Seeing unRaid User Interface Remotely?


JP

Recommended Posts

I tried searching on this topic and I suspect it might be common knowledge for others, but since I specifically couldn't find any information I thought I would ask.  I only have a handful of apps (dockers) on my server, but I can access pretty much all of them remotely via a web browser.  However, I don't know of a way to access my unRaid user interface remotely and securely.

 

Is there an easy way to do this?  Possibly with a docker or plug-in?

Link to comment
7 minutes ago, JP said:

 I only have a handful of apps (dockers) on my server, but I can access pretty much all of them remotely via a web browser.

Depending on the apps and how you are allowing access to them, even this might not be a good idea without going through a VPN.

Link to comment

Thanks to you both.  My router has dd-wrt on it, but I've never even considered VPN could be hosted on it.  And I'm sure you are right about allowing access to the apps via VPN would be best.  

 

However, my basic understanding of VPN seems to be pretty poor.  When I think of it, I think of having my laptop somewhere and then accessing VPN to make a secure connection to a network somewhere.  The laptop can then leverage everything on the network in the same way as if I connected to it locally.  

 

But this isn't really what I wanted to do.  Instead, I was hoping to access my unRaid user interface via a web browser.  This would allow me to stay on the local network I'm already connected to, but make changes to unRaid remotely.  Is this possible?

Link to comment

You second and third parity seem to contradict each other!  One talks about being remote and the other local.   iI you are remote to your server then you are not on your local network.     What using a VPN connection gives you is the ability to be physically remote to your home network, but act as if you were connected to it locally.

Link to comment

Not sure how much you know about opening ports on your router, handling a domain to connect to your server remotely if your isp does dynamic ip's.insuspecr you know something since you can access some Dockers remotely. VPN on your router is THE best option in terms of security. If you have that setup, and use something like no-ip; then on your laptop, you would add a new network, make it a vpn, you enter all security details. When away, you connect to this network and it will be like you are at home.

 

You would access unRAID GUI via its local port, 192.168.x.x.

 

like everyone says' highly recommended. Slight learning curve, but well worth it. You could then close all your Dockers' ports on your router. No need for those passwords.

 

 

Link to comment

You could be also confusing vpn with other services that make you more anonymous when browsing the internet. This is a different vpn that allows a tunnel directly between your laptops and your router.

 

also with this vpn, you can connect using phones, tablets remotely.

Edited by hernandito
Link to comment

Thanks for the help everyone, and yes, my knowledge is limited.  However, my initial question might not have been as silly as I thought because based on what I'm reading it might not even be possible.  

 

What I'm asking to accomplish is a way to somewhat securely access the unRaid User Interface via a web browser when I'm not on the LAN where the server resides.  From what I've always understood about VPN this is not a solution since the entire computer would need to be connected to VPN and then the network where the server resides.  So everything that remote computer would leverage would be the same as if I was connected to the LAN directly.  I'm not looking for that.  Instead I want to remain on the network I'm leveraging remotely, but only want a secure window in to what the unRaid server might be doing.  

 

Sabnzbd is a good example.  I can access this directly on my LAN, but I can also access it remotely from any web browser on any network because I have the port opened on my router.  It is somewhat secure since I have https enabled with ID / Password authentication.  Is this scenario not possible with the unRaid user interface?      

Link to comment

Honestly, for this, it's either VPN or nothing.  Using a reverse proxy like with sabnzbd would be protected at best by a password, a VPN would be using a password and a key.  You're not talking about accessing a docker container with limited access, you're talking about root level access to your server and your LAN.

 

It's possible, but you'd need to be mad to do it and I for one wouldn't provide help setting it up as I feel that strongly about it.

 

A happy compromise would be a VPN connection using a mobile device you own, which is how I access my machine remotely.

Link to comment
12 minutes ago, CHBMB said:

Honestly, for this, it's either VPN or nothing.  Using a reverse proxy like with sabnzbd would be protected at best by a password, a VPN would be using a password and a key.  You're not talking about accessing a docker container with limited access, you're talking about root level access to your server and your LAN.

 

It's possible, but you'd need to be mad to do it and I for one wouldn't provide help setting it up as I feel that strongly about it.

 

A happy compromise would be a VPN connection using a mobile device you own, which is how I access my machine remotely.

 

Well put and thanks.  Makes perfect sense.  I enjoyed your comment that I would be "mad to do it."  It's probably best if I stay away from that space. :)

 

You are exactly right regarding the mobile device via VPN as a compromise.  Now I just need to figure out how to do it. :)  Thanks again.

Link to comment
1 minute ago, CHBMB said:

If your router has OpenVPN then set that up.  Use a dynamicDNS service if you need to.  Controlr is a great Unraid app for mobile to control things remotely, but nothing stopping you using the webui or SSH once connected to the VPN.

 

Thanks.  I have DD-WRT on my router and it apparently does have OpenVPN.  Don't know a thing about it, but I'll be searching to learn.  I'll definitely take a look at Controlr.   

Link to comment
6 hours ago, JP said:

However, I don't know of a way to access my unRaid user interface remotely and securely.

On a different tangent than VPN, you can also grant remote access through another machine on the network with something like teamviewer. A small headless VM with teamviewer in host mode will allow access to anything you want, and can be configured securely enough. All certificate work is done using teamviewer's infrastructure, so you can download and use the client on pretty much anything you control on the spur of the moment with only your teamviewer account.

 

However... under NO circumstances should you be accessing your home network in any way from untrusted public machines. I don't know if that's what you were after, if so, DON'T.

  • Like 1
Link to comment
12 hours ago, jonathanm said:

On a different tangent than VPN, you can also grant remote access through another machine on the network with something like teamviewer. A small headless VM with teamviewer in host mode will allow access to anything you want, and can be configured securely enough. All certificate work is done using teamviewer's infrastructure, so you can download and use the client on pretty much anything you control on the spur of the moment with only your teamviewer account.

 

However... under NO circumstances should you be accessing your home network in any way from untrusted public machines. I don't know if that's what you were after, if so, DON'T.

 

I'll be honest, some of what you are describing here is over my head, but in a way this is sort of what I do today.  That is, simply RDP (remote desktop protocol / remote access) in to a PC on my LAN to access the unRaid GUI.  I know I could improve on the workflow a little, but logging in to DD-WRT, waking the PC, opening RDP, entering the IP, loading the profile on the remote PC, opening the browser, then opening the unRaid GUI is just a little tedious.  Yes, I'm really lazy. :)

 

But I might just have to stick with that.  I looked in to setting up VPN on my DD-WRT router and I was surprised how complicated it seemed.  I know for many of you this comes as second nature, but I'm just a mere mortal.  I was sort of surprised at the fact you have to install OpenVPN on a client to build the certificates, which you are then having to put back in to the router.  I guess it makes sense, just unexpected for me.

 

I did find a great video by someone who installed the OpenVPN docker on unRaid.  At first it seemed pretty straight forward, but about 10 minutes in is when what they were doing sort of went over my head and if I don't understand it, I don't feel I should be pursuing it.  I know if it means enough to me I'll get aggressive with learning more.  It just all seems like a lot to go through just to access the unRaid GUI, but I understand the need for security as well.  Thanks for everyone's help.   

Link to comment

Why use a VPN when you could just use an SSH tunnel?

 

ssh -p {external port# forwarded to internal ssh port for local machine OR server} user@DDNS.net -L 9000:{serverIP OR localhost}:80

 

then open web browser and type "http://localhost:9000".

 

 

example: ssh -p 446 darksurf@mynetwork.net -L 9000:locahost:80

 

and using SSH keys, you can prevent password login making it all the more secure.
 

Edited by Darksurf
Link to comment
2 minutes ago, Darksurf said:

Why use a VPN when you could just use an SSH tunnel?

Because failed SSH logins are written to the syslog, and with all the scripted attacks happening continuously an open SSH port gets slammed. Non-standard port, yada, yada, it's still a pain.

 

VPN is harder to get wrong.

Link to comment
1 minute ago, jonathanm said:

Because failed SSH logins are written to the syslog, and with all the scripted attacks happening continuously an open SSH port gets slammed. Non-standard port, yada, yada, it's still a pain.

 

VPN is harder to get wrong.

 

Glass half empty approach? non-standard ports through port-forward are extremely simple and less attempted. Anyone who cares about security could simply look at failed login IPs and add them to a block list etc (fail2ban or denyhosts). I was using pfsense VM + pfBlocker to block IPs from certain portions of the world known for constant hacking attempts. There's also suricata for anyone who has patience enough to workaround false positives.

 

VPNs can be blocked by firewalls, but in most cases SSH is allowed.

Link to comment

I think @JP is confusing his VPN terminology. This is NOT the vpn that services like Hide My Ass provides, for anonymity or getting access to content not allowed in your country.

 

The vpn everyone here is talking about is the one for where you tunnel to your home network by means of a router. Here is a guide for what we all recommend with dd-wrt:

 

http://www.geekyprojects.com/vpn/remote-access-your-home-computer-setup-a-vpn-with-dd-wrt/

 

 

Link to comment

I'm going to restate jonathanm's suggestion of using TeamViewer inside a VM on unRaid.  Install Windows or Linux in a VM, install the TeamViewer host, and then connect to that VM via TeamViewer's app or website.  From there you can do whatever you want to unRaid's GUI from the VM.  It's essentially the same thing that you might do now with RDP to a networked pc, yet it removes that physical pc from the equation and leaves it to unRaid with a running VM to provide the access.

 

Access to the TeamViewer host is available as a pc app, through a website, and on iphone/android mobiles.

 

It's not 'perfect' but it's a lot easier than trying to set up a VPN to use. 

 

Also, depending where you try to VPN in from, on a desktop computer at work or such, it might not even be possible or advisable to use a VPN.  To my knowledge if you connect to a VPN that will take over all network traffic... so if you are already on a network of some type you will essentially have to disconnect from that and connect to your own vpn therefore interrupting any kind of work communications you might have.  That might not be good.

 

For example, all my work communications are via the network, if I connected to VPN I would not receive those communications and essentially be 'offline' to work.  No good! 

Link to comment
14 hours ago, JP said:

Thanks for these hernandito, but my mobile device is an iPhone and with iOS 10 they removed PPTP citing security concerns (?).  I only have the options for IKEv2, IPSec, and L2TP.

 

I run iOS 10, and OpenVPN has a client you can use without problems. Just FYI :)

Link to comment
3 minutes ago, jbrodriguez said:

 

I run iOS 10, and OpenVPN has a client you can use without problems. Just FYI :)

 

Thanks, but that sort of puts me back to where I was with having to go through all the configuration for VPN and then additionally I'm dropped off my current network when I'm leveraging VPN.  The example Energen gave of being at work was a good example.  Ultimately, I think the answer to this question is, there really isn't an efficient and secure way of accessing the unRaid UI, which is fine.  I can simply continue to leverage RDP on a PC I have at home to access the unRaid UI as I have been.  Thanks everyone for the help.

 

Link to comment
21 hours ago, JP said:

I'm dropped off my current network when I'm leveraging VPN

If you google all this, there are ways to stay on your current network (and access the internet without going through the VPN) and remain connected to the VPN

Link to comment
  • 1 year later...

I currently use 3 ways. 

 

1. Create a redirect using let's encrypt or nginxproxy manager. 

2. Using a VM inside unraid connecting through realvnc or TeamViewer 

3. Also using a VPN with the OpenVPNas docker

 

The downside of all these, which is what I struggle. I can't access the server if the array is off. Which is something I want. 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.