Jump to content

BurntOC

Members
  • Content Count

    4
  • Joined

  • Last visited

Community Reputation

0 Neutral

About BurntOC

  • Rank
    Newbie

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Thank you. I'm clear on it now, and I'm happy to report I was able to get a basic setup working this way with traefik and another with NPM and dockergen.
  2. So I think my understanding of this is evolving, thankfully. Unlike traefik, there's no automatic configuration so using nginx as a proxy you're specifying virtual hosts manually, right? I've heard comments about nginx not handling restarts as well, with some of those comments implying it's due to the random IP assignment, but they're so few and far between I'm guessing that if you define the virtual hosts in your compose you'd be fine even after restarts? If that's all right then so far so good. I guess I'm still unclear on how nginx-proxy-manager doesn't need the socket. Is it because they use docker-gen and that doesn't need it the same way traefik or haproxy do? Sorry for all the questions, but I'm easily 40 hours into my attempts to get a basic setup working that can reverse proxy requests from my semi-protected IOT/DMZ network to local containers and some others via SSL to a media server in my guest network in a way that isn't unsat from the start due to accessing docker-socket in a way (e.g. traefik mounting docker.sock) that exposes the entire stack to RCE if the proxy is exploited. I need a super secure reverse proxy to docker containers and maybe it will all have to live on that host because I'm too early in my journey, but I can't even get that fundamental necessity running properly. So frustrating...
  3. Is there any chance you can set this up, or help me set this up, to work with something like tecnativa/docker-socket-proxy? I imagine someone with the skills can make this adjustment pretty easily and the security benefit of talking to the socket-proxy as a sidecar vs exposing it directly to containers that could through individual exploits jeopardize the entire container stack could be huge. Especially for those of us with a lot of important media at risk (though I'm using a temporary solution for that part until I stand Unraid up). I've been working to do it with either traefik or jc21/nginx-proxy-manager but your approach may be the most straightforward.
  4. Hey all - this thread got me to register and I'm making my way through it now to catch up, but after spening tons of hours trying to get traefik to work well for me and never quite getting there I thought I'd try something different. As a reverse proxy, does this handle when containers or the server get restarted so that it doesn't require any manual intervention to reverse proxy for the containers again? Are HTTPS backend containers supported yet? TLS 1.3? Thank you for any updates.