0·
4 months agoYou will always get errors at some point. You could just perform simple searches until you find one that works for you.
- 1 Post
- 17 Comments
Joined 5 years ago
Cake day: September 14th, 2021
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
6·10 months agoLook for a desktop app.
The only two important columns are “Local address: port” and “process”. The later is what process is listening whille the former is the interface that process is listening on and the port.
So you see that I don’t have any process listening on any port other than 80 and 443 iin the host and the regular ones.
That said, you containers will still listen on the ports you want but only on a virtual network interface.
Basically you only need to publish ports 80 amd 443 on the container or pod you have your reverse proxy on. Other containers need to only be attached to the same network as you already did.
It is good you have solved you initial issue. However, as you say, your rules are too permissive. You should not publish ports from containers to the host. Your container ports should only be accessible over reverse-proxy network. Said otherwise <my domain>:3000 should not resolve to anything.
This can be simply acheive by not publishing any port on your service containers.
Here is an example of my VPS:
Exposed ports:
$ ss -ntlp State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=4084094,fd=3)) LISTEN 0 4096 0.0.0.0:443 0.0.0.0:* users:(("conmon",pid=3436659,fd=6)) LISTEN 0 4096 0.0.0.0:5355 0.0.0.0:* users:(("systemd-resolve",pid=723,fd=11)) LISTEN 0 4096 0.0.0.0:80 0.0.0.0:* users:(("conmon",pid=3436659,fd=5)) LISTEN 0 4096 127.0.0.54:53 0.0.0.0:* users:(("systemd-resolve",pid=723,fd=19)) LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=723,fd=17))Redacted list of containers:
$ podman container ls CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [...] docker.io/tootsuite/mastodon-streaming:v4.3 node ./streaming 2 months ago Up 2 months (healthy) social_streaming docker.io/eqalpha/keydb:alpine keydb-server /etc... 2 months ago Up 2 months (healthy) cloud_cache localhost/podman-pause:4.4.1-1111111111 2 months ago Up 2 months 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp 1111111111-infra docker.io/library/traefik:3.2 traefik 2 months ago Up 2 months 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp traefik docker.io/library/nginx:1.27-alpine nginx -g daemon o... 3 weeks ago Up 3 weeks cloud_web docker.io/library/nginx:1.27-alpine nginx -g daemon o... 3 weeks ago Up 3 weeks social_front [...]
Seems to be a Pixelfed instance.
I don’t know how to contact them but they put the URL for https://milpamerica.org/ wrong. It has an accent. Such a missed opportunity to promote it.
I tried this in the past and it does not seem a good option. Letting a smartphone record 24/7 would make it melt maybe.
Their code repository is still active. So worth giving a look.
Thanks. this opens up more devices to choose from. So products like hikvison are a candidate for me now.
What hardware is it compatible with?
Yes I may, I don’t have it setup now, but I do have an ultra PC that might run it.
It would be best if I don’t have to create an account or install a proprietary app to perform the initial setup.
I still haven’t found any AMCrest camera being sold near me. I found some Hikvison.
I made some reasearch for avalable hardawar near me and found this one Hikvison DS-2CD1053G0-I
I’ll keep looking for ones that are more inside friendly.
Many thanks!
What camera hardware is compatible with Soteria?
There is now podman compose that can read and use docker-compose files. As for importing, I cannot tell.
This looks like a provisioning command to expand disk to fill allocated space of your VPS.
The list is getting bigger and bigger. That is a good thing. But it now gets harder and harder to explore. More details on the list would help a lot.