Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

ControlR (Android/iOS app for unRAID)

Featured Replies

7 hours ago, steve1977 said:

if still “just” VPN, can you advice how this works?

 

Not picking on just steve1977, but as a note to all who are asking for in-app external access:

 

With all respect to jbrodriguez and all the great work he's done on this app and the various plugins and dockers he's worked on, security isn't "just". It's hard work to get it right, and as he mentioned several pages back, if something goes wrong he'd feel responsibility for it, and some might try to (legally) make him responsible for it.

 

VPN access may be somewhat more complex and more of a hassle, but the OpenVPN project has a large(ish) team of people who know what they're doing and focus primarily on the security side of things so applications like this one don't have to. Remember - they have a commercial product that, according to their site, is used by a large number of paying customers - they have a lot on the line to get it right.

 

I've not set up the OpenVPN docker on my server yet, but that's my next project, and I, for one, will be more than happy with the minor hassle of having to go through a VPN client to keep my server secure. Once I've got it setup and working, I'm going to ensure I can get access to all my other dockers via VPN, then turn off their external access, too.

  • Replies 1.4k
  • Views 263.8k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • @jbrodriguez My son has decided he doesn't like your app. He was giving me some lip so I threatened to shut off Plex. *Click* Plex Docker was shut off from the comfort of my couch and no more videos f

  • jbrodriguez
    jbrodriguez

    UPDATE: We found the root cause of the issue !!! 🙌   Can't thank enough @Dantheman and Peter (don't have his handle), for the patience and willingness to help me test and troubleshoo

  • jbrodriguez
    jbrodriguez

    Yes, this one is a bit strange, I'll need to dig deeper to figure out what's the issue

Posted Images

I have the Openvpn-as docker installed on my unRAID server and my iPad set up with the openVPN client configured with a connection profile to the unRAID server.    If I want to use ControlR away from home I simple start the openVPn client on my iPad (which only takes a few seconds) to open the VPN connection to my unRAID server, and then launch ControlR which now functions exactly as it does when my iPad is connected to my local LAN.

Edited by itimpi

9 hours ago, FreeMan said:

 

Not picking on just steve1977, but as a note to all who are asking for in-app external access:

 

I don't perceive this at all as picking on me. Actually, I need to say that community members of this forum in general are among the most polite and helpful compared to all other forums I am engaging. Part of the reason what gets me interested to pursue more and more new Unraid related projects.

  • Author
On 12/2/2017 at 10:18 PM, FreeMan said:

If I type in the IP address in the the manual server add (with all the other info), it will add it immediately, no issues. If I enter the server name, though, I get an error telling me to "Please enter a valid IP address / Hostname"

Should work with a with a hostname. Can you send me the server's hostname to check why it's hitting the error ? (pm if you prefer)

 

On 12/2/2017 at 10:18 PM, FreeMan said:

I've been very impressed with the speed with which you've tracked down & patched bugs and released new features. Not bad at all for a solo effort!

Thanks for the kind words !

 

20 hours ago, steve1977 said:

Just browsed this threat and realized that a native implementation within the app is the most requested new feature. Is there still hope for native support?

steve1977, I'm still on the don't do it side of things.

 

 

Getting this feature right is sensitive and Freeman's post (below), provides a quite accurate summary of the reasons.

 

I think some users may be connecting externally via a reverse proxy, in a way similar to this 

 

but the helper plugin would still be unaccessible from the app.

 

So, my official suggestion is still to use OpenVPN or similar.

 

OpenVPN setup is not the most difficult thing you can find and operation is quite straightforward (as mentioned by itimpi)

 

 

 

 

 

Should work with a with a hostname. Can you send me the server's hostname to check why it's hitting the error ? (pm if you prefer)


Server name is "NAS". I was quite creative in my naming...

I can send logs if you need those, too.

Sent from Tapatalk

  • Author
22 hours ago, FreeMan said:

Server name is "NAS". I was quite creative in my naming...

 

I see :)

 

Well, it turns out I was half lying: when the app asks for a hostname, what it really wants is a fully qualified domain name (FQDN) O.o

 

That's why "NAS" is being flagged as an error.

 

I guess I'll just remove validations from this field, since it can be almost anything.

 

I forgot to address the issue you mentioned with automatic discovery.

 

It shouldn't return to the Servers screen so fast, I'll do some checks and get back to you.

 

 

 

Edited by jbrodriguez



 
I see [emoji4]
 
Well, it turns out I was half lying: when the app asks for a hostname, what it really wants is a fully qualified domain name (FQDN) [emoji33]
 
That's why "NAS" is being flagged as an error.
 
I guess I'll just remove validations from this field, since it can be almost anything.
 
I forgot to address the issue you mentioned with automatic discovery.
 
It shouldn't return to the Servers screen so fast, I'll do some checks and get back to you.
 
 
 


Yeah, since it server isn't reachable from the outside world, it really doesn't have an FQDN... :)

Thanks for looking into the automatic discovery, too. Let me know if there's any additional info you need from my end.

Sent from Tapatalk

i found the best method currently implementing on my system is to open either UDP port 7 or 9 just for WOL package to arrive at our server (even if you don't have static public IP, you can always use dynamic free-ish service like no-ip, changeip etc...)

 

Then after you have woke your UnRaid, OpenVPN-AS to your server and woala, full control of the whole system #!

Before i buy, do i need to port forward to get this working? (and if so, which?) Or does it only work in LAN?

Edited by nuhll

Only in LAN.

Thats very very sad, why should i need this APP in my lan when im at home... Oo

 

And no, VPN is no option for me. They should really think about a Docker -> Contr Server -> Client modell, you dont need to expose anythign and if Contr Server is correct Security, no risk at all.

 

 

4 minutes ago, nuhll said:

Thats very very sad, why should i need this APP in my lan when im at home... Oo

 

And no, VPN is no option for me. They should really think about a Docker -> Contr Server -> Client modell, you dont need to expose anythign and if Contr Server is correct Security, no risk at all.

 

 

You mean something like the OpenVPN-AS docker?

Edited by wgstarks

No i mean something like some cameras do. SOmetimes tehy call it p2p network. Its just the unraid server (with contr docker) connect to the server of the contr app, and the client (contr app handy) connects to the contr app server  also, So you dont need to port forward.


Like teamviewer does. No port forwarding, no exposing, clean and simple user and pw (maybe add cert or whatever to make it more proov)

Edited by nuhll

I’m not familiar with contr docker for p2p vpn, but openvpn has a very good reputation security wise and pretty easy to setup since that docker has already been adapted for unRAID.

 

You may be able to install contr as well using CA though.

3 hours ago, nuhll said:

No i mean something like some cameras do. SOmetimes tehy call it p2p network. Its just the unraid server (with contr docker) connect to the server of the contr app, and the client (contr app handy) connects to the contr app server  also, So you dont need to port forward.


Like teamviewer does. No port forwarding, no exposing, clean and simple user and pw (maybe add cert or whatever to make it more proov)

 

"something like some cameras do" - you mean like "Internet of things" cameras? You mean like the ones that were hacked within minutes giving bad guys immediate and complete access to people's home networks and every machine on them? No thanks!

 

Teamviewer is similar in concept to OpenVPN-AS as wgstarks mentioned. Both of those systems have large teams of people who do security for a living. As I've mentioned before (in this thread) jbrodriguez does a great job, but do you want to rely on him and only him to ensure the security of your home network? (BTW- he's said he's really not interested in adding this type of direct access via his app/plug-in combo.)

 

Install the OpenVPN-AS server on your unRAID box - it'll take you less than an hour to configure it, even if you struggle (look for my questions in the lsio thread to avoid the same pitfalls I hit). Install the OVPN client on your phone or tablet, then connect & voila, your device is on your home network & ControlR will work like a champ no matter where in the world you are with the minimum amount of risk to your server & other home computers.

" You mean like the ones that were hacked within minutes giving bad guys immediate and complete access to people's home networks and every machine on them? No thanks!"

If he want to fugg it up. Or lets say, if someone hacks him, it doesnt matter what he has done or not, the hacker could itself just install a backdoor, so WAYNE!

 

ALSO what you are talking about are CAMERAS or INTERNET OF THINGS WHICH ARE EXPOSED TO THE INTERNET, SO EXCATLY THAT WAS WE HAVE TO DO NOW TO GET IT WORKING (INSTALL VPN).

 

Where the fugg do i live that i instsall openvpn JUST for one smartphone app? I dont need VPN connections in my network! ANother security flaw! welcome to 2018!

 

 

56 minutes ago, nuhll said:

" You mean like the ones that were hacked within minutes giving bad guys immediate and complete access to people's home networks and every machine on them? No thanks!"

If he want to fugg it up. Or lets say, if someone hacks him, it doesnt matter what he has done or not, the hacker could itself just install a backdoor, which gets automatic distrubuted between all users, so WAYNE!

 

ALSO what you are talking about are CAMERAS or INTERNET OF THINGS WHICH ARE EXPOSED TO THE INTERNET, SO EXCATLY THAT WAS WE HAVE TO DO NOW TO GET IT WORKING (INSTALL VPN).

 

Where the fugg do i live that i instsall openvpn JUST for one smartphone app? I dont need VPN connections in my network! Another security flaw! welcome to 2018!

 

 

 

Edited by nuhll

13 hours ago, nuhll said:

Thats very very sad, why should i need this APP in my lan when im at home... Oo

 

And no, VPN is no option for me. They should really think about a Docker -> Contr Server -> Client modell, you dont need to expose anythign and if Contr Server is correct Security, no risk at all.

 

 

This solution would require the controlr author to be providing a server which the current solution does not (unless I have misunderstood what you are asking for).  If a server is required how do you know it is secure?

 

The moment you let ANYTHING from the internet into your LAN there is a potential security risk, but I think the open VPN is one of the lowest risk options, particularly if you set it up to require a certificate to use it at the client end

Edited by itimpi

Yes, he need server.

 

But you dont understand, you dont let the server connect to your lan, Its the LAN connect to the server.

 

VPN provide access to your WHOLE NETWORK. My solution would only allow access to the unraid interface. Also whats more likely to happen? Someone hack VPN (18923798127398127312749812931893891 mrd user) or someone hack a app which has <1000 user?

 

Also the server side part could be secured pretty easy, like with certificate, https, encryption, what ever. 

Edited by nuhll

2 minutes ago, nuhll said:

Yes, he need server.

 

But you dont understand, you dont let the server connect to your lan, Its the LAN connect to the server.

 

VPN provide access to your WHOLE NETWORK. My solution would only allow access to the unraid interface. Also whats more likely to happen? Someone hack VPN (18923798127398127312749812931893891 mrd user) or someone hack a app which has <1000 user?

 

Also the server side part could be secured pretty easy, like with certificate, https, encryption, what ever. 

I DO understand!    You want someone to pay for a and run server which is currently not required for the current I’m-lamentation.    Securing a server is a non-trivial task, so I would not be confident in such a server really being secure.   If anyone cracked it and got access to unRAID GUI it is a relatively trivial task to use that to access anything on the LAN.

 

VPN is easily secured using encryption and certificates so why is this much different to securing an (unneeded) server.    I agree that VPN is a more tempting target to try because of its large user base, but another way of looking at that is that is less likely to have flaws in the first place, and if there are any found there is great incentive to get them patched ASAP

 

 

a simple vps costs at 1€ a month. Just make a subscription for 1€/mon and your good to go.

 

Oh you want to open your door to enter your home? Just install a teleporter so you can transfer your home around you. 

 

 

Edited by nuhll

Maybe nuhll could provide this functionality for us for free.

5 hours ago, nuhll said:

Yes, he need server.

 

But you dont understand, you dont let the server connect to your lan, Its the LAN connect to the server.

 

VPN provide access to your WHOLE NETWORK. My solution would only allow access to the unraid interface. Also whats more likely to happen? Someone hack VPN (18923798127398127312749812931893891 mrd user) or someone hack a app which has <1000 user?

 

Also the server side part could be secured pretty easy, like with certificate, https, encryption, what ever. 

You realize it's way more likely they would try to hack the server/app than your VPN, right?

Why can't you setup a VPN?  That is the correct way to use this app remotely.

If you have to have the webgui accessible remotely but refuse a vpn then your only real option is opening the gui to the internet.

 

@jbrodriguez, great app, I love it.  Don't need to use it too often but it's easier to use than the webgui on my cellphone.

3 hours ago, trurl said:

Maybe nuhll could provide this functionality for us for free.

 

Yes, ofc, i BUY a software and develop a free addon for it.

 

"You realize it's way more likely they would try to hack the server/app than your VPN, right?"

Thats just wrong. Why should anyone invest so much time and effort to hack this app to turn your array off...... 


SSH is also widley used and was servival times hacked already.

 

Why i dont want VPN? BECAUSE I DONT NEED IT... 

 

But: I dont care, do what you want, in this state, this app is useless for me. Its a suggestion, which many ppl would like, if you dont want to use it, make it configurable, its that easy.

Edited by nuhll

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.