As other stated it’s not a bad way of managing volumes. In my scenario I store all volumes in a /config folder.
For example on my SearXNG instance I have a volume like such:
services:
searxng:
…
volumes:
- ./config/searx:/etc/searxng:rw
This makes the files for SearXNG two folders away. I also store these in the /home/YourUser directory so docker avoids using sudoers access whenever possible.
Grandma probably doesn’t do the actually torrenting herself, chances are OP has a overseerr or jellyseerr type of setup, grandma makes the request and things just flow.
“Technically” my jellyfin is exposed to the internet however, I have Fail2Ban setup blocking every public IP and only whitelisting IP’s that I’ve verified.
I use GeoBlock for the services I want exposed to the internet however, I should also setup Authelia or something along those lines for further verification.
Reverse proxy is Traefik.
If you aren’t already familiarized with the Docker Engine - you can use Play With Docker to fiddle around, spin up a container or two using the docker run command, once you get comfortable with the command structure you can move into Docker Compose which makes handling multiple containers easy using .yml files.
Once you’re comfortable with compose I suggest working into Reverse Proxying with something like SWAG or Traefik which let you put an domain behind the IP, ssl certificates and offer plugins that give you more control on how requests are handled.
There really is no “guide for dummies” here, you’ve got to rely on the documentation provided by these services.
So glad my router supports WireGuard/OVPN server hosting, doing it this way also relieves resources off your homelab and for whatever reason your homelab shuts off or loses network access you can at least rely on your router to re-establish the VPN server without further intervention.
deleted by creator
Reverse proxying was tricky for me, I started with Nginx Proxy Manager and it started out fine, was able to reverse proxy my services in the staging phase however, once I tried to get production SSL/TLS certificates it kept running into errors (this was a while ago I can’t remember exactly) so that pushed me to SWAG and swag worked great! Reverse proxying was straight forward, SSL/TLS certificates worked well however, overall it felt slow, so now I’m using Traefik and so far have no complaints.
It’s honestly whatever works for you and what you prefer having.
I agree, hence why I left the note at the bottom of that comment, yes it does encourage bad practices but, if all OP cares about is that it works then it should be fine.
In my other comment I instructed OP to move the volume to their users home directory so they don’t run into permission issues like this again.
Taking a look at your docker-compose.yml I see this volume mount:
volumes:
- /volume1/SN/Docker/searxng-stack/searxng:/etc/searxng:rw
Whereas /volume1/SN/Docker/searxng-stack/searxng is the directory on your system docker is attempting to use to store the files inside the container from /etc/searxng.
Example of a volume mount that’ll likely work better for you;
volumes:
- /home/YourUser/docker/config/searxng:/etc/searxng:rw
The tilde (~) acts as your current users home directory not owned by root and where docker persistent volumes should be stored.(aka: /home/YourUser)
Edit: I feel like I was wrong here, given that your run sudo in docker compose up -d the tilde will likely not work here and instead point to the /root directory instead. I’ve updated the above to reflect the appropriate directory for your volume mount.
After making the change over to that directory and configuring SearXNG how you like re-create your docker container with sudo docker compose up -d —force-recreate
Apologies for the poor formatting, typing this on mobile.
Edit:
Note: if you want to expose the port do not add the 127.0.0.1 like how I have in my docker-compose.yml.
Edit 2: Corrected some things…
have you checked the directory & file permissions with ls -la /Your/SearXNG/WorkingDir ?
The error in your log is telling you that the container does not have permission to that directory/file, you can essentially bypass this with sudo chmod 777 /Your/SearXNG/WorkingDir/* and sudo chown 1000:1000 /Your/SearXNG/WorkingDir/*
However, if you’re looking for security best practices this is not advisable but if all you care about is that it works it should be fine.
Late to the party but I decided to pickup a 13th gen ASUS NUC with an i7 over a prebuilt NAS, bought a couple external hard-disk bays setup Proxmox running a headless Debian 12 VM and almost everything runs great however, mistake was using Debian 12 because the Linux kernel is pretty far out of date and does not support the CPU properly.
The other day my raspberry pi decided it didn’t want to boot up, I guess it didn’t like being hosted on an SD card anymore, so I backed up my
composefolder and reinstalled Rasp Pi OS under a different username than my last install.If I specified the full path on every container it would be annoying to have to redo them if I decided I want to move to another directory/drive or change my username.