jbrodriguez Posted June 8, 2019 Author Share Posted June 8, 2019 That's right, only root can be authenticated. Quote Link to comment
mikeydk Posted June 9, 2019 Share Posted June 9, 2019 10 hours ago, itimpi said: As far as I know you HAVE to authenticate with the root username/password. No other user can control Unraid. I am logging in through nginx, which then handle the user logging in. So instead of me exposing unraid directly to the internet, I got nginx in between. This allow me to both use other users, have fail2ban, and other security measures on top. This is also why I need another user to log in (the app also got fields for username and password), because I would never use root as username for something online, that would be way too easy. Quote Link to comment
itimpi Posted June 9, 2019 Share Posted June 9, 2019 46 minutes ago, mikeydk said: I am logging in through nginx, which then handle the user logging in. So instead of me exposing unraid directly to the internet, I got nginx in between. This allow me to both use other users, have fail2ban, and other security measures on top. This is also why I need another user to log in (the app also got fields for username and password), because I would never use root as username for something online, that would be way too easy. I do not think that ControlR caters for any user other than root. I agree with not exposing Unraid directly to the Internet. I personally use openVPN to handle connecting to my Unraid server (and anything else on my home LAN) from the internet so am not worried about having to use ‘root’ as that is then not visible to anyone. Controlr;R runs fine across the OpenVPN connection. Quote Link to comment
mikeydk Posted June 9, 2019 Share Posted June 9, 2019 7 hours ago, itimpi said: I do not think that ControlR caters for any user other than root. I am not guessing or making assumptions, I am looking at what the app is offering, and it got a field for username and password. But no matter what you put into the username field, it still use root. All I need, is to use the field, with the username I put into it. This would give the app permission to access unraid, just as if it was on my local network. Quote Link to comment
itimpi Posted June 9, 2019 Share Posted June 9, 2019 Just as a check - does that actually work on the local network? If to then there is some sort of networking issue that needs to be resolved. If not then it could be a bug in the ContoilR app that ignores the user name you supply. If the latter then I would not see it as I have only ever used 'root' with ControlR. Since the author of ControlR actually stated 15 hours ago, jbrodriguez said: That's right, only root can be authenticated. then this a distinct possibility. Quote Link to comment
mikeydk Posted June 9, 2019 Share Posted June 9, 2019 (edited) 2 hours ago, itimpi said: Just as a check - does that actually work on the local network? If to then there is some sort of networking issue that needs to be resolved. If not then it could be a bug in the ContoilR app that ignores the user name you supply. If the latter then I would not see it as I have only ever used 'root' with ControlR. Since the author of ControlR actually stated then this a distinct possibility. I can connect directly to it over my local network, and I can also connect to it over the internet through nginx, if I add a root user to the .passwd file. If I remove the root user from the file again, and put the username into the app which it should use, I can see in the logfile it still trying to use root as username. Edited June 9, 2019 by mikeydk Quote Link to comment
jbrodriguez Posted June 9, 2019 Author Share Posted June 9, 2019 4 hours ago, mikeydk said: I am looking at what the app is offering, and it got a field for username and password I thought you were referring to the web interface of the plugin, but you're actually referring to the app itself. It shows root just as a placeholder (currently people logs in with root, in the more general case). You can change the username, but you still need to use root's password, due to how Unraid is currently set up. There's a longer explanation in the FAQ. Or are you saying that you can't replace the 'root' username with any other username? Quote Link to comment
jbrodriguez Posted June 9, 2019 Author Share Posted June 9, 2019 Also, as mentioned by itimpi, the officially sanctioned way to use ControlR remotely is via a vpn (OpenVPN, WireGuard when it makes it to the kernel/Unraid). I'm pretty sure it will sort of work remotely the way you describe it, but it's not a use case I support. Quote Link to comment
mikeydk Posted June 9, 2019 Share Posted June 9, 2019 6 minutes ago, jbrodriguez said: Or are you saying that you can't replace the 'root' username with any other username? The problem is in the app. No matter what username I put in, it will continue to use root as username. Quote Link to comment
jbrodriguez Posted June 9, 2019 Author Share Posted June 9, 2019 Ok, bear with me, I'm trying to understand the issue you're reporting. You can't edit the username field? That is, you can't remove the 'root' text and replace it with any other text (other username) ? Or is the field not-editable ? Does it happen only for the username field ? Are you able to edit other fields ? Quote Link to comment
jbrodriguez Posted June 9, 2019 Author Share Posted June 9, 2019 Ok, I reviewed the code. It's as I mentioned before: as per the current Unraid architecture, only root can be authenticated. There's currently no workaround for that. Quote Link to comment
mikeydk Posted June 9, 2019 Share Posted June 9, 2019 47 minutes ago, jbrodriguez said: Ok, bear with me, I'm trying to understand the issue you're reporting. You can't edit the username field? That is, you can't remove the 'root' text and replace it with any other text (other username) ? Or is the field not-editable ? Does it happen only for the username field ? Are you able to edit other fields ? I can edit the field, but no matter what I put into the username field, it will still continue to use root as username. Here I have put "mikey" in as username, which is then the username I expect it to try. But when I look in the log on the server, I see it trying to log in as "root", while the field is saying "mikey". 1 minute ago, jbrodriguez said: Ok, I reviewed the code. It's as I mentioned before: as per the current Unraid architecture, only root can be authenticated. There's currently no workaround for that. I am not talking about unraid at all. The problem is the android app, where it does not use the username put into the username field. I don't need the app to log into unraid directly, nginx is taking care of that. I do not need the app to log in as root, nginx is taking care of that. I need the android app to use the username that is put into the username field. The problem is not connecting directly to unraid, the problem is the username field not having any effect on what username the app is trying to l og in with. Quote Link to comment
jbrodriguez Posted June 10, 2019 Author Share Posted June 10, 2019 16 hours ago, mikeydk said: I don't need the app to log into unraid directly But the app needs to log into Unraid. That's why I mentioned that your scenario is not currently supported. Quote Link to comment
mikeydk Posted June 10, 2019 Share Posted June 10, 2019 (edited) 12 minutes ago, jbrodriguez said: But the app needs to log into Unraid. That's why I mentioned that your scenario is not currently supported. Then why does it have a username field, when it isn't using it? All it need to support what I am doing, is to actually use what is put into the username field. Also PLEASE read it all. As I wrote "I don't need the app to log into unraid directly, nginx is taking care of that.". As I have tried to explain a few times now. nginx is logging into unraid with the root user, but I am not logging in with root to nginx. No matter what username I decide to create for nginx, unraid will still see root as the user logged in. I dont know how to explain this more clear. All I need, is the username field in the app to actually be used. I have tested it by creating a root user that could log into nginx, and the app worked perfectly. So what I am doing will work, if the app is using the username entered into the username field in the app. When I change the username in the username field, I can see in the log it is still using "root" as username, instead of what is in the field. I just need the field to actually be used as the username to log in with. Edited June 10, 2019 by mikeydk Quote Link to comment
jbrodriguez Posted June 10, 2019 Author Share Posted June 10, 2019 (edited) I understand what you're saying, but it's currently not possible. Authentication in Unraid currently only happens via 'root' user. That's out of my hands. It's unfortunate the app doesn't work for your use case. Edited June 10, 2019 by jbrodriguez Quote Link to comment
mikeydk Posted June 10, 2019 Share Posted June 10, 2019 15 minutes ago, jbrodriguez said: I understand what you're saying, but it's currently not possible. Authentication in Unraid currently only happens via 'root' user. That's out of my hands. It's unfortunate the app doesn't work for your use case. No you do NOT understand. Seriously, I dont know how to explain it more clear! I have tried multiple times to explain nginx is logging in as root to unraid, no matter what user I log into nginx with. Forget unraid, seriously forget it, dont think about it at all. The problem is the username field in the app, and the app not using what is in the field. This is where the problem is. Not unraid, not how unraid wants the username. The problem is the username the app is using to log in with, where it ignore the username field. No matter what I put into the username field, it is using "root". Quote Link to comment
jbrodriguez Posted June 10, 2019 Author Share Posted June 10, 2019 mikeydk, Try this ... In the Unraid Users page, set up a new user (mikey as in your example) and set a password for this user, a password that's different from root's password. Then, via any browser, access Unraid's GUI and try to login with this username/password (mikey/<password>). Does it work for you ? Quote Link to comment
mikeydk Posted June 10, 2019 Share Posted June 10, 2019 2 minutes ago, jbrodriguez said: mikeydk, Try this ... In the Unraid Users page, set up a new user (mikey as in your example) and set a password for this user, a password that's different from root's password. Then, via any browser, access Unraid's GUI and try to login with this username/password (mikey/<password>). Does it work for you ? Are you trolling me? Quote Link to comment
jbrodriguez Posted June 10, 2019 Author Share Posted June 10, 2019 I'm trying to offer an insight into why the app works the way it does. I'm certainly not trying to troll you. Quote Link to comment
mikeydk Posted June 10, 2019 Share Posted June 10, 2019 Just now, jbrodriguez said: I'm trying to offer an insight into why the app works the way it does. I'm certainly not trying to troll you. What does the username field in the app do? Quote Link to comment
jbrodriguez Posted June 10, 2019 Author Share Posted June 10, 2019 It's used to obtain the user's access to dockers and vms in the app, defined via this plugin (as shown in the first post). Quote Link to comment
JonathanM Posted June 10, 2019 Share Posted June 10, 2019 42 minutes ago, mikeydk said: Are you trolling me? You are trying to bend the app to work the way you think it should, not the way it does. It's not simply a pass through mobile interface to the unraid GUI, it's a completely separate UI that works through the companion plugin. Normally you would set up a VPN from your mobile device to your home network, use ControlR or the normal webUI that way. Until limetech finishes securing the webUI, it's not recommended to expose it to the internet. They are working on it, but until they say it's ok, I wouldn't. Quote Link to comment
mikeydk Posted June 10, 2019 Share Posted June 10, 2019 1 minute ago, jonathanm said: You are trying to bend the app to work the way you think it should, not the way it does. It's not simply a pass through mobile interface to the unraid GUI, it's a completely separate UI that works through the companion plugin. Normally you would set up a VPN from your mobile device to your home network, use ControlR or the normal webUI that way. Until limetech finishes securing the webUI, it's not recommended to expose it to the internet. They are working on it, but until they say it's ok, I wouldn't. It does actually work that way pretty well. Now I am trying to get the app to connect to the ip of my server on port 2379, but it silently fails and nothing gets added to the list. Logging into the gui in the plugin also show some problems. Unable to connect to serverx (1001) - Unable to get unRAID state (dockers): Get https://127.0.0.1/plugins/dynamix.docker.manager/include/DockerContainers.php: dial tcp 127.0.0.1:443: connect: connection refused Instead of the vpn, I am using nginx. With that I can easy login to the unraid gui, while also having pretty high security. Unraid isnt exposed directly to the internet, nginx is in between. With nginx I have set up multiple things that will block after a few failed attempts. Exposing directly isnt something I would recommend either. Quote Link to comment
JonathanM Posted June 10, 2019 Share Posted June 10, 2019 20 minutes ago, mikeydk said: Now I am trying to get the app to connect to the ip of my server on port 2379, but it silently fails and nothing gets added to the list. Logging into the gui in the plugin also show some problems. So you want him to rewrite the app just for you, to work the way you want it to, when it works just fine using the recommended methods? It's honestly not as simple as you think it is, and you are the only person I've heard of to set up remote access this way. You are pretty much asking to commission a custom version of the app just for you. Quote Link to comment
mikeydk Posted June 10, 2019 Share Posted June 10, 2019 5 minutes ago, jonathanm said: So you want him to rewrite the app just for you, to work the way you want it to, when it works just fine using the recommended methods? It's honestly not as simple as you think it is, and you are the only person I've heard of to set up remote access this way. You are pretty much asking to commission a custom version of the app just for you. What way is it supposed to work? I have tried to put the ip and port in on unraid, and port 443 and it works fine. Except it will only use the root user, where I got nginx to handle it so I can use other users. I have tried to put the ip and port in the plugins says, and that does not work. So I assume this is wrong? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.