I am looking for Guidance/Best Practices - Hosting Containers and workloads for home

Howdy.

I was old school using oindows Server machines for a while but recently moved to a couple of RPI4 and RPI5 devices with RPI OS + Docker + Portainer.

My goal is to have my Home Assistant, a NAS, Plex, and a Dev environment and possibly a Web server and Game server all running in Containers.

So far I have RPI5 + USB3/SSD (250G) + RPI OS + Docker + Portainer and 3 containers and it is snappy/fast.

Looking for guidance around:

  1. Best way to manage remotely? I have an Eero Router and Gig Fiber to the house. I was thinking of opening ports for Portainer.
  2. any other tools I need to use or check out?
  3. Best learning tool for Containers?

thanks!

Don’t open a port for Portainer (usuaally 9000). Use a VPN to get into your home network then you’ll have access to everything.

I use Wireguard but a lot of people here recommend Tailscale (uses Wireguard under the hood).

manage

VPN or cloudflare tunnels

tools

Portainer, docker compose, k3s

learning tools

Using it to solve a problem

  1. Don’t just expose a port. Either use a VPN, like wireguard, or tailscale, or if you do decide you want a domain name etc attached, go full in. I wouldn’t do it without something like Authelia with 2FA, but VPN is the best here.
  2. If you want to have webservers exposed, URL, look at a reverse proxy, swag fits in nicely with the docker environment, and will handle SSL etc for you. I would only do this for anything not management and use VPN for those. Docker-compose for managing your stacks.
  3. For me, I find heading in and doing stuff while supplementing it with general learning docs. docker docs things like that. Have a goal, work to it. This does require a general understanding already of compute, networking and security, but working on this will build up naturally. No best learning tool, everyone learns better in different ways so sometimes it’s finding whats right for you.

Hello,

Remote access : PiVPN. It’s easy and reliable.

Docker : if you really like to learn, learn Docker command line and docker compose and force yourself to stop using portainer. It’s really not needed and you will know what’s happening under the hood.

If you want to know about how containers are doing their magic, this video is gold :

Feel free to ask if you need any help.

Regards,

Laurent

Portainer is the way to go ! And make sure you follow some security else it will be a carnage !

Tailscale for remote access

I use Proxmos for all my needs, although I generally stay away from the mess known as Docker, if I were you I would install my apps in LXCs each on the own tailnet

I have Ghost VPN and been using for years - mostly for outgoing stuff, I believe it uses wireguard. I will check that out

Just run the pivpn script to setup self-hosted WG tunnel for LAN access. Use a non-standard port and access through your domain name. Works great and is very secure. And free!

This sounds like a good option but, I am running Docker containers on my RPI5 and need to access those containers and Portainer (port 9000) my docker manager.
Since everything is based on my external IP (Internal 192.x.x.x → external 6x.x.x.x) will I be able to access everything normally would with 192.x.x.x:Port with external address and pivpn?

From an external IP on the internet, you connect to WG and you’ll then be able to connect to anything on the LAN through the local LAN IP. The rest of the network will see your remote machine as local.

The only potential complication is needing to know the IP address to connect to externally. Having your own domain and DDNS makes this easier and there are free options like No-IP that would work as well.