Monitoring, backup strategies, and security procedures
Volume Backup Strategies Comprehensive Backup Script:
#!/bin/bash # Homelab backup script BACKUP_BASE="/mnt/backups" SOURCE_BASE="/mnt/swarm-data" DATE=$(date +%Y%m%d_%H%M%S) BACKUP_DIR="$BACKUP_BASE/swarm_backup_$DATE" # Create backup directory mkdir -p "$BACKUP_DIR" # Application data backup echo "Backing up application data..." rsync -av --progress "$SOURCE_BASE/" "$BACKUP_DIR/swarm-data/" # Docker configuration backup echo "Backing up Docker configurations..." cp -r /mnt/docker-configs/ "$BACKUP_DIR/docker-configs/" # System configuration backup echo "Backing up system configurations..." cp /etc/fstab "$BACKUP_DIR/fstab" cp /etc/hosts "$BACKUP_DIR/hosts" # Docker swarm configuration echo "Backing up Swarm configuration.
Certificate Renewal Automatic Certificate Management: Traefik handles automatic certificate renewal through Cloudflare DNS challenge:
# Traefik configuration handles renewal automatically certificatesresolvers: cloudflare: acme: dnschallenge: true storage: /certificates/acme.json Manual Certificate Verification:
# Check certificate status docker exec traefik_container ls -la /certificates/ # Verify certificate expiration openssl x509 -in /mnt/swarm-data/traefik/certificates/acme.json -text -noout # Force certificate renewal docker service update --force traefik_traefik Certificate Backup:
# Include in regular backups cp /mnt/swarm-data/traefik/certificates/acme.json /backup/location/ Access Control Reviews Quarterly Security Review Checklist:
Node Status Verification Check Cluster Health:
# Overall cluster status docker node ls # Expected output: # ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION # [SECRET] p0 Ready Active Leader 28.4.0 # [SECRET] p1 Ready Active 28.4.0 # [SECRET] p2 Ready Active 28.4.0 # [SECRET] p3 Ready Active 28.4.0 # Detailed node information docker node inspect p0 --pretty # Node resource usage docker system df docker system info Node Health Indicators: