kwa
@kwa@lemmy.zip
- Comment on Public vs. Private synched photo management 2 weeks ago:
I have been using frp to expose one port of my private server to the public one. Then on the public server, I’m using nginx as reverse proxy to enable https.
This works great for my use case. Regarding security, if the application has a vulnerability, it is still an open door to your private server. My app runs on rootless podman, so only the container and the data it contains would be compromised.
- Comment on Podman rootless and ufw 5 months ago:
Ah I think you may have solved part of the problem. I tried to use a network and have container name resolution but it failed. That’s why I went with pods and publish ports directly to the host.
I will try to use a dedicated network with DNS on, thanks!
- Comment on Podman rootless and ufw 5 months ago:
I wanted to do something similar. But I grouped some containers using pods and it seems it broke the networking.
Eventually I kept the pods, and exposed everything to the host where caddy can meet the services there. Not the cleanest way, especially as my firewall is turned off.
- Comment on Podman rootless and ufw 5 months ago:
I switched at work because of the license changes docker did. I noticed that for my work workflow, podman was a direct remplacement of docker.
For my homelab, I wanted to experiment with rootless and I also prefer to have my services handled by systemd. Also I really like the built-in auto update from podman
- Comment on Podman rootless and ufw 5 months ago:
Yes maybe, I will edit my post to better explain the issue I’m facing.
I’m using pasta. I can see some weird, for instance some services can access other through host.containers.internal and for others, I have to use 192.168.1.x
- Comment on Podman rootless and ufw 5 months ago:
Mainly Immich, paperless and jellyfin
- Comment on Podman rootless and ufw 5 months ago:
I should have clarified this. It does not open the ports, but I have setup my firewall to allow a range of IP and the traffic is still blocked.
I have noticed some inconsistency in the behavior, where the traffic would sometimes work upon ufw activation but never work upon reboot. Knowing how docker works, I thought podman would also mess with the firewall. But maybe the issue comes from something else.
- Submitted 5 months ago to selfhosted@lemmy.world | 19 comments
- Comment on Please suggest some good self-hostable RAG for my LLM. 9 months ago:
I’m new to this and I was wondering why you don’t recommend ollama? This is the first one I managed to run and it seemed decent but if there are better alternatives I’m interested