Thanks for an excellent tutorial. You deserve many more subscribers :) One question from me. Do you need to setup cloudflare tunnel for this config to work without opening any port on your router?
Thanks Svein, thanks for the energy, we will get there soon together 💫 Great question, I wish I've mentioned it in the video. No, you don't need to do that. You can check out their official documentation for more details: developers.cloudflare.com/cloudflare-one/connections/connect-networks/
Great tuto. But I don't understand how github can have access to a local machine ? And is it mandatory to clone the repo on the local lxc or launching the github action manually can do the trick ?
Good question, you can find the answer in this video: (Sorry for poor quality, that was my first video 😅) ua-cam.com/video/qdvgp1OzfWg/v-deo.html But as a short answer, I can say: You will create a GitHub action runner inside your local network, which has access to other machines in your network, i.e. LXC container running Docker. Then when ever you trigger the Github action workflow, it will work. (Your Github action runner will pull jobs from GitHub, so it doesn't have to have a public IP) And for the cloning part, we can modify our GHA workflow to do that for us, just add it at the beginning of "Run command on remote server via SSH", something like this: cd /data git clone git@github.com:ehcaning/proxmox-docker-iac.git traefik | true cd traefik git pull origin master
Super nice! Do you have some ideas how to handle this with multiple instances of traeffik? To be more specific, one of them for the internal lab ips and one for public exposed services. On top i also have different containers in different vlans and am wondering if that messes with the a record set in cloudflare for these ip addresses.
@@rapha5586 I'm glad you enjoyed the video. For vlans, it will be a bit tricky, since your Traefik should be able to connect to other vlans, if your setup allows this, surely it is possible. For having multiple instances, it should work, the internal one is like the video, for external, you only have to direct external traffic to your network to Traefik (fron your router, e.g. route all requests on port 433 to Traefik container), but going with Cloudflare tunnel is much simpler and safer, I'd recommend it. Hope it helps.
@ehcaning thanks! I will create firewall rules that allow traffic to access specific containers in other vlans. I guess at the moment I have a hard time visualising it all but once I'm on it it will be fine. Regarding the tunnels, I'm using them already but not for all services. Some restrictions apply from their ToS which I don't wanna mess with xD
Exactly, but with the option of storing your configs as code (IaC), so whenever you move or recreate your infrastructure, you can deploy it with no manual labor again.
Good question, you can see that I've used "192.168.2.122", which is my internal ip address inside my home network to reach to that docker lxc. There beauty of this approach is you don't need to point your domain to a public ip address. Hope I answered your question.
Thanks for an excellent tutorial. You deserve many more subscribers :)
One question from me. Do you need to setup cloudflare tunnel for this config to work without opening any port on your router?
Thanks Svein, thanks for the energy, we will get there soon together 💫
Great question, I wish I've mentioned it in the video.
No, you don't need to do that.
You can check out their official documentation for more details:
developers.cloudflare.com/cloudflare-one/connections/connect-networks/
Great explanations and super easy to follow 👍
Perfect Good luck ❤
This was so well-made! 🤩👌🏻
The information was very helpful , thanks
Great tuto. But I don't understand how github can have access to a local machine ? And is it mandatory to clone the repo on the local lxc or launching the github action manually can do the trick ?
Good question, you can find the answer in this video: (Sorry for poor quality, that was my first video 😅)
ua-cam.com/video/qdvgp1OzfWg/v-deo.html
But as a short answer, I can say:
You will create a GitHub action runner inside your local network, which has access to other machines in your network, i.e. LXC container running Docker.
Then when ever you trigger the Github action workflow, it will work.
(Your Github action runner will pull jobs from GitHub, so it doesn't have to have a public IP)
And for the cloning part, we can modify our GHA workflow to do that for us, just add it at the beginning of "Run command on remote server via SSH", something like this:
cd /data
git clone git@github.com:ehcaning/proxmox-docker-iac.git traefik | true
cd traefik
git pull origin master
Super nice! Do you have some ideas how to handle this with multiple instances of traeffik? To be more specific, one of them for the internal lab ips and one for public exposed services. On top i also have different containers in different vlans and am wondering if that messes with the a record set in cloudflare for these ip addresses.
@@rapha5586 I'm glad you enjoyed the video.
For vlans, it will be a bit tricky, since your Traefik should be able to connect to other vlans, if your setup allows this, surely it is possible.
For having multiple instances, it should work, the internal one is like the video, for external, you only have to direct external traffic to your network to Traefik (fron your router, e.g. route all requests on port 433 to Traefik container), but going with Cloudflare tunnel is much simpler and safer, I'd recommend it.
Hope it helps.
@ehcaning thanks! I will create firewall rules that allow traffic to access specific containers in other vlans. I guess at the moment I have a hard time visualising it all but once I'm on it it will be fine. Regarding the tunnels, I'm using them already but not for all services. Some restrictions apply from their ToS which I don't wanna mess with xD
@ Thanks for sharing your experience 😍
Traefik is similar Nginx Proxy Manager?
Exactly, but with the option of storing your configs as code (IaC), so whenever you move or recreate your infrastructure, you can deploy it with no manual labor again.
good luck🎉
Ehy bro. You’re inti CG-nat or you home have static ip for tour home network?
Good question, you can see that I've used "192.168.2.122", which is my internal ip address inside my home network to reach to that docker lxc. There beauty of this approach is you don't need to point your domain to a public ip address. Hope I answered your question.