January 3, 20233 yr Hello Everyone, I am a newcomer to the world of UnRaid. Prior to UnRaid, I was primarily using Ubuntu for media server needs. I was quite happy with that setup, which was running on an old Intel 5th generation i5 laptop, until I was introduced to UnRAID one day. Today, I have Unraid 6.11+ up and running on a custom build. So far, I've installed Plex and a few *arr apps for the media server. I also have it set up to backup Mac and Windows PCs. After watching some of the spaceinvader and ibracorp videos, I'm being drawn down a rabbit hole of securing UnRaid to its full potential. My question is, how seriously should I consider setting up Nginx/Swag and anything else with it if I only want to use it for local use and backups? Every guide I've read appears to be extremely overwhelming for my use cases, which is why I'm asking for the guidance.
January 3, 20233 yr Community Expert if you only use it locally, then you can stay away from them. The need for them arises, if you want to use some dockers from the internet that all use the same ports like 80 or 443. Normal IPV4 gives you only a single global reachable address, so you can only reach ONE docker per port. Thats what this nginx/Swag jumps in, it serves the global port and looks either for requested subfolders or for registered dnsname. It then delegates the data internally to the (hopefully) correct docker which runs on a different port. As a side effect it also fetches a Letsencrypt SSL certificate and encrypts the traffic with it. No need for every docker behind him to deal with certificates, encryption and renewal. But internally, you can configure the dockers to use different ports (like 4443 or 8080) and access them directly with your browser. (anyway, some lazy people like me also use swag internally because I have limited storage and cant remember all the ports where I moved the dockers to, so, I let swag handle this for me 😁) Edited January 3, 20233 yr by MAM59
January 3, 20233 yr Author For each docker, I've been using private network created within UnRaid, does that suffice or should I also setup swag internally like you have done? For arr apps though, as long as my download client is using VPN (though I do usenet indexer mostly), am I all set with the security or I need swar or comparable apps there too?
January 3, 20233 yr Community Expert 21 minutes ago, ClutchAviator said: does that suffice or should I also setup swag internally like you have done depends on what you want to expose to the outside and how clients want to use it. 22 minutes ago, ClutchAviator said: as long as my download client is using VPN if you just download it does not matter at all. OUTGOING connections are handled automatically and do not need a proxy or SSL certificate. All is about INCOMING connection from either source. The difference is how other machines do address your dockers. Either https://yourUnraidIP:Dockerport or https://yourUnraidIP/dockername. The first needs a free port for every docker (and open it too at the router if it wants to be accessed from the internet), the second needs a proxy like nginx/swag the mapps the "dockername" URL into the internal (unique) Port of the Docker.
January 3, 20233 yr Author So if I am understanding correctly, as long as there is no client except me for any of my media sever, I dont need to worry about proxy and such. correct? What about nextcloud or duplicati backups? do they need to be secured with proxy or swag apps?
January 3, 20233 yr Community Expert 1 minute ago, ClutchAviator said: What about nextcloud or duplicati backups? do they need to be secured with proxy or swag apps? the more dockers you install, the higher gets the chance that 2 of them interfere (use the same ports). Nextcloud will already conflict with the unraid gui herself and needs to be moved elsewhere. Someday things become so complicated that the proxy is the best solution to run them all together (but the proxy itself already collides with unraid, so you first have to move unraid to a different port and then install the proxy... as I said, it becomes complicated).
January 3, 20233 yr Author ok so in that case, which is the easiest proxy solution for me to try? I am a noob and need to be spoon fed lol
January 4, 20233 yr Community Expert NGINX Proxy Manager (NPM) NGINX Proxy Manager: How to Install and Setup Reverse Proxy on Unraid (2021)
January 4, 20233 yr Community Expert 7 hours ago, MAM59 said: 2 of them interfere (use the same ports) Often you can just remap the ports on the host side. That is what docker port mapping is all about, after all.
January 4, 20233 yr On 1/2/2023 at 5:35 PM, ClutchAviator said: My question is, how seriously should I consider setting up Nginx/Swag and anything else with it if I only want to use it for local use and backups? Not at all (to answer the specific question). If, however, You want some sort of "maybe public" or "maybe private" access that's kind of available from/via/through the Internet!... Don't kid/fool yourself. If you want to access it outside your home, you need a reverse proxy or VPN (and I'm not talking about Nord, PIA, etc. -- you need your own). jmho. MrGrey.
January 4, 20233 yr Author 18 hours ago, ConnerVT said: NGINX Proxy Manager (NPM) NGINX Proxy Manager: How to Install and Setup Reverse Proxy on Unraid (2021) but doing this requires port forwarding and I am little afraid to do that.
January 4, 20233 yr Author 18 hours ago, trurl said: Often you can just remap the ports on the host side. That is what docker port mapping is all about, after all. where can I learn more about it?
January 4, 20233 yr 29 minutes ago, ClutchAviator said: where can I learn more about it? From the documentation. See link to manual in bottom right corner of GUI. Specifically read the Port Mapping section of https://wiki.unraid.net/Manual/Docker_Management
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.