Okay, the permission error is almost certainly because the Samba process inside the container doesn’t have the right Linux permissions for the host directory /mnt/my_ext_hdd/my_dir/my_subdir.

On your server running docker, find the numeric UID and GID for that directory: ls -ln /mnt/my_ext_hdd/my_dir/my_subdir

you likely need to set PUID=<uid_from_step_1> and PGID=<gid_from_step_1> in the environment: section of your docker-compose.yml file for the Samba service.

Recreate the container (docker compose up -d --force-recreate).

WARNING: This assumes you are only accessing Samba from within your secure local network. Never expose Samba directly to the internet. Doing so is a major security risk and makes you a target for attacks.

You’re running into that permission error because of how Docker handles file permissions between the host and the container. It’s by design for security reasons. The user inside the container likely doesn’t have access to the mounted directory unless the UID and GID match what’s on the host. You can work around it, but it’s locked down intentionally.

Also, what’s the use case here? What do you need file sharing via Samba in a Docker container for? If it’s just about moving files in and out, docker cp or docker exec -it container /bin/bash might be easier.

If it is just you on your server and the only access from outside your network is SSHing in front the VPN? You’re good. Especially if it’s just you on your network/VPN.

If there are services that others utilize, you need a firewall. Can’t trust other people’s devices to not drag in malware.

So, this question is very difficult to answer. I don’t want you to be discouraged though.

I can’t answer you because I don’t know your goals. Since we’re in /c/selfhosted, I assume you’re experimenting with some self-hosted setups, which is awesome! But what exactly are you hoping to do with OpenWRT? And what’s the plan for the switch? Are you aiming for better network control, VLANs, firewall rules, or are you just looking to have network area storage?

If you can share more about what you’re trying to accomplish, folks here will be much better equipped to help you figure out your next steps.

If you’ll be running Linux and trying to use steam to run games, at all, avoid the 14th gen is.

If not, the 14th gen i9 is your bet.

Something with Proton, the layer that makes steam work with Linux, has been causing tons of people a lot of grief myself included. Any games that rely heavily on vulkan shaders will cause my whole system to crash under heavy load. It’s a known thing and Intel still seems clueless as to what to do to resolve it, afaik.

Auth portal for VPN tunnell -> Authelia -> fail2ban -> VLAN with services only.

ELK stack monitors the LAN. (Including VLAN)

Keep that VLAN segmented. You’re good unless you’re a DOGE employee, then I’d recommend quite a bit more security.

Https://crt.sh would make anyone who thought obscurity would be a solution poop themselves.

I was reading this and thinking node package manager too and I was both confused and concerned that somebody would sit all of their security on node package manager!

That makes much more sense 🙂

Don’t fret, not even Microsoft does.

You’re not as valuable as a target as Microsoft.

It’s just about risk tokerance. The only way to avoid risk is to not play the game.

This is explainlikeimfive

Not iamfiveandthisisdeep.

I have a server that I run services through traefik/docker on.

It ALSO has a drive that is a MIRROR of my NAS.

that NAS has a lil slavey twin, an external 14tb USB HDD. It’s on my laptop.

Every time my laptop is idle, It does a little rsync with the servers NAS to stay current.

I keep a 3rd copy (mirroring server NAS) in the cloud.

Okay. Your laptop can’t ping or SSH into the server. First, figure out if the problem is one-way. Can the server ping the laptop, or is it just dead in both directions?

You mentioned all other devices communicate normally—do they all fail to reach the laptop, or is the issue isolated to the laptop and server pair?

Physically check the server and confirm both IP addresses to ensure you’re not chasing the wrong info. Once you’ve got the correct IPs, ping the laptop from the server’s side. If the server can’t reach it either, you know this isn’t just a laptop-to-server problem.

Also, did you set up a firewall on the laptop? That’s worth looking into. And yes, it’s annoying, but try the simple stuff: disconnect and reconnect your laptop’s Wi-Fi, reboot it, even run sudo apt update just to rule out anything weird. Start with these basics before moving on to more complicated troubleshooting.

This video helped me get questions relating to P vs NP correct in my Complexity and Computation undergrad class.

https://youtu.be/YX40hbAHx3s

Agreed on word fence.

I didn’t say to specify a port in the DNS. I just said that it is a way that we can resolve a resource.

In the case of ports we’d configure it through whatever webserver (Apache, nginx, traefik, whatever) configs necessary on that machine. The DNS in this scenario would only be for the machines IP where our webserver then routes traffic to different ports.

I was accounting for both valid setups.

That suggested, it could be done with ports, or it could be done with separate servers.

Domain.com resolves to 1.2.3.4

www.domain.com resolves to 1.2.3.4:443

app.domain.com resolves to 1.2.3.4:5555

Games.domain.com resolves to 1.2.5.6

Mail.domaim.com resolves to 1.2.7.8

Portal.domain.com resolves to 1.2.9.10

Etc, etc.

If you’re into developing and stuff, GitLab

Plex server

Jellyfin server

ELK stack or security onion

Get steam working, connect via steam link.

Everyone is gonna learn best differently. There’s no best place to start.

Id start with solving a problem. For me, this was not wanting to make a backup to transfer my data from my old machine to my new one. So I built a little Ubuntu Server, setup a rudimentary samba share, setup users/groups, and figured out how to access that data from my network.

Docker is easy, you’ll learn it by mistake. It’ll haunt you like it’s some complicated thing until you realize you’re doing it and it’s literally incredibly straightforward.

From there, Id maybe say go to WordPress and follow instructions about setting up a WordPress site in a docker container. Oops, you just learned docker.

Id hold off on hosting email. I mean it’s a noble goal but it’s a fucking headache. But that’s just me! Like I said, everyone’s different.

Piece of advice, before you go hosting a monero server, dig into cybersecurity. Particularly server hardening. I recommend Hack The Box. There’s tons of platforms, though.

SMART tools

sudo apt-get install smartmontools

sudo smartctl -a /dev/sdX where sdX is your drive in question (sdA, sdB, etc).

| grep Power_On_Hours

| grep Power_Cycle_Count

This just tells you how much that drive was used in the past, It’s not a perfect to test but it’s what I do 🤷‍♂️

It’s a gamble.

When you lose, you can simply return it.

When you win, you get a hard drive that works for really cheap.

I purchased one in 2020 that I still haven’t replaced, although I’m buying the replacement now as it has begun it’s slow certain death.