraxy** from the app store and set up Let's Encrypt themselves ([NPM app](https://apps.umbrel.com/app/nginx-proxy-manager), [Zoraxy app](https://apps.umbrel.com/app/zoraxy)). Workable but manual — Umbrel's own flagship one-click philosophy stops at the reverse-proxy door.
### Common complaints
- **License.** Umbrel relicensed to [PolyForm Noncommercial 1.0.0](https://github.com/getumbrel/umbrel/blob/master/LICENSE.md) in Aug 2021, which is not OSI-approved. r/selfhosted on this is consistent: *"Umbrel is not 'open-source', it is 'source available'"*, *"Because of that license I don't trust UmbrelOS and I prefer CasaOS which is open source."* [Citadel](https://github.com/runcitadel) forked explicitly over this.
- **No HTTPS on local UI.** See above.
- **Storage rigidity.** External drive must be ≥750GB, gets wiped, and you can't use multiple drives ([itsfoss review](https://itsfoss.com/umbrel-review/)).
- **No convenient CLI access.** Per a [LibHunt comparison](https://www.libhunt.com/compare-umbrel--umbrel-os-vs-CasaOS), "one pain point with Umbrel is that it doesn't have a convenient way of accessing the system's command line," which makes advanced troubleshooting painful.
- **Bitcoin/crypto focus.** Historically Umbrel was a Bitcoin-node OS that added general apps; some reviewers still see it as crypto-first ([blockdyor review](https://blockdyor.com/umbrel-review/)).
### Sources
- [Umbrel GitHub](https://github.com/getumbrel/umbrel)
- [itsfoss review](https://itsfoss.com/umbrel-review/)
- [x86 install wiki](https://github.com/getumbrel/umbrel/wiki/Install-umbrelOS-on-x86-systems)
- [HTTPS issue #546](https://github.com/getumbrel/umbrel/issues/546)
- [License switch PR #908](https://github.com/getumbrel/umbrel/pull/908)
- [blockdyor 2026 review](https://blockdyor.com/umbrel-review/)
---
## YunoHost
### Install flow
The most traditional and also the most legit first-boot flow. Debian-based ISO, flash to USB, boot target machine, Debian installer runs and asks language / location / keymap / timezone, then a partitioning step ("classical" mode is a guided "use entire disk"; "expert" mode lets you do RAID or LUKS encryption) ([install doc](https://doc.yunohost.org/en/admin/get_started/install_on/regular_computer/)).
After reboot, you point a browser at `https://yunohost.local` (self-signed cert warning — accept it) and run a real web wizard:
1. Pick a main domain — either a free `.nohost.me` subdomain from YunoHost, or your own.
2. Create the first admin user.
3. Run the diagnosis tool, which lights up yellow/red for anything needing DNS or port-forwarding attention.
4. Install a Let's Encrypt cert to replace the self-signed one.
[XDA reports](https://www.xda-developers.com/yunohost-guide/) this is "a quick point-and-click affair — at first" and that the whole end-to-end is 20-30 minutes first-time, 12 minutes for someone experienced. Hetzner bare-install finishes in ~2 minutes before the web wizard even starts.
### Hardware detection
Basic, inherited from the Debian installer. Guided partitioning (auto), expert mode for RAID/LUKS. Per the docs ([install page](https://doc.yunohost.org/en/admin/get_started/install_on/regular_computer/)), "apart from the monitoring system that ensures partitions are not too small, YunoHost does not currently deal with the organisation of your partitions and disks." External drives and NAS mounting are a post-install tutorial ([external_storage doc](https://doc.yunohost.org/admin/tutorials/external_storage/)). No drive scoring, no SMART, no suggestions.
### App store UX
Big catalog (~400 apps, [apps.yunohost.org](https://apps.yunohost.org/)). Install flow is: Applications → Install → pick app → pick which subdomain (or subpath) to install it under → click → done. The app packager has already wired Let's Encrypt, nginx vhost, SSO integration, and LDAP into the install. A [blogger's Nextcloud walkthrough](https://blog.elenarossini.com/a-newbies-guide-to-self-hosting-with-yunohost-part-3-lets-install-nextcloud/) estimates 5-10 minutes click-time; "you only need to click a couple of buttons and let YunoHost handle the heavy lifting."
This is objectively the best integrated-app experience of the three. Every app is SSO-enabled automatically via the bundled LDAP.
### Reverse proxy / domains
Built in, nginx-based, wired into Let's Encrypt with [automatic renewal every three months](https://doc.yunohost.org/admin/domains/certificate/). Subdomain setup is a real UI flow: add the domain, get a DNS record snippet to paste at your registrar, click "Install Let's Encrypt certificate," and the green checkmark appears within seconds. Wildcard cert support exists but requires DNS-01 plumbing ([forum discussion](https://forum.yunohost.org/t/enhancement-easier-subdomain-setup-with-lets-encrypt-wildcard-certificates/4587)).
This is the single dimension where YunoHost is best-in-class of the three.
### Common complaints
- **Email / DNS setup is where newbies die.** Running a real mail server requires correct MX, SPF, DKIM, DMARC, and reverse DNS. The [YunoHost FAQ](https://doc.yunohost.org/en/community/faq/) and countless forum threads ([example](https://forum.yunohost.org/t/proper-proper-proper-email-and-dns-setup/9266)) show this is the most common support topic.
- **Mandatory built-in LDAP, no external directory integration.** From user complaints on the forum: "you cannot use your existing accounts in your own LDAP, OpenLDAP or Active Directory services" — apps bundled for YunoHost have their LDAP configs pre-stripped. Dealbreaker for homelabbers who want Authentik/Authelia.
- **No service isolation.** All apps share the host, unlike Umbrel/CasaOS where everything is Docker. A [LibHunt comparison](https://www.libhunt.com/compare-yunohost-vs-umbrel) notes "the biggest downside of YunoHost's approach is that it doesn't isolate its different services."
- **Limited backup features.** Per [AlternativeTo commentary](https://alternativeto.net/software/yunohost/about/).
- **Learning curve is real.** Quote from an [open-source blog](https://opensourceit.org/blog/2020/04/19/the-basic-open-source-it-recipe/): "setting up YunoHost is unfortunately not super easy for non-technical folks." DNS is the cliff.
- **App packaging v1 deprecated.** Mid-2024 through early 2025, app packagers had to migrate to v2 format, briefly destabilizing the catalog ([forum announcement](https://forum.yunohost.org/t/packaging-v1-to-be-soft-deprecated-starting-on-february-1st-2024-hard-deprecated-on-february-1st-2025-and-dropped-in-yunohost-13-x-trixie/28232)).
### Sources
- [YunoHost official site](https://yunohost.org/)
- [Install on regular computer](https://doc.yunohost.org/en/admin/get_started/install_on/regular_computer/)
- [XDA: turn an old PC into a self-hosting battlestation](https://www.xda-developers.com/yunohost-guide/)
- [TechRepublic: What is YunoHost](https://www.techrepublic.com/article/install-yunohost/)
- [Newbie Nextcloud walkthrough](https://blog.elenarossini.com/a-newbies-guide-to-self-hosting-with-yunohost-part-3-lets-install-nextcloud/)
- [Certificate doc](https://doc.yunohost.org/admin/domains/certificate/)
---
## Implications for Homebase
### Copy (these are proven patterns)
- **YunoHost's post-install web wizard model** — self-signed `https://proksi.local`, walk user through domain + admin user + cert, diagnostic that flags DNS/port issues in yellow/red. This is clearly the best onboarding of the three; mimicking it for first boot is a shortcut.
- **YunoHost's SSO-wired app installs** — every app they package is automatically integrated into the bundled auth. If we commit to one identity provider (Authentik is the homelab default) and wire every app template to it, we beat Umbrel and CasaOS on day one.
- **Umbrel's app-store polish** — the grid, the screenshots, the categories, the one-click defaults. Visually they nailed it. Copy the UX, not the license.
- **CasaOS's "works on any Linux" optionality** — useful fallback. Our primary story is a full OS, but having a "Homebase layer" installable on an existing Debian/Arch system would widen the funnel dramatically.
### Avoid
- **Umbrel's license trap.** AGPL-3.0 (already our plan per README) is the exact counter-positioning. Every r/selfhosted thread about Umbrel mentions PolyForm. Lead with the license in marketing copy.
- **Umbrel's "we don't need HTTPS on LAN" stance.** It's 4+ years of public embarrassment. Homebase should ship HTTPS on `proksi.local` from day one — self-signed or via a local CA, doesn't matter, just not plaintext.
- **CasaOS's root-Docker + root-FS-via-web-UI security posture.** Non-negotiable: run Docker rootless or at least not expose the filesystem through the web UI.
- **YunoHost's bundled-LDAP lock-in.** Their "you must use our directory" rule is the top power-user complaint. Make auth pluggable from the start.
- **YunoHost's non-isolated apps.** Docker-per-app is already our plan; this is just confirmation.
- **Umbrel's single-drive assumption.** If we do the drive-scoring wizard well, we're dramatically ahead.
### Where our wizard + gateway differentiation actually holds up
1. **Device-aware install wizard** — real gap. Umbrel asks "which number is your drive," YunoHost runs stock Debian partitioning, CasaOS doesn't install an OS at all. A wizard that enumerates drives, shows SMART health, benchmarks speeds, and proposes "fast drive = OS/apps, big drive = data, HDD pool = backups" has no equivalent. This is the single most defensible pitch.
2. **Managed gateway** — real gap. Every competitor punts reverse proxy + Let's Encrypt + DNS to the user. Even YunoHost, which does SSL best, assumes you'll edit DNS at your registrar manually. A Homebase subscription that says "point your domain's nameservers at us, we handle the rest" is genuinely new in this space. The Proxmox-model subscription narrative is credible because there's no competition.
3. **Arch rolling base** — mild gap. All three competitors are Debian. Faster updates are real, but this is a technical differentiator that end users won't perceive. Keep it as a reason for the tech crowd to cheerlead, not a primary pitch.
### Where the pitch is weaker than we think
- **"App store experience"** — Umbrel already has this and it's good. We won't win on catalog size (they have 300+ and YunoHost 400+); we should win on defaults (every app auto-wired to SSO + reverse proxy + custom domain at install time, which no one does).
- **"Your dad can install this"** — YunoHost is genuinely close to this for the install itself. The DNS/email cliff is where they fail. Our wedge is specifically the *domain + SSL + DNS* pain, not the OS install.
- **Arch vs Debian** — be honest that this is a team preference, not a user benefit. Every complaint we've found across all three projects is about UX/security/storage/licensing; zero are about "I wish this was on Arch."
### Must-validate-in-testing
When Daniel does hands-on Proxmox testing, specifically verify:
- CasaOS: try installing Nextcloud with persistent storage on a second disk. Time how long, count clicks, note where it breaks.
- Umbrel: try to get any app accessible at a custom domain over HTTPS. Time and click-count it.
- YunoHost: do the full DNS + Let's Encrypt + subdomain + Nextcloud flow end-to-end on a fresh domain. This is our real benchmark.
Reference in a new issue View git blame Copy permalink