wompmacho/docs-public
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: wompmacho:7ca240981b589750f2c6f967f13d39ae3fd78780
Branches Tags
wompmacho:main
...
compare: wompmacho:main
Branches Tags
wompmacho:main

3 Commits
7ca240981b ... main

Author SHA1 Message Date
wompmacho
9be590a3a5 adding blog post on labels / proxy / dns
All checks were successful
deploy-docs / build-and-deploy (push) Successful in 2m50s
Details
2026-04-28 02:39:13 +00:00
wompmacho
4379fb2d9a add notes on labels setup for nginx/pihole sautomation
All checks were successful
deploy-docs / build-and-deploy (push) Successful in 1m32s
Details
2026-04-28 01:45:38 +00:00
wompmacho
ecbce9847f add links for infra docs 2026-04-28 01:45:04 +00:00
5 changed files with 107 additions and 1 deletions
Expand all files Collapse all files

48
posts/automated-homelab-proxy-dns.md Normal file
View File

@@ -0,0 +1,48 @@
---
title: "Label-Based Proxy & DNS"
description: "How to automate Nginx Proxy Manager and Pi-hole DNS using Docker labels."
date: 2026-04-28T14:45:00-04:00
lastmod: 2026-04-28
author: wompmacho
tags: ["docker", "automation", "pihole", "npm", "homelab", "iac"]
---
Managing a homelab often involves a lot of manual repetition: spin up a container, add a DNS record in Pi-hole, then create a proxy host in Nginx Proxy Manager (NPM).
By leveraging **Docker labels**, we can treat our homelab as **Infrastructure as Code (IaC)**, defining our entire environment within a single `docker-compose.yaml` file.
<!-- more -->
## The Core Concept
Instead of configuring our infrastructure in multiple Web UIs, we define the requirements directly at the service level. This ensures that our proxy and DNS settings live and die with the containers they serve. Two key "shim" containers make this automation possible:
1. **[npm-docker-sync](https://github.com/Redth/npm-docker-sync)**: This container monitors the Docker socket for `npm.proxy.*` labels. When it detects a new service, it calls the Nginx Proxy Manager API to instantly create or update a proxy host.
2. **[docker-pihole-dns-shim](https://github.com/theonlysinjin/docker-pihole-dns-shim)**: Similarly, this service watches for `pihole.custom-record` labels. It syncs these records to your Pi-hole instance, ensuring that `myservice.local` always points to your Docker host or reverse proxy IP.
## Simple Service Example: Dozzle
For a standard service like [Dozzle](https://git.wompmacho.com/wompmacho/configs/src/branch/main/docker_compose/dozzel/docker-compose.yaml), the configuration is clean, portable, and self-documenting:
```yaml
services:
dozzle:
container_name: dozzle
image: ghcr.io/amir20/dozzle:latest
labels:
# Nginx Proxy Manager Automation
- "npm.proxy.domains=dozzle"
- "npm.proxy.port=8888"
- "npm.proxy.scheme=http"
# Pi-hole Automation (Point to Docker Host IP)
- "pihole.custom-record=[[\"dozzle\", \"10.0.0.190\"]]"
```
When this container starts, the DNS record for `dozzle` is created, and a proxy host is instantly available in NPM. No manual clicking required.
## Why Websockets Matter
If your UI feels unresponsive or "frozen" (common with GTK/Broadway apps like Nicotine+), its often because the websocket connection is blocked. Always include `npm.proxy.websockets=true` in your labels to ensure the reverse proxy allows the real-time communication required by modern interactive apps.
By adopting this **Infrastructure as Code** approach, we make our homelab reproducible, version-controlled, and significantly easier to maintain.

28
projects/Pihole/index.md
View File

@@ -14,11 +14,37 @@ without installing any client-side software. Useful for blocking ad services at
a DNS level. It uses a list of known ad services stored on github, can add your
own. It can also operate as a internal dns router and dhcp server.
## Automation (Docker Labels)
To automate adding Custom DNS entries to Pi-hole when creating new Docker containers, I use the `docker-pihole-dns-shim` sidecar. This prevents the need to manually update Pi-hole's DNS records every time a new service is deployed.
### Docker Compose Example (The Shim)
The shim runs alongside your other management containers and watches the Docker socket. **Note:** Use the direct IP address of your Pi-hole (e.g., `10.0.0.11`) to ensure the container can reach the API.
```yaml
{{% include "/srv/configs/docker_compose/pihole-external-dns/docker-compose.yaml" %}}
```
### How to Auto-Configure a Service
To create a DNS record in Pi-hole for a new container, add the following label to its `docker-compose.yaml`. The shim will automatically detect this and call the Pi-hole API.
```yaml
services:
my-app:
image: my-app:latest
labels:
# Format: [["domain", "IP_Address"]]
- "pihole.custom-record=[[\"myapp.wompmacho.com\", \"10.0.0.190\"]]"
```
> [!important] Reverse Proxies
> When using a reverse proxy like Nginx Proxy Manager, you should point the Pi-hole DNS record to the **IP of the Docker host/Proxy** (e.g., `10.0.0.190`), *not* the internal Docker IP of the individual container.
## Pihole Setup
If you have a raspberry-pi or another device, its super easy to get things
going.
...
- [pihole setup](https://github.com/pi-hole/pi-hole/?tab=readme-ov-file#one-step-automated-install).
Any debian based system should be able to get things going quickly. Then all you

2
projects/homelab/diagrams.md
View File

@@ -9,6 +9,8 @@ lastmod: '2026-04-12'
tags: ['homelab', 'infrastructure', 'network']
---
[← Back to Homelab Infrastructure](./homelab_Infra.md)
---
## 2024 Home Lab

4
projects/homelab/homelab_Infra.md
View File

@@ -14,6 +14,9 @@ tags:
This document outlines the internal infrastructure of the **wompmacho** homelab. The lab is built on a high-speed **10GbE backbone** and utilizes a hybrid architecture of dedicated NAS storage, Proxmox virtualization, and containerized services for media, self-hosting, and development.
> [!TIP] Visual Guide
> For a visual representation of the network and hardware layout, see the [Infrastructure Diagrams](diagrams.md).
[TOC]
## Physical and hardware registry
@@ -86,6 +89,7 @@ This document outlines the internal infrastructure of the **wompmacho** homelab.
* **Tunnel Subnet**: `10.10.10.0/24`
* **Phone Peer**: `10.10.10.3/32`
* **Gluetun (Container VPN)**: Lightweight VPN gateway for p2p and sensitive services. It provides a container-level killswitch and manages shared network namespaces.
* **NPM & Pi-hole Automation**: Sidecar containers (`npm-sync` and `pihole-dns-shim`) monitor the Docker socket and automatically provision Reverse Proxy hosts and local DNS records based on container **Labels**.
## Storage infrastructure

26
projects/nginx-proxy-manager/index.md
View File

@@ -32,6 +32,32 @@ configurations.
{{% include "/srv/configs/docker_compose/nginx-proxy-manager/docker-compose.yaml" %}}
```
## Automation (Docker Labels)
To avoid manually configuring Proxy Hosts in the UI (and to keep configuration tightly coupled with the services themselves), I use the `npm-sync` sidecar container.
This sidecar monitors the Docker socket. When a container spins up with specific labels, `npm-sync` automatically talks to the Nginx Proxy Manager API and creates the Proxy Host. When the container is destroyed, the route is cleaned up.
### How to Auto-Configure a Service
To expose a new container, simply add the following labels to its `docker-compose.yaml`. You do not need to touch the NPM UI.
```yaml
services:
my-app:
image: my-app:latest
labels:
- "npm.proxy.domains=myapp.wompmacho.com" # The URL
- "npm.proxy.port=8080" # Internal port the app listens on
- "npm.proxy.scheme=http" # Usually http or https
- "npm.proxy.ssl.force=true" # Force HTTPS
- "npm.proxy.ssl.letsencrypt=true" # Auto-provision SSL certificate
```
> [!important] Direct Edits
> Avoid making direct edits to NPM `.conf` files on the host, as it will desync the database and the Web UI. Always use the Web UI or API-driven automation like `npm-sync`.
## Nginx routing
Nginx gives you that great routing to your internal networked servers. Also
helps you set up your DNS both inside and outside the network. Can be a little
confusing at first.