Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Opening a docker port to the interwebz

Featured Replies

After installing the Minecraft PE Docker now available for unRAID, my kids are nagging me to allow theirs friends to join their server.  Until now I've resisted opening anything unRAID related to the internet but I'm wondering if it's now supported by enough dockers to do so with peace of mind.

 

my immediate need is to open one port, 19132 currently, pointing to a docker container. What's the best Wa.  I saw a guide using duck DNA, letsencrypt and Ngiam reverse proxy.  Seems a bit much but if that's the safest and easiest way I'll head down that route.  Are there any other options?  If the above is the best, I have my own domain names so I could use my own and configure my DNS host to act as a dynamic dns server.  Is that better or worse than a duck DNS type service.  If is how the whole hog with letsencrypt and Ngiam reverse, is it safe to open other ports to dockets, or even the unRAID gui itself?

 

any answers or pointers greatly appreciated.

Until you need more services exposed, I'd just forward that single port through your router to the server IP and call it a day. Depending on how often your IP changes, and how much hassle it is, maybe just manually tell your kid's friends the current IP, and when they bitch that the connection is down, check and give them the new IP.

 

Each port that you open is another risk, the application answering on that port needs to be vetted for security concerns. Opening the unraid GUI to the world is NOT safe, even when behind letsencrypt and reverse proxy. That may change with the new upcoming GUI, but emhttp isn't web safe.

 

I'm not even sure that a minecraft port would answer properly on a reverse proxy, probably not, as it's meant for web pages.

  • Author

Thanks, that makes sense and makes it easier.

 

On container protection, if someone managed to break to the cli of the docket that I'm forwarding a port to, what chance is there that they can then break from docker into the server's cli?

 

A hacked Minecraft server I cab deal with. Is my server's safety in worried about. 

8 hours ago, dalben said:

On container protection, if someone managed to break to the cli of the docket that I'm forwarding a port to, what chance is there that they can then break from docker into the server's cli?

Currently I don't know of any exploits that allow moving from inside the docker environment to the host, HOWEVER... most containers have mapped resources that can be accessed from inside the container, plus, the container is either hosted or natted inside your lan, so if someone malicious has control over a docker, they most likely will be able to do at least some damage to the server or possibly your lan, limited by whatever access has been granted to that docker.

 

9 hours ago, jonathanm said:

Each port that you open is another risk, the application answering on that port needs to be vetted for security concerns.

 

The beauty of the nginx letsencrypt reverse proxy is that only one port and application needs to be opened and audited to allow access to many other possibly less secure web control panels for apps like sonarr and nzbget, etc.

  • Author

Thanks jon.  I'll start playing around and see where I end up.

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.