szumkoal/cloud-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
05989271ef4468da2abfb46d6a5c35398b1c2c43
cloud-server/README.md
Alex Szumko 05989271ef UFW Rules documentation
2025-12-19 08:35:35 -05:00

2.7 KiB
Raw Blame History

Cloud Server Docker Contianers

Device -- Raspberry Pi 4

Information

This folder contains all of the services running on the Pi

Contents:

~/Docker
├── cloudflared/
├── dashy/
├── glances/
├── homarr/
├── nextcloud/
├── nginx/
├── portainer/
├── README.md
└── syncthing/

Current Ports:

  • 81 --> nginx proxy manager web ui
  • 2222 --> gitea ssh
  • 3000 --> gitea web ui
  • 7575 --> homarr
  • 8000 --> portainer
  • 8080 --> nextcloud web ui
  • 8123 --> home assistant web ui
  • 8181 --> dashy
  • 8282 --> ha bridge web ui
  • 8384 --> syncthing web ui
  • 9443 --> portainer web ui
  • 22000 --> synthing
  • 50000 --> ha bridge
  • 61208 --> glances web ui

Current Web Paths:

  • szumko.net --> Home Assistant
  • szumko.net/data --> glances *Currently Disabled
  • pihole.szumko.net --> Pihole
  • git.szumko.net --> Gitea
  • cloud.szumko.net --> nextcloud

Adding Subdomains:

  1. Go to cloudflare account and add a dns record for the subdomain
  2. Go to ~/docker/cloudflared/config.yml and add the ingress pointing to NPM
  3. Create a proxy host in NPM pointing to container_name:port (must be on homelab internal network)

Adding Paths:

  1. Add path in NPM (must be on homelab)

UFW Settings

Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    192.168.0.0/24            # LAN ssh
22/tcp on tailscale0       ALLOW IN    Anywhere                  # Tailscle ssh
53,80,81,443,61208/tcp     ALLOW IN    192.168.0.0/24            # LAN Access, 53 -> Pihole, 61208 -> glances
53,80,81,443,61208/udp     ALLOW IN    192.168.0.0/24            # LAN Access, 53 -> Pihole, 61208 -> glances
53,80,81,443,61208/tcp on tailscale0 ALLOW IN    Anywhere        # Tailscale Access, 53 -> Pihole, 61208 -> glances
53,80,81,443,61208/udp on tailscale0 ALLOW IN    Anywhere        # Tailscale Access, 53 -> Pihole, 61208 -> glances
80/tcp                     ALLOW IN    172.16.0.0/12             # Docker networks (for calling pihole from NPM)
22/tcp (v6) on tailscale0  ALLOW IN    Anywhere (v6)             # Tailscale ssh (IPv6)
53,80,81,443,61208/tcp (v6) on tailscale0 ALLOW IN    Anywhere (v6)         # Tailscale Access (IPv6), 53 -> Pihole, 61208 -> glances
53,80,81,443,61208/udp (v6) on tailscale0 ALLOW IN    Anywhere (v6) 	    # Tailscale Access (IPv6), 53 -> Pihole, 61208 -> glances
Reference in New Issue View Git Blame Copy Permalink