This is a continuation of my other post

I now have homeassistant, immich, and authentik docker containers exposed to the open internet. Homeassistant has built in 2FA and authentik is being used as the authentication for immich which supports 2FA. I went ahead and blocked connections from every country except for my own via cloudlfare (I’m aware this does almost nothing but I feel better about it).

At the moment, if my machine became compromised, I wouldn’t know. How do I monitor these docker containers? What’s a good way to block IPs based on failed login attempts? Is there a tool that could alert me if my machine was compromised? Any recommendations?

EDIT: Oh, and if you have any recommendations for settings I should change in the cloudflare dashboard, that would be great too; there’s a ton of options in there and a lot of them are defaulted to “off”

  • krash@lemmy.mlEnglish
    8·
    1 day ago

    I’ve tried different approaches with fail2ban, crowdsec, VPNs, etc. What I settled on is to divide the data of my services in two categories: confidential and “I can live with it leaking”.

    The ones that host confidential data is behind a VPN and has some basic monitoring on them.

    The ones that are out in the public are behind a WAF from cloudflare with pretty restrictive rules.

    Yes, cloudflare suck etc., but the value of stopping potential attacks before they reach your services is hard to match.

    Just keep in mind: you need layers of different security measures to protect your services (such as backups, control of network traffic, monitoring and detection, and so on).

    • a_fancy_kiwi@lemmy.worldOPEnglish
      3·
      1 day ago

      has some basic monitoring on them.

      What monitoring software are you using?

      I feel like the other measures you talked about (backups, condom of network traffic, etc) I’m doing ok on. Its really just the monitoring where I’m stuck. There’s so many options

      • krash@lemmy.mlEnglish
        2·
        5 hours ago

        There are so many monitoring tools with various degrees of complicated setup / configuration or the amount of information you get. And honestly, I’ve looked into various tools: checkmk, monit, Prometheus… And realised that I rarely look into that information anyway. Of all “fancy” tools, I liked the ease of Netdata to set up and the amount of information that you get. However, beware that their in the process to make their free / homelad offering worse. I’ve been eyeing beszel and don’t forget CLI based tools that are avaible such as atop, btop, htop or glances.

        If you want to delve deeper into the rabbit hole of monitoring, I can recommend you to read this article below: https://matduggan.com/were-all-doing-metrics-wrong/