Homelab Dashboard: Difference between revisions

Introduction

We have decided to setup a homelab dashboard to monitor and administer the entire estate of Virtual machines, Proxmox hosts and all of the services that we have created. initially we will use the dashy dashboard but may well change for something else if dashy proves to be to difficult or in some way unsuitable.

Dashy Setup

in the interests of security for this sensitive project we are extending your "Full-Chain TLS" SME standard to Blackberry. This ensures that even if a client bypasses the proxy (Raisin) and hits Blackberry directly on the network, the traffic is still encrypted and presents the valid *.seaoffate.net certificate. It will also mean that within the Pfsense side of the LAN any client will still meet the same secure SSL certificate system provided by Letsencrypt. 🛡️We will mount our existing SSL certificates (synced from Raisin) directly into the Dashy container and configure Dashy to serve HTTPS natively. Details of how the Certs are downloaded and installed can be found here.

Installation on Blackberry

🛠️ The "Dockge-Way" Setup, on our Dockge UI on Blackberry, create a new stack called dashy, and use this single, hardened configuration

services:
  dashy:
    image: lissy93/dashy:latest
    container_name: dashy
    restart: unless-stopped
    # We map 443 on the host to 443 in the container for standard HTTPS
    ports:
      - "443:443"
    volumes:
      - ./conf.yml:/app/public/conf.yml
      # Mount your Let's Encrypt certs (synced from Raisin to Blackberry)
      - /etc/nginx/ssl/seaoffate.net/fullchain.pem:/etc/ssl/certs/fullchain.pem:ro
      - /etc/nginx/ssl/seaoffate.net/privkey.pem:/etc/ssl/private/privkey.pem:ro
    environment:
      - NODE_ENV=production
      # Force Dashy to use the standard HTTPS port and specific cert paths
      - PORT=443
      - SSL_PUB_KEY_PATH=/etc/ssl/certs/fullchain.pem
      - SSL_PRIV_KEY_PATH=/etc/ssl/private/privkey.pem

Post-Installation Steps