More Docker

So, as it turns out, solving the ToDo's from my last posting was pretty easy. Traefik solved most of the todo's / desired outcomes:

  • Internal ports 80 and 443 were already occupied by other services, such as my wiki, Git repo, etc. Putting these in a container, and letting Traefik handle the path mapping addressed this.
  • Internal addressing is wonky.. I am running PiHole (as a container) on my Synology. This enables DHCP and DNS to be served from something other than my ISP supplied router, which gives me more control.
  • Docker Registry proxy was moved to a separate DNS name, which I did configure with my external DNS. Since I want this to be internal only, I then set Traefik to whitelist traffic from my internal network. This will almost for certain break the Lets Encrypt certificate renewal.. we'll see in 90 days.

I didn't need to explore DNS Validation for Lets Encrypt - simply creating the DNS record (and then letting Taefik handle it) was sufficient. It's magic!