hi
I would like to cleanup my home server and start to use SWAG.
I am using nextcloud, syncthing, home-assistant, unifi-controler as docker containers from LSIO. And nginx from linux distribution as reverse proxy now.
I decided setup separate rasperry pi 4 as test server where I would like to practice and learn how to deploy swag on my home server.
- I did create bridge network:
sudo docker network create kontainers - I am connecting each container to that network adding following lines at the end of docker-compose.yml
networks:
default:
name: kontainers
external: true
-
for example, configuration for home assistant is using
network_mode: host
I did commented that out because I dont need that and all my things are working -
SWAG, I did enable subdomain config for each service and did check if app name is same as container name.
question #1
all containers are on same network kontainers so they can ping each other. I think it is necessary for SWAG to access containers by name resolved from DNS.
- is it ok from security point of view ?
- is it docker way ?
- or should I configure each container in separate network and connect SWAG to all networks ?
question #2
containers expose PORT for web gui, but I am connecting over SWAG using subdomain, so only SWAG needs to access container over that PORT.
I think that I can comment out that configuration from compose file. Is that correct?
question 3
I am using firewalld and it is not clear to me if I need to enable masquerade on public zone {there are two active zones, public and docker}.
for example: I have postgresql on host and nextcloud container is connecting it using host IP. So masquerade is necessary in this case. Or is there better way?
thank you for comments, ideas …