Hi,
I'm planning on setting up some docker containers on my home and small business network, and since I'm not an expert, I looking for some opinions on how to do it the way I'm thinking about it.
Basically let's say that I would prefer not to have a monster VM running all docker containers. I'm interested in segregating roles and have multiple hosts for each one role.
These hosts will be setup as proxmox VMs, and let's say for example I'll have the following hosts/containers:
linux01 (frontends):
- nginx-proxy-manager
- portainer
linux02 (services):
- owncloud
- dyndns-update
- uptime-kuma
linux03 (dev-tools):
- git-server
- jenkins
linux04 (self-development):
- web-app1 (network-a)
- mysql (network-a)
- web-app2 (network-b)
- mysql (network-b)
So for example the nginx-proxy-manager will be the reverse proxy, providing SSL certificates, and will proxy the requests for:
- owncloud @linux02:80
- web-app1 @linux04:8081
- web-app2 @linux04:8082
Since I'm no expert on this docker container subject, and to keep some level of security, I would configure firewall connection on hosts linux02 & linux04 to only accept incoming connections from the linux01 host, and for those required ports. That way, one could only access for example web-app1 from the linux01, expecting it to be from the nginx-proxy-manager service.
There must be for sure better ways to accomplish this, I've been reading about overlay networks, or kubernetes, but not sure if it would be the right tool for the job, if that's the way-to-go, or if it would make all this a more complex process.
I would very much appreciate some opinions of what would be better, looking forward to learn more about this subject.
Thank you for your attention and opinions.
I'm planning on setting up some docker containers on my home and small business network, and since I'm not an expert, I looking for some opinions on how to do it the way I'm thinking about it.
Basically let's say that I would prefer not to have a monster VM running all docker containers. I'm interested in segregating roles and have multiple hosts for each one role.
These hosts will be setup as proxmox VMs, and let's say for example I'll have the following hosts/containers:
linux01 (frontends):
- nginx-proxy-manager
- portainer
linux02 (services):
- owncloud
- dyndns-update
- uptime-kuma
linux03 (dev-tools):
- git-server
- jenkins
linux04 (self-development):
- web-app1 (network-a)
- mysql (network-a)
- web-app2 (network-b)
- mysql (network-b)
So for example the nginx-proxy-manager will be the reverse proxy, providing SSL certificates, and will proxy the requests for:
- owncloud @linux02:80
- web-app1 @linux04:8081
- web-app2 @linux04:8082
Since I'm no expert on this docker container subject, and to keep some level of security, I would configure firewall connection on hosts linux02 & linux04 to only accept incoming connections from the linux01 host, and for those required ports. That way, one could only access for example web-app1 from the linux01, expecting it to be from the nginx-proxy-manager service.
There must be for sure better ways to accomplish this, I've been reading about overlay networks, or kubernetes, but not sure if it would be the right tool for the job, if that's the way-to-go, or if it would make all this a more complex process.
I would very much appreciate some opinions of what would be better, looking forward to learn more about this subject.
Thank you for your attention and opinions.