These data collectors enable several Grafana dashboards that help us to manage our Docker cluster.
Monitoring Setup
We run a combination of Node Exporter and cAdvisor on each Docker host VMs. These containers scrape data for our Docker hosts and feed it to the Prometheus instance in our Docker stack.
The following video explains how all of this is set up –
The following sections cover the setup and configuration of our Proxmox monitoring stack.
Set Up and Configuration
The following video explains how to set up a Grafana dashboard for Proxmox. This installation uses the Proxmox monitoring function to feed data to Influx DB.
It is helpful to have access to files and directories associated with our Docker persistent volume stores. File Browser is a simple Docker container that provides a file manager.
Installation
The following video covers the installation and use of the File Browser container.
Grafana Lofi and Promtail work together to scape and store log data. These tools can scrape docker data and accept syslog data as well. The following video explains how to configure Loki and Promtail.
The links for configuring the Loki Docker driver can be found here and here.
Set parameters in the Loki Docker driver via /etc/docker/daemon.json to avoid blocking the Docker.
Recreating containers with Portainer does not enable Lofi to access their logs. To make this work, we needed to use docker compose up -d –force-recreate
The contents of /etc/docker/daemon.json are as follows:
We have configured a combination of Loki and Promtail to accept Syslog events. Promtail does not support Syslog events using the UDP protocol. To solve this problem, we set up rsyslog running under the Ubuntu system, which hosts the Promtail Docker container, to consolidate and forward all Syslog events as a front end to Promtail. Information on configuring rsyslog as a front end to Promtail can be found here.
Monitoring Dashboards
The following video provides some information on configuring dashboards and other monitoring capabilities.
We do a variety of software development and Java coding tasks. To make this easier and more accessible from all our computers, we will try VS Code and VS Code Server.
VS Code Server allows editing using a web browser on any computer. The VS Code web interface is hosted from a server running in a Docker container.
Installation and Set Up
The following video explains how to set up VS Code Server and connect it to a GitHub repository.
Many services and devices in our home lab have web interfaces. Traefik Reverse Proxy provides ingress control and SSL certificates for our docker services.
While Traefik can be used for services outside of Docker, configuring it is complex and requires restarting the Trafik container. As a result, we also run Nginx Proxy Manager in a container to enable SSL certificates and simple reverse proxy configuration of our web-based services outside of Docker.
Installation
Installing Nginx Proxy Manager is easy. The following video explains the process, including using a DNS-01 challenge to obtain SSL certificates via Let’s Encrypt.
We configured a Docker macVLAN network for the Nginx Proxy Manager container so that the proxy could determine the source IP addresses that access it. This enables IP filtering and other features.
We are running three PiHole installations, which enable load balancing and high availability for our DNS services. We also use a Cloudflare encrypted tunnel to protect information in external DNS queries via the Internet.
Unubtu VMs include a DNS caching server on port 53, which prevents Pihole from being deployed. To fix this, run the commands at this link on the host Ubuntu VM before installing the Pihole and Cloudflare Tunnel containers.
Scheduled Block List Updates
We must update our piHole block list by doing a Gravity pull. We do this daily via a cron job. This can be configured on the RPi host using the following commands –
# Edit the user crontab
sudo crontab -u <user-id> -e
# The following to the user crontab
min hr * * * su ubuntu -c /usr/bin/docker exec pihole pihole -g | /usr/bin/mailx -s"RPi Docker - Gravity Pull" [email protected]
We are running the Watchtower container on all our stand-alone docker hosts to keep our containers up to date. The following video explains how to install and configure Watchtower.
Install and Configure Watchtower on Docker
We have Watchtower configured to detect and notify us about updated container images. We install these manually using Protainer.
We use Cloudflare to host our domains and the associated external DNS records. Cloudflare provides excellent security and scaling features and is free for our use cases.
We do not have a static IP address from either of our ISPs. This, coupled with the potential of a failover from our primary to our secondary ISP, requires us to use DDNS to keep the IPs for our domains up to date in Cloudflare’s DNS.
We run a docker container for each domain that periodically checks to see if our external IP address has changed and updates our DNS records in Cloudflare. The repository for this container can be found here.
Deploying the DDNS update container is done via a simple docker compose yml –