I use node exporter for host metrics (Proxmox/VMs/SFFs/RaspPis/Router) and a number of other *exporters:
exportarr
plex-exporter
unifi-exporter
bitcoin node exporter
I use the OpenTelemetry collector to collect some of the above metrics, rather than Prometheus itself, as well as docker logs and other log files before shipping them to Prometheus/Loki.
Oh, I also scrape metrics from my Traefik containers using OTEL as well.
What does having OpenTelemetry improve? I have a setup similar to yours but data goes from Prometheus to Grafana and I never thought I would need anything else.
Not a whole lot to be honest. But I work with OpenTelemetry everyday for my day job, so it was a little exercise for me.
Though, OTEL does have some advantages in that It is a vendor agnostic collection tool. allowing you to use multiple different collection methods and switch out your backend easily if you wish.
About the root problem, as of now new installs are trying to let the user to run everything as a limited user. And the program is ran as root inside the container so in order to escape from it the attacker would need a double zero day exploit (one for doing rce in the container, one to escape the container)
The alternative to “don’t really know what’s in the image” usually is: “just download this Easy minified and incomprehensible trustmeimtotallynotavirus.sh script and run it as root”. Requires much more trust than a container that you can delete with no traces in literally seconds
If the program that you want to run requires python modules or node modules then it will make much more mess on the system than a container.
Downgrading to a previous version (or a beta preview) of the app you’re running due to bugs it’s trivial, you just change a tag and launch it again. Doing this on bare metal requires to be a terminal guru
Finally, migrating to a new fresh server is just docker compose down, then rsync to new server, and then docker compose up -d. And not praying to ten different gods because after three years you forgot how did you install the app in bare metal like that.
Docker is perfect for common people like us self hosting at home, the professionals at work use kubernetes
Well docker tends to be more secure if you configure it right. As far as images go it really is just a matter of getting your images from official sources. If there isn’t a image already available you can make one.
The big advantage to containers is that they are highly reproducible. You no longer need to worry about issues that arise when running on the host directly.
Also if you are looking for a container runtime that runs as a local user you should check out podman. Podman works very similarly to docker and can even run your containers as a systemd user service.
no messy system or leftovers. some programs use directories all over the place and it gets annoying fast if you host many services. sometimes you will have some issue that requires you to do quite a bit of hunting and redoing things.
docker makes this painless. you can deploy and redeploy stuff easily and quickly, without a mess. updates are painless and quick too, with everything neatly self-contained.
much easier to maintain once you get the hang of things.
Thanks thats good to know! I have got onto tailscale and have a test lab setup with a digital ocean vps for the public IP(exit node) and a ubuntu machine with a tunnel to it. Its working, just need to translate that to pfsense…
I’ve dabbled with some monitoring tools in the past, but never really stuck with anything proper for very long. I usually notice issues myself. I self-host my own custom new-tab page that I use across all my devices and between that, Nextcloud clients, and my home-assistant reverse proxy on the same vps, when I do have unexpected downtime, I usually notice within a few minutes.
Other than that I run fail2ban, and have my vps configured to send me a text message/notification whenever someone successfully logs in to a shell via ssh, just in case.
Based on the logs over the years, most bots that try to login try with usernames like admin or root, I have root login disabled for ssh, and the one account that can be used over ssh has a non-obvious username that would also have to be guessed before an attacker could even try passwords, and fail2ban does a good job of blocking ips that fail after a few tries.
If I used containers, I would probably want a way to monitor them, but I personally dislike containers (for myself, I’m not here to “yuck” anyone’s “yum”) and deliberately avoid them.
I’ve got HA with Frigate + USB Coral w/4 cams, FlightRadar24 receiver/feeder, ESPHome, NodeRed, InfluxDB, Mosquitto, and Zwave-JS on a refurbished Lenovo ThinkCenter M92p Tiny, rigged with an i5 3.6GHz, 8GB RAM and 500GB spindle drive. It’s almost overkill.
Frigate monitors 2 RTSP and 2 MJPEG cams (sometimes up to 3 RTSP and 5 MJPEG, depending of if I’m away for the weekend) with hardware video conversion. FR24 monitors a USB SDR dongle tracking several hundred aircraft per hour. I live under one.of the main approaches to a major US hub.
Processor sits at 10% or less most of the time, and really only spikes when I compile new binaries for the ESP32 widgets I have around the house. It uses virtually none of the available disk. It’s an awesome platform for HA for the price.
Thanks for your reply! So that is a 3rd gen Intel chip if I kagi’d correctly? I was planning to get a 8th gen or later. Not sure though if it’s worth it, I’m not too familiar with the differences between all generations.
I think the i5 is Ivy Bridge, but I couldn’t tell you what gen that is. My main use of HA aside from the automation is Frigate, which apparently needs the hardware AVX flags. This chip supports AVX512, where my older AMD did not, so that’s why I went with it. Its an i5-3470T, if that helps.
If you’re only using it for Plex and nothing else, it probably won’t make a lot of difference which you use.
My old setup was Ubuntu running Plex as an install… if you just run a server without a gui, it’s like 3 lines to install Plex
I also have a pi as a portable setup running the docker version which works pretty well but I don’t think it will handle hardware encoding very well, but I could be wrong
Yeah Ubuntu came up in a few searches, I’ll read more about that, Desktop was 25gb which was a bit excessive given the age of the PC, will look at server, ty
Debian is another popular choice for servers (Ubuntu is based on Debian, with a few things bolted on top which are in my opinion not worth it). The default Debian installation only consumes 1-2GB disk space (just deselect any desktop environment during the installation process)
I would start at the github repo and check if that issue has been documented.
If yes, follow the instructions. If not, check your dns since 502 often came from dns in my case.
If both doesnt reveal anything, you could open an issue in the repo and post your (sanitized) logs and wait for answers.
The error suggests a problem with the lemmy-lemmy-ui-1 container. Maybe it needs an update or has pulled a wrong update. When did you update last? Did you try restarting the stack?
selfhosted
Oldest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.