Tsubodai

joined 1 year ago
[โ€“] Tsubodai@programming.dev 2 points 11 months ago (2 children)

I'm... a little offended by that! ๐Ÿคฃ

[โ€“] Tsubodai@programming.dev 1 points 11 months ago* (last edited 11 months ago) (1 children)

Ah. VMs. I (stupidly?) set my storage array to use ext4, and apparently it needs to be a btrfs to be able to use VMs. I cba to rebuild it at the moment.. so I just use docker for everything

[โ€“] Tsubodai@programming.dev 1 points 11 months ago

Brilliant, many thanks!

[โ€“] Tsubodai@programming.dev 1 points 11 months ago (4 children)

Yeah, I definitely like the idea of leaving all services running locally, and connect to my VPN when needing to tinker/access.

I do have a couple of raspberry pi's, but I prefer to run stuff on the Nas, I only use the pi's as clients to stream from.

I'm gonna go lookup the difference between openvpn and wireguard :) And I have a dynamic DNS setup, that's basically the same as a fixed IP, right?

Thanks!

[โ€“] Tsubodai@programming.dev 1 points 11 months ago (3 children)

I definitely didn't set up any port forwarding or routing tables when setting up the inbuilt VPN.

Tailscale is great, and very handy to edit my compose files from, for example, work. But I didn't think I could use it to access my services?

I've become pretty familiar with docker over the years, so I'm tempted to spin up a container just to see how it works.

I currently expose around 20 services through the reverse proxy, but only those ones that I can set a user/password for.

I don't mind investing the time to learn more about all this. Networking stuff has always been akin to dark magic for me, it's time to jump in..

Thanks!

17
submitted 11 months ago* (last edited 11 months ago) by Tsubodai@programming.dev to c/selfhosted@lemmy.world
 

I run a load of containers on a NAS, and reverse proxy them through synology's inbuilt reverse proxy settings.

Essentially, I'd like to harden my security, and not really sure how best to do it.

Seeing people recommend nginx proxy manager, I've tried to set this up but never managed to get the certificates to work from letsencrypt ("internal server error" when trying to get one). When I finally got it working a while ago (I think I imported a cert), any proxy I tried to setup just sent me to the Synology login page.

I've tried to setup the VPN that comes with Synology (DSM 7+), but I must have set it up using the local IP address. It only works when I'm on my LAN, and not from an external network. Which is kind of the point, lol. I would like to use VPN to access the home network when out and about.

I've set random, long, unique passwords for everything I want to access, but I am guessing this is not the most secure, after seeing so many people use and recommend vpns.

I have tailscale, which is great for ssh-ing onto my Nas from the outside world. But to access my services, is a VPN the best way to do it? And can it be done entirely myself, or does it require paying for a service?

I've looked at authentic - pretty confusing at the outset, and Isee few evenings of reading guides ahead of me before I get that working. Is that worth setting up?

Does anyone have any advice/guides/resources that might help?

[โ€“] Tsubodai@programming.dev 2 points 11 months ago

I backup my music, photos, docker settings and that's about it. Daily backups to one external HDD, but recently setup a second backup that's runs weekly juuuuust in case. The music is only because it's taken me a long time to build upy library, and that would be painful to lose. TV, movies, meh.

[โ€“] Tsubodai@programming.dev 2 points 11 months ago* (last edited 11 months ago) (1 children)

Similar story here. Readarr (two instances, one for ebooks, another for audio). Calibre server with a watchdir to add books from libgen/elsewhere, and organising stuff. Calibre-web because trying to use calibre server on a phone is painful. WebDAV connection through phone app (Moon+) as a backup (LAN only).

Oh, and Audiobookshelf for the audiobooks, but I generally prefer reading

[โ€“] Tsubodai@programming.dev 9 points 11 months ago (1 children)

Why not just run a watchtower container? Combined with a diun one to send gotify messages to my phone if you're into that. (I am!)

[โ€“] Tsubodai@programming.dev 7 points 11 months ago

Im probably the opposite of you! Started using docker at home after messing up my raspberry pi a few too many times trying stuff out, and not really knowing what the hell I was doing. Since moved to a proper nas, with (for me, at least) plenty of RAM.

Love the ability to try out a new service, which is kind of self-documenting (especially if I write comments in the docker-compose file). And just get rid of it without leaving any trace if it's not for me.

Added portainer to be able to check on things from my phone browser, grafana for some pretty metrics and graphs, etc etc etc.

And now at work, it's becoming really, really useful, and I'm the only person in my (small, scientific research) team who uses containers regularly. While others are struggling to keep their fragile python environments working, I can try out new libraries, take my env to the on-prem HPC or the external cloud, and I don't lose any time at all. Even "deployed" some little utility scripts for folks who don't realise that they're actually pulling my image from the internal registry when they run it. A much, much easier way of getting a little time-saving script into the hands of people who are forced to use Linux but don't have a clue how to use it.