I mustn’t be communicating well, but that’s fine.

OK, yah, that’s what I was getting at.

I was getting more at stacks on a host talking, ie: you have a postgres stack with PG and Pgadmin, but want to use it with other stacks or k8s swarm, without exposing the pg port outside the machine. You are controlling other containers from interacting except on the allowed ports, and keeping those port from being available off the host.

I assume #2 is just to keep containers/stacks able to talk to each other without piercing the firewall for ports that aren’t to be exposed to the outside? It wouldn’t prevent anything if one of the containers on that host were compromised, afaik.

“All your containers are belong to us.”

You might consider using something like Cloudflared or Tailscale’s Funnels to proxy the connections through to prevent DDOSing and apply ACLs. You can still use your domains with those.

Been using this for years, runs like a top.

Easydns.ca

Well, I know you can define volumes for other filesystem drivers, but with bind mounts, you don’t need to define the bind mount as you do, you can just specify the path directly in the container volumes and it will bind mount it. I was just wondering if there was any actual benefit to defining the volume manually over the simple way.

Is there any advantage to bind mounting that way? I’ve only ever done it by specifying the path directly in the container, usually ./data:data or some such. Never had a problem with it.

Jupiter Broadcasting? Still alive and kicking. Not sure what you mean by digitial ocean, thry had merged with Linux Academy for some odd reason, then A Cloud Guru bought LA, then Joe Ressington got shitcanned for using a very british slang in a meeting and seemed like right after that Chris took it back independent and he kept on with LUP, Selfhosted and a couple others I don’t listen to.

Ressington has gone on to make what I think is a very successful Linux podcasting network, Late Night Linux, certainly enjoy their shows. I’ve been a patron of his stuff for several years now, and there’s a good bunch of people hosting those shows these days.

Just glancing through that guide:

OPNsense instead of Pfsense, because pfsense is going to rugpull, it’s just a matter of time. I wouldn’t trust the twats that run it farther than I could throw them because they’re pretty silly people. Rossman suggests exactly this in the intro to the router section, he would change if he hadn’t been using it for a decade already. Unfortunately, a lot of this guide is focussed on how to do it via pfsense and if you’re brand new, you’re going to have to figure out how to do it in OPNsense yourself.

Wireguard/Tailscale instead of openvpn. Faster and way easier to set up. Don’t even try to set up a full LAN routed VPN, just use Tailscale for the services you want. And use it for everything and everyone instead of punching holes in the firewall.

He’s definitely right about mailcow; if you’re reading that guide for information, you are not a person that should be self-hosting email.