Mishap - Initial setup with open port 443

Go to solution Solved by Kilrah,

Recommended Posts

Hello dear community!


Unfortunately, a small mishap happened to me and i would now like to check whether any data was stolen.


I previously ran a self-hosted Fedora Linux server and forwarded the 443 port to my NGINX container there.


When i decided to switch to Unraid and get the Pro version, i set everything up from scratch, started setting up Unraid and migrating my data to the new server.


For this work (i thought, i was on my private network anyway) i worked without a password for about half a day. After that i installed the myServer plugin (but did not activated it) and assigned a password.


The real issue i'm a bit worried about is that port 443 from the old server was still open and forwarded to the new unraid server, so theoretically it could have been available on the internet.


Now i wanted to recreate that, but i can't get to the server from outside if only port 443 on the router is enabled. Various checks with port scanners or IOT scanners did not find any services either.


Is it possible, that Unraid doesn't make port 443 available by default, but only as soon as i set up the myServer plugin?


Many thanks for your help!


Link to comment
2 hours ago, JonathanM said:

Which version of Unraid? I thought all the recent versions forced you to set a password at first login?

@JonathanM thanks for your feedback. I am using the newest version 6.10.3. With this version i can work with root and without a password. Have just tested it with a new usb-stick / test-installation.

Link to comment
43 minutes ago, Kilrah said:

And AFAIK SSL is off by default, so it's only responding on 80, not 443.

Also your forward would only have worked if your new server uses the same internal IP as the old one, don't know if it's the case.

@Kilrah thanks for your feedback. So this means that SSL is not yet enabled on a fresh install and if the IP address was the same as the old server, on the router port 443 was open and port 80 was closed, the GUI was unreachable.


There was also no internal forwarding via NGINX because the container was not running at the time. In this case, there would have to be direct access via port 443, which is not possible because this port is not yet activated in a new installation. Is this right?

Link to comment

I've now recreated everything with nmap and it is as you say @Kilrah.

Enabling SSL/TLS via Unraid's GIU opens port 443 on the server. If the port is also opened on the router, i can access the GUI from the Internet via https.

If i disable SSL/TLS and leave port 443 open on the router, the connection is rejected.

Thanks, then everything should be fine again and no one should have had access to my data.

  • Like 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.