Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Docker container for nut server?

    Scheduled Pinned Locked Moved UPS Tools
    13 Posts 4 Posters 101 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dennypageD Offline
      dennypage @netboy
      last edited by

      @netboy said in Docker container for nut server?:

      Let us say you 5 UPS's in your home and you want nut server to read all the UPS's and show me a dasboard about the status of all the UPS's ? - Is there a ready made docker container for client server nut with dashboard functionality?

      No, and I believe most people would say that the type of thing you are asking for isn't something you want to run on your firewall. I recommend using a general purpose operating system behind the firewall instead.

      N 1 Reply Last reply Reply Quote 0
      • N Offline
        netboy @dennypage
        last edited by

        @dennypage said in Docker container for nut server?:

        something you want to run on your firewall

        Can you please explaing this? The server is a isolated nut server whose ports are not exposed (becuase this runs on cloudflare tunnel if exposed by public domain and has access control from cloudflare) and this gathers the clients info and shows it in a dashboard. Kindly explain me how this is bad? I am not doubting your remarks (you "helped" me in this setup before) and fully aware you are the author of the nut sevices in netgate routers and "very knowlegeable" in nut and everthing nut related

        L dennypageD 2 Replies Last reply Reply Quote 0
        • L Offline
          latimeria @netboy
          last edited by

          @netboy https://github.com/DartSteven/Nutify
          this is a good project to work with....of course as you've been suggested nothing to run on your pfsense machine but on a separate one.

          J3455M-E Asus motherboard
          8gb ram (2x 4gb Micron MT8JTF51264AZ-1G6E1)
          128Gb SSD
          Kolink Satellite midi tower case micro-atx
          quad lan card HP NC364T

          N 1 Reply Last reply Reply Quote 1
          • dennypageD Offline
            dennypage @netboy
            last edited by

            @netboy said in Docker container for nut server?:

            @dennypage said in Docker container for nut server?:

            something you want to run on your firewall

            Can you please explaing this?

            Basic security principles. Any additional services that you add to a system increases the available attack surface of that system. And the more critical the system is (cost of failure or compromise), the more important it is to minimize the attack surface.

            Your firewall is a pretty critical system, and you want to avoid running random services on it unless necessary. Sometimes it is necessary due to the unique position of the firewall in the network, but you really want to avoid using the firewall as a general purpose server.

            N 1 Reply Last reply Reply Quote 0
            • N Offline
              netboy @latimeria
              last edited by

              @latimeria I tried Nutify but it is rigth now works only with one physically "attached" UPS

              dennypageD 1 Reply Last reply Reply Quote 0
              • N Offline
                netboy @dennypage
                last edited by

                @dennypage said in Docker container for nut server?:

                Basic security principles. Any additional services that you add to a system increases the available attack surface of that system. And the more critical the system is (cost of failure or compromise), the more important it is to minimize the attack surface.

                This is very general comment. Tell me clearly why it is security risk. I have 2 VLAN's 192.168.x.x and 172.16.x.x - Firewall rules prevent IoT (172.16.0.x.x) from talking to 192.168.x.x (secured network) - My nut server is in 192.168.x.x and all my clients of nut are in 192.x.x.x and "if I want to expose them to public" with subdomain like ups.mydomain.com i use "cloudflare tunnel" where it communicates directly with "cloudflared" in docker container in my nas and hence NO PORTS are open in the router. Why do you think this setup is a security risk? I really like to get your opinion!

                dennypageD 1 Reply Last reply Reply Quote 0
                • dennypageD Offline
                  dennypage @netboy
                  last edited by

                  @netboy said in Docker container for nut server?:

                  I tried Nutify but it is rigth now works only with one physically "attached" UPS

                  After further examination, I would not recommend use of Nutify. It's implemented as a stand-alone NUT controller for systems that not have NUT installed. It requires complete control of NUT, which is not desirable (at all). Much better to have used and external upsc command to get the information. Or even the NUT client protocol itself.

                  1 Reply Last reply Reply Quote 0
                  • dennypageD Offline
                    dennypage @netboy
                    last edited by

                    @netboy said in Docker container for nut server?:

                    This is very general comment. Tell me clearly why it is security risk.

                    Yes, it is a general comment about how you should approach security of a system like a firewall. If you are responsible for administrating a firewall, general security concepts are something worth reading up on. Alternatively, you can trust that there is a good reason that the people who do this for a living (Netgate) do not provide docker, or many other, services on pfSense. It isn't because they are lazy I assure you.

                    No, I can' give you a specific vector. That isn't the point.

                    N 1 Reply Last reply Reply Quote 0
                    • N Offline
                      netboy @dennypage
                      last edited by netboy

                      @dennypage I am NOT installing docker in pfsense - offcourse this is a big security risk - I agree !!! I am installing a docker container in a seperate server in my network not in pfsense - Now tell me if this is a security risk

                      1 Reply Last reply Reply Quote 0
                      • dennypageD Offline
                        dennypage @netboy
                        last edited by

                        @netboy said in Docker container for nut server?:

                        I am NOT installing docker in pfsense - offcourse this is a big security risk - I agree !!!

                        My apologies. I interpreted your earlier question

                        I think i need to explain what i am asking for. I am fully aware if your netgate router is attached to an UPS you can configure netgate. Let us say you 5 UPS's in your home and you want nut server to read all the UPS's and show me a dasboard about the status of all the UPS's ? - Is there a ready made docker container for client server nut with dashboard functionality?

                        as a request to have something running on pfSense, which is why I responded

                        I believe most people would say that the type of thing you are asking for isn't something you want to run on your firewall. I recommend using a general purpose operating system behind the firewall instead.

                        Mutual misunderstanding I guess.

                        If you want to explore general NUT monitoring, and not something particular to pfSense, I would recommend the NUT Users list as a better place to seek information.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.