I fail to see the difference between installing it (as you say you have) on a Ubuntu server in docker and installed in a virtual environment on a RPi or VM on windows as it relates to “security”.
as long as the base machine is reliable then any of those different install methods work pretty much the same. at least where “reliability” is concerned.
You do realize there isn’t much, if any, difference between docker and a venv? it’s still running as a “side system” on the machine docker is running on.
It has nothing to do with security in that sense. But if you install it on a windows machine running VM or similar running Linux and… it probably means that you also run a lot of other tasks/ software on that machine. Things that can go wrong and then affect HA. Or run it on a 35 usd RPI using SD cards that we know its not the most reliable media.
What I mean is that if you are prepared to spend quite a lot of money in different devices like locks, bulbs thermostats switches, security cameras etc etc and spend a LOT of hours to get it working as you want it, why dont spend some money also on dedicated hardware. But as I said its up to everyone to decide. For me it was never a doubt in my mind. Overkill yes, but at least I know I can trust the system
My docker for HASS has been running so great that I haven’t upgraded to a current version in many many months. Now I want to but do not want to risk losing my working setup in case the upgrade takes my a while to reconfigure.
How can I preserve the working container (not running) to attempt the newer version? I know I can make a backup of my config files but more concerned about the actual homeassistant pull.
If you update and break things, just tag the version you currently have. No need to preserve the container. Just pull the tagged version of the one you want.
@flamingm0e, first off - many thanks for sharing your set-up. It inspired me to move away from Hass.io to docker on Ubunutu to give me a bit more control (and learn Docker).
I have a couple of questions in relation to the setup.
What hostname are you using within node-red to connect to the HA contain. For me, only the external domain works… i.e. https://home.mydomain.com:8123. I cannot use, https://servername.local:8123 for example, even if i tick the “ignore TLS warnings” option in node-red.
All of the containers (with the exception of HA) are added to network called name_default and are assigned IPs in the 172.18.0.x range. Within the home-assistant configuration.yaml, i’m unable to use the docker assigned hostnames, only the IP addresses work for me.
This isn’t ideal, as I assume IP address would change if the docker containers are recreated and then would have to manually fix all the entries in configuration.yaml to the new IP addresses.
I see you use syncthings to backup HA configuration, but do you back up all the other data folders for other containers and how ?
Sounds like you configured HA to handle the certificate, which will cause this error. I use NGINX to handle my certificates in a reverse proxy setup, so I don’t have to worry about that kind of stuff.
This is a Docker thing. It’s normal.
Just use the IP address of the HOST. You don’t have to know what any of the Docker internal IP addresses are.
I run a program called Restic, with a script, to backup the data I care about from my other containers. It gets sent off to my NAS running Minio.
I started learning about Minio from your post, thanks for that. I am using Syncthing to keep copy on other machine. Try to learn good use of Minio to centralize all my data including photos, media and code.
Any direction to learn on Minio will help a lot.
Thanks
Thanks @flamingm0e, I pretty much did everything you suggested - even moving to a NGINX reverse proxy for TLS.
I haven’t quiet grasped networking in Docker yet, but ideally I would (at some point in the future) like to use hostnames rather than hardcoded IP addresses in the HA configuration such that if i get a new router or the HOST ip address because I move the Docker configuration to a new machine, then I can pretty much get failover with little downtime through config file editing.
In any-case, moving away from Hass.io to Docker on Ubuntu was the best thing i’ve done.
The beauty of Docker host networking is that you only need the ONE IP of the docker host to use. You can put that in your secrets.yaml and call it wherever you need it, only having to change it in ONE location.
Hi @flamingm0e.
I used some of ur compose.yml for my docker setup, one of those is for postgress, but I’m having issue with updating postgress container… Every time i update, DB is gone - deleted, probably something with volume setup… Here is my compose file:
I don’t think the DB is gone. You simply cannot migrate between major versions on Postgres without a LOT of work to export your database and reimport it. It is a pain in the ass. Check your logs on the container, you will likely find an error stating the database was created with an earlier version and cannot start.
Hi Guys, what is the best reverse proxy to use with docker, I’m using traefik currently but it’s a bit cumbersome to configure. I checked HAproxy and Zevenet could also do the job but haven’t investigated this yet.
My current docker stack.
Portainer
Plex
Guacamole
Motioneye
Home Assistant
pi-hole
mqtt
tasmoadmin
unifi
traefik
My server a Mini Nuc 4gb i3, Running Proxmox, using cloudflare for DNS with SSL
OS: debian running docker ce.
