Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

My Servers Early Access Plugin

Featured Replies

58 minutes ago, repomanz said:

I'm really like this plugin but before I dive into it would it work behind the one of the nginx proxy containers within different vlans (which includes custom docker networks)?  I would like to like to leverage this new feature from the unraid team but put the following behind nginx proxy

 

Properly setting up a reverse proxy is difficult, this is one of the reasons we added the Remote Access functionality. It should be possible to setup a reverse proxy instead of using remote access but it isn't something we actively support.

  • Replies 679
  • Views 183.5k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • OmgImAlexis
    OmgImAlexis

    Would you mind running `unraid-api restart` in a terminal and let me know if that sorts it. I’ve added this to our bug tracker. 

  • Now available in CA  

  • No it's only for forum login.  Besides being nice in general, when you install the unraid.net plugin and sign-in the server, you see a new forum submenu item called "My Servers".  When you click that

Posted Images

8 hours ago, Raptor said:

I have a different problem - after switching SSL/TLS from Yes to auto I need to logon again with http:// but after i enter root password and hit login nothing happends - entered data dissapear, no information about invalid username/password.

 

I can ssh to server with this password :| 

 

I am having difficulty understanding exactly what state you are in.  Let's see if we can get you back to a normal http connection and try again.

 

* On your flash drive, remove any files from the config/ssl/certs folder

* Edit the config/ident.cfg file on the flash drive and ensure you see a line that says USE_SSL="auto"  (if you see "no" or "yes", change it to "auto")

* Reboot (you mentioned being able to SSH in, you can type "reboot" from there)

* You should now be able to access your server via http://servername or http://ipaddress

* Go back to Settings -> Management and provision a certificate

* The urls above will now redirect to https://yourpersonalhash.unraid.net and your local access will be secured over SSL

 

47 minutes ago, ljm42 said:

 

Properly setting up a reverse proxy is difficult, this is one of the reasons we added the Remote Access functionality. It should be possible to setup a reverse proxy instead of using remote access but it isn't something we actively support.


There's a few guides out there I can probably leverage around reverse proxy. Ultimately I want my unraid server itself to be behind the proxy while leveraging this new feature.  Not too comfortable with having an internet exposed port with a direct shot to unraid os security wise.  Is there a technical white paper / write up about this new plugin?

Sounds like i need to do some tinkering. I really do like this new plugin.

Edited by repomanz

33 minutes ago, repomanz said:

Ultimately I want my unraid server itself to be behind the proxy while leveraging this new feature.

 

Remote Access is an optional feature in My Servers. You do not have to enable it in order to use the other features.

1 hour ago, ljm42 said:

* On your flash drive, remove any files from the config/ssl/certs folder

* Edit the config/ident.cfg file on the flash drive and ensure you see a line that says USE_SSL="auto"  (if you see "no" or "yes", change it to "auto")

* Reboot (you mentioned being able to SSH in, you can type "reboot" from there)

* You should now be able to access your server via http://servername or http://ipaddress

 

at this point I see webGUI login screen but can't logon - root/mypassword that works in SSH not working in webGUI.

 

I've try to reset root password - not working (reset only root password, reset all password).

 

After I delete root password and manually remove dynamix.unraid.net.plg from plugins I've manage access to webgui, started array. But when I set password to root account - again can't logon webGUI (login screen accept my password but redirect to login page again, wrong password gives me warning "Invalid Username or Password")

 

Right now I will try to restore usb backup & again install plugin :D

 

Edited by Raptor

55 minutes ago, Raptor said:

 

at this point I see webGUI login screen but can't logon - root/mypassword that works in SSH not working in webGUI.

 

I've try to reset root password - not working (reset only root password, reset all password).

 

After I delete root password and manually remove dynamix.unraid.net.plg from plugins I've manage access to webgui, started array. But when I set password to root account - again can't logon webGUI (login screen accept my password but redirect to login page again, wrong password gives me warning "Invalid Username or Password")

 

Right now I will try to restore usb backup & again install plugin :D

 

 

wow. I don't see how the My Servers plugin could affect this, but let's leave it out of the picture until you can set a root password again.

 

Deleting the files mentioned here from the flash and rebooting should get you a clean state with regards to passwords:

  https://wiki.unraid.net/Troubleshooting#Lost_root_Password

As part of this, I'd recommend putting the flash drive in a Windows computer and letting it fix any problems it finds.

 

After rebooting, go to Users (or Settings -> Users, depending how you are configured) and set a password for root. Be sure to press the "Change" button, not "Reset" :)

 

At that point you should be prompted to login. If still having issues, try clearing your cache and/or using a different browser.

8 minutes ago, repomanz said:

@ljm42

 

Just installed; getting an error about guest not having permission to access "servers".  This something on my end or unraid backend? I don't see anything in logs.

Please `unraid-api restart` In a terminal on that server. That should resolve it. 

8 minutes ago, OmgImAlexis said:

Please `unraid-api restart` In a terminal on that server. That should resolve it. 

 

Thanks - that fixed it.  Can the unraid team add this to the install wiki (unless this will be handled as part of plugin update later)?

5 minutes ago, repomanz said:

 

Thanks - that fixed it.  Can the unraid team add this to the install wiki (unless this will be handled as part of plugin update later)?

If all goes well I hope this is actually fixed in one of the next updates and the install does run it.

OK, have added the plugin to both of my servers, configured my firewall to port forward a custom port to each server and added the 'unraid.net' domain to my DNS resolver. I was able to provision with Let's Encrypt and the flash drive backup activation appears successful. Alas even after trying the 'unraid-api restart' in a terminal on each server, I'm still unable to get remote access working. When I try the 'Check' function it fails. When attempting it from a phone using my cellular providers networks (WiFi turned off), I get a 'You do not have permissions to view this page' error for the https://forums.unraid.net/my-servers/ URL.

 

Suggestions?

 

3 minutes ago, OmgImAlexis said:

If all goes well I hope this is actually fixed in one of the next updates and the install does run it.


This is mostly likely because I was already authenticated within my browser sessions with unraid forum but I noticed when I logged in with the my servers plugin it did not prompt me for 2FA which I have enabled. I assume the plugin referenced my authentication session token here.  Wonder if it would be better security when setting this up to prompt for 2FA.

So if someone port scans my WAN IP, see's the open port (not 443 btw) and hits it over and over again attempting brute force on root, what's in place to protect my server from this attack?

 

I fear this feature is born out of convenience and that security is going to be an afterthought with potential consequential results.

Just now, SpuddyUK said:

So if someone port scans my WAN IP, see's the open port (not 443 btw) and hits it over and over again attempting brute force on root, what's in place to protect my server from this attack?

 

I fear this feature is born out of convenience and that security is going to be an afterthought with potential consequential results.

 

That's why you use a complex password and hopefully eventual 2FA.

9 minutes ago, AgentXXL said:

 

That's why you use a complex password and hopefully eventual 2FA.

I think the first is a given, but more emphasis should surely be on 2FA and a fail2ban type solution before advising people to put their servers on the open internet. Just my thoughts, waiting for that first "my server has been hacked" post.

Edited by SpuddyUK

So i got it all up and running. - Except now when i go to tower/ or [ip address] it changes it to the unraid.net page. is there a way to access directly it on my local network inside my network and from the unraid.net page outside of my network?

6 minutes ago, SpuddyUK said:

waiting for that first "my server has been hacked" post.

People have been opening up their Unraid servers and getting hacked for years. The "my servers" is hopefully a step forwards in that it requires ssl and passwords to be enabled to even work.

18 hours ago, OmgImAlexis said:

Would you mind running `unraid-api restart` in a terminal and let me know if that sorts it. I’ve added this to our bug tracker. 

 

Just wanted to say that fixed it for me as well. Thanks

12 minutes ago, jonathanm said:

People have been opening up their Unraid servers and getting hacked for years. 

only this time it's being actively endorsed by limetech. Maybe in addition to the 2fa for gui login and fail2ban for x failed login attempts, there might be a requisite for a complex root password to even enable "my servers".

 

p.s I am a cyber security researcher.

 

Hello lovely treasure trove of unraid servers to have a go at. This list is only going to increase as people enable the feature and search engines crawl.

https://www.shodan.io/search?query=unraid.net

Edited by SpuddyUK

 

2 minutes ago, jonathanm said:

People have been opening up their Unraid servers and getting hacked for years. The "my servers" is hopefully a step forwards in that it requires ssl and passwords to be enabled to even work.


Agree - it's a great step in the right direction. For future updates I'm hoping to see some further hardening.   Can someone explain the technical authentication details of how the remote access works? Is it my login, pass, 2fa token plus a unique generated ssh key? If those credentials fail what occurs? Block, Reject or hold the session open for a period of minutes?

3 minutes ago, repomanz said:

 


Agree - it's a great step in the right direction. For future updates I'm hoping to see some further hardening.   Can someone explain the technical authentication details of how the remote access works? Is it my login, pass, 2fa token plus a unique generated ssh key? If those credentials fail what occurs? Block, Reject or hold the session open for a period of minutes?

As I see it, 2FA is not required if you directly access https://yourhash.unraid.net, only if you login via the forum.

20 minutes ago, DevXen said:

So i got it all up and running. - Except now when i go to tower/ or [ip address] it changes it to the unraid.net page. is there a way to access directly it on my local network inside my network and from the unraid.net page outside of my network?

Same questions. Disabled the plugin after disabling/logging out of the feature and now getting redirected to the hash URL. Currently unable to access GUI.

Any way to get it working again? Seems this needs a way to allow easier LAN access.

Edited by bluesky509

6 minutes ago, SpuddyUK said:

As I see it, 2FA is not required if you directly access https://yourhash.unraid.net, only if you login via the forum.

 

That is correct.  If you enable Remote Access this requires a port-forward in your router.  You must use a strong wegGUI password (or what @SpuddyUK calls a complex password) and consider using a non-standard external port.

 

15 minutes ago, SpuddyUK said:

complex root password

 

Perhaps you can shed some light on what would be sufficiently complex?

3 minutes ago, bluesky509 said:

Same questions. Disabled the plugin after disabling/logging out of the feature and now getting redirected to the hash URL. Currently unable to access GUI.

Any way to get it working again? Seems this needs a way to allow easier LAN access.

 

i can access it with: https://IP:port   but since my local ip doesn't have a ssl. it has a big warning in Firefox. Warning: Potential Security Risk Ahead. that i have to accept the risk each time.

3 minutes ago, DevXen said:

 

i can access it with: https://IP:port   but since my local ip doesn't have a ssl. it has a big warning in Firefox. Warning: Potential Security Risk Ahead. that i have to accept the risk each time.

Tried that route. Not working.

1 minute ago, bluesky509 said:

Tried that route. Not working.

 So I disabled SSL and the IP address worked but would not let me sign in. however tower/Main still worked and was logged in. so i enabled ssl again and now its forwarding to the unraid.net page instead of the local IP. Hmm.

Guest
This topic is now closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.