The local block storage will match what is already provisioned in your server type as it is local to the machine your vps is on, so on my NVME server i got NVME storage, benchmarked exactly the same
Beiträge von Casstg
-
-
Im not sure on the OP UFW setup but the first thing is do is lock down UFW so docker ports do not bypass the firwall. This is security 101 with regards to docker.
Follow this guide below and amend the lines to match your docker network IP. i.e lets say you set a custom network on 172.20.0.0/12 then ammend any lines that say 192.168.x.x with this ip instead
Lock down Docker Ports with UFW
Now rather than open port 80 443 to the whole server, further down the guide they explain how to use forward rules to the docker chain.
I Have servers with either SWAG or NPM so it works with either. so lets Say you have given a fixed docker IP of 172.20.0.100 to NPM, the forward rules would then be:
Codeufw route allow proto tcp from any to 172.20.0.100 port 80 ufw route allow proto tcp from any to 172.20.0.100 port 443 ufw route allow proto tcp from any to 172.20.0.100 port 81
This will now forward those ports directly to NPM and no where else on your server.
Whatever ports you publish now will only be reachable if you add a forwad rule like above otherwise they gain no access
Regarding Port 81, you only need this for initial setup, what you should do is set up a proxy host in NPM for NPM itself, add the SSL then access via the domain name. You can then remove the forward rule for 81.
With regards to Wireguard, i use a Wireguard and Wireguard-UI Stack and this works perfectly. i can give you the docker run command to see how they link, but basically the UI container actually connects to the Wireguard docker and its UI ports are published there. You then add a proxy host in NPM for the webui so its secured and add another forward rule like below
Lets say you have given the Wireguard Docker IP 172.20.0.50 and UDP port 51820, you would then publish a forward port as follows
Obviously you can change"any" to a specific IP only if that suits.
If you want to add an extra layer of security then throw all your WEBUI dockers that dont need to be accessed from anyone else behind Authelia Docker 2FA. That locks it down nice and tight but is a pain to setup for the first time, and is a lot easier to setup with the SWAG proxy container than NPM
-
Wireguard can be a right pain, however i use two docker containers and it became a breeze and you can throw up instances really quickly. To be fair i run 4 dockers as i use NPM for SSL certs and proxying and 1 Authelia Docker to put the webui behind 2FA) however technically you can spin up the 2 dockers for Wireguard and Wireguard UI, do all your config in the ui (including downloading the connection files or scanning QR codes if mobile) and then just stop the wireguard UI docker until you need to add delete or make other changes. Doing it the latter way would take no time at all (up and running in less than 5 mins) and i can post the working docker run commands if any one is interested.
-
Hi
Have several roots servers and a few ARM servers elsewhere, looking at your ARM servers i wanted to clarify the Actual Bandwith
On the details page it states if the traffic averages 1000MBits/s in 24 hours then it will be temporarily reduced to 200Mbps
However if you add the item to cart, the agreement becomes "if the traffic averages 200Mbits/s in 24 hours then it will be temporarily reduced to 200Mbps"
-
I was wondering if something was up, Backups are at a crawl going out of the server, and my speed test to the server is seeing a fraction of the normal speed with high ping times
Codetraceroute google.com traceroute to google.com (142.250.186.142), 30 hops max, 60 byte packets 1 202.61.xxx.x (202.61.xxx.x) 0.487 ms 0.459 ms 0.434 ms 2 ae3-4019.bbr02.anx84.nue.de.anexia-it.net (144.208.211.10) 58.835 ms 58.819 ms 58.804 ms 3 ae0-0.bbr01.anx84.nue.de.anexia-it.net (144.208.208.139) 62.090 ms 62.112 ms 62.097 ms 4 ae2-0.bbr02.anx25.fra.de.anexia-it.net (144.208.208.141) 118.603 ms 118.584 ms 118.890 ms 5 209.85.149.86 (209.85.149.86) 61.905 ms 61.981 ms 61.965 ms 6 * * * 7 fra24s07-in-f14.1e100.net (142.250.186.142) 62.330 ms 142.250.62.150 (142.250.62.150) 62.600 ms fra24s07-in-f14.1e100.net (142.250.186.142) 62.669 ms
Code
Alles anzeigentraceroute de.pool.ntp.org traceroute to de.pool.ntp.org (194.25.134.196), 30 hops max, 60 byte packets 1 202.61.xxx.x (202.61.xxx.x) 0.556 ms 0.531 ms 0.475 ms 2 ae3-4019.bbr02.anx84.nue.de.anexia-it.net (144.208.211.10) 66.453 ms 66.426 ms 66.398 ms 3 ae0-0.bbr01.anx84.nue.de.anexia-it.net (144.208.208.139) 65.044 ms 65.018 ms 65.041 ms 4 ae2-0.bbr02.anx25.fra.de.anexia-it.net (144.208.208.141) 65.883 ms 65.901 ms 65.977 ms 5 80.156.161.185 (80.156.161.185) 64.876 ms 64.851 ms 64.826 ms 6 f-eb4-i.F.DE.NET.DTAG.DE (62.154.16.102) 64.814 ms f-eb4-i.F.DE.NET.DTAG.DE (62.154.16.218) 64.778 ms 64.938 ms 7 * * * 8 80.156.161.230 (80.156.161.230) 63.899 ms 63.981 ms 64.139 ms 9 172.29.2.6 (172.29.2.6) 68.981 ms 69.034 ms 69.048 ms 10 ntp1.sul.t-online.de (194.25.134.196) 68.744 ms 68.571 ms 68.700 ms