Avatar

geo38B

geo38@alien.top
Joined
0 posts • 8 comments
Direct message

You can use a reverse proxy like nginx to add the authentication and encryption for a plain http server.

permalink
report
reply

sendgrid works for me.

permalink
report
reply

I think you’re missing the point. My issue is sharing / with the container as root. I understand some parts of Cosmos require --privileged. That is not my issue.

To be super repetitive, my issue is the combination of --privileged with -v /:/mnt/host

The very next statement in your documentation after this says:

in this command, -v /:/mnt/host is optional and allow to manage folders from Cosmos, you can remove it if you don’t want it but you will have to create your container’s bind folders manually.

If it’s optional, then don’t give it in the sample command that 99% of users will run. You can’t tell me that it’s not a risk.

And saying “other programs have risks, too” is pretty cowardly defense against suggesting users do something as unsafe as mapping their entire host file system to Cosmos when Cosmos doesn’t need it.

permalink
report
parent
reply

The readme is all about security and holes and other bad things that hackers/miscreants/bots can do and how Cosmos can prevent them, but the example run command has this which pretends none of those things actually exist:

--privileged  -v /:/mnt/host

Any sort of security lapse/hole in Cosmos or the software it builds upon gives a miscreant/bot/hacker full read/write access to the entire host system!

It’s ironic as the readme has many bolded statements about how cosmos protects docker containers from one another in case one is breached, but makes the bold assumption that the Cosmos container itself is completely secure.

Mounting ‘/’ from the host is a bad suggestion. Yes, the readme says it’s optional, but holy heck don’t make it the suggested method as many of the folks using Cosmos are doing so because they don’t understand security and they’ll use the suggested run command. They don’t know this is a BAD suggestion.

permalink
report
reply

Sure

So, you’re saying the link I posted actually does do what the OP wants?

permalink
report
parent
reply

This MeTube in a local docker container seems to do what OP wants:

https://github.com/alexta69/metube

tag /u/kutu-dev

permalink
report
parent
reply

Two suggestions

  1. After connecting via ssh, run ‘screen’ (sudo apt install -y screen)

That will create a virtual session. If your ssh connection breaks, that virtual session still exists.

https://linuxize.com/post/how-to-use-linux-screen/

  1. Use some sort of copy command that can deal with restarting a partial copy

    rsync -av /mnt/4tb/* /mnt/14tb/

permalink
report
reply

How did you install freshrss, and what operating system are you using. If using docker, which docker image? There are multiple freshrss images. Do you explicitly map a docker volume or are you letting docker create an anonymous volume behind you back?

On my docker install using https://github.com/linuxserver/docker-freshrss the sqlite file is at this location inside the container at /var/www/FreshRSS/data/users/_/db.sqlite I have a bind mount mapping /var/www/FreshRSS/data to ./data . So, the sqlite file is in data/users/_/db.sqlite relative to the directory holding the docker-compose.yaml file.

permalink
report
reply