Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Enabling HTTPS

Featured Replies

Hi everyone.  Does unRAID support HTTPS (Port 443)?  I can not find anywhere within the settings page to enable it.  I've searched the forum and haven't found anything.  Thanks.

  • Author

I figured that was the case.  Why isn't it supported?

  • Author

That's a ridiculous approach if u ask me.  I mean, it's only holding ALL of our confidential documents.  Guess that's why they haven't implemented VLAN's either...  :-\  Thanks for confirming what I hoped wasn't the case.

That's a ridiculous approach if u ask me.  I mean, it's only holding ALL of our confidential documents.

 

It was designed, and marketed, as a MEDIA server.

I'm also curious: what attack vector are you trying to protect against with HTTPS?

 

For the context of my question, I'm working under the assumption that you are running unraid on an internal network, behind a router, and that you trust the other people on your internal network not to attempt sniffing your traffic.

  • Author

How is that an excuse not to implement security? Even if that is the case, it has evolved a lot with the implementation of VM's and Docker. It's sad that every Web interface that I run on top of unraid is https enabled, yet unraid doesn't support it.

  • Author

I'm also curious: what attack vector are you trying to protect against with HTTPS?

 

For the context of my question, I'm working under the assumption that you are running unraid on an internal network, behind a router, and that you trust the other people on your internal network not to attempt sniffing your traffic.

I work in the field of Cyber Security and you don't have to open your network up to the world for there to be risks of intrusion through vulnerabilities of many other avenues. As I mentioned previously, I use unraid as my primary NAS and store a lot of important documents on it. In the event that my network is compromised, I'd rather not make it even easier for the attacker by sending my login credentials to him in the clear. I find it hard to believe that with all of the cyber crime going on throughout the world, simple SSL security is an afterthought on a product that we pay for. I could kind of see that being the case for an open source/free product.

Well I won't presume to know more than you, but I do know that in the world of security there are always trade-offs and you should put effort on the largest and highest risk attack surfaces.

 

And you still didn't answer the question: what is the attack vector for unencrypted http streams on an internal network? I ask because if my network is compromised I have bigger worries than unencrypted http streams. Like yuo know, the fact that they have unhindered access to my network, they probably have access to my router (that's how they likely got in) and they have access to any and all devices attached to my network for which I have decided to open (like smb or nfs shares). So how is an encrypted https call going to protect me.

 

so you got to the end of that and probably think I'm poking you in the eye with a stick. I am holding the stick, true, but not poking yet. I'm really honestly asking to be educated. Because if you can articulate the actual risk, and that it is a higher risk than the fact that the network has already been owned, then it goes a long way to justifying the level of effort required on both LT's part and the users to implement robust https with all the effort required to establish certificates as well.

Honestly I think the main reason for adding SSL to unraid is because people expect it.

 

The danger is that it can give people a sense of security that doesn't exist.

That's a ridiculous approach if u ask me.  I mean, it's only holding ALL of our confidential documents.

 

It was designed, and marketed, as a MEDIA server.

 

This. Even in the wiki it states

unRAID is by no means a secure operating system and should NOT be connected directly to the Internet under any circumstances.

 

http://lime-technology.com/wiki/index.php/Configuration_Tutorial#Security

  • 1 year later...

Is there seriously no HTTPS? now I have to implement VPN to remote in to manage my NAS rather than port forward. If a media server why no media server out of the box without having to install flex docker or a plugin?

Is there seriously no HTTPS? now I have to implement VPN to remote in to manage my NAS rather than port forward. If a media server why no media server out of the box without having to install flex docker or a plugin?

Unraid is not a media server. It's a NAS intended for LAN access.

If you turn it into a media server by installing services through docker or VMs, you can also install a reverse proxy in docker to provide access to those guis securely. You can try the linuxserver letsencrypt container which gets and maintains free 3rd party validated certs automatically.

For remote smb or ssh access to unraid, you can set up vpn through docker as well
3 hours ago, johner said:

Is there seriously no HTTPS? now I have to implement VPN to remote in to manage my NAS rather than port forward. If a media server why no media server out of the box without having to install flex docker or a plugin?

Yes, VPN is the recommended approach.  Even if unRAID supported HTTPS I suspect it would still be the recommended approach (see the " unRAID is by no means a secure operating system " comments above).

1 minute ago, tdallen said:

(see the " unRAID is by no means a secure operating system " comments above).

 

Sorry...but that is starting to no longer be a valid excuse.

I happen to agree that the unRAID Admin UI should support HTTPS, but comments from posters like @johner make it sound like all we need it HTTPS on the UI and suddenly unRAID is secure.  That's not true, and I suspect VPN will continue to be the recommended remote management solution even after Limetech implements HTTPS at some point (just my POV).

I agree, even with https I still wouldn't entertain opening it to WAN without a VPN.

  • 3 months later...

Hey, I know this post is old and new to unraid but not sure they got https yet. if so, excuse my ignorance and can someone please show me where this setting is.

 

Reason i am asking is because I ran into a situation this week where i setup openvpn into my network. I am using my mac to connect through vpn. Once connected i bring up my unraid box through safari. Anyways I run snort and it showed that when logged in through VPN  and accessing my unraid box from my mac that the password I sent to login to the unraid box was unencrypted. Not sure why this is happening as I am forcing all traffic through the VPN. 

 

I would say that this is a good case as to why we need unraid to have https if it doesn't already. 

  • Community Expert
1 hour ago, kjoconis said:

Hey, I know this post is old and new to unraid but not sure they got https yet. if so, excuse my ignorance and can someone please show me where this setting is.

 

Reason i am asking is because I ran into a situation this week where i setup openvpn into my network. I am using my mac to connect through vpn. Once connected i bring up my unraid box through safari. Anyways I run snort and it showed that when logged in through VPN  and accessing my unraid box from my mac that the password I sent to login to the unraid box was unencrypted. Not sure why this is happening as I am forcing all traffic through the VPN. 

 

I would say that this is a good case as to why we need unraid to have https if it doesn't already. 

 

It has been in the version 6.4.0-rc3 and higher.  See here:

  

 

  • 2 years later...
On 12/9/2015 at 1:36 PM, StevenD said:

 

It was designed, and marketed, as a MEDIA server.

A digression of topic:

What a nonsense excuse. Obviously it supposed to have https  with self-signed cert as default. I hate this way o thinking to postpone the responsibility. It is very convenient these days. I was born in days where companies were asking users for their opinion and using it to improve their product. It seams that now we live in world where companies are ignoring user feedback, with bunch of “system happy “ users complementing this system.

 

To the topic:

There is stunnel package that can wrap http connection over ssl, so there if someone knows how to make plugins it can be done easily. Maybe it already is?

 

Just so you're aware, you do realize that you quoted a 5 year old post on a thread that hasn't had a reply in 3 years

Good point! I am not familiar with forums :P I can see that in unraid 6.4.3 settings->management acces there is option Use SSL :) Thanks hehe

 

  • 9 months later...

I think the best reason to implement HTTPS support is because most browsers default to HTTPS.. even if you do manually type it in as HTTP.

 

Bloody annoying.

4 hours ago, SLNetworks said:

I think the best reason to implement HTTPS support is because most browsers default to HTTPS.. even if you do manually type it in as HTTP.

 

Bloody annoying.

Once again, this thread is originally 6 years old.  HTTPS is already implemented.  @SLNetworks look at thread dates before bumping for no reason.

Edited by Energen

Haha, alright. Set it as default on fresh installs. Cheers.

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.