Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

New to v6: General Internet security questions

Featured Replies

So I've just moved to v6.1.3 from v4.7. I'm excited to upgrade my internals and start leveraging the power of v6 as a more robust server (consolidated PLEX, for starters). My big concern is overall internet security, as I'm coming from v4.7 where it was strongly advised to NEVER expose unRaid to the internet. I was solely using it as an internal file server, which fed my PLEX server running on a separate Windows system.

 

[*]What security measures (if any) are built-in to v6 and need configured?

[*]What precautions do I need to take at the router level (i.e. Firewall rules, port mappings, MAC filters, etc.)

[*]Is it possible/advisable to allow remote administration from outside my local network?

[*]Overall, how secure/insecure is it to allow my unRaid access (i.e. remote access to my PLEX for friends/family, etc.)

  • Community Expert

Most people set up a VPN for this. My router has built-in support for VPN.

 

There is nothing in unRAID to secure it if you expose it directly to the internet.

  • Author

I will have to read up extensively on this. My router also has direct support for VPN (Ubiquiti EdgeMax EdgeRouter LITE).

  • Author

Are there any guides/tips/best practice threads that I can be directed to? A quick search turned up a lot of internet access troubleshooting threads, but not any general how-to's or "things to avoid" , etc.

 

Or am I being paranoid? Does running PLEX from within a Docker on my unRaid box present any more or less security risk than running it on another Windows PC and using unRaid as the library?

 

Sorry for the newbishness here, but network security is foreign to me beyond basic Windows anti-malware/AV.

  • Author

Still having trouble nailing down some kind of guide/best practice for configuring unRaid internet access. Do I need to worry about extra router firewall rules or some kind of anti-virus for unRaid?

 

Or am I being paranoid? Does running PLEX from within a Docker on my unRaid box present any more or less security risk than running it on another Windows PC and using unRaid as the library?

 

 

In theory, it should be less Risky.

 

First there would need to be an exploit with Plex, then they would have to break out of the Docker container (meaning a docker exploit as well.)

 

 

Here's my take:

 

If you are comfortable sharing Plex on Windows outside your firewall, then you should feel comfortable doing that with Plex on unRAID too.  Your first line of defense is Plex, so really what you are doing is trusting that there aren't any exploits in Plex.

 

Actually... if a hacker does manage get through Plex onto Windows, they will likely have pretty good access to the system.  But if they get through Plex into Docker, they will be a non-root user on a very minimal install of Ubuntu, which should minimize the damage they can do. 

 

To reduce it even more, you could map your media directories to Docker as read-only, then the hacker would have to break out of Docker itself in order to cause any real damage.

 

[*]Is it possible/advisable to allow remote administration from outside my local network?

 

You definitely don't want to expose the unRAID web interface to the internet.  The only real options here are VPN or an SSH Tunnel, I run both on my router but there are ways to run them on unRAID as well.  The main downside to that is that if you reboot unRAID while you are VPNd in, your connection will drop.

  • Author

Thanks folks! This lines up with what my coworkers were telling. Pretty much that I was veering into tinfoil hat territory out of ignorance. I like the read-only media share mapping idea and will probably go that route.

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.