I have the containers isolated on separate bridge networks. Breaching a container service is not the same as breaching the host. I don't use a flat network architecture for this reason. Nothing but authenticated/authorized traffic makes it past those 2.īecause if any gets breached, they can access your entire network. And alerting is setup for weird behavior: process crashes, AppArmor violations, many successful logins, etc. ![]() Both have AppArmor profiles to constrain them. Both require a 2FA logins using Yubikeys. Those 2, plus one more for DHCP/DNS, are accessible from the LAN. Worst case, I can login to the PiKVM and investigate from the console.Īnd you also have 30 points of failures & danger to worry aboutĮxactly 2 are accessible from the internet. Even if one of the systemd services isn't running, I'll get alerted. I use the Promtail/Loki/Prometheus/Grafana stack. Logging, monitoring, and alerting is important to me. So you can't even figure out what is going on And the containers can be configured to auto-restart. Memory & CPU limits can be added to Docker containers to prevent this. Code server is a memory hog, as is Home Assistant & AppDaemon. If one of your containers crashes or takes a lot of resources you lose Internet Router/firewall/DNS/DHCP are just some service it provides. I see this not as my router, but as my homelab. Working through those troubling scenarios is part of the fun/learning part of the homelab for me. It requires some planning.īut adding other non network critical services to the router is asking for trouble What Is SelfHosted, As it pertains to this subreddit?Ībsolutely agree. Also include hints and tips for less technical readers. We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Service: Blogger - Alternative: WordPress Service: Google Reader - Alternative: Tiny Tiny RSS Service: Dropbox - Alternative: Nextcloud While you're here, please Read This FirstĪnd why not Visit the Official Wiki Github?Ī place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |