kwa

@kwa@lemmy.zip

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Public vs. Private synched photo management⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
I have been using frp to expose one port of my private server to the public one. Then on the public server, I’m using nginx as reverse proxy to enable https.

This works great for my use case. Regarding security, if the application has a vulnerability, it is still an open door to your private server. My app runs on rootless podman, so only the container and the data it contains would be compromised.
⁨Comment⁩ on ⁨Podman rootless and ufw⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
Ah I think you may have solved part of the problem. I tried to use a network and have container name resolution but it failed. That’s why I went with pods and publish ports directly to the host.

I will try to use a dedicated network with DNS on, thanks!
⁨Comment⁩ on ⁨Podman rootless and ufw⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
I wanted to do something similar. But I grouped some containers using pods and it seems it broke the networking.

Eventually I kept the pods, and exposed everything to the host where caddy can meet the services there. Not the cleanest way, especially as my firewall is turned off.
⁨Comment⁩ on ⁨Podman rootless and ufw⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
I switched at work because of the license changes docker did. I noticed that for my work workflow, podman was a direct remplacement of docker.

For my homelab, I wanted to experiment with rootless and I also prefer to have my services handled by systemd. Also I really like the built-in auto update from podman
⁨Comment⁩ on ⁨Podman rootless and ufw⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
Yes maybe, I will edit my post to better explain the issue I’m facing.

I’m using pasta. I can see some weird, for instance some services can access other through host.containers.internal and for others, I have to use 192.168.1.x
⁨Comment⁩ on ⁨Podman rootless and ufw⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
Mainly Immich, paperless and jellyfin
⁨Comment⁩ on ⁨Podman rootless and ufw⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
I should have clarified this. It does not open the ports, but I have setup my firewall to allow a range of IP and the traffic is still blocked.

I have noticed some inconsistency in the behavior, where the traffic would sometimes work upon ufw activation but never work upon reboot. Knowing how docker works, I thought podman would also mess with the firewall. But maybe the issue comes from something else.
Podman rootless and ufw
Submitted ⁨⁨5⁩ ⁨months⁩ ago⁩ to ⁨selfhosted@lemmy.world⁩ | ⁨19⁩ ⁨comments⁩
⁨Comment⁩ on ⁨Please suggest some good self-hostable RAG for my LLM.⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
I’m new to this and I was wondering why you don’t recommend ollama? This is the first one I managed to run and it seemed decent but if there are better alternatives I’m interested