I'm trying out a home server with debian installed. I've also installed https://yacht.sh/docs/Pages/Applications and am now going to make a postgres docker. I'm not familiar with yacht.sh I'm just trying it out. But I want a docker postgres server for my random scripts to connect to. For that purpose, which network mode would be best for this? I'm generally familiar with docker in an amateur sense, this is just a hole in my knowledge.

I'm reserving a native debian install of postgres for a different purpose.

I'm open to unrelated suggestions about what to install on my new home server. Samba is already installed, Jellyfin is next after this.

  • invanity [none/use name]
    ·
    edit-2
    2 years ago

    Some ideas, you could create a wireguard VPN so you can connect to your home wifi network from outside the home. And you could run some kind of torrent client in a container which is bridged through an anonymizing VPN.

    I've had it in mind to do the latter someday. I'd like it to be able to drop torrent files/magnet links through some web interface from any device, and then it would handle downloading the torrent and automatically disconnect after it reaches some upload ratio.

    • facow [he/him, any]
      ·
      2 years ago

      Yeah that's a super fun project. Most clients already have images with bundled VPNs. I like arch-delugevpn. There's a webui and Android thin clients. Then you can get even further into automating getting media with sonarr/radar and overseerr.

  • Sphere [he/him, they/them]
    ·
    edit-2
    2 years ago

    I believe you need to set the network mode to host to allow scripts run on the host to connect with docker containers running in the daemon on that host. I could be mistaken (or maybe things have changed since), but I remember being unable to use certain fancy automatic devops stuff for a web application I was working on because I couldn't use host network mode.

    Edit: apparently I'm wrong; never mind

    • ForteanCum [comrade/them]
      hexagon
      ·
      2 years ago

      eventually I figured out bridge mode gives each container (or the bridge itself? idk) it's own IP address and that mostly Just Worked™.

      • invalidusernamelol [he/him]
        ·
        2 years ago

        Yeah, bridge is good because it allows the containers to communicate using their container IP while you can access them using the host IP and container port.

        Also recommend throwing Nginx or Nginx proxy manager on there to help you manage routing and domain names. If you create a record in your router you can point it to your host machine then let Nginx figure out which container and port it is by reading the URL.

    • ForteanCum [comrade/them]
      hexagon
      ·
      2 years ago

      I think I forgot to mention, my scripts will probably mostly not be inside docker containers, is that an issue for which network type to select?

      • chickentendrils [any, comrade/them]
        ·
        2 years ago

        As long as you define a port for the container (not familiar with yacht, but eg add a ports section to the compose file) the DB engine will be reachable on localhost at that port.

        Eg for postgres' default ports.

         ports:
            - "5432:5432"
        

        If there's no firewall on the docker daemon host, and no IP range restrictions in postgres' configuration, this would also be reachable from other machines on your local network.

        • Sphere [he/him, they/them]
          ·
          edit-2
          2 years ago

          My understanding is that what you're describing does not work when a container is in bridge network mode; in my experience the behavior you're talking about requires that a container be in host network mode.

          • chickentendrils [any, comrade/them]
            ·
            edit-2
            2 years ago

            Seems OK in bridge mode, though I am running a few months behind latest for docker itself

            https://hexbear.net/pictrs/image/AEj1GMKo5E.png

            I use podman in prod and docker locally since podman wasn't playing nice with WSL