2
submitted 11 months ago by moontear@alien.top to c/main@selfhosted.forum

With my zoo of docker containers and multiple servers hosted locally or on some cloud providers, I feel the need more and more to understand what kind of network traffic is happening. Seeing my outbound traffic on some cloud providers I'm sometimes wondering "huh-where did that traffic come from?".

And honestly I have to say: I don't know. Monitoring traffic is a real hurdle since I'm doing a lot via tunnels / wireguard in between servers or to my clients. When I spin up a network analysis tool such as ntopng, I do see a lot of traffic happening that is "Wireguard". Cool. That doesn't help me one bit.

I would have to do some deep package inspection I suppose and SSL interception to actually understand WHAT is doing stuff / where network traffic comes from. Honestly I wouldn't be sure what stuff would be happening if there were some malicious thing running on the server and I really don't like that. I want to see all traffic and be able to assign it to "known traffic" or in other words - "this traffic belongs to Jellyfin", "That traffic is my gitea instance", "the other traffic is syncthing" or something along those lines.

Is there a solution you beautiful people in this subreddit recommend or use? Don't you care?

[-] moontear@alien.top 1 points 1 year ago

One thing that wasn’t mentioned: I can use *.internal.domain.com and not have that routed on public DNS (using my own DNS with pihole + unbound or adguard). Of course still valid certificate for that domain.

It feels good using a domain name I can type it and secondly *.domain.com IS publically routed, meaning all external services go there. The internal stuff I can only access via Tailscale (which automatically uses my dns).

moontear

joined 1 year ago