operator
- 3 Posts
- 8 Comments
Joined 1Y ago
Cake day: Jun 15, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
- •
- 1Y
- •
So I'm in the process of (re-) setting up my homelab and unsure about how to handle databases. Many images require a database, which the docker-compose usually provides inside the stack.
Now my question, shall I have 1 database container which is accessed by all containers? Or shall I have a separate container for each service?
For critical services, which shall have as few dependencies as possible I'm already using sqlite or a similar solution.
Also on a sidenote: I have two docker hosts, can I let the containers of 1 hypervisors use the same internal docker network?
TIA!
- •
- 1Y
- •
So I'm in the process of (re-) setting up my homelab and unsure about how to handle databases. Many images require a database, which the docker-compose usually provides inside the stack.
Now my question, shall I have 1 database container which is accessed by all containers? Or shall I have a separate container for each service?
For critical services, which shall have as few dependencies as possible I'm already using sqlite or a similar solution.
Also on a sidenote: I have two docker hosts, can I let the containers of 1 hypervisors use the same internal docker network?
TIA!
What I’m doing is using a dedicated VPN Gateway container. The instances running delicate services have a static default route to the GW-container.
This is an extra step, but allows me add easily route other services or clients or even whole networks through my VPN without additional setup or specialized containers bundling both.
Wanna use it on the phone? Change the gateway address. Wanna use it from my Linux machine? Add a static default route. Etc…
Works flawlessly!
- •
- 1Y
- •
So everyone is talking about cloudflare tunnels and I decided to give it a shot.
However, I find the learning curve quite hard and would really appreciate a short introduction into how they work and how do I set them up…
In my current infrastructure I am running a reverse proxy with SSL and Authentik, but nothing is exposed outside. I access my network via a VPN but would like to try out and consider CF. Might be easier for the family.
How does authentication work? Is it really a secure way to expose internal services?
Thanks!
Unfortunately not at the moment, as all is kinda fiddled and setup manually, but I’m redoing my home lab in a couple of weeks. Send me a message and I’ll send you the docker image or script!
But basically I did the following:
If your vpn goes down, the default route shall still point to the remote gw, but as it isn’t there you also have a kill switch. Voila!
I am looking into gluetun but haven’t tried it yet.
Edit: this doesn’t protect you from someone snooping the traffic inside your local net, but protects it starting from the point where it leaves the local vpngw. The traffic is unencrypted between that and your client.