excellent reply

I just use the UDM-SE App (Teleport). I can connect on demand and get to all of my services, get adblocking while I’m out and about. Teleport on ubiquiti is just wireguard renamed.

I don’t need to expose any services from my home network, because I’m the only one using them. If It wasn’t just me, I’d just have them download the wifiman app, send them a teleport link and boom…they’re in on the local network. Exposing “services” for a convenience factor is just too much of a security risk for myself.

I host all of my websites on github (free) and leverage vercel for CI/CD pipelines (again, free). Domains are the only thing public and that I pay for. (local dns reasons for lets encrypt certs) and for my public websites not associated with my home infrastructure.

I can give you an idea of what I do:

I use a clustered 2 node setup on proxmox (modified corosync as I don’t care about true HA - that way I can reboot node 1, and node 2 stays up and works fine), centralized management, etc…and I don’t have a quorum device, I’ll eventually add a 3rd node and fix it proper.

I backup the bind volume /data + /appdirs, plus all infra is in compose files/stacks, so I don’t care if I lose all the data. It just costs time to resetup, working on ansible eventually to lessen that.

So I just split the resources between the two nodes:

1.) Proxmox Node 1

• LXC PiHole
• Big Ubuntu 22.04 LTS VM running docker + docker compose, main portainer + a lot of other various containers under this.

2.) Proxmox 2

• LXC PiHole 2 for HA.
• Big Ubuntu 22.04 LTS VM running docker + docker compose, portainer agent + Plex Media ARR Apps. My “download client” runs behind gluetun and only functions if the VPN connection is active, otherwise the connection is killed. (think wireguard vpn container)

I literally got all of this setup in ~4 days and previously didn’t know anything about proxmox, or much about docker at all. Granted I am on vacation at the moment, so there is that…unlimited time.

I can share my giant plex-arr docker compose file I’ve came up with for this, made it myself and it all works assuming you rename a few of the variables.

here is my stack config for portainer, or otherwise known as docker-compose.yml if you prefer that route. I added notes after # for reminders for myself, maybe they help you.

Portainer -> Stacks -> Add Stack:

Name: nginx-pm

Paste this in web editor:
#####################################################################################

#####################################################################################

##

## Docker Compose File: NGINX Proxy Manager

## Function: Reverse Proxy

##

## Documentation: https://nginxproxymanager.com/setup/#running-the-app

## https://nginxproxymanager.com/

##

## Updating NGINX? Make sure to backup v1/data + v1/letsencrypt from Ubuntu VM,

## then make sure volume mapping reflects v1 data, not v2/v3 as it creates

## new ones every update/redeployment. It's bugged.

#####################################################################################

#####################################################################################

version: '3.8'

services:

app:

container_name: nginx-pm

image: 'jc21/nginx-proxy-manager:latest'

environment:

- PGID=1000 #echo $GID to get this

- PUID=1000 #echo $UID to get this

ports:

- '80:80'

- '81:81'

- '443:443'

volumes:

- /home/YourUSERNAMEHere/data/nginx-pm:/data #host:container mapping

- /home/YourUSERNAMEHere/data/nginx-pm/letsencrypt:/etc/letsencrypt #host:container

logging:

driver: "json-file"

options:

max-file: "10"

max-size: "200k"

restart: unless-stopped

Same here, update failed.

I use a custom domain for everything…email, internal dns, external (cf tunnels), and my public websites. I use to use AWS Route 53 for everything because of work, but moved to CF because it’s free and much easier to setup and manage.

For local devices I use *.local.domaingoeshere.com (wildcart cert), issued by cloudlfare. In retrospec I should have used *.int.domain.com as it would be less typing…but everything is categorized and bookmarked anyway.

sounds like a good time to sell my TUF 4090 and grab a 7900 XTX lol.