view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
I will absolutely start doing more research on firewalls, thank you for the suggestion. That's exactly the kind of obvious thing that I was afraid I would miss.
Dnsmasq is actually already built-in to Pi Hole, I'm pretty sure that's how it redirects advertiser domains to 0.0.0.0 and handles DHCP. I see that I can add more local domains right from the web interface. I didn't realize I could give each containers its own local IP addresses, though. That would make getting to local services much more clean and simple.
I don't have a static IP, and I'm certainly not keen on giving my ISP any more money. I'll look more into DDNS services too.
Keep in mind that docker can bypass iptables-based firewall like UFW. When in doubt, do a port scan from an external machine to check which ports are actually open to the internet.
I haven't gotten in to containers yet, but there should be some way to let each one use a unique IP. At the very least, give your Pi multiple addresses and then have the service in each container only listen on its assigned address.