geo38B

You can use a reverse proxy like nginx to add the authentication and encryption for a plain http server.

sendgrid works for me.

I think you’re missing the point. My issue is sharing / with the container as root. I understand some parts of Cosmos require --privileged. That is not my issue.

To be super repetitive, my issue is the combination of --privileged with -v /:/mnt/host

The very next statement in your documentation after this says:

in this command, -v /:/mnt/host is optional and allow to manage folders from Cosmos, you can remove it if you don’t want it but you will have to create your container’s bind folders manually.

If it’s optional, then don’t give it in the sample command that 99% of users will run. You can’t tell me that it’s not a risk.

And saying “other programs have risks, too” is pretty cowardly defense against suggesting users do something as unsafe as mapping their entire host file system to Cosmos when Cosmos doesn’t need it.

The readme is all about security and holes and other bad things that hackers/miscreants/bots can do and how Cosmos can prevent them, but the example run command has this which pretends none of those things actually exist:

--privileged  -v /:/mnt/host

Any sort of security lapse/hole in Cosmos or the software it builds upon gives a miscreant/bot/hacker full read/write access to the entire host system!

It’s ironic as the readme has many bolded statements about how cosmos protects docker containers from one another in case one is breached, but makes the bold assumption that the Cosmos container itself is completely secure.

Mounting ‘/’ from the host is a bad suggestion. Yes, the readme says it’s optional, but holy heck don’t make it the suggested method as many of the folks using Cosmos are doing so because they don’t understand security and they’ll use the suggested run command. They don’t know this is a BAD suggestion.

Sure

So, you’re saying the link I posted actually does do what the OP wants?

This MeTube in a local docker container seems to do what OP wants:

https://github.com/alexta69/metube

tag /u/kutu-dev

Two suggestions

1. After connecting via ssh, run ‘screen’ (sudo apt install -y screen)

That will create a virtual session. If your ssh connection breaks, that virtual session still exists.

https://linuxize.com/post/how-to-use-linux-screen/

2. Use some sort of copy command that can deal with restarting a partial copy

   rsync -av /mnt/4tb/* /mnt/14tb/

How did you install freshrss, and what operating system are you using. If using docker, which docker image? There are multiple freshrss images. Do you explicitly map a docker volume or are you letting docker create an anonymous volume behind you back?

On my docker install using https://github.com/linuxserver/docker-freshrss the sqlite file is at this location inside the container at /var/www/FreshRSS/data/users/_/db.sqlite I have a bind mount mapping /var/www/FreshRSS/data to ./data . So, the sqlite file is in data/users/_/db.sqlite relative to the directory holding the docker-compose.yaml file.