this post was submitted on 18 Nov 2023

41 points (97.7% liked)

Selfhosted

40006 readers

1241 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago

MODERATORS

ruud@lemmy.world

Loki@lemmy.world

CannaVet@lemmy.world

HybridSarcasm@lemmy.world

devve@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

Need help: accessing all my containers by name (yall.theatl.social)

submitted 11 months ago by jrbaconcheese@yall.theatl.social to c/selfhosted@lemmy.world

22 comments fedilink hide all child comments

I’m to the point now where my little home device has enough services and such that bookmarking them all as http://nas-address:port is annoying me. I’ve got 3 docker stacks going on (I think) and 2 networks on my Synology. What’s the best or easiest way to be able to reach them by e.g. http://pi-hole and such?

I’m running all on a Synology 920+ behind a modem/router from my ISP so everything is on 192.168.1.0/24 subnet, and I’ve got Tailscale on it with it as an exit node if that helps.

all 23 comments

sorted by: hot top controversial new old

[–] Swarfega@lemm.ee 14 points 11 months ago (1 children)

I use nginx proxy manager to reach all my services via servicename.domain.com for example.

https://nginxproxymanager.com/

Nginx proxy manager is really simple to use. Again it runs as a container and uses let's encrypt certificates.

[–] dandroid@dandroid.app 3 points 11 months ago (2 children)

Ugh. I really gotta switch to this. I started out by using Apache because that's what I use for work, and just what I know. I create the configs and get the certificates from Let's Encrypt manually. But now I have so many services that switching to something else feels daunting. But it's kind of a pain in the ass every time I add something new.

[–] Swarfega@lemm.ee 2 points 11 months ago (1 children)

Other than writing an entry in my docker-compose.yml that was all the configuration required. The rest is in the GUI and it's super simple.

[–] dandroid@dandroid.app 1 points 11 months ago (1 children)

Oh, I don't have a GUI for my server. But I'm sure they have a command line interface for it, right?

[–] Swarfega@lemm.ee 3 points 11 months ago* (last edited 11 months ago) (1 children)

I mean nginx proxy manager is managed by a GUI/web interface.

[–] dandroid@dandroid.app 2 points 11 months ago

Oh right a web interface. That makes more sense. 😅

Yeah, I really do need to get around to setting that up............

[–] vegetaaaaaaa@lemmy.world 1 points 11 months ago* (last edited 11 months ago)

get the certificates from Let’s Encrypt manually

https://httpd.apache.org/docs/2.4/mod/mod_md.html just add MDomain myapp.example.org to your config and it will generate Let' Encrypt certs automatically

it’s kind of a pain in the ass every time I add something new.

You will have to do some reverse proxy configuration every time you add a new app, regardless of the method (RP management GUIs are just fancy GUIs on top of the config file, "auto-discovery" solutions link traefik/caddy require you to add your RP config as docker labels). The way I deal with it, is having a basic RP config template for new applications [1]. Most of the time ProxyPass/ProxyPassReverse is enough, unless the app documentation says otherwise.

[–] toxicyeti@sh.itjust.works 7 points 11 months ago

Maybe a dashboard might help? Gethomepage.dev works really well for me.

[–] PlexSheep@feddit.de 5 points 11 months ago

You need a reverse proxy. That's what they do.

The next thing is fully subjective, but I would not recommend Nginx Proxy Manager. It has a neat GUI, but in my setups it has been failing often times, especially if used in public servers with letsencrypt certificates.

Maybe I fucked up something, but I can really recommend caddy instead. It's configured from a yaml file, but I find that to be much more flexible for custom rules and so on. Also, configuring caddy is stupidly simple, I love it.

[–] beeng@discuss.tchncs.de 4 points 11 months ago (1 children)

Everybody is saying a reverse proxy which is correct, but you said docker stacks, so if that means docker compose then the names of your container is also in DNS so you can use that.

Can't remember if port is needed still or not however.

[–] Perhyte@lemmy.world 10 points 11 months ago (2 children)

AFAIK docker-compose only puts the container names in DNS for other containers in the same stack (or in the same configured network, if applicable), not for the host system and not for other systems on the local LAN.

[+] jrbaconcheese@yall.theatl.social 1 points 11 months ago (3 children)

[deleted]

[–] i_am_not_a_robot@discuss.tchncs.de 1 points 11 months ago

It might work if you put them on the same Docker network? I use Kubernetes and it definitely has this feature.

[–] CalicoJack@lemmy.dbzer0.com 1 points 11 months ago

Yes, that's how it's supposedto work if they're all on the same Docker network (same yaml). In practice, it can be flaky and you're much better off using ip:port.

[–] emax_gomax@lemmy.world 1 points 11 months ago

In general yes. You can think of each container in a docker network as a host and docker makes these hosts discoverable to each other. Docker also supports some other network types that may not follow this concept if you configure them as such (for example if you force all containers to use the same networking stack as one container (I do this with gluetun so I can run everything in a vpn) all services will be reachable only from the gluetun host instead of individual service hosts).

Furthermore services in a container are not exposed outside of it by default. You must explicitly state when a port in a container is reachable by your host (the ports: option).

But getting back to the question at hand, what you're looking for is a reverse proxy. It's a program that accepts requests from multiple requested and forwards them somewhere else. So you connect to the proxy and it can tell based on how you connect (the url) whether to send the request to sonarr or radarr. http://sonarr.localhost and http://radarr.localhost will both route to your proxy and the proxy will pass them to the respective services based on how you configure it. For this you can use nginx, but I'd recommend caddy as it's what I'm using and it makes setting up things like this such a breeze.

[–] beeng@discuss.tchncs.de 1 points 11 months ago

If you don't set the network, doesn't it default to host?

I'm pretty sure it's available locally... Yes but maybe not via network. So might not be as useful for OP. Correct!

[–] scrubbles@poptalk.scrubbles.tech 4 points 11 months ago (1 children)

There's a few options. Personally I use nginx. You can build a proxy container running nginx, then you can direct traffic to other containers.

I do things like serviceX.my.domain and that will know to proxy traffic to serviceX. Added benefit is that now you have one ingress to your containers, you don't need to memorize all of those ports.

I know traefik is a thing that other people like

If you want something real simple you could also do Heimdall, which let's you register your systems you have running, you open Heimdall first and it'll direct you to what you have running, but that's essentially just fancy bookmarks

[–] jrbaconcheese@yall.theatl.social 2 points 11 months ago (1 children)

I looked at Heimdall and came to the same conclusion, I could just whip up a static html page of links, or make bookmarks, easier than maintaining another docker.

[–] scrubbles@poptalk.scrubbles.tech 1 points 11 months ago

Yep, tried it and yeah just a fancy page for bookmarks - although it did make a nice home/landing page for me whenever I opened a new tab.

Nginx is your friend then, set up a good proxy and it'll be much easier to navigate your network.

[–] ALERT@sh.itjust.works 3 points 11 months ago

The way I got it set up using Pihole and NginxProxyManager in Unraid:

Deploy NginxProxyManager using custom: br0 with a separate IP address

Pihole can't do wildcards unless you create pihole/dnmasq.d/03-custom-dns.conf and add address=/tld/npm_ip, this way *.tld goes to the stated IP.

Now your plex.tld goes to your nginx proxy manager IP, and it needs to handle the subdomain. NginxProxyManager can do wildcards both ways, so you can create plex.* to go to plex IP and port. or sonarr.* that goes to your server IP and sonarr port

Please tell me if you need more details.

[–] jrbaconcheese@yall.theatl.social 1 points 11 months ago

Thanks to everyone who replied, but I gave up on this. Turns out that Synology’s DSM has nginx as part of it, without exposing it as configurable, that commandeers ports 443 and 5000, and any other port seems to direct to 5001(?) which is the desktop manager login. I’ll just remember all the ports or maybe get Heimdall spun up!

[–] Decronym@lemmy.decronym.xyz 0 points 11 months ago* (last edited 11 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters	More Letters
DNS	Domain Name Service/System
HTTP	Hypertext Transfer Protocol, the Web
IP	Internet Protocol
NAS	Network-Attached Storage
SSL	Secure Sockets Layer, for transparent encryption
TCP	Transmission Control Protocol, most often over IP
UDP	User Datagram Protocol, for real-time communications
nginx	Popular HTTP server

[Thread #288 for this sub, first seen 18th Nov 2023, 19:15] [FAQ] [Full list] [Contact] [Source code]