Network

Radarr should be run via a Reverse Proxy, allowing you to isolate and wrap connections in SSL. See NGINX for more details. See Setup Base Proxy Control for basic proxy configuration.

See Radarr reverse proxy reference.

Ports

---
###############################################################################
# Ports Configuration
###############################################################################
# Ports should be managed externally via an OS role.
#
# Reference:
# * https://docs.ansible.com/ansible/latest/collections/community/general/ufw_module.html

ports:
  - {proto: 'tcp', from_ip: 'any',       to_port: 7878, direction: 'in', comment: 'radarr http'}
  - {proto: 'tcp', from_ip: '127.0.0.1', to_port: 7878, direction: 'in', comment: 'radarr http api'}
  - {proto: 'tcp', from_ip: 'any',       to_port: 9898, direction: 'in', comment: 'radarr https'}
  - {proto: 'tcp', from_ip: '127.0.0.1', to_port: 9898, direction: 'in', comment: 'radarr https api'}

Using Subdomains

0644 root root nginx/conf.d/reverse-proxy.conf
server {
  listen       443 ssl http2;
  server_name  radarr.{DOMAIN} radarr;

  location / {
    proxy_pass http://radarr:7878;
    include    /etc/nginx/conf.d/proxy-control.conf;
  }
}

Using Subpaths

0644 root root nginx/conf.d/reverse-proxy.conf
server {
  location /radarr {
    proxy_pass http://radarr:7878/radarr;
    include    /etc/nginx/conf.d/proxy-control.conf;
  }
}

Note

Set radarr_url_base to /radarr before enabling the reverse-proxy.

ansible_radarr_vars.yaml
radarr_url_base: '/radarr'