1300GT Posted June 1, 2020 Posted June 1, 2020 Hope it's alright to post a wide range of general queries in one post? Currently have a Qnap NAS. Primary uses are a 25tb Plex library and backup for photo and video editing. It's not bad but has limitations and growing daily with a limit of only 4 HDDs. Keen to get stuck into building my own NAS and on top of the above also use it as a Nextcloud server for document sharing and editing along with personal file backups. Possibly depending on options in the long term I may look at some sort of CCTV recording backup too and move my emails over to Nextcloud. System setup I'm considering: Xeon E-2278G CPU ASRock E3C246D4U motherboard 512gb SSD [cache] 12TB HDD [Parity] 10TB HDD X 3 [Array] with space to add 3 more Fractal Node 804 case I've never used dockers before and although I think I understand how they work I'm still wary of some limitations I may not have thought of. 1. Is it best practice to place the Appdata folder on the cache drive? In this case presumably 512gb is sufficient? I've already got thumbnail metadata turned off in Plex but how bloated is a server with selection of dockers likely to get? When I first move my library over to the new server is this going to flood the cache and is there anything that needs doing at this point? 2. Is there any benefit in having two cache drives? 3. With space to expand with 3 more drives presumably it's best to have one already installed and waiting to use in case of failure in meantime? 4. What happens if parity drive fails, do you need to back this up? GPU I have a spare Quadro P2000 I was going to put in for offloading any transcoding that should be needed for Plex. (I realise with that CPU & quicksync this is overkill even with 4k stuff I have as I've remuxed it properly to direct play. But as I have it I may as well use it and have it there for any future need) 1. Is there anything extra that needs installing on UnRaid to utilise a GPU? 2. How do dockers / VMs work with the GPU? If one is using it is it locked out to other dockers to use? Security My Qnap is rather stupidly internet facing with a minimum of security currently in place. I'd like to fix this on the new build but have a distinct lack of knowledge in the area! Started off looking at things such as reverse proxies and ended up reading up on pfsense boxes between the router and server. 1. Is this over the top? 2. Is there a definitive guide or best place to start that covers best practice for security of UnRaid servers for beginners? I'll use the Qnap as off site backup for essential stuff but would still like to minimise any disruption Thanks in advance for any pointers. Quote
Squid Posted June 1, 2020 Posted June 1, 2020 24 minutes ago, 1300GT said: Is it best practice to place the Appdata folder on the cache drive? Generally yes. The access time is far faster on the cache drive. 25 minutes ago, 1300GT said: In this case presumably 512gb is sufficient? Easily 25 minutes ago, 1300GT said: Is there any benefit in having two cache drives? Redundancy. Personally though, I just backup my appdata from the single cache drive to the array once a week to protect it. 26 minutes ago, 1300GT said: With space to expand with 3 more drives presumably it's best to have one already installed and waiting to use in case of failure in meantime? Depends upon your own paranoia / how actually important the data is on the array. With a single parity drive, if any drive happens to die then the array is running in a degraded state, and another drive failure before the first is replaced will result in data loss 28 minutes ago, 1300GT said: What happens if parity drive fails, do you need to back this up? You replace it and the system will build the information again. Also see the above answer. 29 minutes ago, 1300GT said: My Qnap is rather stupidly internet facing with a minimum of security currently in place. I'd like to fix this on the new build but have a distinct lack of knowledge in the area! Started off looking at things such as reverse proxies and ended up reading up on pfsense boxes between the router and server. Because of this statement (which you're not alone with) 30 minutes ago, 1300GT said: have a distinct lack of knowledge you should not have ANY system on your network directly facing the internet. Whether that's Windows Server / Linux server, if you don't know and understand and have the safeguards in place (and understand exactly how they work) you will odds on make a mistake somewhere along the line and leave yourself wide open to attack. Forward the ports that Plex needs (32400) and you're good. If you do need to remotely access the server, then a VPN (wireguard / openVPN) is your best bet. Reverse Proxies are also ok for accessing apps on the servers. 1 Quote
1300GT Posted June 1, 2020 Author Posted June 1, 2020 3 hours ago, Squid said: Because of this statement (which you're not alone with) you should not have ANY system on your network directly facing the internet. Whether that's Windows Server / Linux server, if you don't know and understand and have the safeguards in place (and understand exactly how they work) you will odds on make a mistake somewhere along the line and leave yourself wide open to attack. Forward the ports that Plex needs (32400) and you're good. If you do need to remotely access the server, then a VPN (wireguard / openVPN) is your best bet. Reverse Proxies are also ok for accessing apps on the servers. Thanks for the information, it's cleared up a couple of points I was wondering about nicely. With regards the security issue maybe I didn't word it as best I can. I have some knowledge of general aspects of it all, just meant I'm far from expert and in some ways a little knowledge is more dangerous! My current NAS does only have the Plex SSL connection port forwarded, it's not wide open access. That just seems a bit of a basic approach when talking about a full server. Guess what I was wondering is best security approach to cover a server that will have remote Plex access and a Nextcloud instance that 2 or 3 people will need to access to. Hardware box such as pfsense between it and the router or software solution such as VPN or similar? Guess my queries now aren't really UnRaid related, more general server security so will try and read up further rather than ask on here. One more question if you can though? How secure are dockers to one another? Presumably if Plex access for example is compromised it means access to the full array could be achieved not just the Plex related files? Thanks again. Quote
Squid Posted June 1, 2020 Posted June 1, 2020 56 minutes ago, 1300GT said: Guess what I was wondering is best security approach to cover a server that will have remote Plex access and a Nextcloud instance that 2 or 3 people will need to access to Forward the port to Plex and use a reverse proxy for NextCloud. 56 minutes ago, 1300GT said: Presumably if Plex access for example is compromised it means access to the full array could be achieved not just the Plex related files? Any docker app only has access (either read/write or read-only) to the files / folders which you allow it access to. While a simple solution to setting up any container on any system is to simply give it carte blance access to every file, IMO there's zero reason to let plex have access to your banking info, so why let it... 1 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.