When I was experimenting with this it didn't seem like you had to distribute the cert to the service itself. As long as the internal service was an https port. The certificate management was still happening on the proxy.
The trick was more getting the host names right and targeting the proxy for the hostname resolution.
Either way IP addresses are much easier but it is nice to observe a stream being completely passed through. I'm sure it takes a load off the proxy and stabilizes connections.
This would be correct if you are terminating ssl at the proxy and it's just passing it to http. However, if you can enable SSL on the service it's possible to take advantage of full passthru if you care about such things.
You might look at gluetun. It lets you configure various VPN services from a docker container. The interesting part is that you can point other docker containers to utilize gluetun for networking. Essentially piping them through the configured VPN.
Not without good logs or debugging tools.
You need to know what to observe. You are not going to get the information you are looking for directly from zfs or even system logs.
What I suggest stands. You have to understand the behavior of the USB controller. That information is acquired from researching USB itself.
Now if you intend to utilize something like a USB enclosure you indeed would be better off with something like ext4. However, keep in mind that this effect is not directly a file system issue. It's an issue with how USB controllers interact with file systems.
That has been my experience from researching this matter. ZFS is simply more sensitive.
In my experience even for motherboards that have port limitations it's possible to take advantage of pci lanes and install a hba with an onboard SATA controller. They also make pci devices that will accept nvme drives.
Good luck with your experimentation and research.
This takes a degree of understanding of what you are doing and why it fails.
I've done some research on this myself and the answer is the USB controller. Specifically the way the USB controller "shares" bandwidth. It is not the way a sata controller or a pci lane deals with this.
ZFS expects direct control of the disk to operate correctly and anything that gets in between the file system and the disk is a problem.
I the case of USB let's say you have two USB - nvme adapters plugged in to the same system in a basic zfs mirror. ZFS will expect to mirror operations between these devices but will be interrupted by the USB controller constantly sharing bandwidth between these two devices.
A better but still bad solution would be something like a USB to SATA enclosure. In this situation if you installed a couple disks in a mirror on the enclosure... They would be using a single USB port and the controller would at least keep the data on one lane instead of constantly switching.
Regardless if you want to dive deeper you will need to do reading on USB controllers and bandwidth sharing.
If you want a stable system give zfs direct access to your disks and accept it will damage zfs operations over time if you do not.
Have a look at Stirling PDF. It's a self hosted alternative to most if not all Adobe functions that she might care about. It can be setup with docker.
I thought it would. If it still requires sudo to run it is probably just docker wanting your user account added to the docker group. If the "docker" group doesn't exist you can safely create it.
You will likely need to log out and log back in for the system to recognize the new group permissions.
That doesn't make any sense to me. It can be installed directly from pacman. It may be something silly like adding docker to your user group. Have you done something like below for docker?
sudo pacman -Syu
sudo pacman -S docker
sudo systemctl enable docker.service
sudo systemctl start docker.service
sudo usermod -aG docker $USER
Log out and log back in for the group changes to take effect.
Verify that Docker CE is installed correctly by running:
docker --version
If you get the above working docker compose is just
sudo pacman -S docker-compose
What computer and OS do you have that can't run docker? You can run a full stack of services on a random windows laptop as easily as a dedicated server.
Edit
Autocorrect messing with OS.
Honestly at this point that is docker and docker compose.
As to what to run it on that very much depends on preference. I use a proxmox server but it could just as easily be pure Debian. A basic webui like cockpit can make system management operations a bit more simplified.
My favorite is using the native zfs sync capabilities. Though that requires zfs and snapshots configured properly.
I'm spoiled now. I prefer ubiquiti equipment for my network, security camera, and even door access.
However, if you prefer completely open source I can recommend opnsense and openwrt. Personally I prefer a single point of configuration... So all ubiquiti for me.. It makes it easy to restore a complete network configuration as you are discovering is a pain.
Maybe start with the new cloud gateway max as a router if you are interested.