All the applications you love—built and maintained by a community member who understands what you need on Unraid. Love a particular app or plugin? Donate directly to the developer to support their work.
A web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes
Before running container Unraid CLI
mkdir /mnt/user/appdata/2fauth
chown 1000:1000 /mnt/user/appdata/2fauth
Register first username for admin user
More info in https://github.com/Bubka/2FAuth/blob/master/docker/docker-compose.yml and advanced
age is a simple, modern and secure file encryption tool. It features small explicit keys, no config options, and UNIX-style composability. You can get more details here: https://github.com/FiloSottile/age
You can find examples how to use age in the Support Thread or on the official Github page from age.
Agent DVR (next gen version of iSpy) is a super advanced video surveillance platform
Supports multiple camera types, sensor types, recordings and alerts
Agent DVR is the only DVR solution that doesn’t need port forwarding.
That means no fiddly router setup or network security compromise for remote access.
UI works on all modern devices from phones to tablets and desktops.
Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion of reverse proxies like nginx, Traefik or HAProxy to let them know whether queries should pass through. Our docs can be found at https://docs.ibracorp.io
authentik is an open-source Identity Provider focused on flexibility and versatility. You can use authentik in an existing environment to add support for new protocols, implement sign-up/recovery/etc. in your application so you don't have to deal with it, and many other things.
This is the worker. You will need the Authentik app which is the server.
A simple tool that can be used to export your Bitwarden vault to a local file periodically. Uses the Bitwarden CLI tool to communicate with the API, and exports your passwords using the default Bitwarden export method.
Blocky is a DNS proxy and ad-blocker for the local network written in Go
Create new config.yaml with your configuration ( see https://0xerr0r.github.io/blocky/configuration/ for more details and all configuration options).
Casdoor is an open-source, multi-tenant, and cloud-native identity and access management (IAM) solution. It provides a user-friendly interface for managing user authentication and authorization in various applications and systems
Create a app.conf file in the same appdata/casdoor directory, then copy app.conf from https://github.com/casdoor/casdoor/blob/master/conf/app.conf and edit accordingly
default login:
admin
123
This template is for scanning your unRAID server with clamav and clamscan. To scan your server, check the environment variable to set the scanned folder and just start the container. When it is finished, the container will stop and you can view the logs to see the results.
If you are having issues with permissions, you should adjust your User ID and Group ID below.
You might also need to change the permissions on the config folder.
You can do with with Docker Safe Permissions, using the built-in "NewPerms" commands, or a simple shell command.
1. In the GUI
2. newperms /mnt/cache/appdata/clamav
3. chmod -R u-x,go-rwx,go+u,ugo+X /mnt/cache/appdata/clamav && chown -R nobody:users /mnt/cache/appdata/clamav
NOTE:Option 3 above are the commands that "newperms" runs in the bg.
Contains the command-line client for Argo Tunnel, a tunneling daemon that proxies any local webserver through the Cloudflare network. Extensive documentation can be found in the Argo Tunnel section of the Cloudflare Docs.
Instructions for installation can be found at https://github.com/aeleos/cloudflared
Fast, free, self-hosted Artificial Intelligence Server for any platform, any language.
CodeProject.AI Server is a locally installed, self-hosted, fast, free and Open Source Artificial Intelligence server for any platform, any language. No off-device or out of network data transfer, no messing around with dependencies, and able to be used from any platform, any language. Runs as a Windows Service or a Docker container.
It may take some time to install as the image takes up a few GB of space!
One among many examples of use: it can be easily integrated in AgentDVR Video Surveillance Software for face or object recognition.
Fast, free, self-hosted Artificial Intelligence Server for any platform, any language.
CodeProject.AI Server is a locally installed, self-hosted, fast, free and Open Source Artificial Intelligence server for any platform, any language. No off-device or out of network data transfer, no messing around with dependencies, and able to be used from any platform, any language. Runs as a Windows Service or a Docker container.
The Docker GPU version is specific to nVidia's CUDA enabled cards with compute capability >= 6.0
It may take some time to install as the image takes up a few GB of space!
One among many examples of use: it can be easily integrated in AgentDVR Video Surveillance Software for face or object recognition.
CrowdSec is a free, open-source and collaborative IPS. Analyze behaviors, respond to attacks and share signals across the community.
If using Traefik, you should also install the traefik-bouncer. See our instructions on CrowdSec here: https://docs.ibracorp.io
A bouncer that syncs the decisions made by CrowdSec with CloudFlare's firewall. Manages multi user, multi account, multi zone setup. Supports IP, Country and AS scoped decisions.
Metabase dashboard template for displaying Crowdsec statistics.
MySQL and PostgreSQL are currently not supported, must use SQLite (default) as storage database with your local API.
CrowdSec bouncer for Traefik to block malicious IPs from accessing your services. This utilizes Traefik v2 ForwardAuth Middleware and queries CrowdSec with the client IP. If the client IP is on the ban list, Traefik will issue a HTTP code 403 response. Otherwise, the request will continue as usual.
Be sure to install CrowdSec first. See our instructions on CrowdSec here: https://docs.ibracorp.io
cryptgeon is a secure, open source sharing note or file service inspired by PrivNote.
each note has a generated id (256bit) and key 256(bit). The id is used to save & retrieve the note. the note is then encrypted with aes in gcm mode on the client side with the key and then sent to the server. data is stored in memory and never persisted to disk. the server never sees the encryption key and cannot decrypt the contents of the notes even if it tried to.
This container was built using SmartPhoneLover's cryptgeon but runs using Redis instead of memcache. Also has extra variables that can be configured.
This requires Redis to be already running.
I obtained SSL certificate through NGINX proxy manager and let's encrypt.
Cryptomator WebDAV allows you to serve a locally stored Cryptomator vault over a secure WebDAV (https) connection, allowing access to decrypted files through third party WebDav tools such as rclone, Mountain Duck, CyberDuck etc.
Setting the Cryptomator Vault Password:
The password for the vault can either be set directly through the Cryptomator Vault Password variable, or can be stored in a local file and shared through the Cryptomator Vault Password File setting.
Only one is needed.
Note: Unraid only shows directories in its drop down by default, manually type the full path to the file in the variable box, e.g. '/mnt/user/appdata/cryptomator-webdav/vault.pass'
Optional Signed Certificate:
An optional signed certificate can be passed to the container, e.g. from LetsEncrypt.
Set the "Optional: Signed Certificate" variable to the full path of your certificate file, containing both your cert and the key in one .pem file.
Note: Unraid only shows directories in its drop down by default, manually type the full path to the file in the variable box, e.g. '/mnt/user/appdata/cryptomator-webdav/mycert.pem'
File Permissions:
Cryptomator-webdav runs as UID:99, GID:100 by default. This can be changed through the CRYPTOMATOR_UID and CRYPTOMATOR_GID variables.
Ensure vault files are read and writable by the IDs you set.
Ensure any vault password file provided is readable by these IDs.
More Secure File Permissions:
Most Unraid Community Applications containers run as UID:99, GID:100
In theory this would mean a rouge container could have read access to your encrypted files if the vault was shared with it.
To ensure a slightly more secure installation, it is recommended the container application is run as a separate Unraid user id, and vault files are only accessible by this user.
For example:
Set CRYPTOMATOR_UID to your Unraid user id, e.g. 1000
Ensure all vault files are only readable and writable by this user:
chown -R 1000: /path/to/cryptomator/vault
chmod -R u+rwX,g-rwx,o-rwx /path/to/cryptomator/vault
See the Cryptomator WebDAV github project for more details at https://github.com/greycubesgav/cryptomator-webdav
More details about Cryptomator can be found at https://cryptomator.org
CryptPad is the Zero Knowledge realtime collaborative editor.
Before Installing the docker Unraid CLI
cd /mnt/user/appdata && mkdir cryptpad && cd cryptpad
mkdir -p block customize data datastore config onlyoffice-dist onlyoffice-conf
chown -R 4001:4001 block customize data datastore onlyoffice-dist onlyoffice-conf
wget -O /mnt/user/appdata/cryptpad/config/config.js https://raw.githubusercontent.com/xwiki-labs/cryptpad/main/config/config.example.js
Edit /mnt/user/appdata/cryptpad/config/config.js
Change httpUnsafeOrigin:http://UNRAID_IP/DOMAIN:PORT
Example httpUnsafeOrigin: 'http://192.168.0.99:3000',
In httpAddress: remove // and put httpAddress: '0.0.0.0',
More info
https://docs.cryptpad.org/fr/admin_guide/installation.html#configure-cryptpad
Deepstack is an AI server that empowers every developer in the world to easily build state-of-the-art AI systems both on-premise and in the cloud. The promises of Artificial Intelligence are huge but becoming a machine learning engineer is hard. Build and deploy AI-powered applications with in-built and custom AI APIs, all offline and self-hosted. See https://deepstack.cc and https://docs.deepstack.cc/faq/index.html
To use with home assistant see: https://github.com/robmarkcole/HASS-Deepstack-object and https://docs.deepstack.cc/faq/index.html
Old CPUs without AVX: If you are using an older CPU that doesn't support AVX (Warning: This version hasn't been updated in some time):
1. Add :noavx to the end of the Repository: field.
2. Should look like this: deepquestai/deepstack:noavx
GPU: If you wish to use a NVIDIA GPU instead of your CPU:
1. Install Unraid Nvidia Plugin (available in the community apps store): https://forums.unraid.net/topic/98978-plugin-nvidia-driver/
2. Add :gpu to the end of the Repository: field. Should look like this: deepquestai/deepstack:gpu
3. Add --runtime=nvidia to the Extra Parameters: field (to view this field switch to advanced view by clicking the toggle in the top right next to Basic View) .
4. Copy your GPU UUID to Nvidia Visible Devices:. (Can be found in the Nvidia Driver settings page under nVidia Info:). Should look something like this: GPU-1a2b3456-7890-1cd2-ea34-56b7c8de90a1
*I am not the creator or maintainer of this container I am merely providing the Unraid template.
API Server to be used with Dependency-Track Front-End
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve.
For more details about Dependency-Track see the projects website at dependencytrack.org Please note this application is not lightweight and uses 8-12GB of ram to run
Front end to be used with Dependency-Track API Server
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve.
For more details about Dependency-Track see the projects website at dependencytrack.org
Default Login username: admin password: admin
Allows you to disable the OS mitigations for Spectre, Meltdown, and Zombieload (MDS) to possibly improve your CPU speed. Use at own risk. There are valid security issues caused by disabling the mitigations under certain workloads
(https://github.com/skeeto/endlessh) Endlessh is an SSH tarpit that very slowly sends an endless, random SSH banner. It keeps SSH clients locked up for hours or even days at a time. The purpose is to put your real SSH server on another port and then let the script kiddies get stuck in this tarpit instead of bothering a real server.
endlessh-go (https://github.com/shizunge/endlessh-go) is a golang implementation of endlessh with additional features including exporting Prometheus metrics.
Fail2ban container
Icon URL : https://raw.githubusercontent.com/FrankM77/docker-fail2ban/master/Fail2ban_logo.png
You must add a path to your container log file that you want fail2ban to monitor.
Important: If you are using Nginx Proxy Manger with Cloudflare tunnels then you need to pass the client IP to your container that you want fail2ban to protect. For instance I have fail2ban protecting my Jellyfin container but inititally in the Jellyfin logfiles it would log the IP address as 172.18.0.1, so in order to log the real connecting client IP you need to go into Nginx Proxy manager--->proxy host---->Advanced------>Under custom configuration add "real ip header CF-Connecting-IP" without the quotes. You will then notice that your container log (in my case jellyfin) will have the real ip of the connecting user/client.
OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low level Internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.