Ugreen NAS MCP Server
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Ugreen NAS MCP Serverlist the shared directories on my NAS"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Ugreen NAS Docker MCP Server Setup
This repository contains a secure, containerized Model Context Protocol (MCP) server designed to be hosted on your Ugreen NAS (UGOS).
Security Architecture (Pre-Gateway Mitigations)
This setup is configured with several key pre-gateway security practices:
Transport Layer Token Authentication: Direct SSE access is protected with a token (
X-API-Keyheader).Container Isolation (Non-Root): The server runs as
mcpuser(UID/GID 1000) inside the container. Even if a tool is compromised, the attacker has no root privileges and is restricted to the container environment.Directory Sandboxing: The
list_nas_shared_directoriestool is restricted to/volume1/sharedinside the container. It cannot traverse to other system files or directories on your NAS.Environment-Driven Secrets: The secret token is passed via a Docker environment variable rather than hardcoded in the codebase.
Related MCP server: mcp-s3-server
Deployment on Ugreen NAS (UGOS)
Step 1: Build the Docker Image
You can build this image locally and push it to your NAS, or build it directly on the NAS if you have SSH enabled:
docker build -t ugreen-nas-mcp:latest .Step 2: Running via Ugreen Container Manager UI
Open the App Center -> Container Manager (or Docker app) on your Ugreen NAS.
Go to Image and import/load
ugreen-nas-mcp:latestor upload the folder and build it.Create a new container with the image:
Network: Bridge (recommended, expose port
8000).Port Settings: Map Container Port
8000to Host Port8000(or another free port like8080).Environment Variables:
MCP_SECRET_TOKEN: Set a strong random password (e.g.uGr33n-S3cur3-Mcp-2026!).
Volume/Bind Mounts:
Mount the NAS shared directory you want the MCP to access (e.g.
/volume1/homesor a specific shared folder/volume1/Public) to/volume1/sharedinside the container. Set it to Read-Only (Recommended) for maximum security.
Start the container.
Client Configuration
To connect your AI client (e.g., Claude Desktop, Cursor, or another MCP client) to the NAS MCP server, update your client's configuration file:
Example: claude_desktop_config.json
Replace <NAS_IP> with the local IP address of your Ugreen NAS, and the header value with your configured MCP_SECRET_TOKEN.
{
"mcpServers": {
"ugreen-nas-mcp": {
"type": "sse",
"url": "http://<NAS_IP>:8000/mcp/sse",
"headers": {
"X-API-Key": "your-configured-mcp-secret-token"
}
}
}
}Verification & Testing
To verify the server is running and secure, run a quick curl command from your computer:
# Verify it blocks unauthorized access (Should return 401 Unauthorized)
curl -i http://<NAS_IP>:8000/mcp/sse
# Verify authorized access (Should establish connection)
curl -i -H "X-API-Key: your-configured-mcp-secret-token" http://<NAS_IP>:8000/mcp/sseThis server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/kmcclur2005/MCP_Service_Learning'
If you have feedback or need assistance with the MCP directory API, please join our Discord server