Advice on Jails, which ones and in what order

[SuF1X]

Hey all,

Hopefully its a quick one. I have been reading a lot about jails and understand with 11.6 this is something that i will need to go with.

I have a fresh freenas, just burning in the kit and getting my resources ready to start setting it up. Storage side i believe is all sorted.

next i want to set-up the following:

1. Some sort of tool to download shows/movies/music
2. VPN client to route through my downloads. I am planning to use NordVPN or Private Internet Access
3. VPN client to access back into my NAS remotely. (would it be different from 2?)
4. Auto searcher/scarper for movies/shows i heard there are a few out there.
5. Auto rename tool
6. Media library management tool. (Plex? or something else)

Could you kindly suggest which ones i should go ahead with currently as most of the topics i read are form 3-4 years ago, wonder which ones are still well supported.

In which order should i set them up? Possibly there is a few guides you could recommend.

I know there will be a stack of issues with permissions if i make mistakes, i want to read the whole thing before i start setting up.

Any and all help would be much appreciated!

 

[SavageAUS]

For my needs I use plex for streaming, transmission for downloading, radarr for movies and sonarr for tv shows all in iocage jails.
Sickrage and couchpotato also work just as well for me but couchpotato has ceased development. I know this doesn’t help really but hopefully it may point you in the right direction.


Sent from my iPhone using Tapatalk

 

[garm]

At the moment we need to use cli to set up jails in a decent way. You need to read the iocage manual and what ever discussions on the forum around networking. For what software is available to run in Jails have a look at the FreeBSD Ports Collection and the FreeBSD manual on how to work with ports, this will also be cli.
For secure network setup I recommend having a decent firewall acting as a perimeter wall and then segregate services exposed to internet in their own VLAN and Jails. You want to limit access if one of your internet facing services gets breached.
Set up dedicate service users for everything and restrict their access to bare minimum.

You will need a decent ssh client for accessing the FreeNAS machine, restrict root access to ssh and dont allow password authentication.

Roaming communication should be in a secure tunnel, a vpn or something like zerotier. This should not give you universal access to your entire LAN, but restricted to the services you want to be able to manage. It is worth setting up a dedicated ssh server for maintaining others. Work with layers.

There are how-to's on the forum for setting up VPN clients in jails for outgoing traffic, incoming traffic should be handled by your firewall or equivalent perimeter device. Do not trust ISP supplied gear, roll your own. pfSense and others are here to help.

 

[SuF1X]

For my needs I use plex for streaming, transmission for downloading, radarr for movies and sonarr for tv shows all in iocage jails.
Sickrage and couchpotato also work just as well for me but couchpotato has ceased development. I know this doesn’t help really but hopefully it may point you in the right direction.

Thanks.

Does Sonarr/Radarr do automatic downloads for pre determined parameters?

Also do you have VPN built in?

 

[SuF1X]

At the moment we need to use cli to set up jails in a decent way. You need to read the iocage manual and what ever discussions on the forum around networking. For what software is available to run in Jails have a look at the FreeBSD Ports Collection and the FreeBSD manual on how to work with ports, this will also be cli.
For secure network setup I recommend having a decent firewall acting as a perimeter wall and then segregate services exposed to internet in their own VLAN and Jails. You want to limit access if one of your internet facing services gets breached.

great advice. my topology will be: router with firewall. then vlans as described. internal and external things will be separate via network.

Roaming communication should be in a secure tunnel, a vpn or something like zerotier. This should not give you universal access to your entire LAN, but restricted to the services you want to be able to manage. It is worth setting up a dedicated ssh server for maintaining others. Work with layers.

can you elaborate a little? i am planning to be the only one who would access remotely using VPN. what client should i use? or should i focus on my router tech?