I do self-hosted home-lab and smart-home stuff.

  • 0 Posts
  • 5 Comments
Joined 1 year ago
cake
Cake day: December 18th, 2023

help-circle

  • There’s not a fantastic GUI for managing docker. There are a few like dockge (my favorite) or Portainer.

    I recommend spending some time learning docker run with exposed ports, bind volumes (map local folders from your drive to folders inside the container so you can access your files, configs, content, etc. Also so you don’t lose it when you delete the container and pull a newer version).

    Once you’ve done that, check out the spec page for docker-compose.yaml. This is what you’ll eventually want to use to run your apps. It’s a single file that describes all the configuration and details required for multiple docker containers to run in the same environment. ie: postgres version 4.2 with a volume and 1 exposed port, nginx latest version with 2 volumes, 4 mapped ports, a hostname, restart unless-stopped, and running as user 1000:1000, etc.

    I’ve been using docker for home a LIGHT business applications for 8 years now and docker-compose.yaml is really all you need until you start wanting high availability and cloud orchestration.

    Some quick tips though.

    • Search some-FOSS-app-name docker-compose read through a dozen or so templates. Check the spec page to see what most of the terms mean. It’s the best way to learn how to structure your own compose files later.
    • Use other people’s compose.yaml files as templates to start from. Expect to change a few things for your own setup.
    • NEVER use restart: always. Never. Change it to restart: unless-stopped. Nothing is more annoying than stopping an app and having it keep doom spiraling. Especially at boot.
    • Take a minute to set the docker daemon or service to run at boot. It takes 1 google and 30 seconds, but it’ll save you when you drunkenly decide to update your host OS right before bed.
    • Use mapped folders for everything. If you map /srv/dumb-app/data:/data then anything that container saves to the /data folder is accessible to you on your host machine (with whatever user:group is running inside the container, so check that). If you use the docker volumes like EVERYONE seems to like doing, it’s a pain to ever get that data back out if you want to use it outside of docker.



  • I’ve been listening to Security Now for over 10 year now. Steve Gibson is highly intelligent and does an excellent job of explaining technical topics like how a new exploit actually works and how the mitigation functions, without making the listener feel like they need a PHD first.

    Security Now

    Both Leo Laporte and Steve Gibson occasionally have opinions I don’t agree with, and they’ve had sponsors in the past that turned out later to have their own issues. But they’ve been quick to remove sponsors that are actively bad, and they’re honest about their relationships with their sponsors anyway.

    It’s also refreshing to hear a more pragmatic (realistic) approach to balancing security with usability. Ie: your grandma doesn’t work for the NSA, so she doesn’t need a custom-built secure desktop with YubiKey running Qubes. She needs a password vault or notebook and you to occasionally update her machine.