Community Apps

Fail2ban(http://www.fail2ban.org/) is a daemon to ban hosts that cause multiple authentication errors.

Fail2ban container Icon URL : https://raw.githubusercontent.com/FrankM77/docker-fail2ban/master/Fail2ban_logo.png You must add a path to your container log file that you want fail2ban to monitor. Important: If you are using Nginx Proxy Manger with Cloudflare tunnels then you need to pass the client IP to your container that you want fail2ban to protect. For instance I have fail2ban protecting my Jellyfin container but inititally in the Jellyfin logfiles it would log the IP address as 172.18.0.1, so in order to log the real connecting client IP you need to go into Nginx Proxy manager--->proxy host---->Advanced------>Under custom configuration add "real ip header CF-Connecting-IP" without the quotes. You will then notice that your container log (in my case jellyfin) will have the real ip of the connecting user/client.

OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low level Internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.

A complete and local NVR designed for Home Assistant with AI object detection. Uses OpenCV and Tensorflow to perform realtime object detection locally for IP cameras. You cas use a integrated or dedicated GPU (Intel/AMD/Nvidia) to perform the image decoding of the input streams of your cameras. Optionally (but highly recommended), you can use multiple devices to perform the object detetion, such as a Google Coral Accelerator Nvidia GPU, OpenVINO (Intel GPU) and Intel NCS2 VPU See the documentation for more details about your specific hardware and needs (https://docs.frigate.video/). This is a general templeate that aims to give a fast deoplyment for every user so check all the options carefully and remove all the configurations that you are not going to use.

Gerbil (https://github.com/fosrl/gerbil) is a simple WireGuard interface management server written in Go. Gerbil makes it easy to create WireGuard interfaces as well as add and remove peers with an HTTP API. Gerbil is meant to enable the tunneling functionality of Pangolin (https://github.com/fosrl/pangolin), the tunneled reverse proxy server and dashboard UI with identity and access control. Chat with us on Discord! https://discord.gg/HCJR8Xhme4

GLAuth is a secure, easy-to-use, LDAP server with configurable backends.

Hearchco is a distributed and fast metasearch engine that respects your privacy.

Hearchco is a distributed and fast metasearch engine that respects your privacy.

Immich Public Proxy provides a barrier of security between the public and Immich. This will accept /share/key paths and make the API call to the Immich instance without exposing the /auth/login or /api to the public. The WebUI should return "Ok" if configured correctly, then point incoming traffic to this proxy instance to serve shared albums.

Collection of handy online tools for developers, with great UX. NOTE: This is not my project. I simply enjoy this a ton and want it to reach as many people as possible which is why I made this template! I have linked Corentinth's Github repo in the resources section so if you like the tool you should definitely check it out and support him!

Nessus is a network vulnerability scanner. This is a paid product, but for small home deployments one can request a free license during the setup GUI steps for internal/small networks.

The Keeper Automator service performs instant device approvals upon a successful login from the SSO identity provider. Once Automator is running, users can seamlessly access Keeper on a new (not previously approved) device after a successful authentication with your identity provider, without any further approval steps. More Information: https://docs.keeper.io/sso-connect-cloud/device-approvals/automator

Open Source Identity and Access Management.

Secure, Automated, and Multi-Cloud Bitwarden Backup and Import System

A framework- and JavaScript-free privacy respecting meta search engine, giving you results from Google, Qwant, Ahmia and popular torrent sites without spying on you.

A fork of LibreX, a framework- and JavaScript-free privacy respecting meta search engine, giving you results from Google, Qwant, Ahmia and popular torrent sites without spying on you. LibreY changed some features like automatic redirection. See documentation for all available settings: https://github.com/Ahwxorg/LibreY/tree/main/docker#environment-variables-that-can-be-set-in-the-docker-container

A lightweight LDAP server for user management with a web interface. For more information please visit the GitHub repository.

A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts To Use After install you will see this container in the docker tab but will apear as not started and seem not to start and the log will show an error. You must add a url list before running to get a result. The container will have made a folder in the appdata folder. You will need to reset its permissions run the line below from the Unraid terminal chmod -R u-x,go-rwx,go+u,ugo+X /mnt/user/appdata/log4j-scan/ then put a file called urls.txt with each url on a separate line in that location then run the below command After run the container and view the log to see the result post arguments in the template optional arguments can be added to the post arguements (see https://github.com/fullhunt/log4j-scan) -h, --help show this help message and exit -u URL, --url URL Check a single URL. -p PROXY, --proxy PROXY send requests through proxy -l USEDLIST, --list USEDLIST Check a list of URLs. --request-type REQUEST_TYPE Request Type: (get, post) - . --headers-file HEADERS_FILE Headers fuzzing list - . --run-all-tests Run all available tests on each URL. --exclude-user-agent-fuzzing Exclude User-Agent header from fuzzing - useful to bypass weak checks on User-Agents. --wait-time WAIT_TIME Wait time after all URLs are processed (in seconds) - . --waf-bypass Extend scans with WAF bypass payloads. --custom-waf-bypass-payload CUSTOM_WAF_BYPASS_PAYLOAD Test with custom WAF bypass payload. --test-CVE-2021-45046 Test using payloads for CVE-2021-45046 (detection payloads). --dns-callback-provider DNS_CALLBACK_PROVIDER DNS Callback provider (Options: dnslog.cn, interact.sh) - . --custom-dns-callback-host CUSTOM_DNS_CALLBACK_HOST Custom DNS Callback Host. --disable-http-redirects Disable HTTP redirects. Note: HTTP redirects are useful as it allows the payloads to have a higher chance of reaching vulnerable systems.

Containerized version of mitmproxy⁠: an interactive, SSL/TLS-capable intercepting proxy for HTTP/1, HTTP/2, and WebSockets.

Previously PiAlert - this can be installed in the same config directories The system continuously scans the network for New devices, New connections (re-connections), Disconnections, "Always Connected" devices down, Devices IP changes and Internet IP address changes. Scanning methods are: Method 1: arp-scan. The arp-scan system utility is used to search for devices on the network using arp frames. Method 2: Pi-hole. This method is optional and complementary to method 1. If the Pi-hole DNS server is active, Pi.Alert examines its activity looking for active devices using DNS that have not been detected by method 1. Method 3. dnsmasq. This method is optional and complementary to the previous methods. If the DHCP server dnsmasq is active, Pi.Alert examines the DHCP leases (addresses assigned) to find active devices that were not discovered by the other methods. NOTE: remember to set the scan subnets in the pialert.conf, or in the settings UI. It can take up to 15 minutes for the first scan, subsequent scans are much quicker

Newt (https://github.com/fosrl/newt) is a user space tunnel client for the Pangolin (https://github.com/fosrl/pangolin) tunneled reverse proxy server. Newt is the entry point that allows you to safely expose your Unraid services to the internet through a reverse proxy tunnel! Chat with us on Discord! https://discord.gg/HCJR8Xhme4

NordLynx Docker template for unRAID https://hub.docker.com/r/bubuntux/nordlynx/

Containerized OneTimeSecret with customization, and without paid/account features. <br> Just simple, secure password sharing. <br> Keep sensitive info (passwords) out of your email & chat logs. <br> <br> Requires Redis container with a password set on it! See support thread for more information.

An "all-in-one" docker for all your private browsing needs (including OpenVPN client with nftables kill switch ; Socks5 + HTTP proxy to both VPN and TOR (the onion router) ; DNS server to DoT (DNS-over-TLS) services). NOTE: you must place your own OpenVPN configuration to the host path that is mapped to /etc/openvpn (The ovpn file must be named openvpn.ovpn. Credentials + certs can be in the same file or split out into multiple files - the flexibility is yours.) Set DNS_SERVERS to 127.2.2.2 to use DNS-over-TLS (use google and cloudflare services by default). Your DNS query out of the VPN exit will also be encrypted for even more security. Set it to other services IP's will use normal unencrypted services. Set HOST_NETWORK to your Unraid server network in CIDR format e.g. 192.168.1.0/24. For more detailed instructions, refer to the support thread (https://forums.unraid.net/topic/96233-support-testdasi-repo/) or project page (https://github.com/testdasi/openvpn-client-aio).

An "all-in-one" docker for all your private browsing needs (including OpenVPN client with nftables kill switch ; Socks5 + HTTP proxy to the VPN ; DNS server to DoT (DNS-over-TLS) services). It's the same as OpenVPN AIO Client docker but without TOR. NOTE: you must place your own OpenVPN configuration to the host path that is mapped to /etc/openvpn (The ovpn file must be named openvpn.ovpn. Credentials + certs can be in the same file or split out into multiple files - the flexibility is yours.) Set DNS_SERVERS to 127.2.2.2 to use DNS-over-TLS (use google and cloudflare services by default). Your DNS query out of the VPN exit will also be encrypted for even more security. Set it to other services IP's will use normal unencrypted services. Set HOST_NETWORK to your Unraid server network in CIDR format e.g. 192.168.1.0/24. For more detailed instructions, refer to the support thread (https://forums.unraid.net/topic/96233-support-testdasi-repo/) or project page (https://github.com/testdasi/openvpn-client-aio).

OpenVPN Client with integrated (NZB)Hydra2-Deluge-Sabnzbd (and HTTP + SOCKS5 proxies). Now with a Web GUI quick launch. High-level instructions: (1) Create an appdata folder in host and create a openvpn subfolder. (2) Copy your OpenVPN configuration to the above openvpn subfolder (must include openvpn.ovpn + credentials + certs). (3) Don't forget to map /data in the docker to the host (you can map the parent or individual subfolders depending on needs). (4) Start docker (other apps should configure themselves on first run). DON'T FORGET THE OVPN FILE!!! Default password for deluge is deluge Set DNS_SERVERS to 127.2.2.2 to use DNS-over-TLS (use google and cloudflare services by default). Your DNS query out of the VPN exit will also be encrypted for even more security. Set it to other services IP's will use normal unencrypted services. Set HOST_NETWORK to your Unraid server network in CIDR format e.g. 192.168.1.0/24. For more detailed instructions, refer to the support thread (https://forums.unraid.net/topic/96233-support-testdasi-repo/) or project page (https://github.com/testdasi/openvpn-hydesa).

OpenVPN Client with integrated (NZB)Hydra2-RTorrent (Flood GUI)-Sabnzbd (and HTTP + SOCKS5 proxies). Now with a Web GUI quick launch. High-level instructions: (1) Create an appdata folder in host and create a openvpn subfolder. (2) Copy your OpenVPN configuration to the above openvpn subfolder (must include openvpn.ovpn + credentials + certs). (3) Don't forget to map /data in the docker to the host (you can map the parent or individual subfolders depending on needs). (4) Start docker (other apps should configure themselves on first run). DON'T FORGET THE OVPN FILE!!! Default login to flood is admin/flood Set DNS_SERVERS to 127.2.2.2 to use DNS-over-TLS (use google and cloudflare services by default). Your DNS query out of the VPN exit will also be encrypted for even more security. Set it to other services IP's will use normal unencrypted services. Set HOST_NETWORK to your Unraid server network in CIDR format e.g. 192.168.1.0/24. For more detailed instructions, refer to the support thread (https://forums.unraid.net/topic/96233-support-testdasi-repo/) or project page (https://github.com/testdasi/openvpn-hyrosa).

KeePassXC in a container. Keep your passwords safe! I highly recommend also downloading the KeePassXC browser extension for easy input of passwords on webpages. Save your database in the /config folder for persistence after updates/reboots and backups with your AppData.

Pangolin (https://github.com/fosrl/pangolin) is a tunneled reverse proxy server and dashboard UI with identity and access control built in. Pangolin can optionally be used in Local mode as a normal reverse proxy for users who don't want/need tunnels, but still want to take advantage of its excellent authentication features. Chat with us on Discord! https://discord.gg/HCJR8Xhme4

This version requires a separate PostgreSQL container. PasswordPusher or PWPush is an opensource application to communicate passwords over the web. Links to passwords expire after a certain number of views and/or time has passed.