T0rqueWr3nch Posted June 19, 2019 Share Posted June 19, 2019 (edited) Hi everyone, With summer now underway and many of us traveling for vacation, I understand the anxiety that leaving your unRAID server unattended can cause. Especially with so many of us relying on unRAID to keep the kids entertained or looking forward to family movie nights in the evening. What if I lose power? What if my VPN fails? If you have my kind of luck, it’ll happen about two seconds after you set foot out the door and will wear on your mind your whole vacation. I have recently written up a description on my blog of a short checklist that I use whenever I travel to make sure my homelab is ready. The preparedness of the checklist has really helped me have peace of mind when I travel. I hope it helps you too: Preparing Your Server for Vacation – The Unattended Server Access Checklist In the future, I will be adding additional how-to guides for configuring each step. -Torquewrench Edited November 25, 2019 by T0rqueWr3nch 2 Quote Link to comment
Fiservedpi Posted June 20, 2019 Share Posted June 20, 2019 (edited) very nice write, up can you share your graceful shutdown script? Edited June 20, 2019 by Fiservedpi Quote Link to comment
SpencerJ Posted June 20, 2019 Share Posted June 20, 2019 Great blog! Thanks for sharing Quote Link to comment
testdasi Posted June 20, 2019 Share Posted June 20, 2019 Question: are you not afraid that exposing your server to the Internet is rather risky? Or is OpenVPN generally safe? Quote Link to comment
itimpi Posted June 20, 2019 Share Posted June 20, 2019 1 hour ago, testdasi said: Question: are you not afraid that exposing your server to the Internet is rather risky? Or is OpenVPN generally safe? With OpenVPN you are NOT exposing your server to the internet - just the OpenVPN port and that is considered safe. If OpenVPN gets cracked then there will be probably be millions of servers that suddenly become insecure. Quote Link to comment
T0rqueWr3nch Posted June 21, 2019 Author Share Posted June 21, 2019 8 hours ago, testdasi said: Question: are you not afraid that exposing your server to the Internet is rather risky? Or is OpenVPN generally safe? Great question. See below! 6 hours ago, itimpi said: With OpenVPN you are NOT exposing your server to the internet - just the OpenVPN port and that is considered safe. If OpenVPN gets cracked then there will be probably be millions of servers that suddenly become insecure. Exactly. Just to add to this and where I think some people may get confused, port forwarding to your OpenVPN port isn't the same as, say, port forwarding port 80 (web traffic) to your unRAID/tower page. Now that would be VERY insecure. In that situation, anyone who visited your IP address would be sent straight to your tower admin page. On a high level, OpenVPN in contrast only has the one port forwarded to it and the connection attempt has to use a pre-generated key known only to the server and your workstation where the certificate is installed. This allows you to sit on your network as just another client, no matter where you are in the world, without exposure to the internet. As an extra precaution, my unRAID server sits in a DMZ behind a hardware firewall, isolated from my home network. If you (or anyone else) would be interested in that, I could write up another article on setting up a DMZ and a hardware firewall. It can be done surprisingly well on a very modest budget (<$200). -Torquewrench 2 Quote Link to comment
Marshalleq Posted June 21, 2019 Share Posted June 21, 2019 Yeah, I'd be more concerned about having a decent firewall, than opening a port. I use opnsense which has some nice intrusion detection and prevention, but there are others like pfsense, IPFire to name three but there are heaps. I'd be interested to know what a good hardware based one is for under $200 as I've been looking for a while and haven't found anything. One of the big challenges these days is the companies can't scale their offerings to consumers by lower CPU etc as consumers have got Gigabit connections all over the place. That's one of my problems, the off the shelf offerings slow down my connections to a crawl. Quote Link to comment
testdasi Posted June 21, 2019 Share Posted June 21, 2019 5 hours ago, T0rqueWr3nch said: As an extra precaution, my unRAID server sits in a DMZ behind a hardware firewall, isolated from my home network. If you (or anyone else) would be interested in that, I could write up another article on setting up a DMZ and a hardware firewall. It can be done surprisingly well on a very modest budget (<$200). -Torquewrench I am also very much interested in the <$200 part. I have looked around but have not found anything at that price point. Quote Link to comment
T0rqueWr3nch Posted June 21, 2019 Author Share Posted June 21, 2019 3 hours ago, Marshalleq said: Yeah, I'd be more concerned about having a decent firewall, than opening a port. I use opnsense which has some nice intrusion detection and prevention, but there are others like pfsense, IPFire to name three but there are heaps. I'd be interested to know what a good hardware based one is for under $200 as I've been looking for a while and haven't found anything. One of the big challenges these days is the companies can't scale their offerings to consumers by lower CPU etc as consumers have got Gigabit connections all over the place. That's one of my problems, the off the shelf offerings slow down my connections to a crawl. OPNsense is a good choice. Are you saying you have a bottleneck with it? If so, what hardware are you running it on? Quote Link to comment
ank0m Posted June 22, 2019 Share Posted June 22, 2019 On 6/21/2019 at 3:30 AM, T0rqueWr3nch said: If you (or anyone else) would be interested in that, I could write up another article on setting up a DMZ and a hardware firewall. It can be done surprisingly well on a very modest budget (<$200). Hi T0rqueWr3nch, I'm also interessed. Quote Link to comment
binhex Posted June 24, 2019 Share Posted June 24, 2019 And to minimise the need to SSH in, switch off automatic updates of docker containers, it's not worth risking stability just to say you are running latest shiny code.Sent from my EML-L29 using Tapatalk Quote Link to comment
T0rqueWr3nch Posted June 25, 2019 Author Share Posted June 25, 2019 13 hours ago, binhex said: And to minimise the need to SSH in, switch off automatic updates of docker containers, it's not worth risking stability just to say you are running latest shiny code. Sent from my EML-L29 using Tapatalk That's a good point. I also implement a moratorium on updates in general one week prior to departure. I haven't had this problem with unRAID specifically, but I have had it with various virtual environments and my web server; some update somewhere introduces a memory leak and a week later your web server is down. Not worth the risk. Quote Link to comment
T0rqueWr3nch Posted November 25, 2019 Author Share Posted November 25, 2019 (edited) Hi everyone, with a lot of us travelling for Thanksgiving this week, I've updated this guide. This is just a friendly reminder to double check your homelab/unRAID server set up before leaving. Nothing ruins an otherwise perfect trip more than planning on watching a movie with the family while you're gone and the server is down or worrying about what may be wrong at home. The guide has been updated with additional articles on: The Homelab Lifeline: The Easiest Guide to Creating a Reverse SSH Tunnel Remote Start for Servers: How To Set Up Wake-on-LAN (WOL) Hope this helps yall out with building a more resilient system! Edited November 25, 2019 by T0rqueWr3nch 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.