I understand that. I didn’t call FUTO FOSS…
I understand that. I didn’t call FUTO FOSS…
I wasn’t meaning to conflate the two, as I see your point. I didn’t claim it was FOSS, just that the source was available.
I know for me, I don’t mind using software that is licensed so that it doesn’t directly fall under FOSS. I just like the availability to view the source vs closed source software being a total black box.
I have no plans to monetize their work, nor fork it, only use it.
I haven’t gotten around to setting it up yet, but for a google photos type self hosted setup there is Immich which looks promising!
I know I don’t want to open up any more ports than I have to, but you’re right, that does sound like another alternative to setting up VPN.
Since I access more than just my pihole when connected to my home network. And because I want access to my home services, and don’t want to open up access to the public, opening one port and connecting to VPN is the way to do it. I have one port opened up for my VPN, and in order to connect you have to have my IP or my domain pointed at the IP, and you have to have a Wireguard profile setup, and know what port is open. So that does help a tad bit with my security concerns.
Edit: how would I go about that if I felt so inclined? Any tips?
I want to self host more, but power draw is a concern.
So I have gone the route of running to Pi 4 8gb models as my hosts of choice.
So far I am hosting:
Non-Docker:
Docker:
There are a few other services I want to get up, but I haven’t gotten around to it:
As to why:
You can still use PiHole as your DNS when not home if you setup a VPN. For me that was the route I went.
That worked, thank you!
I don’t know what I was expecting, but a CAP file wasn’t it. I thought it would have just been a BIN file of sorts. Though, I guess now that I think about it, it has been a while since I have done BIOS updates in any other way than through an executable running some sort of flasher mechanism.
Thanks!
Looks like for my mobo they offer an exe, but also a CAP file, which may be a bios update file, who knows. More research needed I suppose.
However, I am at least on the latest as of now since it was back in May that my bios last had an update, and I only switched in the past month.
I haven’t investigated updating via USB for my bios. But that likely is the least fuss way to do it.
I will likely have to do some tinkering, and more reading up on this from the documentation I am thinking. I am getting HTTP 200 statuses basically across the board. When going to the FQDN it doesn’t redirect to the PiHole admin page like I was expecting. Again, likely some configuration that I have wrong.
Begrudgingly 2 of the 3 are Google email addresses, and 1 is a Microsoft email address. I will however be ditching both of those providers for something a bit more privacy focused soon and making those addresses burner addresses.
Shows in traefik, no errors there.
I hate to report back, but something isn’t quite working for pihole behind Traefik.
running “docker logs traefik” returns no error, and yet no certificate was presented to my pihole.
Not sure what else I might be missing or that I might have wrong.
I will give this a shot! Thank you for the help. I will report back, in hopes that between your knowledge and my fumbles that someone else too can learn from this!
so in my traefik.yml file I have cloudflare set as my certresolver as follows:
certificatesResolvers:
cloudflare:
acme:
email: email@example.com
storage: acme.json
caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
# caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
dnsChallenge:
provider: cloudflare
#disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all aut>
#delayBeforeCheck: 60s # uncomment along with disablePropagationCheck if needed to ensure the TXT record is ready before verification is attempted
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
And I had to get the secret mounted via the docker-compose file.
So where you have:
tls:
certResolver: examplecom-dns
Do I have to redefine all of the same information I did in my Traefik yml but in this separate config.yml?
(I did set it up in my traefik.yml and docker-compose.yml to mount and use this config, which I had commented out for later use.
Thank you so much for the help!
Edit:
Essentially I am trying to get my PiHole which is hosted on another pi setup with an SSL cert for local use only:
So in looking at your config I tried using:
http:
routers:
pihole-rtr:
entryPoints:
- https
service: pihole-rtr
rule: "Host(`ph.local.domain.com`)"
tls:
certResolver: cloudflare
services:
pihole-svc:
loadBalancer:
servers:
- url: "http://<ip>/admin"
However when doing this error logs returned:
2024-07-08T15:04:27-04:00 ERR error="the service \"pihole-rtr@file\" does not exist" entryPointName=https routerName=pihole-rtr@file
2024-07-08T15:04:28-04:00 ERR error="the service \"pihole-rtr@file\" does not exist" entryPointName=https routerName=pihole-rtr@file
I am doing something very wrong… And feel a little lost.
Would the file provider configs live on the Traefik server, or would they need to be on the external service. Reading through this, and looking at the example configuration files doesn’t really seem to point that out. Sorry for the noob questions.
Trying to understand this, but the way the documentation is written is different than I am used to.
Thank you!
I want to investigate it. I know it works well on my laptop, which the big difference in the 2 is that one is an Nvidia GPU and the other an Intel Integrated. So it could be video related. Who knows.
Thank you all the same!
Guess I won’t be playing Playstation games.