solidus28 Posted March 19, 2018 Share Posted March 19, 2018 Hello all! Fairly new Unraider here. I just upgraded to 6.5 and setup the SSL certificate. I'm able to access my server successfully internally on my network, with the old hostname or the new string of numbers, so it appears to be working. I attempted to forward port 443 from my router to my server (I had previously done this for temporary access over port 80 without issue), but I can't seem to access it via the long string or just my public IP prefixed with https://. Is there something else I would need to do to access externally? Other ports involved? Thanks in advance! Quote Link to comment
trurl Posted March 19, 2018 Share Posted March 19, 2018 You should not attempt this. Check out the OpenVPN docker 1 Quote Link to comment
solidus28 Posted March 19, 2018 Author Share Posted March 19, 2018 So even with SSL, still not recommended? I'll check out OpenVPN. I had installed the client, but I'm assuming for this it would be OpenVPN AS, right? Quote Link to comment
primeval_god Posted March 19, 2018 Share Posted March 19, 2018 4 hours ago, solidus28 said: So even with SSL, still not recommended? Correct, SSL is an improvement but it remains that unRAID is not a security hardened distro. The unRAID web UI should not be exposed to the internet in any form. As mentioned above the recommendation is to run a VPN server to allow you to remotely tunnel into your local network and access unRAID from the relative safety of a LAN. Quote Link to comment
pwm Posted March 19, 2018 Share Posted March 19, 2018 5 hours ago, solidus28 said: So even with SSL, still not recommended? I'll check out OpenVPN. I had installed the client, but I'm assuming for this it would be OpenVPN AS, right? SSL (or nowadays TLS) encrypts the link, to make it hard to listen. But anyone will still be able to connect and reach the password prompt, so it would be down to password security strength if they can manage to log in. And it would also be down to what algorithms etc that are enabled for the https interface. With a VPN, you can make use of a client certificate when connecting. This makes it very tough for someone else to connect since it isn't possible to run through any "one million most common passwords" database. And a VPN doesn't need to select algorithms based on what is supported by older computers or different mobile phone web browsers so it can use current best practices. So always make use of secure tunnels when you want access to something in your home - never any port forwarding directly to different services unless the service in question is explicitly designed to for use on the outside of a firewall. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.