37
Struggling to Get Started Hosting a Mix of Local and Publicly Exposed Containers (programming.dev)
submitted 1 year ago by 101010@programming.dev to c/selfhosted@lemmy.world
16 comments fedilink hide all child comments

I'm new to self hosting and just starting to experiment with web development. I've been reading and cross-referencing several guides, but I'm having trouble figuring out how to put together all the pieces to achieve what I'm looking for. Maybe the perfect tutorial is out there, but I just haven't found the right search terms.

On my Raspberry Pi 4, I have a few Docker containers already up and running:

  • Pi Hole with network-mode set to host so it can handle DHCP too
  • Watchtower to keep the Pi Hole up-to-date
  • Portainer to check on the status of things

In addition those, I'm planning to host a personal website, a small Matrix server, and a few other things eventually. For portability reasons and my own professional development, I want to go all-in on Docker Compose and keep each piece in its own separate container.

The main thing I'm struggling with is figuring out how to configure nginx-proxy-manager and my Docker networks to expose only the containers I want to expose while keeping my other containers safe. More specifically, how do I handle the conflicting ports between Pi Hole and nginx-proxy-manager without exposing my Pi Hole's admin page to the public internet? Can I use the same reverse proxy to manage all my local and public services at the same time?

Another piece that I'm feeling unsure about is pointing my domain name to the right IP address and setting up SSL encryption. It feels like there are a lot of ways to mess it up. What do I need to do to keep things safe and secure? How important is something like Cloudflare tunnel?

you are viewing a single comment's thread
view the rest of the comments
[-] manwichmakesameal@lemmy.world 7 points 1 year ago

Why did you register two separate domains instead of using a wildcard cert from LE and just using subdomains?

[-] redemon@lemmy.world 2 points 1 year ago

To separate my internal and external. Both my domains have wild card certs. I have a VPS that connects to my home lab. External requests hit the VPS first. Internal requests bypass the VPS and go straight to my home lab.

I could use a single domain but then my internal requests would reach out to the VPS just to go back to my home lab. I wanted to avoid that extra hop.

[-] grue@lemmy.world 1 points 1 year ago

Do you need to actually register two different domains for that, or could the internal one use a reserved TLD like .lan or .internal?

[-] redemon@lemmy.world 1 points 1 year ago

I actually registered two different domains. I think using .lan or .internal would work like that. Essentially from the client machine, it needs to be able to resolve the domain name to the IP of your internal service. So say from your home PC you want to have grue.com resolve to your server. One way to do that is have a host entry on your PC to point grue.com to your server IP address. That way is easy to do and works great but will get annoying if you have multiple client machines.

Another way is if you have a local DNS server that can add locally defined DNS records. Pi-hole can do this, so that way any client machine that goes through Pi-hole will be routed to your server IP.

load more comments (2 replies)
load more comments (2 replies)
this post was submitted on 28 Jul 2023
37 points (93.0% liked)

Selfhosted

39700 readers
239 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
CannaVet@lemmy.world
Loki@lemmy.world
HybridSarcasm@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz