Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Webserver security vs VPN

Featured Replies

I've read in a number of places that unraid is not secure enough to run an internet facing web server on the machine, and running things like nginx/apache reverse proxy are not advised. Could anyone explain why this is the case? I would like to be able to hook up a domain name and access some of my dockers while I'm away from my LAN

 

On a related note...if it is insecure to run a webserver/reverse proxy on an unraid machine, is it also not advised to run an openvpn server on the machine for the same reason? If ovpn servers (in a container) is secure, what makes that different from running a webserver in a container?

OpenVPN requires a certificate that you generate so nobody else has it... so that's one reason it's more secure than a normal public facing open port. Plus, there is no HTTPS/SSL for unRAID's web GUI. If you are just passing a specific docker port like 3400 for Plex, that is fine as Plex has HTTPS/SSL support baked in.

 

Just to be clear, you aren't talking about passing port 80 to unRAID from WAN, correct?

  • Author

OpenVPN requires a certificate that you generate so nobody else has it... so that's one reason it's more secure than a normal public facing open port. Plus, there is no HTTPS/SSL for unRAID's web GUI. If you are just passing a specific docker port like 3400 for Plex, that is fine as Plex has HTTPS/SSL support baked in.

 

Just to be clear, you aren't talking about passing port 80 to unRAID from WAN, correct?

 

well I have nginx on port 80 and moved unraid to 88. So on my router I pass port 80 through to the nginx docker, which has an SSL certificate, so I'm guessing thats a secure setup?

OpenVPN requires a certificate that you generate so nobody else has it... so that's one reason it's more secure than a normal public facing open port. Plus, there is no HTTPS/SSL for unRAID's web GUI. If you are just passing a specific docker port like 3400 for Plex, that is fine as Plex has HTTPS/SSL support baked in.

 

Just to be clear, you aren't talking about passing port 80 to unRAID from WAN, correct?

 

well I have nginx on port 80 and moved unraid to 88. So on my router I pass port 80 through to the nginx docker, which has an SSL certificate, so I'm guessing thats a secure setup?

 

Should be passing port 443 and using HTTPS:// port 80 is HTTP:// (not secure), double check the nginx documentation to make sure.

  • Author

sorry - minor oversight when I was typing. I do pass 443 to nginx and use https. I also pass 80 to nginx but it forces a redirect to 443 if any traffic comes in on 80

  • Community Expert

sorry - minor oversight when I was typing. I do pass 443 to nginx and use https. I also pass 80 to nginx but it forces a redirect to 443 if any traffic comes in on 80

You might be better of not letting port 80 through your firewall in the first place.

 

There have also been some reports of unexpected behaviour at the unRAID GUI level if it is not running on port 80, so that is another reason to not use port 80 for nginx.

  • 2 months later...

You might be better of not letting port 80 through your firewall in the first place.

 

Why? As Nem said, http is redirected to https by the proxy. I do the same thing; seems to be widespread pattern.

You might be better of not letting port 80 through your firewall in the first place.

 

Why? As Nem said, http is redirected to https by the proxy. I do the same thing; seems to be widespread pattern.

Why do you want / need uninvited unknown traffic to your server? Since all legit access is on 443, there is no reason to allow external traffic to hit 80. If you mistype and forget the s at the end of http, just insert it.

 

The widespread pattern of redirecting 80 to 443 is to allow publishing a http address and forcing all incoming traffic to 443. Unless you are inviting the world to visit your unraid server, I see no need for opening 80.

The widespread pattern of redirecting 80 to 443 is to allow publishing a http address and forcing all incoming traffic to 443. Unless you are inviting the world to visit your unraid server, I see no need for opening 80.

 

Fair point; i'm only exposing seafile backend so files could be shared. No one's manually typing the address anyways.

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.