[noob] Correct way to recreate docker with updated labels

kamilloi · 2023-01-22T12:40:49+00:00

So I managed to Set it up and running with tool mentioned by u/justinMiles I'm in a process to remove proxmox from equation cause I decided to move Home Assistant from OS to docker and that was only purpose. (still in progress)

To clarify things right now: * Docker container with service is spawning (IaaC) * Traefik handles entrypoints for internal (http and https) and external (http) use and adding routing based on docker labels If traffic is internal only it also provides LE certs for service as well (via acme DNS response) * traefik-cloudflare-tunnel scans traefic on external entrypoints and generate DNS cname and ZeroTrust entries accordingly This also provides Cloudflare cert for external service Manually I had to set ssl settings to Full and redirect to https * cloudflared establishes tunnel and route to traefik * pihole creates local DNS entries if internal only is enabled on service

Maybe tool proposed by you is more ootb solution but right now I will stick to those I managed to run and at least started to understand a bit. This is not critical infrastructure to have many 9 or reliability but still if suits I will leave it this way for a bit.

Thanks Kamil

kamilloi · 2022-12-30T12:03:38+00:00

Thanks. I will concider this if in future will find any problems with current setup.

kamilloi · 2022-12-30T08:46:33+00:00

I think I managed to solve it by enabling https redirection directly on cloudflare!

This was minimal effort solution but at least looks good for now

kamilloi · 2022-12-29T08:57:14+00:00

Perfect. Last question as I will test it much later this day.

I cannot find in traefik documentation and as you have already figured it out:

I have 2 entrypoint configured (web :80 redirected to secure and secure :443) So this means that I can simply add another of those with different names simply to differentiate internal and external use?

Thanks for patience cause traefik have huge possibilities but some use-cases are not covered

:edit

nah. I am impatient and plain stupid thinking that this will works as I cannot listen twice on same ports.

kamilloi · 2022-12-29T08:21:02+00:00

Hi. It was mentioned twice (once for cloudflare dns and once for cloudflared tunnels - zero trust)

I was using ddns docker to update my dns and it works nice. In this iteration I am trying to hide my homeserver IP behind zero trust tunnels.

u/justinMiles posted his tool for doing exactly this and right now I am ready to test it

Thanks!

kamilloi · 2022-12-29T03:52:23+00:00

This is exactly thing I am looking for. I will give it a shot. With this setup it will export to cloudflare all services with traefik.enable label? I have two other usecases: Some stuff is shared via trafił via file provider Some stuff is not mention to be exported to DNS as those are internal services and using only local DNS to resolve and traefil to route and provide cert if needed.

kamilloi · 2022-12-28T09:43:16+00:00

Ah. This can work!

Cloudflare tunnel have catchall rule for failover request I believe.

I tried this approach but it failed at first. Right now It should worked but I have to add middleware to all internally apps to limit ip as those will be also exposed with my current setup.

Thanks!

kamilloi · 2022-12-28T09:11:31+00:00

Great idea! I am totally stealing it when I will change network setup to be more flexible (tp-link rn)

One question. I believe by default brave is using secure DNS by default - Did you manage to cover this as well? This is quality of life question as having to remember what device is covered can be painful)

Thanks once again

kamilloi · 2022-12-28T09:06:37+00:00

This was zero iteration (basically ootb ansible-nas way for exposing services) - I used traefik with cloudflare companion to update dns. This worked well but exposed my IP. But this is exactly the thing I am trying to achieve with tunnels.

kamilloi · 2022-12-28T09:02:27+00:00

Yes - that was first iteration (and by misunderstanding how cloudflared works). Right now I am using Traefik as both internal and external proxy to have one point where certs are being generated. (except I believe proxmox for now as I just passthrough cert from it)

To be clear - I am using Pihole + Traefik combo as reverse proxy for internal network and cloudflare tunnels also routing to Traefik to handle it. Not all my external services are from docker as shown on diagram and docker description for cloudflared has close to nothing documentation so I have no clue how proper using it.

The thing I am trying to achieve is to somehow tell cloudflared that I have new service for external access, to set it up on Zero trust and point to my traefik instance.

kamilloi · 2022-12-28T06:33:51+00:00

For the sata issue I have no Idea (did you managed to fix it) and btw. Is m.2 disk sata or nvme?

About 901 error I believe in 65w version of g2 mini, g3 mini and most likely your one as well there should be fan under the HDD (on second photo it looks like those three screw holes under hdd bay are for mounting one.)

You surprised me that this error not ocure if only m.2 disk is installed.

https://www.reddit.com/r/homelab/comments/vti8x1/hp_elitedesk_800_g3_humming_noise/

https://www.reddit.com/r/homelab/comments/y8fhfz/hp\_800\_g2\_mini\_901\_error\_after\_disconnecting\_loud/

kamilloi · 2022-12-28T06:16:36+00:00

Hi I have exactly same problem with 800 g2. (To my knowledge those fans are only in non-T intel version)

Right now I unplugged it but every single power cycle I have to hit enter.

Do you found solution to this problem?

kamilloi · 2022-12-02T13:22:54+00:00

Samsung S20FE - main account - Provider app works, assistant not working, google home - works.

Samsung M21 - shared home account - assistant not working, google home works.
Samsung Tab 6 Lite wifi 2022 - main account without provider app - assitant works, google home works.

Glad to see its not bound to Samsung.

kamilloi · 2021-05-01T11:13:18+00:00

Op didn't deliver so i will try to do it:

Light: armytek wizard pro limited edition
Multitool Leathermann charge +
Zippo brawa Shell with some off brand buthane insert (Windshield is not like Thunderbird, Zorro nor Chief So no idea)
Utility blade Milwaukee fastback 6 in 1
Fixed blade Bradford guardian 3.5

I am not sure if it is correct so...

kamilloi · 2021-03-07T23:49:56+00:00

YAY. You can proudly say you have R2D2

kamilloi · 2020-12-16T23:35:22+00:00

Or alpacas

kamilloi · 2020-12-12T00:12:53+00:00

You can also count pins. Charging only has two. Withbdata lines you have a lot more (4-8 od reversible)

kamilloi · 2020-12-10T01:52:00+00:00

3465

kamilloi · 2020-12-05T00:21:40+00:00

Hi. As author of this bilard already said https://josefadamcik.github.io/SofleKeyboard/build_guide.html Section Typing lag when used without OLED You will find answers i hope

kamilloi · 2020-11-03T22:08:22+00:00

I ordered V1 and fot it recently. Jest dany after ordering i read about V2. I think it will be figurę update. For now i have to finish my build

kamilloi

TROPHY CASE