March 30, 20179 yr Just a few questions, from a noob with no command line knowledge. So I've got this set up with sonarr, cp, nzbget etc.. working with [email protected] and have it password protected. My Web address is https://[email protected] adding /nzbget or /sonarr etc... at the end. Is this correct and have I set up it all properly, or should it be https://sonarr.mydomain.duckdns.org Also by running my dockers through letsencrypt, does this give them better security when they connect to the Internet or is the security just for me when I connect to them from outside my network. Do I still need to enable ssl, https, and proxy settings in each docker as well for better security. Basically I want the best security I can get for my nzbget or sabnzbd so any help, hints or tips much appreciated. P.S. Can unraid guide be run through nginx and have https security.
March 30, 20179 yr 1 minute ago, Mylo75 said: P.S. Can unraid guide be run through nginx and have https security. Don't know squat about reverse proxy, but it's already been announced that 6.4 will utilize nginx as the webserver for the OS
March 30, 20179 yr Your setup is fine, it improves security when you connect to those apps from outside your LAN, it does nothing for how those apps connect to the internet themselves. I don't use https/SSL on any of these apps, I implement all that at the Lets Encrypt reverse proxy level. Don't even think of putting your Unraid webui on the reverse proxy, if you want to connect to that outside your LAN, then setup a VPN.
March 30, 20179 yr 1 minute ago, Squid said: Don't know squat about reverse proxy, but it's already been announced that 6.4 will utilize nginx as the webserver for the OS He's right, it's one of the few topics he really does know nothing about!
March 30, 20179 yr Author Thanks squid, I bet you know more than me about reverse proxy stuff! Cool so 6.4 will be a great update, will that mean all dockers will then have https support in this new update without having to set it all up manually.
March 30, 20179 yr Author Thanks CHBMB, I know nothing about any of these topics, lol. So how would I secure these apps when they connect to the Internet.
March 30, 20179 yr Just now, Mylo75 said: Thanks squid, I bet you know more than me about reverse proxy stuff! Seriously doubt it. Been meaning to look into it to make things a hair easier for the wife, but I'm perfectly happy with using a VPN, and have trouble grasping why she doesn't get the concept....
March 30, 20179 yr Author 1 minute ago, Squid said: Seriously doubt it. Been meaning to look into it to make things a hair easier for the wife, but I'm perfectly happy with using a VPN, and have trouble grasping why she doesn't get the concept.... That's the next thing on my "need to learn" list, vpn setup.
March 30, 20179 yr Just now, Mylo75 said: Thanks CHBMB, I know nothing about any of these topics, lol. So how would I secure these apps when they connect to the Internet. You could run them through a proxy or VPN, but neither are particularly easy to do. Depends what you're trying to achieve, if it's anonymity then VPN, if it's resistance to "hackers" then your reverse proxy is fine as it is presuming you've got a secure username/password at the reverse proxy layer and it's using SSL.
March 30, 20179 yr Just now, Mylo75 said: That's the next thing on my "need to learn" list, vpn setup. That's nothing. Install lsio's OpenVPN-AS app, copy the generated .opvn file onto whatever devices you want, and you're done.
March 30, 20179 yr 3 minutes ago, Squid said: Seriously doubt it. Been meaning to look into it to make things a hair easier for the wife, but I'm perfectly happy with using a VPN, and have trouble grasping why she doesn't get the concept.... I tried explaining VPN to my wife, she didn't get it either. And actually uses one to connect to work from home. To her it's "internet"
March 30, 20179 yr Author Just now, CHBMB said: You could run them through a proxy or VPN, but neither are particularly easy to do. Depends what you're trying to achieve, if it's anonymity then VPN, if it's resistance to "hackers" then your reverse proxy is fine as it is presuming you've got a secure username/password at the reverse proxy layer and it's using SSL. I have pia account for vpn, I've tried the nzbgetvpn and sabnzbdvpn dockers but they don't seem to work. Sonarr doesn't seem to work using reverse proxy or VPN. I like to have anonymity and have resistance to hackers as well. Am I wanting too much?
March 30, 20179 yr I've used nzbgetvpn in the past and it worked for me, was a while back though. But if you're connecting to a usenet server with SSL then it's all encrypted anyways, all you'd be hiding is the fact you're connecting to the usenet server, nobody can see the traffic anyways. Torrents on the other hand, should always go over a VPN.
March 30, 20179 yr Author 6 minutes ago, Squid said: That's nothing. Install lsio's OpenVPN-AS app, copy the generated .opvn file onto whatever devices you want, and you're done. That's not simple, lol. I installed the docker, but in log I get, Starting openvpnas...Error: Could not execute server start.
March 30, 20179 yr Author 1 minute ago, CHBMB said: I've used nzbgetvpn in the past and it worked for me, was a while back though. But if you're connecting to a usenet server with SSL then it's all encrypted anyways, all you'd be hiding is the fact you're connecting to the usenet server, nobody can see the traffic anyways. Torrents on the other hand, should always go over a VPN. Yea, my usenet server is ssl. So I just need to take a security chill pill then.
March 30, 20179 yr 1 minute ago, Mylo75 said: That's not simple, lol. I installed the docker, but in log I get, Starting openvpnas...Error: Could not execute server start. Post your docker run command. Link in my sig
March 30, 20179 yr Author I restarted openvpn docker and no errors. This is log. So if it's running what do I do next Brought to you by linuxserver.ioWe gratefully accept donations at:https://www.linuxserver.io/donations/-------------------------------------GID/UID-------------------------------------User uid: 99User gid: 100-------------------------------------[cont-init.d] 10-adduser: exited 0.[cont-init.d] 20-time: executing...[cont-init.d] 20-time: exited 0.[cont-init.d] 30-config: executing...[cont-init.d] 30-config: exited 0.[cont-init.d] 40-openvpn-init: executing...[cont-init.d] 40-openvpn-init: exited 0.[cont-init.d] 50-interface: executing...MOD Default {} {}MOD Default {} {}MOD Default {} {}MOD Default {} {}[cont-init.d] 50-interface: exited 0.[cont-init.d] done.[services.d] starting services[services.d] done. Edited March 30, 20179 yr by Mylo75
March 30, 20179 yr Every day is a school day.... Wow this was my 6666th post..... Edited March 30, 20179 yr by CHBMB
March 30, 20179 yr 2 minutes ago, CHBMB said: Every day is a school day.... Wow this was my 6666th post..... That is just pure evil!
April 5, 20179 yr On 3/30/2017 at 4:20 PM, CHBMB said: I've used nzbgetvpn in the past and it worked for me, was a while back though. But if you're connecting to a usenet server with SSL then it's all encrypted anyways, all you'd be hiding is the fact you're connecting to the usenet server, nobody can see the traffic anyways. Torrents on the other hand, should always go over a VPN. or for torrentz get a seedbox that has SSL implemented, so all they see is a encrypted connection to a data center somewhere.
Archived
This topic is now archived and is closed to further replies.