October 25, 2025Oct 25 Hey everyone 👋I’m running my Unraid server in a datacenter, it's super cool but my server is like an open book ... and I want to make it as secure as possible. My goal is:• Unraid should be completely private and invisible on the Internet (no open ports, no public IP access).• I want to manage and access Unraid only through Tailscale.• Only a few apps like Plex, Wizarr, and Overseerr etc should be accessible from outside — but safely, through Cloudflare Tunnel (Zero Trust).Basically:- Tailscale for private access (admin, internal use)- Cloudflare Tunnel for public apps access (Plex, etc.)I’d like to know if this setup is possible or if there are any issues with using Tailscale and Cloudflare Tunnel together on Unraid.For example, can I make Unraid itself private but still let Cloudflare access my Docker containers safely?Also, how can I make Unraid accessible only when I’m connected to Tailscale, and block any access from the public IP? I didn't find this feature in Settings > tailscale. Should I do a bridge ?Has anyone done something similar or can confirm it’s safe to do it this way?Thanks for any advice! 🙏Edit:After some research and exchanging with Tailscale AI, the suggestion is to do like this:TailscaleUse UFW to lock down an Ubuntu server · Tailscale DocsLearn how to accept connections from Tailscale and ignore internet traffic to a server.as UFW is no present in unraid, I should try to apply the following iptable rules:iptables -P INPUT DROPiptables -A INPUT -i lo -j ACCEPTiptables -A INPUT -i tailscale0 -j ACCEPTiptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPTDoes this rule making sense ? Edited October 25, 2025Oct 25 by Drbisounours
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.