I’m not sure if this will help you out since I’m really not sure what your problems are other than getting the reverse proxy to work. So, I’ll give you what I’ve found to work and if it’s not what you were looking for then you can just skip over what I"m yammering on about.

The process:

Spin up a container, let’s say it’s Dozzle and it needs port 1124. Container deployed, so lets put it in reverse proxy:

Issue command together:

sudo nano /etc/caddy/Caddyfile
sudo systemctl restart caddy	

Enter the following in the Caddyfile:

dozzle.myverycooldomain.duckdns.org:443 {
	reverse_proxy localhost:1124
}

Press ctrl x, press y, press enter, and the Caddy server restarts if you indeed issued the commands together. Now go to dozzle.myverycooldomain.duckdns.org for test run.

I’ve seen it done as such:

sudo ufw deny out 1:19/tcp sudo ufw deny out 1:19/udp sudo ufw deny out 22:52/tcp sudo ufw deny out 22:52/udp sudo ufw deny out 54:79/tcp sudo ufw deny out 54:79/udp sudo ufw deny out 81:122/tcp sudo ufw deny out 81:122/udp sudo ufw deny out 124:442/tcp sudo ufw deny out 124:442/udp sudo ufw deny out 444:65535/tcp sudo ufw deny out 444:65535/udp

But your way seems a bit more elegant

My new strategy is to block EVERY port

Wow! All 65535 +/-, in and out? That’s one way to skin a cat.

• Fail2ban
• UFW
• Reverse Proxy
• IPtraf (monitor)
• Lynis (Audit)
• OpenVas (Audit)
• Nessus (Audit)
• Non standard SSH port
• CrowdSec + Appsec
• No root logins
• SSH keys
• Tailscale
• RKHunter

This is a very important point actually. A back up is worthless unless it has been tested.

It isn’t hard to do backups, just a chore

Right, and since now we have devices that can store thousands of pictures and data, and SSD cards that do the same, people tell themselves, maybe later, later, later until later catches up with you and you loose everything. It’s been at the end of last year, but my lady friend was riding my ztr and her phone fell out of her pocket. Next thing I saw was iphone bits blasting out from under the mower deck. Now luckily, I am very fastidious at backing up her phone, but shit happens and I’ve always been one who adhered to the 3-2-1 rule. In fact, on my daily driver computers, the only thing that is on their HDD is the OS, and maybe a app or two that I wanted to check out. They really are like thin clients. Otherwise, everything goes to storage and that is backed up daily.

Love tailscale. The only issue I had with it is making it play nice with my local, daily driver VPN. Got it worked out tho. So, now everything is jippity jippity.

In a life before a TBI and subsequent seizure condition robbed me of a functioning brain, I actually ran the IT dept for a company which I worked for as a mech eng, estimator, designer, and project manager. This one gentleman who was a field super and his wife had been trying for years to have a child. They finally did after many miscarriages and rough times, and as you can imagine, they took so many pictures of their baby. He called me one day in a panic about his computer and so I rushed over to his house. Long story short, his HDD had suffered a major crash for whatever reason, and everything was gone. No backups of his baby pictures, nothing. I sent the HDD off to see what could be recovered, but apparently it everything was toast.

Even tho it wasn’t my pictures, it hurt me to my core, that all these pictures and memories this man and his wife had accumulated, were gone forever. It really did a number on me and I think about it from time to time even tho that has been decades ago.

Make backups folks. It might take you the better part of a Saturday afternoon to get everything backed up and secure, but do it anyways.

Excuse me while I solve a few more captchas.

Buster for captcha.

Will Proxmox BackUp server handle remote VPS? I had assumed that it only was for ProxMox VM’s.

Backup Types: Proxmox Backup Server is optimized for backing up Proxmox VMs and containers. If your VPS is running a different virtualization platform, you may need to adapt your backup strategy accordingly.

That’s what AI tells me and then gives a configuration such as:

#!/bin/bash

# Variables
CONTAINER_NAME="your_container_name"
VOLUME_NAME="your_volume_name"
BACKUP_DIR="/path/to/backup/dir"
TIMESTAMP=$(date +"%Y%m%d_%H%M%S")

# Create a backup of the Docker volume
docker run --rm -v ${VOLUME_NAME}:/volume -v ${BACKUP_DIR}:/backup alpine \
    sh -c "cd /volume && tar czf /backup/${VOLUME_NAME}_${TIMESTAMP}.tar.gz ."

# Optionally, export the container
docker export ${CONTAINER_NAME} -o ${BACKUP_DIR}/${CONTAINER_NAME}_${TIMESTAMP}.tar

echo "Backup completed for ${CONTAINER_NAME} and ${VOLUME_NAME} at ${TIMESTAMP}"

Yeah I know it’s AI, which may or may not be completely accurate. Would I need to do that for each and every Docker container? I’ve got some 60 +/- containers. LOL <whine boohoo!>

That along with the client on the remote VPS would take care of Docker containers, however, I would also like to back up configuration files, and data associated with UFW, F2B, etc. Pretty much a snapshot of each server.

These lowendbox hosts don’t include snapshots and frills and Contabo only lets you keep one snapshot active. I did find an N8N flow that automates the snapshot process for Contabo. I guess I could upgrade to better hosts, but one of the VPS is my skunk works server where I run and test everything before putting it into production…it’s like $25 per year. Contabo is decent, and LuxVPS gives me the most bang for buck including all the frills for $10 a month. So, that’s about as much fun money I got for the time being.

I looked at Borg, didn’t see a GUI, but Borgwarehouse look good. It’s on the list. Thanks

I run Proxmox on the local server. I didn’t know Veeam had a community edition. The 13 gb download just finished. It’s on the list. Thanks.

I too use Freshrss. I use a lot of the feeds from https://www.trackawesomelist.com/ which tracks all the Github Awesome lists.

This is the home lab creed: You do with what you have. Before I accumulated a bit of equipment, I’ve used laptops, RPi, minicomputers, at one time I had a cluster of Wyse thin clients bootstrapped together.

I read a lot. LOL I might not understand it all, but I read TBs of articles and stuff.

automate stuff in my homelab.

Love me some homelab automation. It puts a smile on my face when I get a little ding from telegram giving me a summary of this morning’s email, what the weather will be for the day along with a summary of established connections to my servers 'cause I’m paranoid like that. LOL fun stuff

Caddy! I am embarrassed to think about how long it took me to figure out caddy. I kept cracking away at it tho, and one day it was like the clouds rolled back, and the sun shone on my face, a alien ship came down and this green little dude gave me the secrets, and it was all so simple. Now I can have caddy up and dishing out certs in about 5 minutes. When I look back, I cringe.

I hear about Incus being the next best thing. I’ve never played around with it. Is it all that and a bag o’ chips?

Sometimes we get so engrossed in what we’re doing we can’t see the problem(s). I do that a lot, so I have take a break. Same with creating music. You get so deaf to what you are trying to write that nothing sounds good no matter what you do. In the words of Snoop Dog, ‘I had to back up off of it and sit my cup down. Tanqueray and chronic, yeah, I’m fucked up now.’

Take a break.

The computer I’m using currently, I set the BIOS in 2012. WHen I built it, I stuffed every last piece of cutting edge tech of the time into it. Dual CPU, SLI, started with 64gb ram then later on maxed the board out at 128gb. It’s still a workhorse tho. It’s one of the three I use all the time for music production, selfhosting etc.