docker-traefik
tang
Our great sponsors
docker-traefik | tang | |
---|---|---|
49 | 11 | |
2,529 | 452 | |
- | 5.3% | |
6.2 | 7.1 | |
3 months ago | 2 months ago | |
Shell | C | |
MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
docker-traefik
-
Multiple domains behind Traefik
https://github.com/htpcBeginner/docker-traefik/blob/master/docker-compose-t2.yml under the Traefik section has it commented out. It's a big file but I just remember it having it. They set the domain names in an .env but you could just type it in.
-
Tried freeing ports 80 and 443 and now I've screwed everything up... help! Am I screwed? :(
So I tried running this script as part of a larger plan to re-work all of my containers.
- Authelia with Nginx Reverse Proxy
-
How would you setup this home network
For roughly similar needs, I used the guides at SmartHomeBeginner to help design the foundation. For me, docker is what makes managing everything manageable. I have one 24/7 Linux server running as the docker host (and Traefik, Plex, AdGuard, MongoDB, FileRun, oauth, sycthing, ...) containers doing what I need. If using docker, the host distro barely matters.
-
I want to access my self hosted apps remotely , I have some information on how to do but seems that isn't enough . can someone guide me or point me in right direction ? Thank you!
Check out this. The author and the discord channel are very active, lots of guides for various scenarios and different apps, plus the github has his compose files and a bunch of other config and examples too. It's how I got started. https://www.smarthomebeginner.com/
-
What containers do you use on docker?
I really got started with a docker-compose setup by using smarthomebeginner. The guide I followed is fairly complex; it includes a reverse proxy and setting up ssl certificates using CloudFlare.
-
[Docker] Erreur \"(root) La propriété supplémentaire portainer n’est pas autorisée\ » lors de l’exécution de \"sudo docker-compose up -d\ » avec le fichier docker ci-dessous. Aider, s’il vous plaît!!
# Plus d'informations sur la façon d'utiliser ceci: https://github.com/htpcBeginner/docker-traefik/pull/228
-
Powerful energy-efficient server
https://github.com/htpcBeginner/docker-traefik/blob/master/docker-compose-t2.yml (always over 50 containers)
- how do you deploy your containers?
- Stupid Docker Tricks: Don't start docker container without a "flag file" existing
tang
-
Can I boot an encrypted system by pulling the key from another PC?
Have a look at clevis and tang. These allow you do have one server - which could be your remote you want to pull from - to be source of the LUKS decryption on the system using tang.
-
PSA: Upgrade your LUKS key derivation function
I found that running tang[1] at home and needing to decrypt that box (can be a Pi or whatever) requiring a complex passphrase is very sufficient. You can even just unplug it at night if it makes you sleep better.
https://github.com/latchset/tang
-
How to mount LUKS encrypted USB storages (and HDDs inserted to hot swappable drive bay) automatically when connected? The machine is running headlessly, does not have desktop environments installed.
There are 3 ways to unlock a volume in a headless environment: - use a keyfile, located on an already available volume - use your device's TPM and utilize systemd-cryptenroll - use Clevis/Tang to unlock volumes remotely
-
is possible to encrypt disk without asking for password on boot?
This is why on headless servers you use tang (ideally, multiple tang servers)
-
Tang on OPNSense
Sharing my notes on running a Tang server on OPNSense, in case it is useful for somebody else.
-
PSA: If you have a LUKS encrypted system and a TPM2 chip, you can put it to good use
We use clevis against multiple tang servers to provide Network Bound Disk Encryption (NBDE). It's possible to also use TPM2 but it's easier to use multiple tang servers (requiring more than one server to decrypt) in the datacenter.
-
A lot of questions about Self hosting :)
For automating unlocking of encrypted drives, look into tang . Here is a red hat guide on setting it up. You will want to be running this on another device on your network, i run it on my router with openwrt since its a local device thats on 24/7. Basically it will unlock your disks as long as your server is on your network, so if your machine or drives are stolen or removed from your network they will just be encrypted as usual. Obviously use a strong encryption password.
-
Systemd 250 released
There are other ways to bind data, e.g. "network binding" with Tang server.
-
Best Evil Maid prototcol for Linux?
I wonder if https://github.com/latchset/clevis and https://github.com/latchset/tang (complementary projects) will help here.
-
Luks Root Encryption
Yes you can, using either Mandos or Clevis and Tang. https://www.recompile.se/mandos https://github.com/latchset/clevis https://github.com/latchset/tang. Basically on boot the server gets the key from another(s) servers. You could use a hidden raspberry pi for example.
What are some alternatives?
Heimdall-Apps - Apps for Heimdall
clevis - Automated Encryption Framework
homer - A very simple static homepage for your server.
sedutil - Use sedutil for setting up and using self encrypting drives (SEDs) that comply with the TCG OPAL 2.00 standard. This includes the requisite pre-boot authentication image.
pimox7 - Proxmox V7 for Raspberry Pi
booster - Fast and secure initramfs generator
homer-icons
linux-luks-tpm-boot - A guide for setting up LUKS boot with a key from TPM in Linux
DockSTARTer - DockSTARTer helps you get started with running apps in Docker.
systemd - systemd upstream
make-my-server - Docker Compose with Traefik and lots of services
nbde_client - Ansible role for configuring Network Bound Disk Encryption clients (e.g. clevis)