wiki-grav/pages/02.linux/unmanic/default.en.md
2023-06-07 21:29:47 +02:00

108 lines
2.7 KiB
Markdown

---
title: Unmanic
visible: false
---
[toc]
## Networking
```
8888: Port for Webinterface
```
## Installation
```
podman run -itd \
--name unmanic \
-e PUID=0 \
-e PGID=0 \
-p 8888:8888 \
-v /mnt/unmanic/config:/config \
-v /mnt/unmanic/medialib:/medialib \
-v /mnt/unmanic/cache:/tmp/unmanic \
docker.io/josh5/unmanic:latest
```
If the connection will be established through a webserver running on the same machine, use `-p 127.0.0.1:8888:8888` instead to only allow connections from the local host.
## Authentication
> [nginx basic auth](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/)
Unmanic does not have any authentication built in. However, it does support basic authentication for remote servers.
To use basic auth however, a webserver has to be configured through which Unmanic will be accessed.
Nginx will be used as the webserver, while apache2-utils is necessary to create the password file.
```sh
sudo apt install nginx apache2-utils
```
Create a new password file
```sh
sudo htpasswd -c /etc/apache2/.htpasswd [USER]
```
Additional users can be added by omitting the `-c` switch
```sh
sudo htpasswd /etc/apache2/.htpasswd [USER]
```
Nginx configuration file
```nginx
server {
server_name unmanic.ovh1app1.x9w.ch;
# Security / XSS Mitigation Headers
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
client_max_body_size 40G;
location / {
# Proxy main traffic
proxy_pass http://127.0.0.1:8888;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Proxy WebSocket connection
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# Basic Authentication
auth_basic "Unmanic";
auth_basic_user_file /etc/apache2/.htpasswd;
}
listen *:80;
#listen *:443 ssl http2;
#ssl_certificate_key /etc/certs/unmanic.ovh1app1.x9w.ch/cert.key;
#ssl_certificate /etc/certs/unmanic.ovh1app1.x9w.ch/cert.crt;
}
#server {
# if ($host = unmanic.ovh1app1.x9w.ch) {
# return 301 https://$host$request_uri;
# }
# listen 80;
# listen [::]:80;
# server_name unmanic.ovh1app1.x9w.ch;
# return 404;
#}
```