[Plugin] ControlR


Recommended Posts

10 hours ago, itimpi said:

As far as I know you HAVE to authenticate with the root username/password.   No other user can control Unraid.

I am logging in through nginx, which then handle the user logging in. So instead of me exposing unraid directly to the internet, I got nginx in between. This allow me to both use other users, have fail2ban, and other security measures on top. This is also why I need another user to log in (the app also got fields for username and password), because I would never use root as username for something online, that would be way too easy.

Link to comment
46 minutes ago, mikeydk said:

I am logging in through nginx, which then handle the user logging in. So instead of me exposing unraid directly to the internet, I got nginx in between. This allow me to both use other users, have fail2ban, and other security measures on top. This is also why I need another user to log in (the app also got fields for username and password), because I would never use root as username for something online, that would be way too easy.

I do not think that ControlR caters for any user other than root.

 

I agree with not exposing Unraid directly to the Internet.   I personally use openVPN to handle connecting to my Unraid server (and anything else on my home LAN) from the internet so am not worried about having to use ‘root’ as that is then not visible to anyone.   Controlr;R runs fine across the OpenVPN connection.

Link to comment
7 hours ago, itimpi said:

I do not think that ControlR caters for any user other than root.

I am not guessing or making assumptions, I am looking at what the app is offering, and it got a field for username and password. But no matter what you put into the username field, it still use root. All I need, is to use the field, with the username I put into it. This would give the app permission to access unraid, just as if it was on my local network.

2019-06-09 10.05.19.jpg

Link to comment

Just as a check - does that actually work on the local network?   If to then there is some sort of networking issue that needs to be resolved. 

 

If not then it could be a bug in the ContoilR app that ignores the user name you supply.   If the latter then I would not see it as I have only ever used 'root' with ControlR.  Since the author of ControlR actually stated 

15 hours ago, jbrodriguez said:

That's right, only root can be authenticated.

then this a distinct possibility.

Link to comment
2 hours ago, itimpi said:

Just as a check - does that actually work on the local network?   If to then there is some sort of networking issue that needs to be resolved. 

 

If not then it could be a bug in the ContoilR app that ignores the user name you supply.   If the latter then I would not see it as I have only ever used 'root' with ControlR.  Since the author of ControlR actually stated 

then this a distinct possibility.

I can connect directly to it over my local network, and I can also connect to it over the internet through nginx, if I add a root user to the .passwd file.

 

If I remove the root user from the file again, and put the username into the app which it should use, I can see in the logfile it still trying to use root as username.

Edited by mikeydk
Link to comment
4 hours ago, mikeydk said:

I am looking at what the app is offering, and it got a field for username and password

I thought you were referring to the web interface of the plugin, but you're actually referring to the app itself.

 

It shows root just as a placeholder (currently people logs in with root, in the more general case).

 

You can change the username, but you still need to use root's password, due to how Unraid is currently set up.

 

There's a longer explanation in the FAQ.

 

Or are you saying that you can't replace the 'root' username with any other username?

Link to comment

Ok, bear with me, I'm trying to understand the issue you're reporting.

 

You can't edit the username field?

 

That is, you can't remove the 'root' text and replace it with any other text (other username) ?

 

Or is the field not-editable ?

 

Does it happen only for the username field ?

 

Are you able to edit other fields ?

 

Link to comment
47 minutes ago, jbrodriguez said:

Ok, bear with me, I'm trying to understand the issue you're reporting.

 

You can't edit the username field?

 

That is, you can't remove the 'root' text and replace it with any other text (other username) ?

 

Or is the field not-editable ?

 

Does it happen only for the username field ?

 

Are you able to edit other fields ?

 

I can edit the field, but no matter what I put into the username field, it will still continue to use root as username.

 

1430792173_2019-06-0919_38_37.thumb.jpg.f4324ea68049355cfef3acd1bfdf702c.jpg

Here I have put "mikey" in as username, which is then the username I expect it to try. But when I look in the log on the server, I see it trying to log in as "root", while the field is saying "mikey".

 

 

1 minute ago, jbrodriguez said:

Ok, I reviewed the code.

 

It's as I mentioned before: as per the current Unraid architecture, only root can be authenticated.

 

There's currently no workaround for that.

I am not talking about unraid at all. The problem is the android app, where it does not use the username put into the username field. I don't need the app to log into unraid directly, nginx is taking care of that. I do not need the app to log in as root, nginx is taking care of that. I need the android app to use the username that is put into the username field. The problem is not connecting directly to unraid, the problem is the username field not having any effect on what username the app is trying to l og in with.

Link to comment
12 minutes ago, jbrodriguez said:

But the app needs to log into Unraid.

 

That's why I mentioned that your scenario is not currently supported.

Then why does it have a username field, when it isn't using it? All it need to support what I am doing, is to actually use what is put into the username field.

 

Also PLEASE read it all. As I wrote "I don't need the app to log into unraid directly, nginx is taking care of that.". As I have tried to explain a few times now. nginx is logging into unraid with the root user, but I am not logging in with root to nginx. No matter what username I decide to create for nginx, unraid will still see root as the user logged in.

 

I dont know how to explain this more clear.

 

All I need, is the username field in the app to actually be used.

 

I have tested it by creating a root user that could log into nginx, and the app worked perfectly. So what I am doing will work, if the app is using the username entered into the username field in the app.

 

When I change the username in the username field, I can see in the log it is still using "root" as username, instead of what is in the field. I just need the field to actually be used as the username to log in with.

Edited by mikeydk
Link to comment
15 minutes ago, jbrodriguez said:

I understand what you're saying, but it's currently not possible.

 

Authentication in Unraid currently only happens via 'root' user.

 

That's out of my hands.

 

It's unfortunate the app doesn't work for your use case.

No you do NOT understand. Seriously, I dont know how to explain it more clear!

 

I have tried multiple times to explain nginx is logging in as root to unraid, no matter what user I log into nginx with. Forget unraid, seriously forget it, dont think about it at all.

 

The problem is the username field in the app, and the app not using what is in the field. This is where the problem is. Not unraid, not how unraid wants the username. The problem is the username the app is using to log in with, where it ignore the username field.

 

1131635185_2019-06-0919_39_13.thumb.jpg.9ba471514d9043ed4a291d945feceb79.jpg

No matter what I put into the username field, it is using "root".

Link to comment

mikeydk,

 

Try this ...

 

In the Unraid Users page, set up a new user (mikey as in your example) and set a password for this user, a password that's different from root's password.

 

Then, via any browser, access Unraid's GUI and try to login with this username/password (mikey/<password>).

 

Does it work for you ?

Link to comment
2 minutes ago, jbrodriguez said:

mikeydk,

 

Try this ...

 

In the Unraid Users page, set up a new user (mikey as in your example) and set a password for this user, a password that's different from root's password.

 

Then, via any browser, access Unraid's GUI and try to login with this username/password (mikey/<password>).

 

Does it work for you ?

Are you trolling me?

Link to comment
42 minutes ago, mikeydk said:

Are you trolling me?

You are trying to bend the app to work the way you think it should, not the way it does. It's not simply a pass through mobile interface to the unraid GUI, it's a completely separate UI that works through the companion plugin.

 

Normally you would set up a VPN from your mobile device to your home network, use ControlR or the normal webUI that way.

 

Until limetech finishes securing the webUI, it's not recommended to expose it to the internet. They are working on it, but until they say it's ok, I wouldn't.

Link to comment
1 minute ago, jonathanm said:

You are trying to bend the app to work the way you think it should, not the way it does. It's not simply a pass through mobile interface to the unraid GUI, it's a completely separate UI that works through the companion plugin.

 

Normally you would set up a VPN from your mobile device to your home network, use ControlR or the normal webUI that way.

 

Until limetech finishes securing the webUI, it's not recommended to expose it to the internet. They are working on it, but until they say it's ok, I wouldn't.

It does actually work that way pretty well.

 

Now I am trying to get the app to connect to the ip of my server on port 2379, but it silently fails and nothing gets added to the list.

 

Logging into the gui in the plugin also show some problems.

Unable to connect to serverx

(1001) - Unable to get unRAID state (dockers): Get https://127.0.0.1/plugins/dynamix.docker.manager/include/DockerContainers.php: dial tcp 127.0.0.1:443: connect: connection refused

 

Instead of the vpn, I am using nginx. With that I can easy login to the unraid gui, while also having pretty high security. Unraid isnt exposed directly to the internet, nginx is in between. With nginx I have set up multiple things that will block after a few failed attempts. Exposing directly isnt something I would recommend either.

Link to comment
20 minutes ago, mikeydk said:

Now I am trying to get the app to connect to the ip of my server on port 2379, but it silently fails and nothing gets added to the list.

 

Logging into the gui in the plugin also show some problems.

So you want him to rewrite the app just for you,  to work the way you want it to, when it works just fine using the recommended methods? It's honestly not as simple as you think it is, and you are the only person I've heard of to set up remote access this way. You are pretty much asking to commission a custom version of the app just for you.

Link to comment
5 minutes ago, jonathanm said:

So you want him to rewrite the app just for you,  to work the way you want it to, when it works just fine using the recommended methods? It's honestly not as simple as you think it is, and you are the only person I've heard of to set up remote access this way. You are pretty much asking to commission a custom version of the app just for you.

What way is it supposed to work?

 

I have tried to put the ip and port in on unraid, and port 443 and it works fine. Except it will only use the root user, where I got nginx to handle it so I can use other users.

I have tried to put the ip and port in the plugins says, and that does not work. So I assume this is wrong?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.