Docker container for nut server?
-
@netboy said in Docker container for nut server?:
Let us say you 5 UPS's in your home and you want nut server to read all the UPS's and show me a dasboard about the status of all the UPS's ? - Is there a ready made docker container for client server nut with dashboard functionality?
No, and I believe most people would say that the type of thing you are asking for isn't something you want to run on your firewall. I recommend using a general purpose operating system behind the firewall instead.
-
@dennypage said in Docker container for nut server?:
something you want to run on your firewall
Can you please explaing this? The server is a isolated nut server whose ports are not exposed (becuase this runs on cloudflare tunnel if exposed by public domain and has access control from cloudflare) and this gathers the clients info and shows it in a dashboard. Kindly explain me how this is bad? I am not doubting your remarks (you "helped" me in this setup before) and fully aware you are the author of the nut sevices in netgate routers and "very knowlegeable" in nut and everthing nut related
-
@netboy https://github.com/DartSteven/Nutify
this is a good project to work with....of course as you've been suggested nothing to run on your pfsense machine but on a separate one. -
@netboy said in Docker container for nut server?:
@dennypage said in Docker container for nut server?:
something you want to run on your firewall
Can you please explaing this?
Basic security principles. Any additional services that you add to a system increases the available attack surface of that system. And the more critical the system is (cost of failure or compromise), the more important it is to minimize the attack surface.
Your firewall is a pretty critical system, and you want to avoid running random services on it unless necessary. Sometimes it is necessary due to the unique position of the firewall in the network, but you really want to avoid using the firewall as a general purpose server.
-
@latimeria I tried Nutify but it is rigth now works only with one physically "attached" UPS
-
@dennypage said in Docker container for nut server?:
Basic security principles. Any additional services that you add to a system increases the available attack surface of that system. And the more critical the system is (cost of failure or compromise), the more important it is to minimize the attack surface.
This is very general comment. Tell me clearly why it is security risk. I have 2 VLAN's 192.168.x.x and 172.16.x.x - Firewall rules prevent IoT (172.16.0.x.x) from talking to 192.168.x.x (secured network) - My nut server is in 192.168.x.x and all my clients of nut are in 192.x.x.x and "if I want to expose them to public" with subdomain like ups.mydomain.com i use "cloudflare tunnel" where it communicates directly with "cloudflared" in docker container in my nas and hence NO PORTS are open in the router. Why do you think this setup is a security risk? I really like to get your opinion!
-
@netboy said in Docker container for nut server?:
I tried Nutify but it is rigth now works only with one physically "attached" UPS
After further examination, I would not recommend use of Nutify. It's implemented as a stand-alone NUT controller for systems that not have NUT installed. It requires complete control of NUT, which is not desirable (at all). Much better to have used and external upsc command to get the information. Or even the NUT client protocol itself.
-
@netboy said in Docker container for nut server?:
This is very general comment. Tell me clearly why it is security risk.
Yes, it is a general comment about how you should approach security of a system like a firewall. If you are responsible for administrating a firewall, general security concepts are something worth reading up on. Alternatively, you can trust that there is a good reason that the people who do this for a living (Netgate) do not provide docker, or many other, services on pfSense. It isn't because they are lazy I assure you.
No, I can' give you a specific vector. That isn't the point.
-
@dennypage I am NOT installing docker in pfsense - offcourse this is a big security risk - I agree !!! I am installing a docker container in a seperate server in my network not in pfsense - Now tell me if this is a security risk
-
@netboy said in Docker container for nut server?:
I am NOT installing docker in pfsense - offcourse this is a big security risk - I agree !!!
My apologies. I interpreted your earlier question
I think i need to explain what i am asking for. I am fully aware if your netgate router is attached to an UPS you can configure netgate. Let us say you 5 UPS's in your home and you want nut server to read all the UPS's and show me a dasboard about the status of all the UPS's ? - Is there a ready made docker container for client server nut with dashboard functionality?
as a request to have something running on pfSense, which is why I responded
I believe most people would say that the type of thing you are asking for isn't something you want to run on your firewall. I recommend using a general purpose operating system behind the firewall instead.
Mutual misunderstanding I guess.
If you want to explore general NUT monitoring, and not something particular to pfSense, I would recommend the NUT Users list as a better place to seek information.
