Thank you for the laugh (⁀ᗢ⁀)

Yeah you just have to deal with mast bumping, as if thats any less worrying.

You can use Authentik to setup an LDAP outpost then use a jellyfin LDAP plug-in to sync everything up.

https://github.com/jellyfin/jellyfin-plugin-ldapauth?tab=readme-ov-file

Course, feel free to DM if you have questions.

This is a common setup. Have a firewall block all traffic. Use docker to punch a hole through the firewall and expose only 443 to the reverse proxy. Now any container can be routed through the reverse proxy as long as the container is on the same docker network.

If you define no network, the containers are put into a default bridge network, use docker inspect to see the container ips.

Here is an example of how to define a custom docker network called “proxy_net” and statically set each container ip.

networks:
  proxy_net:
    driver: bridge
    ipam:
      config:
        - subnet: 172.28.0.0/16

services:
  app1:
    image: nginx:latest
    container_name: app1
    networks:
      proxy_net:
        ipv4_address: 172.28.0.10
    ports:
      - "8080:80"

  whoami:
    image: containous/whoami:latest
    container_name: whoami
    networks:
      proxy_net:
        ipv4_address: 172.28.0.11

Notice how “who am I” is not exposed at all. The nginx container can now serve the whoami container with the proper config, pointing at 172.28.0.11.

Well if your reverse proxy is also inside of a container, you dont need to expose the port at all. As long as the containers are in the same docker network then they can communicate.

If your reverse proxy is not inside a docker container, then yes this method would work to prevent clients from connecting to a docker container.

Something like this. This is a compose.yml that only allows ips from the local host 8080 to connect to the container port 80.

services:
  webapp:
    image: nginx:latest
    container_name: local_nginx
    ports:
      - "127.0.0.1:8080:80"

Excuse me have you heard about our lord and savior, NixOS?

Ooo I do love me some Nix modules. Any particular options to look out for in order to configure something like that?

Edit:

It’s programs.chromium.extraOpts isnt it? Lol

How do you manage your images in Nix? Ive got a bunch of docker compose files and want to migrate over but havent had the time to sink.

Hmm these are some pretty cool features I’d be interested in. I currently use Voyager for lemmy and quite like the layout. Does Piefed have any good mobile clients? Is there something you’d recommend?

Another way to say it, if you cut a sphere in half and both sides are equal, its a great circle. All lines of longitude and the equator are great circles.

Did you allow the containers to talk to eachother with ufw after setting it up?

Without flakes

For those cool enough to use flakes

Enjoy :)

It helps to run the garbage collector and clean out the Nix store. Once you get a stable version that works, clear your nix store.

See this built in helper script

If you’re new you might have a bunch of stuff in the store from trying out things. You can also delete objects older than a certain period, which is nice.

You can setup wild card certs with a DNS challenge using traefik. No plug-ins needed, works right out the box.

Personally, I quite prefer traefik. Its harder to use than Caddy but offers more features. Also, it uses yaml or docker labels for config. I’m not a fan of the nginx .conf format.

Ive read about plan 9 and found it fascinating but really have no use case for it. What do you use plan 9 for? Any recommendations?

Did you watch ‘I am Legend’? This is exactly what starts the apocalypse lol

Side note, book was waaaayyyyy better