Portability is the key for me, because I tend to switch things around a lot. Containers generally isolate the persistent data from the runtime really well.
Docker is not the only, or even the best way IMO to run containers. If I was providing services for customers, I would definetly build most container images daily in some automated way. Well, I do it already for quite a few.
The mess is only a mess if you don’t really understand what you’re doing, same goes for traditional services.
Portainer + caddy + watchtower, this will give you the benefits of containers without the complexity of Kubernetes. As someone who professionally works with Kubernetes, I agree with what other people have said here: “only run it if you want to learn it for professional use”.
Portainer is a friendly UI for running containers. It supports docker compose as well. It helps with observability and ops.
Caddy is an easy proxy with automatic Let’s Encrypt support.
Watchtower will update and restart your containers if there’s an update.
(Edit: formatting)
It’s open source, it’s easy to setup, its agents are available for nearly anything including OpenWrt, it can serve the simplest use case of “is it down” as well as much more complicated ones that stem from its ability to collect data over time.
Personally I’m monitoring:
Is it up?
Is the storage array healthy?
Are the services I care about running?
I used to run it ephemerallly - wiping data on restart. Recently started persisting its data so I can see data over the longer run.
Purchase the domain with cloudflare, for email it depends how you use it:
With an email client like thunderbird:
A cheap service like mxroute is perfect
If you need to use a webmail:
You need to pay a lot because the free webmails are all unusable for advanced use.
Good options:
Zoho at $1 per user per month
Exchange with ovh at €3 per user per month
Bad options:
Google workspace at $10 per month per user plus the blood rights for your firstborn and pray that they don’t alter the deal
proton pro at $9 per user per month but IMHO is extremely overrated for what they offer at their price point (unless you need end to end encryption when emailing other proton users)
+1 for own domain and some email hosting service. That also makes it pretty easy to switch providers because you can simply point your MX records etc. somewhere else - no need to change the actual email address.
I can also recommend mailbox.org as an alternative to mxroute, they’re even a little cheaper at $3/month (mxroute is $49/year at minimum).
But man, I’ll be able to amend all those TODO items that have been accumulating of the last 12 months and fix all those issues while rebuilding my raid.
I mean that’s only if my GITs aren’t hijacked during the ransomware attack.
And I mean, I’ll probably just push the same config to my server and let it on its merry way again.
Well, based on advice of Samsy, take a backup of home-server network to a NAS on your home-network. (I do home that your server-segment and your home-segment are two seperated networks, no?) Or better, set up your NAS at a friend’s house (and require MFA or a hardware security-key to access it remotely)
Can you not just backup the pg txn logs (with periodic full backups, purged in accordance with your needs?). That’s a much safer way to approach DBs anyway.
(exclude the online db files from your file system replication)
Do two NICs. I have a bigger setup, and it’s all running on one LAN, and it is starting to run into problems. Changing to a two network setup from the outset probably would have saved me a lot of grief.
Huh, cool, thank you! I’m going to have to look into that. I’d love for some of my containers and VMs to be on a different VLAN from others. I appreciate the correction. 😊
You still need to do that, but you need the Linux bridge interface to have VLANs defined as well, as the physical switch port that trunks the traffic is going to tag the respective VLANs to/from the Proxmox server and virtual guests.
So, vmbr1 maps to physical interface enp2s0f0. On vmbr1, I have two VLAN interfaces defined - vmbr1.100 (Proxmox guest VLAN) and vmbr1.60 (Phsyical infrastructure VLAN).
My Proxmox server has its own address in vlan60, and my Proxmox guests have addresses (and vlan tag) for vlan100.
The added headfuck (especially at setup) is that I also run an OPNsense VM on Proxmox, and it has its own vlan interfaces defined - essentially virtual interfaces on top of a virtual interface. So, I have:
switch trunk port
enp2s0f0 (physical)
vmbr1 (Linux bridge)
vmbr1.60 (Proxmox server interface)
vmbr1.100 (Proxmox VLAN interface)
virtual guest nic (w/ vlan tag and IP address)
vtnet1 (OPNsense “physical” nic, but actually virtual)
vtnet1_vlan[xxx] (OPNsense virtual nic per vlan)
All virtual guests default route via OPNsense’s IP address in vlan100, which maps to OPNsense virtual interface vtnet1_vlan100.
Like I said, it’s a headfuck when you first set it up. Interface-ception.
The only unnecessary bit in my setup is that my Proxmox server also has an IP address in vlan100 (via vmbr1.100). I had it there when I originally thought I’d use Proxmox firewalling as well, to effectively create a zero trust network for my Proxmox cluster. But, for me, that would’ve been overkill.
I haven’t done it - but I believe Proxmox allows for creating a “backplane” network which the servers can use to talk directly to each other. This would be used for ceph and server migrations so that the large amount of network traffic doesn’t interfere with other traffic being used by the VMs and the rest of your network.
You’d just need a second NIC and a switch to create the second network, then staticly assign IPs. This network wouldn’t route anywhere else.
In proxmox there’s no need to assign it to a physical NIC. If you want a virtual network that goes as frast as possible you’d create a bridge or whatever and assign it to nothing. If you assign it to a NIC then since it wants to use SR-IOV it would only go as fast as the NIC can go.
This is exactly my setup on one of my Proxmox servers - a second NIC connected as my WAN adapter to my fibre internet. OPNsense firewall/router uses it.
Anyway, it just have one view mode with 3 panels and it’s not customizable. At the moment, the most featured and exstesible RSS Feed service seems to be FreshRSS as suggested in the thread by @specseaweed.
The Raspberry Pi 5 might be good enough for your needs. The 8GB costs a bit less than 100€ without any accessories at the danish reseller, so it fits in your budget. I don’t know if it’s good enough for all your services.
selfhosted
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.