Alright, you like your streaming the same way you like your internet: secure, anonymous, and fully under your control. Meet Safe-Stremio, your badass DIY streaming server powered by Docker, Nginx, and OpenVPN. It’s for digital pirates and cyberpunks who don’t want their media habits exposed to nosy ISPs or prying eyes.
What’s the Deal?
Safe-Stremio gives you a self-hosted streaming solution, leveraging Stremio Server and Stremio Web. It’s wrapped in encryption, protected by basic auth, and keeps those brute-force script kiddies out with rate-limiting. Oh, and everything is tunneled through OpenVPN, ensuring your IP stays as anonymous as a shadow in the night.
Worried about your VPN dropping? Safe-Stremio monitors your IP, shutting down if your VPN fails—keeping your real IP hidden like a ghost in the machine.
Why You Need It
Because streaming without a VPN is like yelling your home address through a megaphone. Safe-Stremio lets you host your own server, keeping control of what you stream, while routing everything through a VPN for maximum anonymity. Add in Nginx handling HTTP requests and Stremio Web serving your streams? You’re set for the most secure, future-proof streaming setup of your life.
Setup Guide
Wanna build your cyber fortress? Here’s how:
- Pull the Docker Image:
docker pull psyb0t/safe-stremio:latest- Run It (quick test, no VPN or VPN without LAN access needed):
docker run -d --cap-add=NET_ADMIN -e WITH_OPENVPN=true -e USERNAME=user -e PASSWORD=pass -p 8080:80 -v $(pwd)/openvpn/config.ovpn:/vpn-config.ovpn -v $(pwd)/openvpn/auth.txt:/vpn-auth.txt --restart always psyb0t/safe-stremio:latestNote: With VPN enabled, the container routes all traffic through the VPN, which breaks LAN access. For VPN + LAN setup, use the Docker Compose method below.
- Configure OpenVPN: Throw in your
.ovpnfile and credentials for seamless VPN integration.
Docker-Compose Setup
When VPN is enabled, the container routes all traffic through the VPN tunnel — which breaks LAN access (responses route back through VPN instead of local network). The fix is a separate nginx proxy running outside the VPN container on the same Docker network:
services:
safe-stremio:
image: psyb0t/safe-stremio:latest
cap_add:
- NET_ADMIN
environment:
- WITH_OPENVPN=true
- USERNAME=user
- PASSWORD=pass
volumes:
- ./openvpn/config.ovpn:/vpn-config.ovpn
- ./openvpn/auth.txt:/vpn-auth.txt
restart: always
proxy:
image: nginx:alpine
ports:
- "8080:80"
configs:
- source: proxy_conf
target: /etc/nginx/nginx.conf
depends_on:
- safe-stremio
restart: always
configs:
proxy_conf:
content: |
events { worker_connections 1024; }
http {
server {
listen 80;
location / {
proxy_pass http://safe-stremio:80;
proxy_http_version 1.1;
proxy_set_header Host $$host;
proxy_set_header Upgrade $$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $$remote_addr;
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $$scheme;
}
}
}The proxy handles LAN requests; safe-stremio handles the VPN tunnel and Stremio. Container-to-container traffic bypasses VPN routing entirely.
Final Steps
Once your container’s up, head to the Stremio Web UI, and under Settings, set the Streaming URL to http://yourdomain:8080/stremio-server/. That way, your web client will be synced with your self-hosted server, making sure you’re streaming like a true digital pirate.
Nginx at Work
Safe-Stremio’s Nginx config handles all your HTTP requests, ensuring smooth and secure streaming. Here’s what it does:
- Proxying Requests: Routes
/stremio-server/to your Stremio server. - Serving Static Files: Handles direct access to the Stremio Web UI.
- Auth & Rate-Limiting: Keeps out freeloaders and limits brute-force attacks. Only legit users allowed.