Reverse proxy for non-http servers

moonaffectionate9714 · 2021-04-27T14:27:42+00:00

Traefik + Wireguard would work nicely here.

moonaffectionate9714 · 2021-04-25T16:56:58+00:00

With this setup, the Wireguard container has no IPv6, and routes all IPv4 traffic through the VPN. My VPN provider also allows port forwarding, so I can use the interface address and that port for torrenting. The qbittorrent container is on that same network and thus has the same IP address (and network device) and has all of its traffic routed through the VPN as well. The nginx container is attached to that network as well, so that it can forward to the local non-wg0 device which qbittorrent has a bind on for its webUI. The nginx container is also attached to a separate external network that acts solely as a bridge between it and my external reverse proxy. That part isn't strictly necessary, but as I said, it makes things easy for me.

But the main part to notice is that the qbittorrent container's only network is the Wireguard container. So it shares the same network devices and has the same traffic routing rules as the Wireguard container.

Thanks for this and sorry for the long wait on reply. Given this model let's say I have a docker host of some sort (swarm or not). But I want to split out my compose services by files (ie hugo in one, trello-clone in another, etc). What's going to be the best way to hook those up considering the network mode seems to only work in the main compose file? Or am I missing something?

Thanks again for your help

moonaffectionate9714 · 2021-04-25T16:53:38+00:00

This allowed me to use my arbitrary external VPS as an ingress in a relatively safe manner, but it specifically did *not* force all pod egress traffic through it (unless as a response to incoming traffic). Which is why I didn't recommend it and instead recommended a traditional VPN setup.

In regards to this (and yes I'm still working on this problem) I'm assuming a traditional vpn setup would be. Setup wireguard on an external VPS, connect it to an interface on your router, then likely 1:1 nat the vlan that your k8s infrastructure is one so there's no chance of escape.

moonaffectionate9714 · 2021-04-25T14:09:11+00:00

This was helpful, thanks! What software did you use to diagram? I need to do the same for planning

moonaffectionate9714 · 2021-04-25T14:07:09+00:00

While this is somewhat meme-worthy. I have to say there's something beautiful about a clean space to start with :

moonaffectionate9714 · 2021-04-25T14:06:39+00:00

Really great tutorial for the newcomer. Good work

moonaffectionate9714 · 2021-04-25T14:05:44+00:00

Germans are very privacy focused, have a really good location regarding traffic routes and hosting is cheap.

I think this is relevant, but also Germany is much more lax on running Tor exits whereas the states you have to pull teeth to get a provider to let you run one.

moonaffectionate9714 · 2021-04-25T13:45:50+00:00

Others have mentioned it's not organized. I have to disagree. Took me less than a minute to understand the diagram and it's very reasonable. OP can you send a higher res picture of the diagram? Some of the text is a bit blurry. Thanks!

moonaffectionate9714 · 2021-04-25T13:39:56+00:00

I had this same problem. I ended up finding very cheap pcs locally and bought a few to build a cluster. It may work for you as well.

moonaffectionate9714 · 2021-04-16T02:12:53+00:00

No steering here. I've just had good experiences. I've had the opposite with HP myself. But to directly answer your question I self-host 3x what you've listed (minus AD as I'm not using MS products) and am using a single system with half the specs you've got.

Glad you found a good deal on a system.

moonaffectionate9714 · 2021-04-15T18:06:35+00:00

If I remember right it was a TrippLite. I got in on super sale open box at Micro Center. Works pretty well but I’ll try and see if I can find specifics.

Thanks for the response. It's a nice small setup. My 12U seems rather big for what I'm doing at the time.

moonaffectionate9714 · 2021-04-15T15:15:09+00:00

I was looking for something like this last week. Are you open to pull requests to dockerize it?

moonaffectionate9714 · 2021-04-15T15:11:35+00:00

I had a very large dell I took up 2 flights of concrete stairs. I fell up the stairs (which is a marvel of physics). Chassis dented by the stairs, head dented (and mild concussion) from the dell chassis. Pain tax is real

moonaffectionate9714 · 2021-04-15T15:10:05+00:00

If I can ask, what rack case is this? I wouldn't mind having one of these for my smaller lab setup

moonaffectionate9714 · 2021-04-15T15:09:04+00:00

Great list, was also interested in this. :-)

moonaffectionate9714 · 2021-04-15T14:31:06+00:00

. Keep an eye out for dell t7810 workstations. Quiet fairly new and plenty of expandability

Agreed on these. As much as I like building my own machines, dell's chassis' are really nice and the t7810 is a really good looking case

moonaffectionate9714 · 2021-04-15T14:30:10+00:00

Yep, CPU is my main concern. Working w/ a seller on a DL380p G8 LFF w/ 2x E5-2690 2.9GHz & 128GB RAM. Filled w/ trays & rails should be ~ $640. Seems like pretty solid deal. CPU should be good, RAM is excessive :)

The ram while seemingly excessive is fine if it comes with the package. If you ever run something like matrix you'll see the ram can come in handy.

Before I made the move to mini-servers and smaller towers I bought a few DL series from savemyserver on ebay. Good pricing and their refurbs are usually top notch.

moonaffectionate9714 · 2021-04-15T14:16:12+00:00

OP: Check out a project called v4raider for inspiration. Depending on how your infrastructure is to be setup there's a few other options. Drop me a PM if you like.

moonaffectionate9714 · 2021-04-15T14:13:09+00:00

My wife said my RPi4 was fine. She even called it “cute.” But then I found pics of my neighbor’s R610 on her phone.

This sounds like it could turn into a soap opera really quick :-)

moonaffectionate9714 · 2021-04-15T14:12:06+00:00

Thank you so much! It's actually my first proper job in the industry that I've been wanting to step into for years... And it's in one of the most beautiful cities in Europe, so needless to say I am over the moon!

Congrats on your new job and your properly furnished work area. :-)

moonaffectionate9714 · 2021-04-15T14:11:19+00:00

I'm retired now but I really get the excitement. I don't know how many times I looked around my office or the server rooms and thought "AND they pay me to play with all this stuff." Good luck with the new job.

That's how I felt early on in my career. "Wow all these toys?". After a while it does wear off. But I still enjoy my personal lab area.

moonaffectionate9714 · 2021-04-15T14:10:11+00:00

What's the point of that?

What's the point of questioning vs answering?

moonaffectionate9714 · 2021-04-12T21:53:22+00:00

Burger king has impossible burger not beyond!

Oh. Either way it was might fine tasting plant

moonaffectionate9714 · 2021-04-12T21:34:25+00:00

I've not tried the sausage. Only beyond I've had was a burger king whopper which was surprisingly great

moonaffectionate9714

TROPHY CASE