Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

How to secure Unraid (datacenter setup) with Tailscale + Cloudflare Tunnel ?

Featured Replies

Hey everyone 👋

I’m running my Unraid server in a datacenter, it's super cool but my server is like an open book ... and I want to make it as secure as possible.

My goal is:
• Unraid should be completely private and invisible on the Internet (no open ports, no public IP access).
• I want to manage and access Unraid only through Tailscale.
• Only a few apps like Plex, Wizarr, and Overseerr etc should be accessible from outside — but safely, through Cloudflare Tunnel (Zero Trust).

Basically:
- Tailscale for private access (admin, internal use)
- Cloudflare Tunnel for public apps access (Plex, etc.)

I’d like to know if this setup is possible or if there are any issues with using Tailscale and Cloudflare Tunnel together on Unraid.
For example, can I make Unraid itself private but still let Cloudflare access my Docker containers safely?

Also, how can I make Unraid accessible only when I’m connected to Tailscale, and block any access from the public IP? I didn't find this feature in Settings > tailscale. Should I do a bridge ?

Has anyone done something similar or can confirm it’s safe to do it this way?
Thanks for any advice! 🙏

Edit:

After some research and exchanging with Tailscale AI, the suggestion is to do like this:

Tailscale
No image preview

Use UFW to lock down an Ubuntu server · Tailscale Docs

Learn how to accept connections from Tailscale and ignore internet traffic to a server.

as UFW is no present in unraid, I should try to apply the following iptable rules:

iptables -P INPUT DROP

iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -i tailscale0 -j ACCEPT

iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

Does this rule making sense ?

Edited by Drbisounours

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.