September 5, 20178 yr Currently, I have several dockers installed on my machine that I'd like friends and family to be able to access, in particular, Binhex-Libresonic, and Linuxserver.io's cops and Piwigo. With the demise of the CrashPlan Home User, I'm evaluating being able to allow said friends & family to do their backups to my machine (by a non-CP method), then backup up that data somehow. I believe that ownCloud may be a good solution for that. However, before I go any further, I'd like to enable some better security for my server so I believe that something like the linuxserver.io LetsEncrypt/NGNIX combo package and/or OpenVPN would be good to use. Unfortunately, I've not kept up enough with the security world to know which of these would be better for my purposes, whether they are complementary in nature or are an unnecessary duplication, or if there's something else that would be better that I'm not seeing when I browse through the list of easily installed options. What are the pros and cons of the various security measures available for exposing an unRAID box to the wild, and which would make accessing services from my server the most secure while maintaining usability? (Ain't that the Holy Grail? ) Edited September 10, 20178 yr by FreeMan
September 6, 20178 yr As simply as I can put it. OpenVPN-as - You can control whole is accessing your server and all the data is sent encrypted. ONLY people with logins can access the local network and your server. It works very well and is what I am currently using for my server. LetsEncrypt/NGNIX - You can't control who is viewing your unraid server (other then using methods to ban IP addresses). However, everything is more accessible and share friendly. Meaning, I can give a friend www.plex.myserver.com and they will get plex. They won't have to login to anything or download open vpn client. As for security wise, they are both very secure. Both are running on secure connections if setup correctly. OpenVPN is just a easy way to manage users who get to access your local network while NGNIX is basically making it easier to navigate your server apps without having to type in ports. I am sure someone will add more in depth details, however Google is your friend.
September 6, 20178 yr 11 hours ago, Micaiah12 said: LetsEncrypt/NGNIX - You can't control who is viewing your unraid server (other then using methods to ban IP addresses). However, everything is more accessible and share friendly. Meaning, I can give a friend www.plex.myserver.com and they will get plex. They won't have to login to anything or download open vpn client. You absolutely can (and should!) require authentication for your nginx reverse proxy. The easiest is to use a username/password, but client certificates are also a possibility.
September 10, 20178 yr Author I've got the LetsEncrypt/NGNIX docker from linux|server.io up and running. A couple of additional tweaks and I think I'll be in pretty good shape for everyone to have access to Subsonic, COPS & Piwigo. I may also look to get OpenVPN set up so they can run backups, but I think there may be better options available. so I'll continue looking.
Archived
This topic is now archived and is closed to further replies.