Mylo75 Posted March 30, 2017 Share Posted March 30, 2017 Just a few questions, from a noob with no command line knowledge. So I've got this set up with sonarr, cp, nzbget etc.. working with [email protected] and have it password protected. My Web address is https://[email protected] adding /nzbget or /sonarr etc... at the end. Is this correct and have I set up it all properly, or should it be https://sonarr.mydomain.duckdns.org Also by running my dockers through letsencrypt, does this give them better security when they connect to the Internet or is the security just for me when I connect to them from outside my network. Do I still need to enable ssl, https, and proxy settings in each docker as well for better security. Basically I want the best security I can get for my nzbget or sabnzbd so any help, hints or tips much appreciated. P.S. Can unraid guide be run through nginx and have https security. Quote Link to comment
Squid Posted March 30, 2017 Share Posted March 30, 2017 1 minute ago, Mylo75 said: P.S. Can unraid guide be run through nginx and have https security. Don't know squat about reverse proxy, but it's already been announced that 6.4 will utilize nginx as the webserver for the OS Quote Link to comment
CHBMB Posted March 30, 2017 Share Posted March 30, 2017 Your setup is fine, it improves security when you connect to those apps from outside your LAN, it does nothing for how those apps connect to the internet themselves. I don't use https/SSL on any of these apps, I implement all that at the Lets Encrypt reverse proxy level. Don't even think of putting your Unraid webui on the reverse proxy, if you want to connect to that outside your LAN, then setup a VPN. 1 Quote Link to comment
CHBMB Posted March 30, 2017 Share Posted March 30, 2017 1 minute ago, Squid said: Don't know squat about reverse proxy, but it's already been announced that 6.4 will utilize nginx as the webserver for the OS He's right, it's one of the few topics he really does know nothing about! Quote Link to comment
Mylo75 Posted March 30, 2017 Author Share Posted March 30, 2017 Thanks squid, I bet you know more than me about reverse proxy stuff! Cool so 6.4 will be a great update, will that mean all dockers will then have https support in this new update without having to set it all up manually. Quote Link to comment
CHBMB Posted March 30, 2017 Share Posted March 30, 2017 No it won't automatically give SSL suppport to dockers. Quote Link to comment
Mylo75 Posted March 30, 2017 Author Share Posted March 30, 2017 Thanks CHBMB, I know nothing about any of these topics, lol. So how would I secure these apps when they connect to the Internet. Quote Link to comment
Squid Posted March 30, 2017 Share Posted March 30, 2017 Just now, Mylo75 said: Thanks squid, I bet you know more than me about reverse proxy stuff! Seriously doubt it. Been meaning to look into it to make things a hair easier for the wife, but I'm perfectly happy with using a VPN, and have trouble grasping why she doesn't get the concept.... Quote Link to comment
Mylo75 Posted March 30, 2017 Author Share Posted March 30, 2017 1 minute ago, Squid said: Seriously doubt it. Been meaning to look into it to make things a hair easier for the wife, but I'm perfectly happy with using a VPN, and have trouble grasping why she doesn't get the concept.... That's the next thing on my "need to learn" list, vpn setup. Quote Link to comment
CHBMB Posted March 30, 2017 Share Posted March 30, 2017 Just now, Mylo75 said: Thanks CHBMB, I know nothing about any of these topics, lol. So how would I secure these apps when they connect to the Internet. You could run them through a proxy or VPN, but neither are particularly easy to do. Depends what you're trying to achieve, if it's anonymity then VPN, if it's resistance to "hackers" then your reverse proxy is fine as it is presuming you've got a secure username/password at the reverse proxy layer and it's using SSL. Quote Link to comment
Squid Posted March 30, 2017 Share Posted March 30, 2017 Just now, Mylo75 said: That's the next thing on my "need to learn" list, vpn setup. That's nothing. Install lsio's OpenVPN-AS app, copy the generated .opvn file onto whatever devices you want, and you're done. 1 Quote Link to comment
CHBMB Posted March 30, 2017 Share Posted March 30, 2017 3 minutes ago, Squid said: Seriously doubt it. Been meaning to look into it to make things a hair easier for the wife, but I'm perfectly happy with using a VPN, and have trouble grasping why she doesn't get the concept.... I tried explaining VPN to my wife, she didn't get it either. And actually uses one to connect to work from home. To her it's "internet" Quote Link to comment
Mylo75 Posted March 30, 2017 Author Share Posted March 30, 2017 Just now, CHBMB said: You could run them through a proxy or VPN, but neither are particularly easy to do. Depends what you're trying to achieve, if it's anonymity then VPN, if it's resistance to "hackers" then your reverse proxy is fine as it is presuming you've got a secure username/password at the reverse proxy layer and it's using SSL. I have pia account for vpn, I've tried the nzbgetvpn and sabnzbdvpn dockers but they don't seem to work. Sonarr doesn't seem to work using reverse proxy or VPN. I like to have anonymity and have resistance to hackers as well. Am I wanting too much? Quote Link to comment
Squid Posted March 30, 2017 Share Posted March 30, 2017 6 minutes ago, CHBMB said: To her it's "internet" 1 Quote Link to comment
CHBMB Posted March 30, 2017 Share Posted March 30, 2017 I've used nzbgetvpn in the past and it worked for me, was a while back though. But if you're connecting to a usenet server with SSL then it's all encrypted anyways, all you'd be hiding is the fact you're connecting to the usenet server, nobody can see the traffic anyways. Torrents on the other hand, should always go over a VPN. Quote Link to comment
Mylo75 Posted March 30, 2017 Author Share Posted March 30, 2017 6 minutes ago, Squid said: That's nothing. Install lsio's OpenVPN-AS app, copy the generated .opvn file onto whatever devices you want, and you're done. That's not simple, lol. I installed the docker, but in log I get, Starting openvpnas...Error: Could not execute server start. Quote Link to comment
Mylo75 Posted March 30, 2017 Author Share Posted March 30, 2017 1 minute ago, CHBMB said: I've used nzbgetvpn in the past and it worked for me, was a while back though. But if you're connecting to a usenet server with SSL then it's all encrypted anyways, all you'd be hiding is the fact you're connecting to the usenet server, nobody can see the traffic anyways. Torrents on the other hand, should always go over a VPN. Yea, my usenet server is ssl. So I just need to take a security chill pill then. Quote Link to comment
CHBMB Posted March 30, 2017 Share Posted March 30, 2017 1 minute ago, Mylo75 said: That's not simple, lol. I installed the docker, but in log I get, Starting openvpnas...Error: Could not execute server start. Post your docker run command. Link in my sig Quote Link to comment
Mylo75 Posted March 30, 2017 Author Share Posted March 30, 2017 (edited) I restarted openvpn docker and no errors. This is log. So if it's running what do I do next Brought to you by linuxserver.ioWe gratefully accept donations at:https://www.linuxserver.io/donations/-------------------------------------GID/UID-------------------------------------User uid: 99User gid: 100-------------------------------------[cont-init.d] 10-adduser: exited 0.[cont-init.d] 20-time: executing...[cont-init.d] 20-time: exited 0.[cont-init.d] 30-config: executing...[cont-init.d] 30-config: exited 0.[cont-init.d] 40-openvpn-init: executing...[cont-init.d] 40-openvpn-init: exited 0.[cont-init.d] 50-interface: executing...MOD Default {} {}MOD Default {} {}MOD Default {} {}MOD Default {} {}[cont-init.d] 50-interface: exited 0.[cont-init.d] done.[services.d] starting services[services.d] done. Edited March 30, 2017 by Mylo75 Quote Link to comment
CHBMB Posted March 30, 2017 Share Posted March 30, 2017 Follow this guide here. Or this video guide here. 1 Quote Link to comment
Mylo75 Posted March 30, 2017 Author Share Posted March 30, 2017 Thanks, I've increased my unraid knowledge tonight Quote Link to comment
CHBMB Posted March 30, 2017 Share Posted March 30, 2017 (edited) Every day is a school day.... Wow this was my 6666th post..... Edited March 30, 2017 by CHBMB Quote Link to comment
saarg Posted March 30, 2017 Share Posted March 30, 2017 2 minutes ago, CHBMB said: Every day is a school day.... Wow this was my 6666th post..... That is just pure evil! Quote Link to comment
ijuarez Posted April 5, 2017 Share Posted April 5, 2017 On 3/30/2017 at 4:20 PM, CHBMB said: I've used nzbgetvpn in the past and it worked for me, was a while back though. But if you're connecting to a usenet server with SSL then it's all encrypted anyways, all you'd be hiding is the fact you're connecting to the usenet server, nobody can see the traffic anyways. Torrents on the other hand, should always go over a VPN. or for torrentz get a seedbox that has SSL implemented, so all they see is a encrypted connection to a data center somewhere. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.