marshy919 Posted July 6, 2017 Share Posted July 6, 2017 Hi, Recently setup a duckdns and let's encrypt docker. Added the appropriate ports to my router 80,443 - > unraid ip. Got sonarr and nzbget etc linked up and working. They are accessible at dnsname.com/sonarr. However, they are available at any computer that will go to that website. Fortunately there is a password on it, but I want this to be more secure, possibly even not accessible. Would doing so break nzb360 as they requires forwarding? Thanks Sent from my SM-G955F using Tapatalk Quote Link to comment
BRiT Posted July 6, 2017 Share Posted July 6, 2017 Use a VPN instead of punching through ports direct to your fileserver. Quote Link to comment
marshy919 Posted July 14, 2017 Author Share Posted July 14, 2017 On 7/7/2017 at 7:23 AM, BRiT said: Use a VPN instead of punching through ports direct to your fileserver. Thanks for that. Setup openVPN and thats even better cause you can access everything, not just the webui of dockers. Significantly easier too, and more secure. Makes me wonder what the benefits of HTTPS with lets encrypt is?... Quote Link to comment
JonathanM Posted July 14, 2017 Share Posted July 14, 2017 1 hour ago, marshy919 said: Makes me wonder what the benefits of HTTPS with lets encrypt is?... Clientless setup. Can (not necessarily should) be accessed with machines you don't have admin control. Quote Link to comment
brando56894 Posted August 10, 2017 Share Posted August 10, 2017 Your unRAID server really shouldn't be accessible to the public internet, the only way it should be able to be accessed securely when outside your network is via VPN. Quote Link to comment
zonderling Posted August 10, 2017 Share Posted August 10, 2017 11 minutes ago, brando56894 said: Your unRAID server really shouldn't be accessible to the public internet, the only way it should be able to be accessed securely when outside your network is via VPN. But what about people using the immense popular docker Plex? The purpose is that it can serve all your media files over the internet. Is there a safe way we can have Plex on the internet ( the manual instructs to set up port forwarding for this ) and "lock down" every and each other access other than VPN? Quote Link to comment
Tuftuf Posted August 10, 2017 Share Posted August 10, 2017 I would be less concerned with Plex been on the Open internet compared to 80, 443 directed at Unraid.. 1 Quote Link to comment
brando56894 Posted August 10, 2017 Share Posted August 10, 2017 (edited) Plex does it's own port forwarding via UPNP, there is usually no need to manually forward ports. You definitely don't want to run Plex through a VPN, it will slow everything to a crawl unless the VPN server and Plex server have a lot of processing power (I'm talking recent Core i7/Core i9 or a high powered Xeon) since Plex is very CPU intensive when transcoding videos and a VPN server puts a large load on the CPU as well since every bit of data is encrypted, this also puts a large load on the client since the client has to decrypt every bit. Using SSL is secure enough and you just access your Plex server via Plex.tv when outside your network or via an app. VPNs are for remote access to an internal host, group of hosts (subnet) or your entire network. According to your first post, this is most likely what you want, rather then setting them up as public facing websites that are protected by a password. Don't manually forward any ports on your router (unless you absolutely need to) and just let UPNP do it's job, and whenever you need to access Sonarr/Radarr/whatever you connect the VPN and access everything as if you were inside of your network. Edited August 10, 2017 by brando56894 Quote Link to comment
Tuftuf Posted August 10, 2017 Share Posted August 10, 2017 2 minutes ago, brando56894 said: Plex does it's own port forwarding via UPNP, there is usually no need to manually forward ports. You definitely don't want to run Plex through a VPN, it will slow everything to a crawl unless the VPN server and Plex server have a lot of processing power (I'm talking recent Core i7/Core i9 or a high powered Xeon) since Plex is very CPU intensive when transcoding videos and a VPN server puts a large load on the CPU as well since every bit of data is encrypted, this also puts a large load on the client since the client has to decrypt every bit. Using SSL is secure enough and you just access your Plex server via Plex.tv when outside your network or via an app. VPNs are for remote access to an internal host, group of hosts (subnet) or your entire network. Although I do agree on the suggestion of just stick it on the open internet and it's not required to put it through a VPN. UPnP does not always work. But setting a port forward to Plex is easy, just make sure to use plex's port internally as its hardcoded. If using a router or firewall to do the encryption for VPN your PC will not take a hit, even then a decent pc can handle VPN traffic of a few video streams. If only using a VPN at the server end, (e.g using AirVPN or something with portforward support) the client would not need to decrypt anything, it would only be on VPN leaving your house to the public internet. -- Note the only improvement here is people cannot see your real IP when accessing plex, other than that you still have a port forward that ends up on your plex machine. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.