Raspberry pi4 Docker:- gluetun(qBit, prowlarr, flaresolverr), tailscale(jellyfin, jellyseerr, mealie), rad/read/sonarr, pi-hole, unbound, portainer, watchtower.

Raspberry pi3 Docker:- pi-hole, unbound, portainer.

  • 2 Posts
  • 39 Comments
Joined 1 year ago
cake
Cake day: June 26th, 2023

help-circle

  • My initial inception of this box was to have it request a static IP so I knew “box.ip”. Then tape then tape some thing like this:

    Box.ip Service1:port Service2:port …

    Onto the case. Then in NPM have it proxy requests to “box.ip:8096” to “tailscale.ip:8096”. But alas, I couldn’t figure it out. I could get 1 service to work but not multiple.

    I couldn’t ask someone to write the config for me, but if you’re certain it’s doable then I’ll learn to write a config. Thank you for the offer. I’m guessing for each service I tell nginx to “listen” at “port” instead of only listening to ports 80,443 and 81.

    MDNS seems like an interesting solution though, I’m going to read about that now actually, thank you for highlighting that solution to me. If I could get that working that would be ideal. I’ll have to check if the expected devices are compatible but that would make everyone’s life easier if I could just setup a cronjob on startup.


  • Thank you for the reading material, it’ll be tonight project. I think I’m just going to tell people if they want to join in the family immich/mealie/etc they’ll just have to let me into their router. They’ll get memorable addresses out of it and adblocking too. I’m pretty sure that setup is comfortably within my skill set. I thought long and hard about opening ports but the security needed is beyond me currently. Down side is cost and I’ll be managing a bunch of boxe. But I can add updating them into the monthly maintenance and if/when they come back they can be repurposed into other projects.


    I tried /locations but my service would rewrite the URL and break itself. I’d navigate to “box.ip/immich” and immich would change the address to “box.ip/login” and hang.

    I’d need to learn how to have npm lock “box.ip/immich” and let immich append “/login”. I’ll leave my test VM up and just chip away at it. I think I need the “rewrite” flag but I’m getting dangerously close to just learning how to write an nginx config instead of having npm do it for me.

    Thanks again for the pointers




  • Oh, routing, I remember watching an “off site back up” video where they set up IP tables, or IP forwarding, or some such, so when their parents tried to access jellyfin locally it was routed over tailscale. Maybe I’m misremembering though, I’m not confident enough to start thinking about it seriously, so I logged it as “that’s possible” and moved on.

    That way I just have to keep one instance of jellyfin/immich/etc up to date. It’s all a bit beyond my ken currently but it’s the way I’m trying to head. At least until I learn a better way.

    Ideally, I give someone a pi all set up. They plug it in go to service.domain.xyz and it routes to me. Or even IP:Port would be fine, I’ll write them down and stick it to their fridge.

    My parents and I run each others’ off-site back up (tailscale-syncthing), but their photo and media services are independent from mine. I just back up their important data, and they return the favour, but we can’t access or share anything.

    Guides like yours are great for showing what’s possible. I often find myself not knowing what I don’t know so don’t really know where to start learning what I need to learn.


  • What a write up, thank you for documenting this.

    I understand a lot of people in this hobby do it professionally too, so a lot is assumed to be common knowledge us outsiders just don’t have.

    While my system of using tailscale’s magic dns to use lxc:port works fine for my fiancée and I, expanding this a family wide system would prove challenging.

    So this guide is next step. I could send my fiancée to <home.domain.xyz> and it’ll take her to homarr, or <jellyseerr.domain.xyz>

    The ultimate dream would be to give family members a pi zero and a <home.domain.xyz> and then run a family jellyfin/immich.






  • I guessed it was a “once bitten twice shy” kind of thing. This is all a hobby to me so the cost-benefit, I think, is vastly different, nothing on my setup is critical. Keeping all those records and up to date on what version everything is on, and when updates are available and what those updates do and… sound like a whole lot of effort when currently my efforts can be better spent in other areas.

    In my arrogance I just installed Watchtower, and accepted it can all come crashing down. When that happens I’ll probably realise it’s not so much effort after all.

    That said I’m currently learning, so if something is going to be breaking my stuff, it’s probably going to be me and not an update. Not to discredit your comment, it was informative and useful.


  • Fedegenerate@lemmynsfw.comtoSelfhosted@lemmy.worldWhat's the deal with Docker?
    link
    fedilink
    English
    arrow-up
    16
    arrow-down
    1
    ·
    edit-2
    8 months ago

    When I asked this question

    So there are many reasons, and this is something I nowadays almost always do. But keep in mind that some of us have used Docker for our applications at work for over half a decade now. Some of these points might be relevant to you, others might seem or be unimportant.

    • The first and most important thing you gain is a declarative way to describe the environment (OS, dependencies, environment variables, configuration).
    • Then there is the packaging format. Containers are a way to package an application with its dependencies, and distribute it easily through the docker hub (or other registries). Redeploying is a matter of running a script and specifying the image and the tag (never use latest) of the image. You will never ask yourself again “What did I need to do to install this again? Run some random install.sh script off a github URL?”.
    • Networking with docker is a bit hit and miss, but the big thing about it is that you can have whatever software running on any port inside the container, and expose it on another port on the host. Eg two apps run on port :8080 natively, and one of them will fail to start due to the port being taken. You can keep them running on their preferred ports, but expose one on 18080 and another on 19080 instead.
    • You keep your host simple and empty of installed software and packages. Less of a problem with apps that come packaged as native executables, but there are languages out there which will require you to install a runtime to be able to start the app. Think .NET, Java but there is also Python out there which requires you to install it on the host and have the versions be compatible (there are virtual environments for that but im going into too much detail already).

    I am also new to self hosting, check my bio and post history for a giggle at how new I am, but I have taken advantage of all these points. I do use “latest” though, looking forward to seeing how that burns me later on.

    But to add one more:- my system is robust, in that I can really break my containers (and I do), and to recover is a couple clicks in Portainer. Then I can try again, no harm done.






  • You have cleared up a lot of misconceptions for me, I have not been port forwarding, I have not learned how yet. I think I’m good. I don’t mind breaking functional stuff, and have a lot already, but I really don’t want to explain to my fiancée that the reason someone is in her bank is because I wanted to watch Samurai Jack.

    I have been keeping it as insular as possible for this reason, and the next thing I intent to learn is to make it more insular by putting the pi on a subnet of its own. Actually, thank you for writing that up. I have been actively resisting using people for IT support, as I know it takes time. I have been trying to find everything I can, there isn’t much or what there is assumes knowledge I don’t have.

    There’s a comment with a list of stuff to do that I’ve saved. So I’ll probably start knocking that out one by one.




  • Both pi’s have static IPs.

    I asked the *arrs to talk to each other, and when they didn’t work (and only when they didnt work) I "ufw allow"ed the relevant port.

    I just want to patch up my firewall layer as best I can, and then start building security layers on top/below it as I learn how.

    So I told Sonarr that qBit it at 192.168…:port. The test failed, “ufw allow port”, then the test passed. Could I instead have told Sonarr qBit is at 172.18…:port(dockers network address) and then close up the firewall. Or can I set them all to “ufw limit”. Or set the firewall to only allow local local traffic… You get the idea, I know enough to be dangerous but not enough to ask the right questions.