I am a bit befuddled over what the best practices are for an internet connected or local server running the *arr stack.
Should we be using cosmos for security, reverse proxy, and container management or other tools like nginx, traefik, authentelia, authentik, and portainer?
Furthermore what’s the advantage of using proxmox containers to host docker instead of installing docker on conventional Linux?
a) I am not using unraid
b) I was aware of using tailscale or a VPN. I don’t really want to do that as it requires running my whole connection through home Internet.
c) I also want to setup a reverse proxy even if I do only use it locally just so I am not dealing with ports and IPs. No bookmarks are not practical I have too many as it is.
d) At this point I am doing this the “right” way or at least the complex way because I can.
A, great. Overly complicated. B, wireguard lets you set your allowed IPS to your networks’s subnet so you only tunnel that traffic. C, that’s ideal. Use nginx proxy manager. It’s super simple. Buy a domain and you can use letsencrypt for SSL so you don’t get http nag messages from your browser. Old suggest something with cheap renewals like ‘.rodeo’ or ‘.top’. D, there are many right ways. Personally, i’d set up your services in a docker compose file, all behind gluetun as a VPN for your torrent service. I’d set up a wireguard VPN on a pi zero elsewhere on your network so you can access everything from outside, and on your wireguard clients i’d only tunnel the traffic to your network’s subnet. Unless you want everything behind the same VPN you use for torrenting. In that case i’d run a wireguard service in the same docker network as gluetun, so you can tunnel all your client traffic through that. You could even out a dns server in there as well, and manually set a domain name to your server’s ip so you don’t have to buy a domain name. Course, then you can’t use letsenceypt SSL.