rebuild
This commit is contained in:
@@ -6,7 +6,10 @@
|
||||
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta name="description" content="Goals Have an self sustaining hosted infrastructure Have bakups of everything Current point My current infrasturcure looks like on hosted server with docker containers running and one hosted server with a lot of data storage Backups are done every day Backups are made of the databases and docker volumes The two servers are connected via a Wireguard-VPN and the backup server is not available from the outside (secured via iptables) the docker host has only a few ports available by the outside " />
|
||||
<meta name="description" content="Building a Self-Sustaining Infrastructure: A Two-Server Docker Setup Overview Creating a resilient, self-sustaining infrastructure doesn’t require complex enterprise solutions. With two strategically configured servers and a well-thought-out backup strategy, you can achieve both reliability and security for your self-hosted applications.
|
||||
The Architecture Docker Host Server The primary server runs all application workloads using Docker containers. This containerized approach provides:
|
||||
Isolation: Each service runs in its own container with defined resources
|
||||
" />
|
||||
<meta name="keywords" content="" />
|
||||
|
||||
<meta name="robots" content="noodp" />
|
||||
@@ -73,7 +76,10 @@
|
||||
<meta property="og:locale" content="en" />
|
||||
<meta property="og:type" content="article" />
|
||||
<meta property="og:title" content="What am I currently working on">
|
||||
<meta property="og:description" content="Goals Have an self sustaining hosted infrastructure Have bakups of everything Current point My current infrasturcure looks like on hosted server with docker containers running and one hosted server with a lot of data storage Backups are done every day Backups are made of the databases and docker volumes The two servers are connected via a Wireguard-VPN and the backup server is not available from the outside (secured via iptables) the docker host has only a few ports available by the outside " />
|
||||
<meta property="og:description" content="Building a Self-Sustaining Infrastructure: A Two-Server Docker Setup Overview Creating a resilient, self-sustaining infrastructure doesn’t require complex enterprise solutions. With two strategically configured servers and a well-thought-out backup strategy, you can achieve both reliability and security for your self-hosted applications.
|
||||
The Architecture Docker Host Server The primary server runs all application workloads using Docker containers. This containerized approach provides:
|
||||
Isolation: Each service runs in its own container with defined resources
|
||||
" />
|
||||
<meta property="og:url" content="https://blog.fuhlig.de/posts/whatimworkingoncurrently/" />
|
||||
<meta property="og:site_name" content="TechnicalBlog" />
|
||||
|
||||
@@ -140,18 +146,45 @@
|
||||
|
||||
|
||||
<div class="post-content"><div>
|
||||
<h3 id="goals">Goals<a href="#goals" class="hanchor" ariaLabel="Anchor">#</a> </h3>
|
||||
<ul>
|
||||
<li>Have an self sustaining hosted infrastructure</li>
|
||||
<li>Have bakups of everything</li>
|
||||
</ul>
|
||||
<h3 id="current-point">Current point<a href="#current-point" class="hanchor" ariaLabel="Anchor">#</a> </h3>
|
||||
<ul>
|
||||
<li>My current infrasturcure looks like on hosted server with docker containers running and one hosted server with a lot of data storage</li>
|
||||
<li>Backups are done every day</li>
|
||||
<li>Backups are made of the databases and docker volumes</li>
|
||||
<li>The two servers are connected via a Wireguard-VPN and the backup server is not available from the outside (secured via iptables) the docker host has only a few ports available by the outside</li>
|
||||
</ul>
|
||||
<p>Building a Self-Sustaining Infrastructure: A Two-Server Docker Setup
|
||||
Overview
|
||||
Creating a resilient, self-sustaining infrastructure doesn’t require complex enterprise solutions. With two strategically configured servers and a well-thought-out backup strategy, you can achieve both reliability and security for your self-hosted applications.</p>
|
||||
<p>The Architecture
|
||||
Docker Host Server
|
||||
The primary server runs all application workloads using Docker containers. This containerized approach provides:</p>
|
||||
<p>Isolation: Each service runs in its own container with defined resources</p>
|
||||
<p>Portability: Services can be easily migrated or replicated</p>
|
||||
<p>Consistency: Docker Compose configurations ensure reproducible deployments</p>
|
||||
<p>The Docker host maintains minimal external exposure, with only essential ports opened to the internet. This reduces the attack surface while still providing necessary services.</p>
|
||||
<p>Backup Storage Server
|
||||
The secondary server serves as a dedicated backup repository with substantial storage capacity. This server is:</p>
|
||||
<p>Isolated from the internet: No external access is permitted</p>
|
||||
<p>Secured via iptables: Firewall rules prevent unauthorized connections</p>
|
||||
<p>Connected via WireGuard VPN: Encrypted tunnel ensures secure communication between servers</p>
|
||||
<p>Security Through Network Segmentation
|
||||
The WireGuard VPN creates a secure, encrypted tunnel between the Docker host and backup server. This architecture provides several benefits:</p>
|
||||
<p>Private communication channel for backup operations</p>
|
||||
<p>Zero trust model for the backup server (completely isolated from public internet)</p>
|
||||
<p>Reduced risk of data exfiltration</p>
|
||||
<p>Encrypted data transfer between servers</p>
|
||||
<p>Automated Backup Strategy
|
||||
Daily automated backups capture the critical components:</p>
|
||||
<p>Database Backups
|
||||
All databases are exported and stored, ensuring data consistency and point-in-time recovery capabilities.</p>
|
||||
<p>Docker Volume Backups
|
||||
Persistent data from Docker volumes is systematically backed up, including:</p>
|
||||
<p>Application configuration files</p>
|
||||
<p>User-generated content</p>
|
||||
<p>Service-specific data stores</p>
|
||||
<p>This comprehensive approach ensures that the entire infrastructure can be restored from backups, making the system truly self-sustaining.</p>
|
||||
<p>Benefits of This Approach
|
||||
Resilience: Hardware failure on the Docker host doesn’t result in data loss
|
||||
Security: Multi-layered security with network segmentation and minimal exposure
|
||||
Maintainability: Containerized services are easy to update and manage
|
||||
Scalability: Additional Docker hosts can connect to the same backup server
|
||||
Cost-effective: Self-hosted solution with predictable costs</p>
|
||||
<p>Conclusion
|
||||
This two-server architecture strikes an excellent balance between simplicity and robustness. By combining Docker containerization with a dedicated, secured backup server connected via WireGuard, you achieve enterprise-grade reliability without enterprise-level complexity. Daily automated backups provide peace of mind, while the security-first network design protects your data from external threats.</p>
|
||||
|
||||
</div></div>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user