Remote access too easy


Recommended Posts

Hi,

Recently setup a duckdns and let's encrypt docker.

Added the appropriate ports to my router 80,443 - > unraid ip.

Got sonarr and nzbget etc linked up and working.

They are accessible at dnsname.com/sonarr.

However, they are available at any computer that will go to that website.

Fortunately there is a password on it, but I want this to be more secure, possibly even not accessible.

Would doing so break nzb360 as they requires forwarding?

Thanks

 

Sent from my SM-G955F using Tapatalk

 

 

Link to comment
On 7/7/2017 at 7:23 AM, BRiT said:

Use a VPN instead of punching through ports direct to your fileserver.

Thanks for that.

Setup openVPN and thats even better cause you can access everything, not just the webui of dockers.

Significantly easier too, and more secure.

Makes me wonder what the benefits of HTTPS with lets encrypt is?...

Link to comment
  • 4 weeks later...
11 minutes ago, brando56894 said:

Your unRAID server really shouldn't be accessible to the public internet, the only way it should be able to be accessed securely when outside your network is via VPN.

But what about people using the immense popular docker Plex?  The purpose is that it can serve all your media files over the internet.

Is there a safe way we can have Plex on the internet ( the manual instructs to set up port forwarding for this ) and "lock down" every and each other access other than VPN?

 

Link to comment

Plex does it's own port forwarding via UPNP, there is usually no need to manually forward ports. You definitely don't want to run Plex through a VPN, it will slow everything to a crawl unless the VPN server and Plex server have a lot of processing power (I'm talking recent Core i7/Core i9 or a high powered Xeon) since Plex is very CPU intensive when transcoding videos and a VPN server puts a large load on the CPU as well since every bit of data is encrypted, this also puts a large load on the client since the client has to decrypt every bit. Using SSL is secure enough and you just access your Plex server via Plex.tv when outside your network or via an app.

 

VPNs are for remote access to an internal host, group of hosts (subnet) or your entire network. According to your first post, this is most likely what you want, rather then setting them up as public facing websites that are protected by a password. Don't manually forward any ports on your router (unless you absolutely need to) and just let UPNP do it's job, and whenever you need to access Sonarr/Radarr/whatever you connect the VPN and access everything as if you were inside of your network.

Edited by brando56894
Link to comment
2 minutes ago, brando56894 said:

Plex does it's own port forwarding via UPNP, there is usually no need to manually forward ports. You definitely don't want to run Plex through a VPN, it will slow everything to a crawl unless the VPN server and Plex server have a lot of processing power (I'm talking recent Core i7/Core i9 or a high powered Xeon) since Plex is very CPU intensive when transcoding videos and a VPN server puts a large load on the CPU as well since every bit of data is encrypted, this also puts a large load on the client since the client has to decrypt every bit. Using SSL is secure enough and you just access your Plex server via Plex.tv when outside your network or via an app.

 

VPNs are for remote access to an internal host, group of hosts (subnet) or your entire network.

 

 

Although I do agree on the suggestion of just stick it on the open internet and it's not required to put it through a VPN.

  • UPnP does not always work. But setting a port forward to Plex is easy, just make sure to use plex's port internally as its hardcoded.
  • If using a router or firewall to do the encryption for VPN your PC will not take a hit, even then a decent pc can handle VPN traffic of a few video streams.
  • If only using a VPN at the server end, (e.g using AirVPN or something with portforward support) the client would not need to decrypt anything, it would only be on VPN leaving your house to the public internet.    -- Note the only improvement here is people cannot see your real IP when accessing plex, other than that you still have a port forward that ends up on your plex machine.
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.