'%3e%3cpath%20d='M7.5%201.26055C9.37031%201.26055%209.5918%201.26875%2010.3273%201.30156C11.0109%201.33164%2011.3801%201.44648%2011.6262%201.54219C11.9516%201.66797%2012.1867%201.82109%2012.4301%202.06445C12.6762%202.31055%2012.8266%202.54297%2012.9523%202.86836C13.048%203.11445%2013.1629%203.48633%2013.193%204.16719C13.2258%204.90547%2013.234%205.12695%2013.234%206.99453C13.234%208.86484%2013.2258%209.08633%2013.193%209.82188C13.1629%2010.5055%2013.048%2010.8746%2012.9523%2011.1207C12.8266%2011.4461%2012.6734%2011.6812%2012.4301%2011.9246C12.184%2012.1707%2011.9516%2012.3211%2011.6262%2012.4469C11.3801%2012.5426%2011.0082%2012.6574%2010.3273%2012.6875C9.58906%2012.7203%209.36758%2012.7285%207.5%2012.7285C5.62969%2012.7285%205.4082%2012.7203%204.67266%2012.6875C3.98906%2012.6574%203.61992%2012.5426%203.37383%2012.4469C3.04844%2012.3211%202.81328%2012.168%202.56992%2011.9246C2.32383%2011.6785%202.17344%2011.4461%202.04766%2011.1207C1.95195%2010.8746%201.83711%2010.5027%201.80703%209.82188C1.77422%209.08359%201.76602%208.86211%201.76602%206.99453C1.76602%205.12422%201.77422%204.90273%201.80703%204.16719C1.83711%203.48359%201.95195%203.11445%202.04766%202.86836C2.17344%202.54297%202.32656%202.30781%202.56992%202.06445C2.81602%201.81836%203.04844%201.66797%203.37383%201.54219C3.61992%201.44648%203.9918%201.33164%204.67266%201.30156C5.4082%201.26875%205.62969%201.26055%207.5%201.26055ZM7.5%200C5.59961%200%205.36172%200.00820312%204.61523%200.0410156C3.87148%200.0738281%203.36016%200.194141%202.91719%200.366406C2.45508%200.546875%202.06406%200.784766%201.67578%201.17578C1.28477%201.56406%201.04688%201.95508%200.866406%202.41445C0.694141%202.86016%200.573828%203.36875%200.541016%204.1125C0.508203%204.86172%200.5%205.09961%200.5%207C0.5%208.90039%200.508203%209.13828%200.541016%209.88477C0.573828%2010.6285%200.694141%2011.1398%200.866406%2011.5828C1.04688%2012.0449%201.28477%2012.4359%201.67578%2012.8242C2.06406%2013.2125%202.45508%2013.4531%202.91445%2013.6309C3.36016%2013.8031%203.86875%2013.9234%204.6125%2013.9562C5.35898%2013.9891%205.59687%2013.9973%207.49727%2013.9973C9.39766%2013.9973%209.63555%2013.9891%2010.382%2013.9562C11.1258%2013.9234%2011.6371%2013.8031%2012.0801%2013.6309C12.5395%2013.4531%2012.9305%2013.2125%2013.3187%2012.8242C13.707%2012.4359%2013.9477%2012.0449%2014.1254%2011.5855C14.2977%2011.1398%2014.418%2010.6313%2014.4508%209.8875C14.4836%209.14102%2014.4918%208.90312%2014.4918%207.00273C14.4918%205.10234%2014.4836%204.86445%2014.4508%204.11797C14.418%203.37422%2014.2977%202.86289%2014.1254%202.41992C13.9531%201.95508%2013.7152%201.56406%2013.3242%201.17578C12.9359%200.7875%2012.5449%200.546875%2012.0855%200.369141C11.6398%200.196875%2011.1313%200.0765625%2010.3875%200.04375C9.63828%200.00820313%209.40039%200%207.5%200Z'%20fill='white'/%3e%3cpath%20d='M7.5%203.4043C5.51484%203.4043%203.9043%205.01484%203.9043%207C3.9043%208.98516%205.51484%2010.5957%207.5%2010.5957C9.48516%2010.5957%2011.0957%208.98516%2011.0957%207C11.0957%205.01484%209.48516%203.4043%207.5%203.4043ZM7.5%209.33242C6.21211%209.33242%205.16758%208.28789%205.16758%207C5.16758%205.71211%206.21211%204.66758%207.5%204.66758C8.78789%204.66758%209.83242%205.71211%209.83242%207C9.83242%208.28789%208.78789%209.33242%207.5%209.33242Z'%20fill='white'/%3e%3cpath%20d='M12.0773%203.26206C12.0773%203.72691%2011.7%204.10152%2011.2379%204.10152C10.773%204.10152%2010.3984%203.72417%2010.3984%203.26206C10.3984%202.79722%2010.7758%202.42261%2011.2379%202.42261C11.7%202.42261%2012.0773%202.79995%2012.0773%203.26206Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_560_306'%3e%3crect%20width='14'%20height='14'%20fill='white'%20transform='translate(0.5)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Docker's awesome! Now stick a reverse proxy like nginx in front so you don't have to remember dozens of port numbers
1 
#1 1wI only use a reverse proxy for publishing 2 services to the web, I like remembering the port numbers on lan
1 #1 1wwhats the difference between ingress and nginx, im a noob sry
5 #2 1wnginx proxies like npm are great for mapping a subdomain to a port number which I was saying would be great because instead of having to go to example http://192.168.1.2:12547 you can just go to https://plex.homedomain.com. Not only will nginx (NPM) shorten the work to get to a specific docker container it can use a free self-renewing SSL cert to protect traffic. But OP prefers port numbers so...
2 #1 1wOh you asked about Kubernetes Ingress. Yeah, it basically performs the same function that NPM does for Docker. They both sit in front of web apps and route incoming requests. Different ecosystems but they both do TLS termination, auth, rate limiting, etc.
2 #1 1wYea I prefer port numbers bc Iโm not about to or donโt need to publish my *arr suite to the web
1 OP 1wBut jellyfin is the main domain p443 and jelly seer is on a sub domain p443
1 OP 1wIf Iโm away from home and want to administer thatโs what WireGuard is for, and if WireGuard goes down then I have some shitty slow Ikev2 vpn on my router
6 OP 1wTotally agree with using WG for remote admin. But I have 93 active containers. I would just die if I had to address them all by port number...lol. So I use NPM, not to expose them to the web, but for my sanity and also it's nice to not have Chrome throw a conniption for not having proper SSL or having self-signed certs. Another thing I do is have Heimdall to organize them all into some semblance of neatness. Yeah, otherwise agree. WG is awesome for maintaining secure connectivity away from home.
1 #1 1w93 gah damn, Something cool I learned recently is that if I want my domain to work externally and internally I can just add a dns override in my router (I heard nat pinning may be cpu heavy on my router - not bad but I like best practices and efficiency) but the actual cool thing is that the ssl cert still works internally and doesnโt throw up security errors so I can give the urls to family without ever worrying about a cert or them switching between external/internal ip. I guess if you wanted
1 OP 1wSimilar but on internal only you can just keep port 80 open for the cert renewal
1 OP 1wYeah, it's kind of an addiction. I need to go to Dockers Anonymous, lol. I started with just a handful on my Synology NAS, but Synology is a little restrictive about what ports/tools you can use so I got an old Dell server that had a good number of cores (32) and a crapload of memory (128 GB). Installed Proxmox on it, fired up a Debian VM, installed Docker and Portainer (awesome mgmt tool) and here we are 93 containers later.
6 #1 1wWhat do you have besides the basics like password mgmt, immich, media stuff, do you do a lot of like smarthome stuff, game servers, apps with a ton of microservices?
1 OP 1wSo much hair pulling debugging containers that refused to work in certain configurations, figuring out how to proxy certain containers thru VPN, etc. You mentioned cert renewal. I try to avoid only the bare minimum ports to the big bad internet (so that's basically just WG). For cert renewal, I use LE's DNS challenge. Bonus of that method is it allows me to issue wildcard TLS certs so one cert works for all 93 containers since they have different subdomains but one root domain.
2 OP 1wI have an antenna on my roof that pulls in signals from nearby boats (AIS) and planes (ADSB) and transmits it to data aggregators (like FlightAware or MarineTraffic) so I have a few containers dedicated to that. A local Docker Registry and UI (like hub.docker.com but local), a local Firefox sync server, an RSS feed reader, a local speed test server (iPerf), a language translation container (LibreTranslate), a local SW Dev VC Env (Gitea - like Github but local), local music servers (Navidrome)...
4 #1 1wYo thatโs cool I might have to go on my roof before it gets cold
5 OP 1w...local iPXE server (NetbootXYZ), local docs/media (Nextcloud), local pastebin (PrivateBin), local self-monitoring tool (Uptime Kuma), automated Docker updater (Watchtower), local VS Code Server (Code Server), network monitoring system (LibreNMS), NextPVR, Prometheus, Grafana, local Unifi server, local API dev environment (Hoppscotch) and many others
3 #1 1wHoly shit mf knows ball
1 #1 1wFellow UniFi user spotted
4 OP 1wEasiest way I found to get started with ADSB collection is PiAware. You can build it (using Raspberry Pi) or buy it off eBay. It comes with a RPi, a USB stick and antenna. Antenna next to your window, plug stick into RPi and your off to the races. It's good to get started because it's easy but later you can move to rooftop antennas, longer runs and moving the essential SW into a Docker container. It gives you a cool little map that shows every plane in your vicinity it can detect....
2 #1 1wI live a block from the beach so I think the boat stuff would be sick
6 OP 1wPlace bets on what boat is gonna pass by, little do they know (assuming I can get range that far)
3 OP 1wTo pickup boat traffic (AIS traffic) you'll need a similar adapter as used for planes. It's a Realtek RTL2832U. You can get it as a package from places like RTL-SDR.com, eBay or any hobby SDR (software defined radio) shop. Connect the dongle to either their dipole antenna kit or I just used an old TV antenna already on my roof (needs to be VHF), then adapters to convert it from RG6 to RG174. Then it's just a matter of configuring Docker to look for the stick and a container like ShipFeeder
5 OP 1wAs far as range, MarineTraffic tells me I have 5 nautical miles of coverage or 338 sq. km. And AIS Catcher (the map that shows the boats) shows I can often pickup boats that are anywhere from 8-10 miles away. And that's with an antenna that's not really specifically tuned for this application (old TV antenna). With you being right at the beach and assuming you get a proper dipole antenna and good elevation, you could easily surpass that.
5