randypfau Posted January 22 Posted January 22 Hey guys, I have done a pretty good share of researching setting up VLANs in Unraid as well as watched a good share of videos in reguards to Pfsense firewall rules and VLANs but I'm wondering what the community would suggest as far as best practice... I currently have my main LAN as well as VLANS - Cameras, IOT, Guest, and External I have private services for myself or friends/family, such as guacamole, nextcloud, plex, virtual machines etc. Thoes services I have set behind reverse proxy using NPM, most of which are running still on my main LAN. I am not publishing these links as public sites, but moreso for me to access remotely if need be or to share with select family or friends. I would like to run a wordpress site as well as host some game servers maby though Pterodactyl or something. I figured what I could do for the wordpress container is I could assign it to an External VLAN that cannot communicate with any of my other LANs or VLANs... It requires a MariaDB which is currently shared with other databases on the main LAN though. I also use adminer to manage my databases. So what I'm trying to wrap my head around here is does a guy create rules to allow my wordpress container to communicate with my database via firewall rules, or is it best practice to just create a new mariadb and put it on the external network? I feel stupid asking hahaha It sounds solid but I figure I would ask to see what other people are doing or what would be my options as far as best practice would go. Quote
T0rqueWr3nch Posted February 2 Posted February 2 On 1/22/2024 at 2:32 PM, randypfau said: So what I'm trying to wrap my head around here is does a guy create rules to allow my wordpress container to communicate with my database via firewall rules, or is it best practice to just create a new mariadb and put it on the external network? I feel stupid asking hahaha It sounds solid but I figure I would ask to see what other people are doing or what would be my options as far as best practice would go. Not a stupid question at all; in fact it's a great one. In keeping with the Docker philosophy, it's best to think about things as "services", where your Wordpress container and all of its supporting containers (i.e. your database) constitute one service. This is more clear if you're using docker compose where, when you want to bring up Wordpress, it brings up the Wordpress app container itself plus its associated db container. (By the way, I recommend docker compose, even on Unraid). Best practice is subjective, but I recommend a separate db per instance. It makes db backups and db container management easier. This configuration also gives you another advantage: with docker compose, the db container doesn't need external network access at all and can communicate with the Wordpress app within an internal Docker network defined locally within the docker compose file. The Docker network provides DNS resolution. By the way, instead of Wordpress, have you considered Ghost? A lot less security issues. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.