Hello everyone New to Linux, new to self hosting, and struggling a bit but making progress.

I have two questions: 1 Is there a YouTube channel or a website with tutorials and explanations for the dummies like me? Something eli5 with easy words to start with and understand the basics.

2 I see a lot about nginx and reverse proxy and not sure I need it. I want to run a couple apps on my local network to be able to access it on any computer inside the house and, for now, nowhere else. Do I need nginx? What about port security? I’m worried my lack of understanding regarding ports would make my home network vulnerable. But since for now I only use 192.168.1 , i’d say I’m safe from intruders?

I acknowledge it’s all surely basic but I’m not sure where to find a comprehensive source of learning instead of googling bits and pieces.

Thanks

  • ehrenschwan@feddit.de
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Some Youtube-Channels I can recommend, but with varying levels of “noob”-friedlieness. Just watch a few and decide for yourself which can help the most:

    https://youtube.com/@DBTechYT

    https://youtube.com/@christianlempa

    https://youtube.com/@TechnoTim

    https://youtube.com/@LearnLinuxTV

    https://youtube.com/@linode

    As for a reverse proxy, it depends how you want to access your services. If you’re just gonna host your services on docker and then publish ports on the host you can just access them that way. But that way they are of course not encrypted, which in your home LAN can be fine. To really use a reverse proxy you also need to have a way to rewrite or add dns entries in your local network. All the domains and subdomains you’d want to use must point to the reverse proxy which would then forward the requests to the services.

    The way I have it configured right now is that I have a reverse proxy on my docker host which has the ports 443 and 80 published on the host, while all the services I use in docker on that host do not have published ports. They’re all then in a network with the reverse proxy so it can forward the requests to the services. That way I can encrypt everything with SSL/TLS and have trusted certificates on everything. I use nginx proxy manager which also handles my certificates.

    The really vulnerable open ports are the ones you forward to your router. But you only need those when you want to access services from outside your network. But I would wait on that until you feel comfortable.

  • PriorProject@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    I acknowledge it’s all surely basic but I’m not sure where to find a comprehensive source of learning instead of googling bits and pieces.

    I think a challenge you are likely to run into is that self-hosting many services really ISN’T basic, and there simply aren’t comprehensive sources… and really can’t be. It’s too varied and complex. Every network environment is different, and every network environment is so complex that it takes a networking expert to understand. No tutorial can cover all the possibilities, or even help you figure out what scenario you’re in.

    As an example, I’m currently migrating from docker-compose to podman-kube-play for my container management. I’m a a professional engineer who works with containers every day, and I’ve spent the better part of a week trying to get my first non-trivial container to run.

    • I’ve had to read tutorials to see how to get started.
    • I’ve had to read podman docs to see what k8s config options are supported.
    • I’ve had to read bug reports and examples from people using podman to see how specific features get strung together for complex use-cases like mine.
    • Even after getting many things right, DNS resolution didn’t work in my container. I spent many hours researching and found nothing. I finally had to start installing debugging tools like dig and nmap in my container to find that I couldn’t speak to the DNS server at all. I eventually found firewall logs showing that UFW was blocking the traffic from the container to the DNS server. UFW has nothing to do with Podman. Arch and Fedora users would not have been affected by this issue. Ubuntu users like me still wouldn’t have been affected if they were using host-networking or rootless podman. My specific environment and use-case was affected.

    There is simply no single resource on the internet addressing my personal scenario. To get to the bottom of it, I had to know enough about podman, k8s, DNS, networking, firewalls, UFW specifically, where interesting data on my system tends to get logged, and enough about “normal” logs to sift through the garbage and find the logs that lead me to a solution.

    So I recommend switching your perspective. Stop looking for a one-stop-shop that doesn’t exist. Instead, try to learn when the thing you’re trying to do is really 5 different things lashed together with duct tape. Then start deep-diving on each piece until you know enough about that thing to relate it to your specific environment and move on to the next thing. This is time consuming, especially as you’re getting started… but it’s fractally deep and remains time consuming forever as you continue to learn new things and aspire to do more complicated stuff. This breaking down of complex topics into a series of simpler (but not necessarily simple) topics is the hallmark of every successful engineer I’ve ever met.

    • metaStatic@kbin.social
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      is it worth starting out with podman or is this just some job requirement and docker is perfectly fine for us hobbyists

      • EddyBot@feddit.de
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        on linux it is probably easier to setup podman nowadays with Podman Desktop and being easily available in most repositories while Docker never released their Desktop app on Linux

        on anything else Docker is the least path of resistence currently but who knows if they fuck up again in the future