Hi Jim. I just love your videos! Already subscribied as soon as I saw your first video. Keep up the good work! But may I request a new video? I would like to see a dedicated video regarding the security and accessibility for all your containers. Or some kind of advice on which one do you expose to the internet and how do you manage to access them from the internet (do you use VPN, or Authelia/Authentik with Traefik). Is there a way to access all our infrastructure securely and easily? My vision and what I would like to see is block all trafic from internet except the dashboard. This dashboard will be secured with user/password and 2nd step verification. And all my services will be accessed from this dashboard (like using the dashboard as a proxy). Is this scenario possible?
Really appreciated the feedback, Joel. Have you seen some of my earlier videos where I show you how to install CrowdSec to protect your proxy, how to install and configure wireguard/headscale to provide VPN access in case you don't want to expose services, also Authelia to add additional layers of protection to your existing containers? For your scenario, I wouldn't expose your dashboard to the internet. I'd follow my WireGuard video and create a split tunnel. That will allow you to access your dashboard from anywhere, securely over the VPN, and still route to the internet locally (i.e., if you're using a mobile device). If you really do want to expose it, then implement CrowdSec and Authelia as a minimum.
@@Jims-Garage Yes, I saw you other videos. But each one of them explains how to implement this single service. I would like to see a video explaining all the scenarios and then see your advice to solve them. So, your recomendation is to use WireGuard to expose a VPN service and only then access all my services. But some of my services I would like to expose them in the internet like for example Plex, Ombi, Remotely, Bitwarden, XWiki and NextCloud. How can I expose those services easily and securely? In the case of Plex and Ombi, I would like to give access to other people but not my VPN. How can I solve this problem?
@@joelfrojmowicz you will need to port forward the relevant ports on your firewall (I showed how to do that on Sophos previously), most will be fine with 443 (HTTPS). For these services, integrate it with crowdsec and Authelia (if needed). There's always a risk to port forwarding but it's pretty small. It's also worth creating a DMZ where services connected to the internet only have explicitly declared access to internal servers (e.g., if it gets popped people cannot propagate to other services).
@@joelfrojmowicz yes, sorry, I thought that was a given. Authelia and crowdsec both leverage a proxy. So you have, firewall -> proxy (with Authelia and crowdsec) -> container (with restricted access to local services).
The documentation is a bit confusing with homepage but after spending a few hours of trial and error with it. I think I am fairly happy with my setup. As per usual with some open source projects, they are sometimes very thin on configuration examples in the documentation...
Awesome, yes documentation is always difficult on open source, even paid products often suffer! Feel free to share your new shiny dashboard on discord.
Come on Jim! Are you also saying 'Knocking on heavens door' is a Guns & Roses-song? In Norse mythology, Heimdall (from Old Norse Heimdallr) is a god. He is the son of Odin and nine mothers. Heimdall keeps watch for invaders and the onset of Ragnarök from his dwelling Himinbjörg, where the burning rainbow bridge Bifröst meets the sky.
how to you add more widgets are not at their website instructions? for example TeamSpeak 3 Server, Piwigo, Subsonic, and other Games Servers, besides Minecraft?
Hi, good video , the explaining are awasome. But I have a problem. I add plex on the home page and show an error that put: API Error Information. Also in navidrome or qbittorrent that add like widgets too. Do you know how to solve this problem? thanks
Dashy looked so awesome, that's until I tried the demopage. How on earth such common thing be so broken? 12:58 that's very minor bleed on yt downloads and cpotato, but trying to put the most minimal layout it essentially comes 100% unusable. Not cool at all.
@@Jims-Garage It's not bad. Ended up trying it and it certainly is very so-to-say adapyable. Still I gotta say it's not cool that even bit too long names can be blocked by custom elements and that minimal layout imo is still very bad thing. But I get it. So much possibilities to customize its really hard to take everything into account. Just saying that maybe it would be worth to check those issues out before expanding. I used Heimdall and its very limited and I do prefer Dashy, eventhough you gotta think bit more with it. Heimdall is bit too limited imo. Works really well though.