So I am in the process of setting up my 1st unraid server. I am new to this kind of thing... but I've done a lot of youtubing and reading (well youtubing... I have basically been watching SpaceInvaders stuff) and this is what I am planning to do, and I would like your recommendations and comments and suggestions.
Setup Unraid WebUI to be HTTPS
Encrypt the entire array with passphrase
Add a Docker that I use with a commercial VPN (expressVPN) to route other dockers that access the web through it.
Add an OpenVPN / WireGuard to allow secure tunneling into my server from outside my local network to access files.
What about a good old fashioned firewall? I've always used firewalls, but not seen them mentioned at all in relation to unraid.
Setup Unraid WebUI to be HTTPS
I'm a little confused as to how to do this. I have been using SpaceInvaders tutoriuals and he does it on a much older version of Unraid and my version does not seem to have the same icons and buttons to click. So I am not sure how to do this.
Encrypt the entire array with passphrase
The downside of this is that I need to manually enter the password if the server reboots.... I assume I can use a keyfile, but would need a way to store it securely. Maybe copy it from a web server or something. I think for now entering the passphrase would be fine. I can look into keyfile options down the line.
SpaceInvader has a tutorial on this, but like the HTTPS thing, my version seems to different it is very hard to follow along.
Add a Docker that I use with a commercial VPN (expressVPN) to route other dockers that access the web through it.
SpaceInvader shows how to do this on his youtube chan... it seems strait forward. The plan is to make a single "vpn" docker using expressVPN and route through it most, if not all, of the applications that will use the internet. So I do not need a zillion expressvpn licenses.
Add an OpenVPN / WireGuard to allow secure tunnelling into my server from outside my local network to access files.
One of my goals for this project is to have a private "dropbox" type thing, were I can access my files and backup to my server when freelancing in other offices. As I understand it, this is how to do this, but making a secure tunnel. I do not know what the diffrence between OpenVPN and WireGaurd is, SpaceInvader uses OpenVPN in his tutorial.
What about a good old fashioned firewall?
When I did my test server I used Ubuntu Server and liked the experience so much I started to look at dedicated system like this and OpenMediaServer / FreeNAS... but when I used Ubuntu, the first thing I did was put a firewall on it... but I can not seem to see much info on that with unreal.. is a firewall something I do not need? Normally I just block all incoming of any kind apart from what I specifically allow.
Anyway... I'm new to all this and would like any thoughts about security with unraid. I know it says "do not expose to the internet" and that it is not "hardended" and all that, but I still think there must be some precautions I can take.
Is there anything I got completely wrong, anything I need to do in addition or anything I need to do differently. Plus I would appreciate any thoughts you have and particularly be happy if you could point to tutorials on how to actually do it!
Thanks