Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

How Concerned Should I be with the My Servers app and Privacy?

Featured Replies

Hi, folks. It's my first post and I'm unsure of where this question belongs. It also appears that the choices of where I can post are limited (I'd have posted in the My Servers Support, but it wasn't available)

Simple question: How concerned should I be using the My Servers app? I know there are some read/write problems they're working on, but I'd still like to use the remote access feature. 

 

Watching SpaceInvaderOne's video on the plugin, I also learned a little about DNS Rebinding attacks. Does turning off DNS Rebinding Protection open me up to other problems? Are there other solutions?
 

How safe is my data and activity while accessing my server remotely? Thank you.

Edited by BKTEK

My Servers has several features, one of which is Remote Access. You can read about this and other features here:
  https://wiki.unraid.net/My_Servers

 

Regarding Remote Access and DNS Rebinding...

 

DNS Rebinding is a protection that prevents your system from resolving a real domain name to a private IP. If you want to use full and proper SSL on an private IP it has to be disabled.  On high-end routers you can disable it for specific domains like unraid.net or plex.direct, on other routers it is an all-or-nothing switch.

 

Our Remote Access solution requires an unraid.net certificate from Let's Encrypt. In Unraid 6.9.2 this means you also have to use an unraid.net certificate for local access, and thus you have to disable DNS rebinding. In Unraid 6.10 this is not a requirement and you can use an unraid.net certificate for Remote Access while using http or a self-signed certificate for Local Access (so no need to disable DNS rebinding)

 

Please see this wiki page for more information: https://wiki.unraid.net/My_Servers#Configuring_Remote_Access_.28optional.29 

 

As mentioned on that wiki, you need to have a complex root password. Unraid does have protections built in to guard against brute force attacks, but it won't help if your password is "password". 

 

Also from the wiki - Remote Access gives you access to the Unraid webgui. If you want access to docker containers or other devices on the network then you want to look at setting a WireGuard VPN instead:

 

  • Author

Thank you @squid and @ljm42. I'm in the market for a new router anyway - do you have any suggestions? Or maybe these features are available in DD-WRT or Tomato...

I'm pretty sure that pfSense, OPNsense, and Unifi products allow you to disable DNS Rebinding protection for specific domains. I'm not sure about others, you'd want to Google "[brand] disable dns rebinding"

  • Author
16 minutes ago, ljm42 said:

I'm pretty sure that pfSense, OPNsense, and Unifi products allow you to disable DNS Rebinding protection for specific domains. I'm not sure about others, you'd want to Google "[brand] disable dns rebinding"

Thank you again for the info. I've been endeavoring to install Wireshark. It's one of those things where you open a can of worms. I have no idea what I even started with via SpaceInvaderOne's videos but each thing led to different thing I wanted to do until I had a laundry list of things to set up. I need to itemize the list, organize by order of practicality/importance, and then go from there. But setting up DuckDNS, PFSense, and Wireshark seem like VERY high priorities now. 

 

Thank you all again for the help.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.