dr_dre Posted March 16, 2021 Share Posted March 16, 2021 im very pleased with this plugin as i can "safely" manage my environment outside my own network. But with safety in mind I see that im able to activate the 2fa for the forums/unraid.net website part, but i would like to have the option to use 2fa while accesing my server. if i use the http://xxxxxxxxx.unraid.net the only thing i need are my credentials and one of the 2 is already known ( the root part) for the world. Or am i missing an option somewhere withiun unraid itself. Cheers, Dre Quote Link to comment
ChatNoir Posted March 16, 2021 Share Posted March 16, 2021 Limetech plans to add 2FA for the root access, but it is not available for the moment. Right now, we only have it for the forum. Quote Link to comment
dr_dre Posted March 16, 2021 Author Share Posted March 16, 2021 thnx for the heads up. didnt find that one after my extensive search Quote Link to comment
tech_rkn Posted April 26, 2021 Share Posted April 26, 2021 unraid.net killed my wireguard conf ... resolved by resolved ... Quote Link to comment
Kaveh Posted April 27, 2021 Share Posted April 27, 2021 Is there any way to prevent the redirect from the local IP or local name to the unraid.net name? Quote Link to comment
Kaveh Posted April 27, 2021 Share Posted April 27, 2021 I'd rather go to my `tower.local` address and have it remain there rather than redirecting to `*.unraid.net`. There doesn't seem to be any option I can find to turn this redirect off. Is the only way to use the IP address? Quote Link to comment
frakman1 Posted April 28, 2021 Share Posted April 28, 2021 (edited) I decided to uninstall this plugin. However, now anytime I go to tower.local or the IP addres, it always redirects to the xxx.unraid.net URL which requires a functioning internet and DNS which isn't always true when I reboot the server. This seems like a bug. When I uninstall this plugin and reboot the server, I don't expect any remnants of the xxx.unraid.net to exist. How do I completely remove this redirection and go back to using my IP address directly? Update, well I looked at the /etc/nginx/conf.d/emhttp-servers.conf file and found the offending line here: server { # # Redirect http requests to https # listen *:80 default_server; listen [::]:80 default_server; return 302 https://xxxxx.unraid.net:443$request_uri; } However commenting it out just breaks the webUI and reverting the whole file to a backup and rebooting results in it being regenerated again. I can't find where to turn it off. I've already uninstalled the plugin so I can't go into any settings and turn things off. I even tried re-installing the plugin, turning off the remote access etc and then uninstalling but still have the same problem. Also, it is still using the WebUI SSL certificate that it installed for use with the unraid.net plugin. How do I remove that too? I just want it to go back to the way it was without any of the unraid.net stuff. I was able to locate the certificate here: /boot/config/ssl/certs/certificate_bundle.pem and the original one is in the same folder here: /boot/config/ssl/certs/Tower_unraid_bundle.pem but not sure what to do with them. _____________________________ Final Update -> Solved Under Settings -> Management Access -> Use SSL/TLS. When I hit the ? symbol, I saw this useful help page: Quote The nginx startup script looks for a SSL certificate on the USB boot flash in this order: config/ssl/certs/certificate_bundle.pem config/ssl/certs/<server-name>_unraid_bundle.pem If neither file exists, a self-signed SSL certificate is automatically created and stored in config/ssl/certs/<server-name>_unraid_bundle.pem The path is actually /boot/config/ssl/certs. In there I found the offending certificate, certificate_bundle.pem. I moved it somewhere else for safekeeping and rebooted the server and then it finally went back to normal. 🔍 Mystery solved. Edited April 28, 2021 by frakman1 1 Quote Link to comment
Squid Posted April 28, 2021 Share Posted April 28, 2021 20 hours ago, frakman1 said: or the IP addres, it always redirects to the xxx.unraid.net URL it doesn't redirect if you use https://ipAddress, only if you use http Quote Link to comment
Kaveh Posted April 28, 2021 Share Posted April 28, 2021 It shouldn't redirect at all (unless you specify it should). That's my point. Quote Link to comment
ljm42 Posted April 29, 2021 Share Posted April 29, 2021 Local SSL is not a feature of the plugin, it is built into the main Unraid OS. That is why it does not get disabled when you uninstall the plugin. If you would like to disable local SSL simply go to Settings -> Management Access and set "Use SSL/TLS" to "No". Quote Link to comment
Kaveh Posted April 29, 2021 Share Posted April 29, 2021 2 hours ago, ljm42 said: Local SSL is not a feature of the plugin, it is built into the main Unraid OS. That is why it does not get disabled when you uninstall the plugin. If you would like to disable local SSL simply go to Settings -> Management Access and set "Use SSL/TLS" to "No". Yes, but local access redirects to the unraid.net SSL URL. It should use SSL for remote connections, but it shouldn't redirect local connections. Quote Link to comment
frakman1 Posted April 29, 2021 Share Posted April 29, 2021 7 hours ago, Squid said: it doesn't redirect if you use https://ipAddress, only if you use http Thank you. I tried that solution but that wasn't satisfactory either. It was still using the new Unraid certificate. Uninstalling the plugin should really remove everything that it added. Quote Link to comment
frakman1 Posted April 29, 2021 Share Posted April 29, 2021 4 hours ago, ljm42 said: Local SSL is not a feature of the plugin, it is built into the main Unraid OS. That is why it does not get disabled when you uninstall the plugin. If you would like to disable local SSL simply go to Settings -> Management Access and set "Use SSL/TLS" to "No". I'm not 100% sure what the original state of the "Use SSL/TLS" setting was but I think it was originally No and that installing the Unraid.net plugin enabled it. If I'm wrong and it was set to Yes already, then removing the plugin should remove the new Unraid.net certificate so that it would continue using the self-signed hostname certificate. Quote Link to comment
Kaveh Posted April 29, 2021 Share Posted April 29, 2021 It would be nice to walk back this plugin a little bit. I originally installed it because of the automated USB key backup. It seems like that feature should be isolated from the SSL/redirect feature. You should be able to use one without the other. Quote Link to comment
JonathanM Posted April 29, 2021 Share Posted April 29, 2021 1 minute ago, Kaveh said: You should be able to use one without the other. I do. The only feature I have enabled is the USB backup and key recovery. 1 Quote Link to comment
ljm42 Posted April 29, 2021 Share Posted April 29, 2021 20 hours ago, Kaveh said: Yes, but local access redirects to the unraid.net SSL URL. It should use SSL for remote connections, but it shouldn't redirect local connections. Our Remote Access solution currently requires you to enable SSL for Local Access. Local access uses https://yourpersonalhash.unraid.net:port Remote access uses https://www.yourpersonalhash.unraid.net:WANport Quote Link to comment
ljm42 Posted April 29, 2021 Share Posted April 29, 2021 17 hours ago, frakman1 said: I'm not 100% sure what the original state of the "Use SSL/TLS" setting was but I think it was originally No and that installing the Unraid.net plugin enabled it. If I'm wrong and it was set to Yes already, then removing the plugin should remove the new Unraid.net certificate so that it would continue using the self-signed hostname certificate. The original setting for "Use SSL/TLS" was Auto, but there was no certificate so that is the same as "no". When you provisioned the certificate that made "Auto" behave the same as "yes". auto = automatic Once the certificate exists if you want to turn it off, set "Use SSL/TLS" to No. Quote Link to comment
tech_rkn Posted April 29, 2021 Share Posted April 29, 2021 Hello, the real question about this "feature" is, is it safer than a wireguard or openvpn tunnel ?? Quote Link to comment
ljm42 Posted April 29, 2021 Share Posted April 29, 2021 3 hours ago, Kaveh said: It would be nice to walk back this plugin a little bit. I originally installed it because of the automated USB key backup. It seems like that feature should be isolated from the SSL/redirect feature. You should be able to use one without the other. Remote Access and Flash Backup are both optional features, feel free to enable neither, one, or both. Local SSL is ONLY a requirement if you use our Remote Access solution. If you don't use Remote Access then you don't have to setup Local SSL either. To disable Local SSL go to Settings -> Management Access and set "Use SSL/TLS" to "no" 1 Quote Link to comment
ljm42 Posted April 30, 2021 Share Posted April 30, 2021 4 minutes ago, tech_rkn said: Hello, the real question about this "feature" is, is it safer than a wireguard or openvpn tunnel ?? The optional Remote Access feature is a convenient and secure way to access your webgui remotely. WireGuard is arguably less convenient (takes more than a browser to use, doesn't work on some networks) but more secure (uses public/private keys rather than a password). WireGuard can also give access to more than just the webgui. So it depends on what you need. But again, Remote Access is one of the optional features of this plugin and is in no way required. Quote Link to comment
Kaveh Posted April 30, 2021 Share Posted April 30, 2021 Our Remote Access solution currently requires you to enable SSL for Local Access. Local access uses https://yourpersonalhash.unraid.net:port Remote access uses https://www.yourpersonalhash.unraid.net:WANportYes, but does it need to? Why can’t local access remain unredirected? Quote Link to comment
ljm42 Posted April 30, 2021 Share Posted April 30, 2021 On 4/29/2021 at 6:44 PM, Kaveh said: Yes, but does it need to? Why can’t local access remain unredirected? Because the Remote Access solution leverages the existing DDNS and SSL certificate process that is already built in to Unraid. Might this change in the future? Possibly. But in terms of what is available today, the optional Remote Access solution requires that you enable SSL for Local Access. Edit: in Unraid 6.10 you can enable SSL/https for Remote Access while keeping http for local access. See https://wiki.unraid.net/Manual/Security#Securing_webGui_connections_.28SSL.29 Quote Link to comment
tech_rkn Posted April 30, 2021 Share Posted April 30, 2021 11 hours ago, ljm42 said: The optional Remote Access feature is a convenient and secure way to access your webgui remotely. WireGuard is arguably less convenient (takes more than a browser to use, doesn't work on some networks) but more secure (uses public/private keys rather than a password). WireGuard can also give access to more than just the webgui. So it depends on what you need. But again, Remote Access is one of the optional features of this plugin and is in no way required. Thank you I might just stick to wireguard as I used it to access my lan too. Quote Link to comment
Glepnir Posted May 13, 2021 Share Posted May 13, 2021 Can we access the webgui of any of the dockkers using this or is that still just something you need to go through a VPN for? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.