Remote Access to CP/Sonarr/NZBGet/Deluge


Recommended Posts

i want to get access to these dockers outside my network more specifically i want to be able to add them to NZB360 for management for whenever i'm not at home and want to add a tv show or movie for download, not sure how i can accomplish this.

 

any help appreciated.

 

Your best bet would be to setup duckdns (for free) and link everything up to a website.. So you would go to yoursite.duckdns.org:5050 for example for CouchPotato.

Link to comment

i want to get access to these dockers outside my network more specifically i want to be able to add them to NZB360 for management for whenever i'm not at home and want to add a tv show or movie for download, not sure how i can accomplish this.

 

any help appreciated.

 

Your best bet would be to setup duckdns (for free) and link everything up to a website.. So you would go to yoursite.duckdns.org:5050 for example for CouchPotato.

 

Or create a Windows VM running TeamViewer on your unRAID server, and access the browser via the Windows VM.

Link to comment

Your best bet would be to setup duckdns (for free) and link everything up to a website.. So you would go to yoursite.duckdns.org:5050 for example for CouchPotato.

 

thanks this worked for what i need.

 

Or create a Windows VM running TeamViewer on your unRAID server, and access the browser via the Windows VM.

 

just needed access to those services through an android app called NZB360 check it out at http://nzb360.com/ if you've never heard of it

Link to comment

Your best bet would be to setup duckdns (for free) and link everything up to a website.. So you would go to yoursite.duckdns.org:5050 for example for CouchPotato.

 

thanks this worked for what i need.

 

Or create a Windows VM running TeamViewer on your unRAID server, and access the browser via the Windows VM.

 

just needed access to those services through an android app called NZB360 check it out at http://nzb360.com/ if you've never heard of it

Setup dynamic dns on your router and forward the ports needed. Works great with nzb360 you can even specify local (home network) and external so it will connect to local one if you are on your home WiFi etc.

Link to comment

The best option is to install a VPN and use that.

 

All other options require you to maintain public facing services securely and please please dont take this the wrong way but if your asking this question then you dont know how to do that

 

VPN all the way :)

Link to comment

The best option is to install a VPN and use that.

 

All other options require you to maintain public facing services securely and please please dont take this the wrong way but if your asking this question then you dont know how to do that

 

VPN all the way :)

 

You speak truth.

Link to comment

Reverse proxy is the way to go. Smdion's Apache RP docker plus a simple config plus a free SSL cert from StartSSL and you're good to go. It lets you disable the passwords on all those sites and just authenticate at the proxy instead.

 

What it has over oVPN is that you don't need a client to access it. I can add a show to Sonarr from my work computer, for example.

Link to comment

Certainly a  reverse proxy if far more secure that presenting random daemons to the internet but it is not in the same league as a VPN both in terms of security and functionality.

 

The correct way to do this is via a VPN and then you have access to you entire network as if you are sitting at home ad nausium.

Link to comment

Your best bet would be to setup duckdns (for free) and link everything up to a website.. So you would go to yoursite.duckdns.org:5050 for example for CouchPotato.

 

thanks this worked for what i need.

 

 

If I may, I'd suggest you remap the ports open to the net.  Don't simply open up the ports normally associated with CP/Sonarr/NZB/etc. and leave them facing the world.  Having the standard ports open, makes it much more likely for your system to be discovered by someone scanning a range of IPs for, say, port 8989 (Sonarr.)  Configure your router to forward some obscure ports to the standard ports within your internal network.  It's a relatively simple step that will cut down on the number of drive-by probes your system will receive, and lessens the chance someone might do something really bad to you.

Link to comment

Your best bet would be to setup duckdns (for free) and link everything up to a website.. So you would go to yoursite.duckdns.org:5050 for example for CouchPotato.

 

thanks this worked for what i need.

 

 

If I may, I'd suggest you remap the ports open to the net.  Don't simply open up the ports normally associated with CP/Sonarr/NZB/etc. and leave them facing the world.  Having the standard ports open, makes it much more likely for your system to be discovered by someone scanning a range of IPs for, say, port 8989 (Sonarr.)  Configure your router to forward some obscure ports to the standard ports within your internal network.  It's a relatively simple step that will cut down on the number of drive-by probes your system will receive, and lessens the chance someone might do something really bad to you.

 

This is called "security though obscurity" and is a bad practice. This provides a very false sense of security.

 

A VPN provides real security that will stop attackers, not just slow them down. The safest VPN will use PKI. These can be self-generated keys. No passwords should be used at all.  At the very least use a very long random password. 

Link to comment

 

 

If I may, I'd suggest you remap the ports open to the net.  Don't simply open up the ports normally associated with CP/Sonarr/NZB/etc. and leave them facing the world.  Having the standard ports open, makes it much more likely for your system to be discovered by someone scanning a range of IPs for, say, port 8989 (Sonarr.)  Configure your router to forward some obscure ports to the standard ports within your internal network.  It's a relatively simple step that will cut down on the number of drive-by probes your system will receive, and lessens the chance someone might do something really bad to you.

 

This is called "security though obscurity" and is a bad practice. This provides a very false sense of security.

 

A VPN provides real security that will stop attackers, not just slow them down. The safest VPN will use PKI. These can be self-generated keys. No passwords should be used at all.  At the very least use a very long random password.

 

I'm confused why you consider it "bad practice" to decrease the chances of attack.  If OP is unable/unwilling to set up a VPN, that simple step WILL decrease the number of random probes on well-known ports.  Is your position- do everything or do NOTHING?

Link to comment

 

 

If I may, I'd suggest you remap the ports open to the net.  Don't simply open up the ports normally associated with CP/Sonarr/NZB/etc. and leave them facing the world.  Having the standard ports open, makes it much more likely for your system to be discovered by someone scanning a range of IPs for, say, port 8989 (Sonarr.)  Configure your router to forward some obscure ports to the standard ports within your internal network.  It's a relatively simple step that will cut down on the number of drive-by probes your system will receive, and lessens the chance someone might do something really bad to you.

 

This is called "security though obscurity" and is a bad practice. This provides a very false sense of security.

 

A VPN provides real security that will stop attackers, not just slow them down. The safest VPN will use PKI. These can be self-generated keys. No passwords should be used at all.  At the very least use a very long random password.

 

I'm confused why you consider it "bad practice" to decrease the chances of attack.  If OP is unable/unwilling to set up a VPN, that simple step WILL decrease the number of random probes on well-known ports.  Is your position- do everything or do NOTHING?

I think the position is more properly stated as "Don't give yourself a false sense of security". Even if the "obscurity" method deflects 99% of attempts, if you leave it long enough it will get hacked by that 1% and that is enough.
Link to comment
I'm confused why you consider it "bad practice" to decrease the chances of attack.  If OP is unable/unwilling to set up a VPN, that simple step WILL decrease the number of random probes on well-known ports.  Is your position- do everything or do NOTHING?
Either properly secure the network or don't use remote access. If OP is unable/unwilling to set up a VPN, don't open ANY ports.
Link to comment

I think the position is more properly stated as "Don't give yourself a false sense of security". Even if the "obscurity" method deflects 99% of attempts, if you leave it long enough it will get hacked by that 1% and that is enough.

 

Fair enough, though I would counter that; "A VPN provides real security that will stop attackers, not just slow them down." is hubris, and presenting any sort of well-known open port to the world, is equally inviting.

Link to comment

I think the position is more properly stated as "Don't give yourself a false sense of security". Even if the "obscurity" method deflects 99% of attempts, if you leave it long enough it will get hacked by that 1% and that is enough.

 

Fair enough, though I would counter that; "A VPN provides real security that will stop attackers, not just slow them down." is hubris, and presenting any sort of well-known open port to the world, is equally inviting.

 

Obscuring port numbers may slow incompetant attackers but a port scan will find any open ports. Every open port needs to be secured. How many portals do you wish to secure? VPN software is well vetted and provides a single secure access point.

 

Considering a VPN as being more secure than a myriad of open ports is not hubris. It is fact.

Link to comment

To add some weight to that...

 

VPNs are subjected to countless thousands of hours of developer time, independent code audits and both community and commercial pen testing.

 

Huge corporations hire people full time to actively make sure they contain no holes and rely on them as a means to secure in some cases their multi billion dollar networks.

 

Conversely your web app may be written by one high school student learning python.

 

To argue anything other than this is naive.

 

 

 

 

Link to comment

I change ports all the time for this very reason and I am a security guy to trade however ...

 

the problem with suggesting this is not that it does not increases security (it does) it is the fact that when you do people then stop. Once you accept that this is the norm what you end up is with users thinking they have secured their service and not pay any further attention making this a net decrease in security.

 

Fundamentally do not place any services on the internet unless you know how to monitor and secure those services. This is why the VPN is the only solution for most as it allows you the same end result without having to know anything about security.

Link to comment

At least I got chicken!

 

Congratulations.  All I got was scorned for daring to recommend something that was A STEP towards security.

Would you recommend that someone install an old copy of norton on a windows pc because it is a step towards security? Now that person thinks they have antivirus, and wonders why they get hacked when they browse a crack site. Better to properly educate to the best of what's available than to tell someone that it's ok to just do the minimum, and then get blamed when something bad happens. We're just covering our butts by recommending what we know to be the best option to accomplish what was asked.
Link to comment

 

Would you recommend that someone install an old copy of norton on a windows pc because it is a step towards security? Now that person thinks they have antivirus, and wonders why they get hacked when they browse a crack site. Better to properly educate to the best of what's available than to tell someone that it's ok to just do the minimum, and then get blamed when something bad happens. We're just covering our butts by recommending what we know to be the best option to accomplish what was asked.

 

If you read my original post, you'll see that I neither presented mine as THE solution nor as completely safe, only as an improvement over what the OP has already indicated was his end condition.  My objection is to being impugned as somehow offering BAD advice.  I'm all for increasing one's security as much as possible.  I wasn't prepared to butt heads with the VPN love-in.  I just wanted to offer a potentially helpful suggestion.

 

In answer to your question, yes, I would proffer the installation of an outdated antivirus as improving one's security, albeit slightly.  Will it stop a 0-day exploit?  No.  Will it stop a 2-year old exploit?  Likely.  Would you uninstall your antivirus the instant your update subscription expired?  I'll bet not. 

 

Anyways, I'm done with this.  OP, best of luck with your security choices.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.