Questions regarding Server/Router Setup for Domains/SSL/Security


Recommended Posts

Hey guys,

 

I got newly registered here in the forum, but I have been using unRAID for quite some time and love all the updates it gets. Now that I moved in with my gf I wanted to clean up my setup a bit and make it nice and simple.

 

To give you an overview:

I have an ASUS Router with the Merlin firmware installed. I use the VPN client option on the router to secure most of my devices automatically (A few exceptions, like my XBOX and my pc, as they sometimes use Netflix and it doesn't work via the VPN, also the VPN doesn't support Port forwarding).

I also use the DDNS option from the router itself.

 

On my unRAID I have the following dockers installed:

Sonarr,

Radarr,

Emby,

Sabnzbd

 

Also I have a VM with Hassio running.

 

I am using the br0 option and gave each docker container an individual IP.

This way I also disabled the VPN for Emby and use port forwarding so I can access it remotely (Only Emby though and only via SSL [Certificate via the router])

 

 

First of all, I was wondering what you guys would suggest of Remote Access to Emby, if I should use a VPN (Though implementing this would require help aswell) or if it's okay to use port forwarding just for this one service (I changed the External Port aswell, from the standard one), as I really don't need to remote access anything else?

 

Here is what I imagined thoughas my plan:

Locally I would like to simplify reaching each of the containers just by using: sonarr.local (Or something similar), preferrably using HTTPS (Does it make sense and is it possible) though.

 

Remotely as I said only access available to Emby and this through my own domain via subdomain: emby.mydomain.de (Again only per HTTPS). I would like to keep the VPN as it is and use it for most of my internet and just allow certain devices/services non-VPN access. If I give unraid a pass there, would it make it attackable via the internet, despite no ports open?

 

Are these ideas possible, if so, what would you recommend? I have read a bit here, but somehow I never really found the exact issue I am facing (Unless I was just blind :D )

 

Last but not least I was wondering about general unRAID security. I used Tips and Tweaks and the recommended plugins. I disabled Telnet and FTP and I am just trying to clean up my SMB shares a bit and allow most dockers only user access and not root. I often read that I should only give SMB read-access, my question is, doesn't Emby e.g. need write access? I don't think others need it, but Emby transfers the files to the right folder, creates it and all, so I would assume i need it there. Anything else I could improve on?

 

Best and sorry for the lengthy post and lot of questions, but thanks in advance

luke

 

 

Edited by lukeasoiler
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.