Comic Book/ eBook Docker Recommendations

    • New
    • Official Post

    I worded that wrong... I meant does it work like let's say a Thermostat at home or my Whisker Cat litter box where I did not open any ports but they initialize outside of the network and allow me to connect to it, not "cloud" hosting. My bad. But I see what you mean. I will host using my kavita. I will configure SWAG to be the routing protocol to get to Kavita and I still need to open ports on my Cisco to allow me to get to SWAG which directs me to Kavita.

    I will assume SWAG cares not about do main or IP it just works with security and ports, so I would still connect from Internet to x.x.x.182:443 and I should be directed?

    What program do you use on your tablet or out in the world to connect to your server to read?

    If you read the link I posted, it explains swag. I'm not really sure what your obsession is with accessing this via IP. You would not access by IP address, you would access by domain (ie, kavita.your-domain.tdl, or kavita.your-domain.duckdns.org , etc.)

  • If you read the link I posted, it explains swag. I'm not really sure what your obsession is with accessing this via IP. You would not access by IP address, you would access by domain (ie, kavita.your-domain.tdl, or kavita.your-domain.duckdns.org , etc.)

    Cause I don't have any extra $$ to buy a domain.

  • Cause I don't have any extra $$ to buy a domain.

    Duckdns is free, 😉

    • New
    • Official Post

    Cause I don't have any extra $$ to buy a domain.

    Not that I would bag on you for not having the money for a domain, but you can get a domain for the first year for about $3 through namecheap. It will go up after that. My domain runs me about $13/yr. The key is choosing a tld. If you choose say .org, .com, .net, etc. they're going to be expensive (sometimes extremely expensive). If you use a less common tld (i like .xyz, but there's some other options)... they are generally quite reasonable.



    I'm not that familiar with dyndns, but if you need a free domain, all you need is a Google account and get a free duckdns domain...


    https://www.duckdns.org/

  • I will look into all this when I get home.


    And I am not fascinated or hung up on IP Goob! I just figure I have a static one I own that I remember verbatim so wanted to verify and assure myself that I did not indeed need a domain. I am not against it, just, I don't know.


    Anywho, thank you all I shall look into it.

    • New
    • Official Post

    I will look into all this when I get home.


    And I am not fascinated or hung up on IP Goob! I just figure I have a static one I own that I remember verbatim so wanted to verify and assure myself that I did not indeed need a domain. I am not against it, just, I don't know.


    Anywho, thank you all I shall look into it.

    If you have a static IP and decide to purchase (which I would encourage if you can), you really don't need cloudflare unless you just want it.. you could just manage it through your domain panel

  • Um it's not a cloud system, you still have to self host. You will still have to forward 2 ports for swag... Then you route your services through swag, so you can access them securely while not on your network


    https://docs.linuxserver.io/general/swag

    Honestly going over all these examples etc on that link, my mind just melted. I have no idea about this stuff. I won't say I give up but definitely am going long term done with it. I literally just stare at the examples scratching my head.

    I mean even the very basic port issues;

    Port 443 mapping is required for access through https://domain.com. However, you don't necessarily need to have it listen on port 443 on the host server. All that is needed is to have port 443 on the router (wan) somehow forward to port 443 inside the container, while it can go through a different port on the host.


    Wait what? WAN 443 I get, Container 443 I get but host port? the NIC on the server hosting the docker? I mean I guess I do not really need an answer I am just saying, that stuff confuses me. And it is OK, I guess it is not for me. BUT for your (all you) efforts in helping, I assure you at a later time I will get back into it.

    • New
    • Official Post

    Honestly going over all these examples etc on that link, my mind just melted. I have no idea about this stuff. I won't say I give up but definitely am going long term done with it. I literally just stare at the examples scratching my head.

    I mean even the very basic port issues;

    Port 443 mapping is required for access through https://domain.com. However, you don't necessarily need to have it listen on port 443 on the host server. All that is needed is to have port 443 on the router (wan) somehow forward to port 443 inside the container, while it can go through a different port on the host.


    Wait what? WAN 443 I get, Container 443 I get but host port? the NIC on the server hosting the docker? I mean I guess I do not really need an answer I am just saying, that stuff confuses me. And it is OK, I guess it is not for me. BUT for your (all you) efforts in helping, I assure you at a later time I will get back into it.

    If you want some help, I don't know what your time is like (it's 2320 here, but I'll be up all night)... Come to the discord and I can talk you through this and try to make it less confusing.

  • I apologize for the no show, I was not available at that time! I appreciate your offering to help me. I will say this, though. I was having so much trouble SSH into my box. My Cisco FPR1010 Firepower is no joke and I have learned it's configurations quite well but nothing I could do would let me connect. Until... I realized on my OMV I have en01, en02. en01 is going to my VPN Router which is for transmission and the likes. en02 is for the home LAN, which connects to my local WAN IP and so I disabled the Gateway on en02 so that transmission would default to en01, which it does, but also disables any incoming packets via en02 due to no Gateway...I totally forgot so last night I enabled the Gateway and sure enough I can SSH in. So I bet this was my same issue with the multiple book server dockers being unable to be accessed Internet side.

    BUT this now brings me back to my initial concern with the Gateway For some reason Transmission just decides to use en01 (my vpn router) and switches to en02. Makes no says why it says "hmm I'm going to leave one NIC for another". Anyway I am gonna try it all again and see if the gateway was indeed blocking my connection.

    • New
    • Official Post

    I apologize for the no show, I was not available at that time! I appreciate your offering to help me. I will say this, though. I was having so much trouble SSH into my box. My Cisco FPR1010 Firepower is no joke and I have learned it's configurations quite well but nothing I could do would let me connect. Until... I realized on my OMV I have en01, en02. en01 is going to my VPN Router which is for transmission and the likes. en02 is for the home LAN, which connects to my local WAN IP and so I disabled the Gateway on en02 so that transmission would default to en01, which it does, but also disables any incoming packets via en02 due to no Gateway...I totally forgot so last night I enabled the Gateway and sure enough I can SSH in. So I bet this was my same issue with the multiple book server dockers being unable to be accessed Internet side.

    BUT this now brings me back to my initial concern with the Gateway For some reason Transmission just decides to use en01 (my vpn router) and switches to en02. Makes no says why it says "hmm I'm going to leave one NIC for another". Anyway I am gonna try it all again and see if the gateway was indeed blocking my connection.

    Why would you need to adjust your router for SSH? I'm assuming you're opening a port and trying to SSH in at public.ip:port ?


    Again, just completely unnecessary. The more you expose/open ports to the world, the more you expose your server to security threats. Since you have docker installed, again you only need to forward two ports to your server... then you should be able to access most services with a free/cheap domain via swag


    I installed the wetty plugin in OMV. Created a subdomain.conf for wetty in my swag folder...


    Now I just SSH my server (if I'm not home) with any web browser by going to https://wetty.my-domain.tld . It's secured with SSL, I'm not exposing any unecessary ports

  • I mean, I get what you are saying. I really don’t have a lot of exposed ports. Actually, for incoming I just have 177:22 for OMV SSH and then 993/587 for my email server. As I expand upon things I want to set up the swag or ngoni whatever as my connecting door but for now it’s pretty simple. These servers I’m messing with are literally 0 information or important data so not tooooo concerned about security until I find time. I just want things to work, then I’ll harden.

    Also with this response I really was just confessing my mistake in configuration. When I was setting up the web docker to secure connections, I could access my books locally but not via internet. I only mentioned ports and ssh as an example; I believe the reason I could not access the SWAG/ books on the server was cause then I did not have a default gateway. I could not connect to the web server or ssh. I then deleted swag to start over and realized the gateway issue, and now I can ssh in. So I am assuming when I install swag again, it too will work. Once I get the swag working I’ll shit down every port and use it as my 1 door into my server from the Internet .

  • Morning


    Alright so I got me a DNS and verified it worked as I can remotely connect to my WAN Router, and then of course disabled for security purposes.

    I installed SWAG pretty default and used 8080:80 and 8443:443 as my listening ports. On my Cisco FPR I created NAT x.x.x.182 (WAN IP ) 8080 192.168.5.42 8080 and a x.x.x.182 8443 192.168.5.42 8443, the same I do for all my other servers and works fine. I then created 2 ACL's permitting from OUTSIDE access to 192.168.5.42 8443 and 8080.

    SWAG is up and running, on those ports, and nothing I do can connect http or https. Is there an option IN SWAG on the local say "enabling" the access?


    618b751788b5 linuxserver/swag "/init" 10 minutes ago Up 10 minutes 0.0.0.0:8080->80/tcp, :::8080->80/tcp, 0.0.0.0:8443->443/tcp, :::8443->443/tcp

  • created NAT x.x.x.182 (WAN IP ) 8080 192.168.5.42 8080 and a x.x.x.182 8443 192.168.5.42 8443

    It's wan port 80 to LAN port 8080.

    Same with wan port 443 to LAN port 8443

  • Well that is interesting. The subnet 192.168.5.0 is running several servers, one happens to be 192.168.5.42 (OMV/SWAG) so what happens to those that use 80 WAN? I mean I have several PORT 80's I was to assume the server side was 80 and incoming would be I.E 8080, how does WAN differentiate which destination when everything is 80 OUTSIDE. I ask cause I truly am unsure, I hope it doesn't come across as arrogant.

    I have a web server apache on a different server port 80. So I am confused :(

  • The subnet 192.168.5.0 is running several servers, one happens to be 192.168.5.42 (OMV/SWAG) so what happens to those that use 80 WAN?

    You can have whatever amount of services running on port 80 via docker (docker allows this with the xx:80 port argument) but only 1 on the host.

    If portforward from wan is 80: LAN 80, all connection from the wan will be redirected to the LAN IP with the port 80 Open.


    Since Swag is running on port 8080(host):port 80(docker) it won't conflict with OMV.

    Swag will then, reroute the calls to OMV internally and there's no conflict anymore.


    Sorry if I can't explain better but writing on phone isn't easy

  • That makes sense, I do understand the concept.

    My issue is, through my WAN x.x.x.182 I have a subnet 192.168.5.0. 192.168.5.42 is OMV with SWAG on it but there are other devices on the 192.168.5.0 that use Port 80 and so on, so on my Cisco FPR1010 I have (outside) 8080 going to (inside(omv)) 8080 and then OMV/Docker would forward 8080 to it's (internal) 80. But it doesn't work.

    For S's and giggles can I do a random SWAG like 656:656 and on my FPR do 656 NAT to 656 and bypass all other known ports, no 1 port to another forwarding just easy and rule out everything else? If it still does not work then it isnt a port issue but something is blocking it?

  • (outside) 8080 going to (inside(omv)) 8080

    You have to understand only one thing:

    The wan ports 80 and port 443 have to be forward to "whatever" ports you use on the LAN ip where SWAG is running.

    If you have a subnet in the middle, the "whatever" ports need to be portforward also from 1 subnet to the other.


    What does this mean: let's imagine your wan IP is 100.101.102.182.

    Your router has DHCP subnet 192.168.1.1

    Your subnet is 192.168.5.1

    Swag is running on IP 192.168.5.42 docker port 656:80 & 4656:443


    You need to portforward:

    100.101.102.182:80->192.168.5.42:656

    Same with 443->4656


    If the subnet handler/router/switch also requires portforward, you just pass the ports through:

    656->656 && 4656->4656


    After this, SWAG will receive the call on the ports and redirect them internal to the proper 80 && 443


    I really don't know how to explain it better

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!