Hi DB Tech, i've a small question. I'm using Access List for Bitwarden and i allowed just my public ip adress for accees. Also i'm using cloudflare for cname for bitwarden. The question is that, as you know if we are using reverse proxy + cloud flare, access via cloudflare ip adress to bitwarden, that's why access is not working. Because trafiic caming from cloud flare ip. That's mean acces will not possible because we allowed just my public ip. How do you manage this for you?

Hi there. How do you setup alerts in Zabbix?

How will binding docker ports to 127.0.0.1 even work? My reverse proxy isn’t on the same system as my docker containers….

Good tip!

Much appreciated!

Glad it helped! I've only been using allow lists for a VERY short amount of time. Figured if I was going to talk about server security, I should probably implement some on my own server :)

Good to hear!

@@DBTechYT Ps: Can you do a video about backing your server up? I tried a few days ago and had many issues :') ((Hyped about the upcoming vids!))

It's on my list to make that video soon

I think you're right

Wow, thanks!

Glad to help!

I don't have a video on that yet. I'll see about getting one up in the next week or so

@@DBTechYT that would be great.

I would also love a video on how to make backups. What to backup. How to automate the process.

@@GlenBland If you're using docker then you just backup your volumes (I think the default location is /var/lib/docker/volumes) or whatever bind mounts you created for example my data is stored in /media/usb/docker-data so as long as everything in there is copied I'm good, there might be something better but personally I just use rsync with an external usb drive because it's easy.

I've had several requests about setting up CloudFlare just from this video, so I think my video this Friday will be about setting up CloudFlare. Thanks for watching!! Much appreciated :)

DB Tech awesome thanks. I want to update to use that and proxy manager. Currently using swag but I think will like this setup better.

I need to look into Swag just so I'm familiar with it, but I really like my current setup :)

Hey! So I would actually consider using CloudFlare Tunnels instead of NGINX at this point (this is an older video) as CloudFlare tunnels doesn't require you to do any port forwarding and works behind cgnat setups. As far as backups are concerned, you can do local backups if you have another computer to setup as a backup server or you could use something like BackBlaze (that is Linux compatible) for off-site backups.

@@DBTechYT thanks for the help! That's awesome. I shut off my port forwarding. I'll work on security and then bring my server back up. I have backblaze, but the unlimited plan doesn't cover Linux servers. It's way too expensive.

Thanks for the info! I figured there would an actual need for port 80 but didn't think about it just being there for verification purposes :)

My ISP block port 80. But it allows to open port 443. So I don't think using proxy manager on my network with only port 443 would work.

Glad to hear that!

Does anyone has a solution? Except from disabling acces list for nextcloud

I had actually planned on making it yesterday, but I felt like garbage. Going to make it for Monday :)

Thanks for watching!!

Yeah. I actually touched on it once in a video several months ago, but I need to make a dedicated video for it I think.

@@DBTechYT I am going to look for it I saw and follow the one that you did cloud flare nginx but don't remember seeing how to update the ip on cloud flare if my isp change it. Great work nan. I am working whit a raspberry pi oMV docker portainer and several container thanks to you.

I'm going to make a video for Friday that will talk about setting up CloudFlare :)

@@DBTechYT thanks

This would be great and I was just researching this topic. Showing how to update CloudFlare IP addresses if you have a domain name would be great. I’ve seen how to do it using something like duck ddns or no-ip, but that seems like a unneeded step if you have your own domain.

If you plan on using duckdns then you don't need to use Porkbun. You only use Porkbun to buy your own custom domain. You use CloudFlare and NGINX Proxy Manager for SSLs. Also, you can't hide your IP address if you use DuckDNS, which is less secure.

@@DBTechYT thank you so much for your quick reply. For that I would like to use porkbun, for safety reason. But I did not get how to create SSL cert. I saw your link in github regarding the Nginx proxy manager and I did not get if it is safe or not. However I would like to keep as simple as possible. So, if I create a domine with porkbun, with cloudflare I will be OK (safe) with the ssl certificate or not, as it is still missing something?

Go watch my WordPress video. It shows how to host a website

@@DBTechYT Cheers!!!

My apologies but I cannot understand if Nginx proxy manager is necessary in my case with openVPN.

it's just the state of the internet right now. bots looking for ANYTHING they can do something with.

I use Cloudflare Tunnels to remotely access my services. Doesn't require ANY port forwarding and you get all the benefits of Cloudflare's security

I only have ports 80 and 443 open on my router/modem. All the traffic goes to NGINX Proxy Manager and it routes the traffic. Thanks for the tip on expose. Several People have asked about backups as a result of this video. I'm going to try to release that video on Monday. Thanks for watching!

@@DBTechYT That's what I said at the beginning, if you're running docker containers at home behind a router this method is not needed. So your setup on the show doesn't need to do this of course ;) _My point is_ if you're running docker instances on say Digital Ocean or Vultr or Amazon AWS where you don't have the protection of a router masking your internal network ip addresses and ports, this method would reduce your port exposure to the internet. So Nginx Proxy Manager would have say nextcloud.yourdomain.com linked to 172.40.0.3:888 instead of 192.168.1.35:888, if the docker compose _internal port and docker ip_ is 172.40.0.3 with port 888

@@DBTechYT Hello! First of all, thanks for the great work you are doing! :-) I have setup nginx and omv now, and using cloudflare, but I am strugling a bit on how to configutre my router ports the correct way...I think. I have followed your tutorial, but when accessing my sub-domain that should lead to omv, I am only getting the login-screen for nginx...

You need to forward ports 80 and 443 to your server with NGINX proxy manager on it. Then, NGINX proxy manager will be configured to forward from there to the respective application. Check out this video to see the order in which I do things of setting up my domain, application, NGINX, etc.: kzbin.info/www/bejne/aIiakopmiNKrraM Also, it's better to not reply to someone else's comment to get an answer. It was only happenstance that I ran across this comment. Please be sure to create a new comment thread for questions in the future. Thanks!

expose doesn't have any operational impact tho. It's just informal, so basically you don't even need that

I think you've got some of your terms mixed up. A filesystem is the methods and data structures that an operating system uses to keep track of files on a disk or partition. I only use the EXT4 filesystem on my system. RAID is a way to configure hard drives to act as a single pool of data storage. I don't use RAID on my system. To make an attempt at answering your question as I think I understand it, I have my configuration folders and files in one specific location that is typically away from my data because I like to keep things organized in a way that makes sense to me. I don't want to put my configuration files in with the files I'm uploading as it becomes a nightmare to figure out what is what in regards to files uploaded by me or someone else and what is an application file. It's just the way I've decided to organize my Docker containers. It makes sense to me. I don't think there is any 1 right way to do things as long as everything is working and you can keep backups of your data.

I use Bookstack for notes. I showed those IPs on purpose for the sake of the video

You're right!! Thanks for reminding me. I updated the description and the blog post. Here's the link: medium.com/@gurayy/set-up-a-vpn-server-with-docker-in-5-minutes-a66184882c45

x86 Playlist: kzbin.info/www/bejne/d2bGnIdtpd2lhLs Raspberry Pi Playlist: kzbin.info/www/bejne/iorIqKx3gJt6o7M

Yes. You can use CloudFlare's DNS to do this

@@DBTechYT justing Ip address no domain. I Setup a nginx revise proxy in the cloud. not sure how to config it on my he server.

Nope. Cloudflare has never paid me for anything. I have never received anything from Cloudflare. No money, no merch, no free service. Nothing. Go back to stealing content from The Simpsons.

Thanks for watching!

You probably aren't giving the DNS mode enough time to propagate and/or you're having DNS caching issues.

@@DBTechYT cheers ill have a look at both of these things

@@DBTechYT problem found. Moved to new ISP and found out they block incoming ports. Had to get them to remove it.