My Servers Early Access Plugin

[kizer]

On 3/14/2021 at 5:33 AM, unRate said:

Sure lets expose €%*@!*/# root to the internet. What could possible go wrong?

Everyone advises against root login and not using key-pairs via SSH, and you want to allow your users — which by your own implications are incompetent sysadmins — to access root over https?

 

You should at least use better defaults and apply the "Principle of least privilege" with layered security, before even considering rolling out remote access en masse. –  Let alone using €%*@!*/# root passwords.

 

As a reference take a look at the effort put in to secure cockpit-project by their engineers.  

 

I really can't fathom this nonchalant security mindset, hence the frustration.

 

Just keep this in mind. Over the years here I have seen 100's of posts from people asking how do I remote into my Server and countless times they have been advised not to do so because of one risk or another. This potentially could be piled on top of that same list of problems, but at the same time LimeTech has given us a more secure way than all of the other homebrew methods and is willing to work with users to constantly improve this method.  

 

This just like every other feature in unraid. If you do not feel comfortable using it or anything else its a choice just the same. I have the plugin installed, but disabled remote login because I like the USB backup. I've been using it since its been in testing and its been flawless. 

 

I had an incident at my house a couple of days ago. My son needed some files off the server for his remote school learning and couldn't get them. I used another method to login to my windows machine followed by enabling the remote login. Used my browser here at work to do what I needed and then disabled remote login. Was the potential security risk worth the effort? Enabling SSL and turning on Remote Access for 5 minutes saved me 90minutes of driving and my sons grade. 

 

Limetech has also utilized WireGuard as another option which seems to be growing and growing so feel free to express your concerns on both, but lets try and keep them civilized and productive like you have I can assure you the team is listening. This is a new optional feature and I'm sure there will be some bugs and concerns that need to be shaken out over time. 

[xaositek]

I saw someone else comment on the new Git directory on /boot/ ... If we uninstalled the plug-in, can we remove /boot/.git/ and /boot/.gitattributes ?

 

Are there any other new files that are created we should consider removing?

 

Shouldn't the plug-in clean up after itself?

[ljm42]

1 hour ago, xaositek said:

I saw someone else comment on the new Git directory on /boot/ ... If we uninstalled the plug-in, can we remove /boot/.git/ and /boot/.gitattributes ?

 

Are there any other new files that are created we should consider removing?

 

Shouldn't the plug-in clean up after itself?

 

A plugin uninstall if often a precursor to a reinstall, so we don't want to forcibly delete user data (i.e. the flash backup data) on uninstall. 

 

You can either reinstall the plugin and use the webgui to deactivate the flash backup (i.e. reverse the steps you took to enable flash backup), or you can manually delete the /boot/.git folder and /boot/.gitattributes file.

 

[Gragorg]

I installed the plugin but now only the computer I set it up on can access my server.  I have uninstalled the plugin and restarted but my other computers still cant access my server.  How can I fully uninstall this plugin?

 

UPDATE

I reinstalled the plugin and now I can access from my other computers.  Also the "guess doesn't have permission..." is fixed.

Edited March 16, 2021 by Gragorg

[TechGeek01]

Just wanted to chime in on a coloring issue.

 

I'm using the "black" color theme, and have a white header. I have a custom header image that's gray, so the tab bar is black text on white, but the header image is gray with some stuff in it. To see text here, I have the custom text color set to white in display settings.

 

The menus for me are unreadable in this plugin in the header. Seems that after testing, the background of the flyout menu takes the custom text color, and text takes the custom background color. Presumably the correct approach is for the text in the header to take the text color of the tabs, and for the flyout to match this? Without a custom header color set, the default in this theme is white. With my custom text color set to white to see version number and such on a gray header image, this otherwise makes text unreadable. This plugin, since it takes the color of the header, should more than likely do the same thing the tabs do, and ignore the custom text color and just set text to white/black depending on luminance of the header color.

[Gragorg]

The plugin is working as expected but now my wireguard that had setup no longer work.  Can I still use wireguard to access my server with this plugin?

[Tistelfjun]

Dear All

Please can I wade in with a question.  I have tried the plug-in now on two servers and both have come up with the same problem.

1. Both servers have their disks encrypted so the SSL certificate was already in place and working with https://myhash.unraid.net 
2. I changed the plug-in https ports to something less obvious.  The associated router ports were forwarded and worked perfectly
3. The account was set set up without problems and the connections made from both servers worked after running the restart script
4. Logging into the account showed both servers connected with remote access available.  The account has a veeeery long password as well as 2FA

At this point I thought I was done and it's the remote access I have been looking for.  The problem is that after about 20 mins the remote access simply stops working on the My Servers dashboard.  Both servers are shown but there is no access.  The servers state that they are on line and connected.  If I re-run the restart script everything works again for about 20 mins and then stops.

What am I missing in the set-up?

Any help or advice would be very much appreciated.

 

[Cessquill]

On 3/14/2021 at 3:22 AM, AgentXXL said:

To resolve the DNS rebinding issue I went into my firewall config (pfSense) and under DNS Resolver I added the unraid.net domain to the 'Domain Overrides' section. One thing I'm not sure about is where pfSense asks me to provide the DNS 'Lookup Server IP Address' so I just set it to a Cloudflare one for now, as shown on the attached pic. Cloudflare resolves unraid.net so I suspect I'm correct.

@AgentXXL - from a Spaceinvaderone video, in pfSense go to Services, DNS Resolver and in the custom options at the bottom enter

server:
private-domain: "unraid.net"

 

(think that relates to your issue here)

 

EDIT: Ignore me, I see that you've been given the same advice already.

Edited March 16, 2021 by Cessquill

[ljm42]

9 hours ago, Gragorg said:

Can I still use wireguard to access my server with this plugin?

 

Absolutely. There is nothing here that would prevent that.

[ljm42]

7 hours ago, Tistelfjun said:

At this point I thought I was done and it's the remote access I have been looking for.  The problem is that after about 20 mins the remote access simply stops working on the My Servers dashboard.  Both servers are shown but there is no access.  The servers state that they are on line and connected.  If I re-run the restart script everything works again for about 20 mins and then stops.

What am I missing in the set-up?

 

Sorry for the inconvenience, we are still working through some things. I'm surprised that you have to restart every 20 minutes though, that is a little extreme.

[Tistelfjun]

30 minutes ago, ljm42 said:

 

Sorry for the inconvenience, we are still working through some things. I'm surprised that you have to restart every 20 minutes though, that is a little extreme.

No problem as I appreciate it's a beta program.  Since the last message I de-isntalled the plug-in on both machines.  Re-installed it on one.  Ran the restart script and for the moment that connection has been running without any problems.  I don't know if that info helps at all.

[rguinn]

Little bug i noticed is the icon for my main server is not showing but one for my testing is. Can this be fixed on my end ? 

 

 

Edited March 16, 2021 by rguinn

[ChatNoir]

@rguinn Is the missing picture a custom image or an picked from the selection baked in Unraid ?

[KingWolf]

Hallo, when I enable Flash backup, I get every 2 minutes the following line in my logs:

b******unraid flash_backup: adding task: php /usr/local/emhttp/plugins/dynamix.unraid.net/include/UpdateFlashBackup.php update

Is this normal?

 

[ljm42]

1 hour ago, KingWolf said:

Hallo, when I enable Flash backup, I get every 2 minutes the following line in my logs:

b******unraid flash_backup: adding task: php /usr/local/emhttp/plugins/dynamix.unraid.net/include/UpdateFlashBackup.php update

Is this normal?

 

 

Something you are running must be making changes to the flash drive, as that line will be added whenever there are changes that need to be synchronized. If you can't figure out what it is, upload your diagnostics (Tools -> Diagnostics)

[rguinn]

1 hour ago, ChatNoir said:

@rguinn Is the missing picture a custom image or an picked from the selection baked in Unraid ?

That was one i picked from the options don’t believe its custom 

Edited March 16, 2021 by rguinn
Added Photo

[ljm42]

Just now, rguinn said:

That was one i picked from the options don’t believe its custom 

 

In the My Servers dashboard you screenshotted, if you hover over "Online", is the uptime increasing every second or is it static?  

If it is increasing then the connection is open and changes are being sent. In this case, try changing to another icon, it should update. Then switch back to the one you want and it should update again.

 

If the uptime is not increasing, please open a terminal and type "unraid-api restart". Once the uptime is increasing, try changing the icon.

[rguinn]

10 minutes ago, ljm42 said:

 

In the My Servers dashboard you screenshotted, if you hover over "Online", is the uptime increasing every second or is it static?  

If it is increasing then the connection is open and changes are being sent. In this case, try changing to another icon, it should update. Then switch back to the one you want and it should update again.

 

If the uptime is not increasing, please open a terminal and type "unraid-api restart". Once the uptime is increasing, try changing the icon.

Thanks it for sure a issue with the icons on Page 4 only the first 2 work the rest just blank it out 

[TechGeek01]

50 minutes ago, rguinn said:

Thanks it for sure a issue with the icons on Page 4 only the first 2 work the rest just blank it out 

Also chiming in, seeing the same thing with the Supermicro 846 icon in the list. No icon for me in the my servers page.

[OmgImAlexis]

1 hour ago, rguinn said:

Thanks it for sure a issue with the icons on Page 4 only the first 2 work the rest just blank it out 

Can I get you to check the my servers page when it IS working and see if the little i shows services when you hover and if they’re counting up. 

[ljm42]

1 hour ago, rguinn said:

Thanks it for sure a issue with the icons on Page 4 only the first 2 work the rest just blank it out 

 

55 minutes ago, TechGeek01 said:

Also chiming in, seeing the same thing with the Supermicro 846 icon in the list. No icon for me in the my servers page.

 

Thanks for reporting this, I've added it to our bug tracker. 

 

 

edit: oh sorry I missed your comment there Alexis  but yes I can confirm the connection is up, but only some of the icons will display in the dashboard

[danielpiccoli]

i have the GRAPHQL error (6.9.1)

rebooted, nothing

ran:

 

~# unraid-api restart
Segmentation fault

 

any ideas?

 

[OmgImAlexis]

1 minute ago, danielpiccoli said:

i have the GRAPHQL error (6.9.1)

rebooted, nothing

ran:

 

~# unraid-api restart
Segmentation fault

 

any ideas?

 

Could you run this to confirm the unraid-api file correctly downloaded?

 

[email protected]:~# ls -l /usr/local/bin/node/unraid-api/unraid-api
-rwxrwxrwx 1 root root 115980450 Mar 16 09:00 /usr/local/bin/node/unraid-api/unraid-api*

 

[danielpiccoli]

5 minutes ago, OmgImAlexis said:

Could you run this to confirm the unraid-api file correctly downloaded?

 

[email protected]:~# ls -l /usr/local/bin/node/unraid-api/unraid-api
-rwxrwxrwx 1 root root 115980450 Mar 16 09:00 /usr/local/bin/node/unraid-api/unraid-api*

 

the output:

 

-rwx------ 1 root root 34840064 Mar 16 19:50 /usr/local/bin/node/unraid-api/unraid-api*

 

i just tested executing the install again manually entering the plg. ,
says plugin: not reinstalling same version

Edited March 16, 2021 by danielpiccoli

[sreknob]

Having the same issue with on server not connected to the mothership, as 

 

 

The funny thing is that it is working from the "My Servers" webpage but when I try and launch it from another server, I have another problem. It tries to launch a webpage with HTTP (no S) to the local hostname at port 443 so I get a 400 (https to non https port --> http://titan.local:443)

 

See the screenshots below and let me know if you want any more info!

 

 

The menu on the other server shows all normal, but the link doesn't work like it should as noted above - launching http://titan.local:443 instead of https://hash.unraid.net

 

 

So when I select that, I get a 400:

 

 

but all launches well from the webui launching the hash.unraid.net properly!

 

EDIT1: The mothership problem is fixed with a `unraid-api restart` on that server but not the incorrect address part.

EDIT2: A restart of the API on the server providing the improper link out corrected the second issue - all working properly now. Something wasn't updating the newly provisioned link back to that server from the online API.

Edited March 17, 2021 by sreknob
additional info