I was recently thinking about setting up a transparent squid proxy at router level, I’m curious if it could be useful in this context.
I was recently thinking about setting up a transparent squid proxy at router level, I’m curious if it could be useful in this context.
Do you mean I should monitor my email server running on a XP?
!RemindMe 1 week
I mean, we trust Root Certification Authorities, which are basically self-proclamed-as-trusted entities. At least CF became widespread and is community-trusted :)
I considered it, seems nice.
Problem is that they recommend a 12 physical cores and 12GB which is a waste for the usual selfhosted lab.
Since I was feeling bad for giving the wrong answer in another comment, I spin up a docker socket proxy and did some test :)
The main points are:
Here’s a sample compose file, adjust to your needs. Please note that the tcp socket is not exposed outside of admin_net
network and that glances does not have access to the docker.sock
socket:
version: '3.3'
services:
admin-glances:
container_name: glances
restart: always
ports:
- '61208:61208'
environment:
- GLANCES_OPT=-w
- DOCKER_HOST=tcp://dockerproxy:2375
volumes:
- './glances/glances.conf:/glances/conf/glances.conf'
# - '/var/run/docker.sock:/var/run/docker.sock:ro'
pid: host
image: 'nicolargo/glances:latest-full'
networks:
admin_net:
admin-docker-socket-proxy:
container_name: dockerproxy
hostname: dockerproxy
image: tecnativa/docker-socket-proxy
environment:
- CONTAINERS=1
volumes:
- '/var/run/docker.sock:/var/run/docker.sock:ro'
# ports:
# - '2375:2375'
networks:
admin_net:
networks:
admin_net:
name: admin_net
Thanks, very interesting read. I’ve been to ESXi for 15 years more or less (first box was an atom miniitx vanilla board) but you really made me interested in PVE. As if I needed another project…