Back to Blog
Sophos home mac5/17/2023 ![]() ![]() There were also a few things that I loved: Workday I hope to contribute to updating the documentation to help others who may end up in the same boat. Even with some AWS experience under my belt, this was a bit of a complicated endeavour, though I did get it working. Alexaīefore I sorted out remote access I wasn’t able to use the Cloud component fully, which sent me down the long and winding path of the Alexa component instead. ![]() Most things were pretty smooth to set up, but there were a couple hiccups: HomeKit / SiriĪs I mentioned, Docker for Mac broke HomeKit integration, so it’s a non-starter if you want to use this. To minimize alerts about failed login attempts, I enabled country blocking on the Sophos, only allowing inbound connections from my home and native land.In order to enable remote access, I forwarded ports 4 from the WAN to port 8123 on the Container Linux VM, and configured the HTTP component to use my public SSL certificate.Since the Sophos does not support acting as a reverse proxy for WebSocket connections, unfortunately I was unable to use its web application firewall (WAF) and SSL offloading capabilities.I whitelisted my LAN IP range in the HTTP component to bypass the password prompt.In order to allow me to access the service locally without any browser warnings about the SSL connection, I added a static DNS entry to the Pi-Hole so that my public domain name is resolved locally to the IP of the Container Linux VM.The containers run in net=host mode, so they have direct access to the VM’s network stack and their services are available at the VM’s IP.The Container Linux VM is bridged to the Mac’s LAN interface, so it gets its own IP address on the LAN.Here’s how I configured both local and remote networking: LAN The Mac mini has two network adapters, WAN and LAN, with the WAN side only accessible to the UTM. I run a Sophos UTM as a border security device, which runs as a VM appliance on VMware Fusion. ![]() Like hosting, networking in my LAN is somewhat complex. I liked this setup enough that I ended up moving my Pi-Hole DNS sinkhole from an Ubuntu VM to a container as well, and I might do the same with my Splunk service in the future (it’s currently running directly in macOS). So, I finally settled on using a VM running Container Linux to host the container. (In my setup I use an automation in Apple’s Home app which is triggered by iCloud location tracking.) This breaks Homekit / Siri integration, which is an important feature of the Apple ecosystem. The networking in Docker for Mac is weird, with the net result being that mDNS traffic cannot reach the containers.There was a networking-related memory leak that slowed the entire server to a crawl, and.I initially tried to use Docker for Mac, but I wouldn’t recommend it for two reasons: I first started out with Home Assistant running in its own Ubuntu Server VM, but then decided to give the Docker image a try instead. I use a Mac mini running macOS as a headless server, with VMware Fusion as a hypervisor. ![]()
0 Comments
Read More
Leave a Reply. |