I mount them directly from the NAS inside docker volumes.
if there are any configuration/local data files that need to be persistent, those are usually kept in ~/project/{container}. the compose file is kept at the root project directory.
home user is a daemon user created specifically for running docker containers that does not have root privileges.
well you conveniently edited your original comment, but you attacked the integrity of the post, not the content.
then you should be more active in posting “useful information” instead of complaining.
found the Russian troll!
pihole has got the best UX for DNS management hands down. it’s easy, not overly complicated, and perfect for entry-level selfhosting.
the fact that it actively blocks ads is a bonus.
nor will Plex.
I do not recommend using a seven year old as a server for the following reasons.
overall, not worth it mate. good luck though!
this is what I’m talking about when it comes to the selfhosted communities.
if you don’t know how to properly segment and vlan your network, you have no business exposing your shit to the internet.
and at least 68% of Americans are cognitively impaired.
ruby is bad because python/js good
matz is good but DHH is bad and so ruby is bad
Twitter failed 14 years ago because ruby is bad and so ruby is still bad
ruby is bad because it’s old
ruby bad because it’s not used as much as python/js
More straw men than a scarecrow convention.
did you even read it?
you’re wrong. none of the points in the article say anything at all. the pillars that hold up the lies are
Sheon Han worked at Twitter. doubtful he was there between the 2011-2014 rewrite. I also doubt that he’s done much of anything with ruby since he was fired from Twitter after Musk destroyed it. especially so since he’s taken up freelance writing since 2021.
Sheon Han is attempting to stay relevant by desperately attacking a language he barely uses and hasn’t touched seriously since at least 2021.
you’re better off ignoring him and “journalists” like him.
I wouldn’t go onto a teen community and spout off how to make explosives even though they’re relatively safe to a trained individual.
same reason behind not allowing a hobbyist and amateur community to think that iptables and firewalld is the best/only solution.
it’s dangerous and someone will get hurt eventually.
this is selfhosted. a community that’s predominantly amateur or hobbyist.
it’s far easier, and safer to have all your network config done in the network. from system migrations to securing/hardening. it’s far more efficient and effective to have a single source of truth that manages network routing and firewall rules. hell, you can even have a redundant or load balanced firewall configuration if you’re afraid of a single point of failure.
point is, firewalld and iptables is for amateur hour and hobbyists.
if you want to complain that “docker doesn’t respect system firewalls” then at least have the chutzpah enough to do it the right way from the beginning.
it’s hilariously depressing how most people hate on Ruby because of the shit Rails does.
also, Sheon Han(the author), is a corpo-shilling hack that writes predominantly fluff pieces for his silicon valley friends and neighbors.
don’t believe what he writes because he only gets paid when his opinions garner traffic.
want to know why Ruby still has a following? same reason why Java is still holding on. Same reason why COBOL and FORTRAN is still going. because it works and people still use it.
What if you rent a bare metal server in a data center?
any msp will work with your security requirements for a cost. if you can’t afford it, then you shouldn’t be using a msp.
Or rent a VPS from a basic provider that expects you to do your own firewalling?
find a better msp. if a vendor you’re paying tells you to fuck off with your requirements for a secure system, they are telling you that you don’t matter to them and their only goal is to take your money.
Or run your home lab docker host on the same vlan as other less trusted hosts?
don’t? IDK what to tell you if you understand what a vlan is and still refuse to set one up properly to segment your network securely.
It would be nice if there was a reliable way to run a firewall on the same host that’s running docker.
don’t confuse reliable with convenient. iptables and firewalld are not reliable, but they are certainly convenient.
You may say these are obscure use cases and that they are Wrong and Bad. Maybe you’re right, but personally I think it’s an unfortunate gap in expected functionality, if for no other reason than defense-in-depth.
poor network architecture is no excuse. do it the proper way or you’re going to get your shit exposed one day.
this is the second time I’ve seen a post like this.
docker has always been like this. if it’s news to you then you must be new to docker.
if you’re using the built in firewall to secure your system on your wan, you’re doing it wrong. get a physical firewall. if you’re doing it to secure your lan then you just need to put in some proper routes and let your hardware firewall sort it out with some vlans.
don’t rely on firewalld or iptables for anything.
(sits in his Lamborghini Plex while a beautiful blonde gives him a handy) I’m fine, mate. Maybe later.
I too like to live dangerously.