As this is a new community hoping to continue the old. I thought I would take the opportunity to make some requests.
I have an intel NUC as a server with
- sonarr
- radarr
- prowlarr
- transmission with vpn
- jellyfin
- daap
- home assistant
- organizr
Wish list
- some kind of dns resolution so I can access jellyfin.server.local
- vpn to access server remotely with dynamic dns
- some help with ansible so I can stop using my docker compose file manually.
I have done some reading and in all honesty just haven’t had the drive to try for fear of breaking something that’s working ok.
- Buy a domain name
- Set up a free cloudflare account
- Set up portainer to manage your docker-compose files (they call them stacks)
- Set up cloudflare dyndns service to regularly update your WAN ip for your domain name
- Set up cloudflare zero trust for authentication
- Set up Nginx proxy manager to route traffic to your NUC by IP and port
Should take you less than a day to get all of that working
That was an awesome and concise list.
Never though to use Portianer In That regard, feel a bit stupid now.
I have tried noi X proxy manager but could only get 404 or single service working at a time.
Here are the containers I use
Portainer
This is run directly on the host machine… not through portainer itself. This is the only container I run directly through docker. Full guide from portainer
docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
Make sure to update the volume to be where you want to store the data (especially if you’re using a mounted NAS/DAS
Cloudflare DDNS
version: '2' services: cloudflare-ddns: image: oznu/cloudflare-ddns:latest restart: always container_name: cloudflare-root environment: - API_KEY={redacted} - ZONE=name.tld - PROXIED=true # I proxy everything through cloud flare so my home IP isn't exposed # This sets IP address for the root name.tld cloudflare-ddns-abs: image: oznu/cloudflare-ddns:latest restart: always container_name: cloudflare-xyz environment: - API_KEY={redacted} - ZONE=name.tld - PROXIED=true - SUBDOMAIN=xyz # This container doesn't handle multiple subdomains, nor wildcards... # So I have to run a different container for each service that's on its own subdomain. PITA
Cloudflare zero trust
- Here’s the guide from Cloudflare. It’s all managed in their dashboard
- I just have a one service exposed to the WAN that needs auth.
- Create an
application
- For the access policy, I just use OTP with a long session duration since I’m the only user
nginx proxy manager
Management and setup in the app is fairly straightforward, but depends on your local setup.
Here’s part of the stack I use:
version: "3" services: app: image: 'jc21/nginx-proxy-manager:latest' restart: unless-stopped ports: - '80:80' # Public HTTP Port - '443:443' # Public HTTPS Port - '81:81' # Admin Web Port
Wow @Bldck. Thank you!!!
After reading a bit more on what you said I got a bit more invigorated and just ordered a second hand Lenovo thinkcentre. I am going to start fresh with it.
I will use this 100% and report back.
Good luck!
Might be an issue with port forwarding on your router
What have you done with Ansible so far?
Nothing. I have some at work for deploying applications I write. But I don’t manage them and they are extremely modular so a bit hard to follow.
I’m using freedns.afraid.org services 20+ years now in my homelab environments. You just run their script every x minutes, it checks your ip and if its changed then call their url and it updates your new ip. Completely free and easy solution. To access your server’s services you should use your router vpn service (or wireguard).
That’s a nice idea.
I have been using duckdns for a while. Any benefits of freedns.afraid.org?
Virtualmin does dns. Or you could do bind and power DNS web front end.
If you virtualize your workloads or have backups it makes changed less risky.