7
submitted 11 months ago by Natal@lemmy.world to c/selfhosted@lemmy.world

Hello everyone New to Linux, new to self hosting, and struggling a bit but making progress.

I have two questions: 1 Is there a YouTube channel or a website with tutorials and explanations for the dummies like me? Something eli5 with easy words to start with and understand the basics.

2 I see a lot about nginx and reverse proxy and not sure I need it. I want to run a couple apps on my local network to be able to access it on any computer inside the house and, for now, nowhere else. Do I need nginx? What about port security? I'm worried my lack of understanding regarding ports would make my home network vulnerable. But since for now I only use 192.168.1 , i'd say I'm safe from intruders?

I acknowledge it's all surely basic but I'm not sure where to find a comprehensive source of learning instead of googling bits and pieces.

Thanks

top 7 comments
sorted by: hot top controversial new old
[-] Onion6068@feddit.de 2 points 11 months ago
[-] PriorProject@lemmy.world 1 points 11 months ago

I acknowledge it's all surely basic but I'm not sure where to find a comprehensive source of learning instead of googling bits and pieces.

I think a challenge you are likely to run into is that self-hosting many services really ISN'T basic, and there simply aren't comprehensive sources... and really can't be. It's too varied and complex. Every network environment is different, and every network environment is so complex that it takes a networking expert to understand. No tutorial can cover all the possibilities, or even help you figure out what scenario you're in.

As an example, I'm currently migrating from docker-compose to podman-kube-play for my container management. I'm a a professional engineer who works with containers every day, and I've spent the better part of a week trying to get my first non-trivial container to run.

  • I've had to read tutorials to see how to get started.
  • I've had to read podman docs to see what k8s config options are supported.
  • I've had to read bug reports and examples from people using podman to see how specific features get strung together for complex use-cases like mine.
  • Even after getting many things right, DNS resolution didn't work in my container. I spent many hours researching and found nothing. I finally had to start installing debugging tools like dig and nmap in my container to find that I couldn't speak to the DNS server at all. I eventually found firewall logs showing that UFW was blocking the traffic from the container to the DNS server. UFW has nothing to do with Podman. Arch and Fedora users would not have been affected by this issue. Ubuntu users like me still wouldn't have been affected if they were using host-networking or rootless podman. My specific environment and use-case was affected.

There is simply no single resource on the internet addressing my personal scenario. To get to the bottom of it, I had to know enough about podman, k8s, DNS, networking, firewalls, UFW specifically, where interesting data on my system tends to get logged, and enough about "normal" logs to sift through the garbage and find the logs that lead me to a solution.

So I recommend switching your perspective. Stop looking for a one-stop-shop that doesn't exist. Instead, try to learn when the thing you're trying to do is really 5 different things lashed together with duct tape. Then start deep-diving on each piece until you know enough about that thing to relate it to your specific environment and move on to the next thing. This is time consuming, especially as you're getting started... but it's fractally deep and remains time consuming forever as you continue to learn new things and aspire to do more complicated stuff. This breaking down of complex topics into a series of simpler (but not necessarily simple) topics is the hallmark of every successful engineer I've ever met.

[-] metaStatic@kbin.social 1 points 11 months ago

is it worth starting out with podman or is this just some job requirement and docker is perfectly fine for us hobbyists

[-] PriorProject@lemmy.world 2 points 11 months ago* (last edited 11 months ago)

is it worth starting out with podman or is this just some job requirement and docker is perfectly fine for us hobbyists

I'm doing this in my homelab, but I am a pro and so time spent learning arcane details of container ecosystems is not precisely wasted time for me. But I'm not doing it directly for some particular professional requirement, it's more curiosity.

Based on my experience, I don't think I could honestly recommend podman right now for a beginner. The people that tend to be most interested in podman tend to think:

  • The best days of docker are behind it. The company hasn't achieved financial success and are going to make it worse over time to pressure companies into paying them. We've seen the start of this with docker-desktop but I'm predicting it will continue and escalate.
  • Docker was the first really successful container system and is very monolithic and full of questionable technical decisions. Improving it will be hard because of its success, and also because its monolithic nature means that many changes will bottleneck at docker the company, who as noted is not incentivized to make its open source stuff "too good" such that companies use it without paying.

Podman is more modular, is supported by more successful and stable companies can have revenue strategies that don't require them to monetize podman specifically to death, and the individual pieces are small enough to be built and supported by individuals and non-commercial teams if necessary. So I'm sort of betting that over time podman will gain more traction and am willing to invest in learning my way through some bumps in the road as that happens. For beginners, I think you'll know it's time to consider a switch when projects start to ship podman configs instead of docker-compose configs. Then you'll know that those devs think that supporting podman deployments will give them less headaches than supporting docker deployments and we're reaching the inflection point where podman is starting to "win" and legit be easier/better. Right now I'm pretty clearly swimming upstream and I'm ok with that.

But relating back to OP's question, although my usage of podman is a bit bleeding edge... it still illustrates the kind of problems every self-hoster hits and how it's necessary to break those problems down into smaller parts to solve them yourself. It's just not realistic to expect every self-hosting scenario to be fully tutorialized. Tutorials help us understand how the pieces fit together, but when things go wrong we have to understand the pieces and troubleshoot them directly rather than expect the tutorial to dive into fractally complex subject in easy/brief overviews but simultaneously dive into infinitely many edge-cases in depth.

[-] EddyBot@feddit.de 1 points 11 months ago

on linux it is probably easier to setup podman nowadays with Podman Desktop and being easily available in most repositories while Docker never released their Desktop app on Linux

on anything else Docker is the least path of resistence currently but who knows if they fuck up again in the future

[-] metaStatic@kbin.social 1 points 11 months ago

just messing around on https://shell.cloud.google.com is good for a beginner to unix enviroments.

[-] ehrenschwan@feddit.de 0 points 11 months ago* (last edited 11 months ago)

Some Youtube-Channels I can recommend, but with varying levels of “noob”-friedlieness. Just watch a few and decide for yourself which can help the most:

https://youtube.com/@DBTechYT

https://youtube.com/@christianlempa

https://youtube.com/@TechnoTim

https://youtube.com/@LearnLinuxTV

https://youtube.com/@linode

As for a reverse proxy, it depends how you want to access your services. If you’re just gonna host your services on docker and then publish ports on the host you can just access them that way. But that way they are of course not encrypted, which in your home LAN can be fine. To really use a reverse proxy you also need to have a way to rewrite or add dns entries in your local network. All the domains and subdomains you’d want to use must point to the reverse proxy which would then forward the requests to the services.

The way I have it configured right now is that I have a reverse proxy on my docker host which has the ports 443 and 80 published on the host, while all the services I use in docker on that host do not have published ports. They’re all then in a network with the reverse proxy so it can forward the requests to the services. That way I can encrypt everything with SSL/TLS and have trusted certificates on everything. I use nginx proxy manager which also handles my certificates.

The really vulnerable open ports are the ones you forward to your router. But you only need those when you want to access services from outside your network. But I would wait on that until you feel comfortable.

load more comments
view more: next ›
this post was submitted on 27 Jul 2023
7 points (100.0% liked)

Selfhosted

37809 readers
465 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS