johngc Posted March 6, 2016 Share Posted March 6, 2016 I would like to make my unRAID server more secure. At the moment I have ports 80 and 443 open on my router so I can access the unRAID web gui and owncloud from the big wide world. It is only a home server so nothing 'business critical'. I have a number of dockers I would like to access from elsewhere but don't want to open up all the ports and as I have DDWRT installed on my router, thought I would set up the OpenVPN server but it really is becoming a bit harder than I thought and I just can't get it to work. My question is, if I use the OpenVPN-AS docker which looks pretty straight forward to set up, will this be any less secure than persevering and setting it up on the router. I assume I will have to leave the OpenVPN-AS port open on the router and 443 for owncloud (unless I leave my iPhone constantly connected to the VPN?) Quote Link to comment
CHBMB Posted March 6, 2016 Share Posted March 6, 2016 I would like to make my unRAID server more secure. At the moment I have ports 80 and 443 open on my router so I can access the unRAID web gui and owncloud from the big wide world. It is only a home server so nothing 'business critical'. Never allow your Unraid webui to be accessible from the WAN over port 80 or 443, it's very insecure and if anyone got access they could wreak havoc or delete all your data.... I have a number of dockers I would like to access from elsewhere but don't want to open up all the ports and as I have DDWRT installed on my router, thought I would set up the OpenVPN server but it really is becoming a bit harder than I thought and I just can't get it to work. My question is, if I use the OpenVPN-AS docker which looks pretty straight forward to set up, will this be any less secure than persevering and setting it up on the router. I assume I will have to leave the OpenVPN-AS port open on the router and 443 for owncloud (unless I leave my iPhone constantly connected to the VPN?) I personally found the router a better way to access the VPN than a docker. Because it's always on and you can restart the docker service, stop the array and reboot your Unraid machine, all of which would cause you to disconnect with the container. In my opinion, if you can use a VPN on your router then that's the way forward, if not, then the docker container is the way forward. Quote Link to comment
johngc Posted March 6, 2016 Author Share Posted March 6, 2016 Thanks CHBMB Never allow your Unraid webui to be accessible from the WAN over port 80 or 443, it's very insecure and if anyone got access they could wreak havoc or delete all your data.... Ok - I assumed that unRAID was fairly secure, however not knowing how it all works, I shall close port 80 . I am only using 443 for the Owncloud docker which is a https connection - again it is an assumption but surely Owncloud is secure with a good password?. Also from the OpenVPN website https://docs.openvpn.net/frequently-asked-questions/ it appears I need 443 open anyway so how can I have it open for one but not the other? I have managed to get the OpenVPN docker working now anyway (very easy to do - big thank you to the author) so I will do some more testing with my router and try and get that working properly knowing that I can always fall back on the Docker. Quote Link to comment
METDeath Posted March 6, 2016 Share Posted March 6, 2016 I'd run OpenVPN on your router, if possible. Failing that, you could always build a cheap pfSense machine using one of the low power mini-itx boards that have dual Intel gigabit nics. Quote Link to comment
CHBMB Posted March 6, 2016 Share Posted March 6, 2016 Thanks CHBMB Never allow your Unraid webui to be accessible from the WAN over port 80 or 443, it's very insecure and if anyone got access they could wreak havoc or delete all your data.... Ok - I assumed that unRAID was fairly secure, however not knowing how it all works, I shall close port 80 . I am only using 443 for the Owncloud docker which is a https connection - again it is an assumption but surely Owncloud is secure with a good password?. Also from the OpenVPN website https://docs.openvpn.net/frequently-asked-questions/ it appears I need 443 open anyway so how can I have it open for one but not the other? I have managed to get the OpenVPN docker working now anyway (very easy to do - big thank you to the author) so I will do some more testing with my router and try and get that working properly knowing that I can always fall back on the Docker. It's all about mitigating risk... I run an Apache webserver on my Unraid box on ports 80 and 443, but it's not possible to access my Unraid web interface via this. In fact all my traffic on port 80 gets automatically redirected to 443 and it is all secured with http(s) auth, I use this as a reverse proxy for Owncloud and a few other apps. So I just need to make sure that Apache is security hardened rather than each individual app. If I want to access my Unraid web interface then I use my VPN. I would never consider using Apache or anything else as secure enough to put my Unraid webui on. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.