Unraid and Dockers Security

[MacRaid]

Hey guys... So, slowly but surely I'm progressing with my UnRaid and extras. Now I need your help again.

 

I have set up a combination of Jackett, Sonarr, Deluge and Plex. I manage to "secure" my UnRaid with the encryption certificate in Settings/Management Access (so now is https) there are a lot of thing I don't fully understand how they work but still learning.

Now with the other mention dockers the URL still shows "Not Secure"on Chrome, I have read a LOT of treads and saw a lot of videos but I wish to hear from you guys the experts in one spot.

I wish to protect my UnRaid, my IP, network usage (uploads and downloads history), make it private but funcional... etc. I've read about installing SSL certificates, setting up private ports, using VPN's or alike OpenVpn (too expensive for me), DuckDNS, Private Internet Access (good price), Privoxy (I think is free) etc... I have a NordVpn subscription for another 2 years but can't find anything to set it up for dockers.

The question is which configuration or combination would you recommend to accomplish this if possible with no or minimum extra subscriptions required (I know i'm asking a lot) also taking in account my knowledge on the subject is much much less than standard. 

Thank you in advance and be safe...

[Squid]

Assuming that you're only accessing those containers via the local network (or via a VPN like wireguard / openVPN), then there's nothing particularly wrong or insecure per se about Sonarr being accessed via http.

 

IE: If you're worried about a program running on your local network sniffing the packets running back and forth between your computer and Sonarr's GUI, then you've got far more important problems (like why is a program installed on your desktop sniffing the packets)

[MacRaid]

Thanks for your response Squid, I am accessing from home and atm not interested to have remote access. 3 things I'm concern, 1. So many blogs saying to protect (or not leave it "open) your deluge, sonarr, jackett etc. 2. The URL saying "not secure" and 3. Being able to see anything downloaded with the iknowwhatyoudownload site.

I'm not that advance to be sure but I don't think there's anything sniffing around.

[timstephens24]

For your concerns:

 

1. If they’re not accessible from the internet, ie you’re not port forwarding to them and can only connect from inside your network, then that’s what they’re talking about. For your deluge you’ll need to have the torrent port open (pick a random high port and don’t use the default) and don’t port forward the WebUI port.

2. I’m guessing Chrome is telling you ‘Not Secure’ because you’re using an “invalid” certificate and connecting to it via your private IP. As long as you’re connecting to it via the private IP you can safely ignore this message. It will also give this message if you’re connecting from external but you’re using a self-signed cert.

3. Don’t download from public places.

[MacRaid]

Thanks Tim, 

1.

• I'm not sure how it can't be accessible from the internet when it uses internet to work plus my download gets register outside my network.
• I don't know how port forwarding works and/or if it's active nor I know if I need it or not.
• How "high port" should it be set on deluge and where?

2. 

• How do I get a valid certificate?
• My private IP is the one I use to access my router, right?

3.

• Private places need invite and I read they have different rules which I don't yet understand, can I set NordVpn on Unraid and this dockers?

 

I know I'm asking you to level down with me but is much appreciated.