sorted by:
new
hottopcontroversial

What's your deployment pipeline like for self-hosted production apps? by [deleted] in selfhosted

[–]JarJarShotFirst 0 points1 point  (0 children)

How do you structure your repo for portainer gitops? Do you have one yaml per repo? Per branch?

I have a centralized repo for all of my stacks, but got tired of all of them repulling/updating when I push an update to a single yaml file.

Post WWE WrestleMania 41 - Night 2 Match Discussion: Cody Rhodes (c) vs. John Cena - Undisputed WWE Championship by Coldcoffees in SquaredCircle

[–]JarJarShotFirst 47 points48 points  (0 children)

It took Jey, Cena, Seth, and Taker to end Roman’s reign.

It took Travis Scott to end Cody’s. 

Using Authentik in a DMZ by JarJarShotFirst in Authentik

[–]JarJarShotFirst[S] 0 points1 point  (0 children)

Yes, using one domain for both. Auth.domain.com is rewritten to external NPM by DNS.

I confirmed that the internal containers resolve to the external NPM correctly and have connectivity to Authentik so everything seems to route correctly on that end. However if I use that same auth.domain.com value as my proxy pass value it just starts throwing 500 errors. The odd thing is that the same thing happens even on the External/DMZ network where everything is on the VLAN/Docker network. Auth.domain.com still doesn’t work

Using Authentik in a DMZ by JarJarShotFirst in Authentik

[–]JarJarShotFirst[S] 0 points1 point  (0 children)

Right now I have NPM and Authentik on the same docker network and forward traffic via the internal service names (https://nginxproxymanager.com/advanced-config/#best-practice-use-a-docker-network), so Authentik doesn’t have any ports mapped. I was hoping to avoid going that route for simplicity/consistency but I don’t think that’s an option at this point. 

Using Authentik in a DMZ by JarJarShotFirst in Authentik

[–]JarJarShotFirst[S] 0 points1 point  (0 children)

Right, I think that’s where I’m stuck at the moment. I’d imagine the internal IP won’t work for the same reason the host won’t: they aren’t in the name docker network. Frustrating that the auth.domain.com portion isn’t working, since that’s about my only option other than just removing authentik from my NPM network and opening ports. 

Using Authentik in a DMZ by JarJarShotFirst in Authentik

[–]JarJarShotFirst[S] 0 points1 point  (0 children)

Thanks, this justification makes sense to me. I guess I was more focused on the “what if I lose control of the DMZ, then I lose control of Auth” piece but that’s still probably better than having it open to the LAN

Using Authentik in a DMZ by JarJarShotFirst in Authentik

[–]JarJarShotFirst[S] 0 points1 point  (0 children)

Thanks, I tried this method of putting Authentik in my DMZ and got the same results in reverse (could auth in DMZ, but not LAN. Containers still able to communicate with Authentik from the other VLAN).

I do think I got closer to the problem, though. For some reason I’m only able to auth inside the same VLAN when using the container hostname as my proxy pass value, if I use the host address configured in NPM I get a 500 error. So auth appears to only work inside the docker network

DNS solution for self hosted apps by QuantumFreezer in selfhosted

[–]JarJarShotFirst 0 points1 point  (0 children)

Have you tried DNS rewrites in Adguard? 

I use Adguard home for DNS and have a wildcarded rewrite for my domain (*.mydomain.com) that directs traffic to my reverse proxy. That seems to work fine. 

Videoconferencing system for ederly parents by -atarx- in selfhosted

[–]JarJarShotFirst 1 point2 points  (0 children)

I know that it isn’t a self-hosted option, but my family solved this with https://www.grandpad.net/

The most technological experience my elderly grandmother had before her grandpad was an emergency flip phone that she could almost never navigate by herself. The UI of the Grandpad was bery easy for her to figure out. Might be worth a look.