Community Apps

Browse our large and growing catalog of applications to run in your Unraid server. 

Download the Plugin  |  Become a Community Developer


Community-built

All the applications you love—built and maintained by a community member who understands what you need on Unraid. Love a particular app or plugin? Donate directly to the developer to support their work.

Created by a legend

Andrew (aka Squid) has worked tirelessly to build and enhance the experience of Community Apps for users like you. Listen to his story.

Moderated and Vetted

Moderators ensure that apps listed in the store offer a safe, compatible, and consistent experience. Learn more about our guidelines.


age is a simple, modern and secure file encryption tool. It features small explicit keys, no config options, and UNIX-style composability. You can get more details here: https://github.com/FiloSottile/age You can find examples how to use age in the Support Thread or on the official Github page from age.

Agent-DVR's Icon

Agent DVR (next gen version of iSpy) is a super advanced video surveillance platform Supports multiple camera types, sensor types, recordings and alerts Agent DVR is the only DVR solution that doesn’t need port forwarding. That means no fiddly router setup or network security compromise for remote access. UI works on all modern devices from phones to tablets and desktops.

Authelia's Icon

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion of reverse proxies like nginx, Traefik or HAProxy to let them know whether queries should pass through. Our docs can be found at https://docs.ibracorp.io

authentik-worker's Icon

authentik-worker

Security

authentik is an open-source Identity Provider focused on flexibility and versatility. You can use authentik in an existing environment to add support for new protocols, implement sign-up/recovery/etc. in your application so you don't have to deal with it, and many other things. This is the worker. You will need the Authentik app which is the server.

bitwarden-secure-sync's Icon

bitwarden-secure-sync

Backup, Security, Tools / UtilitiesUtilities

A simple tool that can be used to export your Bitwarden vault to a local file periodically. Uses the Bitwarden CLI tool to communicate with the API, and exports your passwords using the default Bitwarden export method.

blocky's Icon

Blocky is a DNS proxy and ad-blocker for the local network written in Go Create new config.yaml with your configuration ( see https://0xerr0r.github.io/blocky/configuration/ for more details and all configuration options).

blueiris's Icon

blueiris

Security

Blue Iris video security software runs on a PC and can provide recording and playback for up to 64 IP network cameras or webcams. Blue Iris is affordable and powerful enough to safeguard your family, property and valuables at home or work.

casdoor's Icon

Casdoor is an open-source, multi-tenant, and cloud-native identity and access management (IAM) solution. It provides a user-friendly interface for managing user authentication and authorization in various applications and systems Create a app.conf file in the same appdata/casdoor directory, then copy app.conf from https://github.com/casdoor/casdoor/blob/master/conf/app.conf and edit accordingly default login: admin 123

ClamAV's Icon

This template is for scanning your unRAID server with clamav and clamscan. To scan your server, check the environment variable to set the scanned folder and just start the container. When it is finished, the container will stop and you can view the logs to see the results. If you are having issues with permissions, you should adjust your User ID and Group ID below. You might also need to change the permissions on the config folder. You can do with with Docker Safe Permissions, using the built-in "NewPerms" commands, or a simple shell command. 1. In the GUI 2. newperms /mnt/cache/appdata/clamav 3. chmod -R u-x,go-rwx,go+u,ugo+X /mnt/cache/appdata/clamav && chown -R nobody:users /mnt/cache/appdata/clamav NOTE:Option 3 above are the commands that "newperms" runs in the bg.

cloudflared's Icon

cloudflared

Security

Contains the command-line client for Argo Tunnel, a tunneling daemon that proxies any local webserver through the Cloudflare network. Extensive documentation can be found in the Argo Tunnel section of the Cloudflare Docs. Instructions for installation can be found at https://github.com/aeleos/cloudflared

CodeProject.AI_Server's Icon

CodeProject.AI_Server

Security

Fast, free, self-hosted Artificial Intelligence Server for any platform, any language. CodeProject.AI Server is a locally installed, self-hosted, fast, free and Open Source Artificial Intelligence server for any platform, any language. No off-device or out of network data transfer, no messing around with dependencies, and able to be used from any platform, any language. Runs as a Windows Service or a Docker container. It may take some time to install as the image takes up a few GB of space! One among many examples of use: it can be easily integrated in AgentDVR Video Surveillance Software for face or object recognition.

CodeProject.AI_ServerGPU's Icon

CodeProject.AI_ServerGPU

Security

Fast, free, self-hosted Artificial Intelligence Server for any platform, any language. CodeProject.AI Server is a locally installed, self-hosted, fast, free and Open Source Artificial Intelligence server for any platform, any language. No off-device or out of network data transfer, no messing around with dependencies, and able to be used from any platform, any language. Runs as a Windows Service or a Docker container. The Docker GPU version is specific to nVidia's CUDA enabled cards with compute capability >= 6.0 It may take some time to install as the image takes up a few GB of space! One among many examples of use: it can be easily integrated in AgentDVR Video Surveillance Software for face or object recognition.

crowdsec's Icon

crowdsec

Security

CrowdSec is a free, open-source and collaborative IPS. Analyze behaviors, respond to attacks and share signals across the community. If using Traefik, you should also install the traefik-bouncer. See our instructions on CrowdSec here: https://docs.ibracorp.io

crowdsec-cloudflare-bouncer's Icon

crowdsec-cloudflare-bouncer

Security

A bouncer that syncs the decisions made by CrowdSec with CloudFlare's firewall. Manages multi user, multi account, multi zone setup. Supports IP, Country and AS scoped decisions.

crowdsec-dashboard's Icon

crowdsec-dashboard

Security

Metabase dashboard template for displaying Crowdsec statistics. MySQL and PostgreSQL are currently not supported, must use SQLite (default) as storage database with your local API.

crowdsec-traefik-bouncer's Icon

crowdsec-traefik-bouncer

Security

CrowdSec bouncer for Traefik to block malicious IPs from accessing your services. This utilizes Traefik v2 ForwardAuth Middleware and queries CrowdSec with the client IP. If the client IP is on the ban list, Traefik will issue a HTTP code 403 response. Otherwise, the request will continue as usual. Be sure to install CrowdSec first. See our instructions on CrowdSec here: https://docs.ibracorp.io

cryptgeon_redis's Icon

cryptgeon is a secure, open source sharing note or file service inspired by PrivNote. each note has a generated id (256bit) and key 256(bit). The id is used to save & retrieve the note. the note is then encrypted with aes in gcm mode on the client side with the key and then sent to the server. data is stored in memory and never persisted to disk. the server never sees the encryption key and cannot decrypt the contents of the notes even if it tried to. This container was built using SmartPhoneLover's cryptgeon but runs using Redis instead of memcache. Also has extra variables that can be configured. This requires Redis to be already running. I obtained SSL certificate through NGINX proxy manager and let's encrypt.

cryptomator-webdav's Icon

Cryptomator WebDAV allows you to serve a locally stored Cryptomator vault over a secure WebDAV (https) connection, allowing access to decrypted files through third party WebDav tools such as rclone, Mountain Duck, CyberDuck etc. Setting the Cryptomator Vault Password: The password for the vault can either be set directly through the Cryptomator Vault Password variable, or can be stored in a local file and shared through the Cryptomator Vault Password File setting. Only one is needed. Note: Unraid only shows directories in its drop down by default, manually type the full path to the file in the variable box, e.g. '/mnt/user/appdata/cryptomator-webdav/vault.pass' Optional Signed Certificate: An optional signed certificate can be passed to the container, e.g. from LetsEncrypt. Set the "Optional: Signed Certificate" variable to the full path of your certificate file, containing both your cert and the key in one .pem file. Note: Unraid only shows directories in its drop down by default, manually type the full path to the file in the variable box, e.g. '/mnt/user/appdata/cryptomator-webdav/mycert.pem' File Permissions: Cryptomator-webdav runs as UID:99, GID:100 by default. This can be changed through the CRYPTOMATOR_UID and CRYPTOMATOR_GID variables. Ensure vault files are read and writable by the IDs you set. Ensure any vault password file provided is readable by these IDs. More Secure File Permissions: Most Unraid Community Applications containers run as UID:99, GID:100 In theory this would mean a rouge container could have read access to your encrypted files if the vault was shared with it. To ensure a slightly more secure installation, it is recommended the container application is run as a separate Unraid user id, and vault files are only accessible by this user. For example: Set CRYPTOMATOR_UID to your Unraid user id, e.g. 1000 Ensure all vault files are only readable and writable by this user: chown -R 1000: /path/to/cryptomator/vault chmod -R u+rwX,g-rwx,o-rwx /path/to/cryptomator/vault See the Cryptomator WebDAV github project for more details at https://github.com/greycubesgav/cryptomator-webdav More details about Cryptomator can be found at https://cryptomator.org

cryptpad's Icon

CryptPad is the Zero Knowledge realtime collaborative editor.mkdir -p /mnt/user/appdata/cryptpad/config wget -O /mnt/user/appdata/cryptpad/config/config.js https://raw.githubusercontent.com/xwiki-labs/cryptpad/main/config/config.example.js

deepstack's Icon

Deepstack is an AI server that empowers every developer in the world to easily build state-of-the-art AI systems both on-premise and in the cloud. The promises of Artificial Intelligence are huge but becoming a machine learning engineer is hard. Build and deploy AI-powered applications with in-built and custom AI APIs, all offline and self-hosted. See https://deepstack.cc and https://docs.deepstack.cc/faq/index.html To use with home assistant see: https://github.com/robmarkcole/HASS-Deepstack-object and https://docs.deepstack.cc/faq/index.html Old CPUs without AVX: If you are using an older CPU that doesn't support AVX (Warning: This version hasn't been updated in some time): 1. Add :noavx to the end of the Repository: field. 2. Should look like this: deepquestai/deepstack:noavx GPU: If you wish to use a NVIDIA GPU instead of your CPU: 1. Install Unraid Nvidia Plugin (available in the community apps store): https://forums.unraid.net/topic/98978-plugin-nvidia-driver/ 2. Add :gpu to the end of the Repository: field. Should look like this: deepquestai/deepstack:gpu 3. Add --runtime=nvidia to the Extra Parameters: field (to view this field switch to advanced view by clicking the toggle in the top right next to Basic View) . 4. Copy your GPU UUID to Nvidia Visible Devices:. (Can be found in the Nvidia Driver settings page under nVidia Info:). Should look something like this: GPU-1a2b3456-7890-1cd2-ea34-56b7c8de90a1 *I am not the creator or maintainer of this container I am merely providing the Unraid template.

Dependency-Track-API-Server's Icon

Dependency-Track-API-Server

Security

API Server to be used with Dependency-Track Front-End Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve. For more details about Dependency-Track see the projects website at dependencytrack.org Please note this application is not lightweight and uses 8-12GB of ram to run

Dependency-Track-FrontEnd's Icon

Dependency-Track-FrontEnd

Security

Front end to be used with Dependency-Track API Server Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve. For more details about Dependency-Track see the projects website at dependencytrack.org Default Login username: admin password: admin

Disable Security Mitigations

Squid's Repository

Plugins, Security, Tools / UtilitiesSystem

Allows you to disable the OS mitigations for Spectre, Meltdown, and Zombieload (MDS) to possibly improve your CPU speed. Use at own risk. There are valid security issues caused by disabling the mitigations under certain workloads

endlessh-go's Icon

endlessh-go

Network ServicesOther, Security

(https://github.com/skeeto/endlessh) Endlessh is an SSH tarpit that very slowly sends an endless, random SSH banner. It keeps SSH clients locked up for hours or even days at a time. The purpose is to put your real SSH server on another port and then let the script kiddies get stuck in this tarpit instead of bothering a real server. endlessh-go (https://github.com/shizunge/endlessh-go) is a golang implementation of endlessh with additional features including exporting Prometheus metrics.

fail2ban's Icon

fail2ban

Security

Fail2ban(http://www.fail2ban.org/) is a daemon to ban hosts that cause multiple authentication errors.

fail2ban's Icon

Fail2ban container Icon URL : https://raw.githubusercontent.com/FrankM77/docker-fail2ban/master/Fail2ban_logo.png You must add a path to your container log file that you want fail2ban to monitor. Important: If you are using Nginx Proxy Manger with Cloudflare tunnels then you need to pass the client IP to your container that you want fail2ban to protect. For instance I have fail2ban protecting my Jellyfin container but inititally in the Jellyfin logfiles it would log the IP address as 172.18.0.1, so in order to log the real connecting client IP you need to go into Nginx Proxy manager--->proxy host---->Advanced------>Under custom configuration add "real ip header CF-Connecting-IP" without the quotes. You will then notice that your container log (in my case jellyfin) will have the real ip of the connecting user/client.

frak-gvm's Icon

OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low level Internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.