March 16, 20215 yr im very pleased with this plugin as i can "safely" manage my environment outside my own network. But with safety in mind I see that im able to activate the 2fa for the forums/unraid.net website part, but i would like to have the option to use 2fa while accesing my server. if i use the http://xxxxxxxxx.unraid.net the only thing i need are my credentials and one of the 2 is already known ( the root part) for the world. Or am i missing an option somewhere withiun unraid itself. Cheers, Dre
March 16, 20215 yr Limetech plans to add 2FA for the root access, but it is not available for the moment. Right now, we only have it for the forum.
April 27, 20215 yr Is there any way to prevent the redirect from the local IP or local name to the unraid.net name?
April 27, 20215 yr I'd rather go to my `tower.local` address and have it remain there rather than redirecting to `*.unraid.net`. There doesn't seem to be any option I can find to turn this redirect off. Is the only way to use the IP address?
April 28, 20215 yr I decided to uninstall this plugin. However, now anytime I go to tower.local or the IP addres, it always redirects to the xxx.unraid.net URL which requires a functioning internet and DNS which isn't always true when I reboot the server. This seems like a bug. When I uninstall this plugin and reboot the server, I don't expect any remnants of the xxx.unraid.net to exist. How do I completely remove this redirection and go back to using my IP address directly? Update, well I looked at the /etc/nginx/conf.d/emhttp-servers.conf file and found the offending line here: server { # # Redirect http requests to https # listen *:80 default_server; listen [::]:80 default_server; return 302 https://xxxxx.unraid.net:443$request_uri; } However commenting it out just breaks the webUI and reverting the whole file to a backup and rebooting results in it being regenerated again. I can't find where to turn it off. I've already uninstalled the plugin so I can't go into any settings and turn things off. I even tried re-installing the plugin, turning off the remote access etc and then uninstalling but still have the same problem. Also, it is still using the WebUI SSL certificate that it installed for use with the unraid.net plugin. How do I remove that too? I just want it to go back to the way it was without any of the unraid.net stuff. I was able to locate the certificate here: /boot/config/ssl/certs/certificate_bundle.pem and the original one is in the same folder here: /boot/config/ssl/certs/Tower_unraid_bundle.pem but not sure what to do with them. _____________________________ Final Update -> Solved Under Settings -> Management Access -> Use SSL/TLS. When I hit the ? symbol, I saw this useful help page: Quote The nginx startup script looks for a SSL certificate on the USB boot flash in this order: config/ssl/certs/certificate_bundle.pem config/ssl/certs/<server-name>_unraid_bundle.pem If neither file exists, a self-signed SSL certificate is automatically created and stored in config/ssl/certs/<server-name>_unraid_bundle.pem The path is actually /boot/config/ssl/certs. In there I found the offending certificate, certificate_bundle.pem. I moved it somewhere else for safekeeping and rebooted the server and then it finally went back to normal. 🔍 Mystery solved. Edited April 28, 20215 yr by frakman1
April 28, 20215 yr 20 hours ago, frakman1 said: or the IP addres, it always redirects to the xxx.unraid.net URL it doesn't redirect if you use https://ipAddress, only if you use http
April 29, 20215 yr Local SSL is not a feature of the plugin, it is built into the main Unraid OS. That is why it does not get disabled when you uninstall the plugin. If you would like to disable local SSL simply go to Settings -> Management Access and set "Use SSL/TLS" to "No".
April 29, 20215 yr 2 hours ago, ljm42 said: Local SSL is not a feature of the plugin, it is built into the main Unraid OS. That is why it does not get disabled when you uninstall the plugin. If you would like to disable local SSL simply go to Settings -> Management Access and set "Use SSL/TLS" to "No". Yes, but local access redirects to the unraid.net SSL URL. It should use SSL for remote connections, but it shouldn't redirect local connections.
April 29, 20215 yr 7 hours ago, Squid said: it doesn't redirect if you use https://ipAddress, only if you use http Thank you. I tried that solution but that wasn't satisfactory either. It was still using the new Unraid certificate. Uninstalling the plugin should really remove everything that it added.
April 29, 20215 yr 4 hours ago, ljm42 said: Local SSL is not a feature of the plugin, it is built into the main Unraid OS. That is why it does not get disabled when you uninstall the plugin. If you would like to disable local SSL simply go to Settings -> Management Access and set "Use SSL/TLS" to "No". I'm not 100% sure what the original state of the "Use SSL/TLS" setting was but I think it was originally No and that installing the Unraid.net plugin enabled it. If I'm wrong and it was set to Yes already, then removing the plugin should remove the new Unraid.net certificate so that it would continue using the self-signed hostname certificate.
April 29, 20215 yr It would be nice to walk back this plugin a little bit. I originally installed it because of the automated USB key backup. It seems like that feature should be isolated from the SSL/redirect feature. You should be able to use one without the other.
April 29, 20215 yr 1 minute ago, Kaveh said: You should be able to use one without the other. I do. The only feature I have enabled is the USB backup and key recovery.
April 29, 20215 yr 20 hours ago, Kaveh said: Yes, but local access redirects to the unraid.net SSL URL. It should use SSL for remote connections, but it shouldn't redirect local connections. Our Remote Access solution currently requires you to enable SSL for Local Access. Local access uses https://yourpersonalhash.unraid.net:port Remote access uses https://www.yourpersonalhash.unraid.net:WANport
April 29, 20215 yr 17 hours ago, frakman1 said: I'm not 100% sure what the original state of the "Use SSL/TLS" setting was but I think it was originally No and that installing the Unraid.net plugin enabled it. If I'm wrong and it was set to Yes already, then removing the plugin should remove the new Unraid.net certificate so that it would continue using the self-signed hostname certificate. The original setting for "Use SSL/TLS" was Auto, but there was no certificate so that is the same as "no". When you provisioned the certificate that made "Auto" behave the same as "yes". auto = automatic Once the certificate exists if you want to turn it off, set "Use SSL/TLS" to No.
April 29, 20215 yr Hello, the real question about this "feature" is, is it safer than a wireguard or openvpn tunnel ??
April 29, 20215 yr 3 hours ago, Kaveh said: It would be nice to walk back this plugin a little bit. I originally installed it because of the automated USB key backup. It seems like that feature should be isolated from the SSL/redirect feature. You should be able to use one without the other. Remote Access and Flash Backup are both optional features, feel free to enable neither, one, or both. Local SSL is ONLY a requirement if you use our Remote Access solution. If you don't use Remote Access then you don't have to setup Local SSL either. To disable Local SSL go to Settings -> Management Access and set "Use SSL/TLS" to "no"
April 30, 20215 yr 4 minutes ago, tech_rkn said: Hello, the real question about this "feature" is, is it safer than a wireguard or openvpn tunnel ?? The optional Remote Access feature is a convenient and secure way to access your webgui remotely. WireGuard is arguably less convenient (takes more than a browser to use, doesn't work on some networks) but more secure (uses public/private keys rather than a password). WireGuard can also give access to more than just the webgui. So it depends on what you need. But again, Remote Access is one of the optional features of this plugin and is in no way required.
April 30, 20215 yr Our Remote Access solution currently requires you to enable SSL for Local Access. Local access uses https://yourpersonalhash.unraid.net:port Remote access uses https://www.yourpersonalhash.unraid.net:WANportYes, but does it need to? Why can’t local access remain unredirected?
April 30, 20215 yr On 4/29/2021 at 6:44 PM, Kaveh said: Yes, but does it need to? Why can’t local access remain unredirected? Because the Remote Access solution leverages the existing DDNS and SSL certificate process that is already built in to Unraid. Might this change in the future? Possibly. But in terms of what is available today, the optional Remote Access solution requires that you enable SSL for Local Access. Edit: in Unraid 6.10 you can enable SSL/https for Remote Access while keeping http for local access. See https://wiki.unraid.net/Manual/Security#Securing_webGui_connections_.28SSL.29
April 30, 20215 yr 11 hours ago, ljm42 said: The optional Remote Access feature is a convenient and secure way to access your webgui remotely. WireGuard is arguably less convenient (takes more than a browser to use, doesn't work on some networks) but more secure (uses public/private keys rather than a password). WireGuard can also give access to more than just the webgui. So it depends on what you need. But again, Remote Access is one of the optional features of this plugin and is in no way required. Thank you I might just stick to wireguard as I used it to access my lan too.
May 13, 20215 yr Can we access the webgui of any of the dockkers using this or is that still just something you need to go through a VPN for?
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.