psychowood

joined 1 year ago
[–] psychowood@alien.top 1 points 11 months ago (1 children)

Thanks, very interesting read. I've been to ESXi for 15 years more or less (first box was an atom miniitx vanilla board) but you really made me interested in PVE. As if I needed another project...

[–] psychowood@alien.top 1 points 11 months ago

I was recently thinking about setting up a transparent squid proxy at router level, I'm curious if it could be useful in this context.

[–] psychowood@alien.top 1 points 11 months ago

Do you mean I should monitor my email server running on a XP?

[–] psychowood@alien.top 1 points 11 months ago

!RemindMe 1 week

[–] psychowood@alien.top 1 points 11 months ago (10 children)

I mean, we trust Root Certification Authorities, which are basically self-proclamed-as-trusted entities. At least CF became widespread and is community-trusted :)

[–] psychowood@alien.top 1 points 1 year ago (1 children)

I considered it, seems nice.

Problem is that they recommend a 12 physical cores and 12GB which is a waste for the usual selfhosted lab.

[–] psychowood@alien.top 0 points 1 year ago (1 children)

Since I was feeling bad for giving the wrong answer in another comment, I spin up a docker socket proxy and did some test :)

The main points are:

  • add DOCKER_HOST variable pointing to your tcp socket
  • add CONTAINERS=1 variable in docker-socker-proxy to allow reading containers, otherwise it will fails silently (unless you run glances with -d) with a 403

Here's a sample compose file, adjust to your needs. Please note that the tcp socket is not exposed outside of admin_net network and that glances does not have access to the docker.sock socket:

    version: '3.3'
    services:
      admin-glances:
        container_name: glances
        restart: always
        ports:
          - '61208:61208'
        environment:
          - GLANCES_OPT=-w
          - DOCKER_HOST=tcp://dockerproxy:2375
        volumes:
          - './glances/glances.conf:/glances/conf/glances.conf'
    #      - '/var/run/docker.sock:/var/run/docker.sock:ro'
        pid: host
        image: 'nicolargo/glances:latest-full'
        networks:
          admin_net:
    
      admin-docker-socket-proxy:
        container_name: dockerproxy
        hostname: dockerproxy
        image: tecnativa/docker-socket-proxy
        environment:
          - CONTAINERS=1
        volumes:
          - '/var/run/docker.sock:/var/run/docker.sock:ro'
    #    ports:
    #      - '2375:2375'
        networks:
          admin_net:
    
    networks:
      admin_net:
        name: admin_net