Jump to content
T0rqueWr3nch

Preparing Your unRAID Server for Vacation- The Unattended Server Access Checklist

12 posts in this topic Last Reply

Recommended Posts

Hi everyone,

 

With summer now underway and many of us traveling for vacation, I understand the anxiety that leaving your unRAID server unattended can cause. Especially with so many of us relying on unRAID to keep the kids entertained or looking forward to family movie nights in the evening. What if I lose power? What if my VPN fails? If you have my kind of luck, it’ll happen about two seconds after you set foot out the door and will wear on your mind your whole vacation.

 

I have recently written up a description on my blog of a short checklist that I use whenever I travel to make sure my homelab is ready. The preparedness of the checklist has really helped me have peace of mind when I travel. I hope it helps you too:

 

Preparing Your Server for Vacation – The Unattended Server Access Checklist

UnattendedServerChecklist.png

 

In the future, I will be adding additional how-to guides for configuring each step.

 

-Torquewrench

Share this post


Link to post
Posted (edited)

very nice write, up can you share your graceful shutdown script? 

Edited by Fiservedpi

Share this post


Link to post

Question: are you not afraid that exposing your server to the Internet is rather risky? Or is OpenVPN generally safe?

Share this post


Link to post
1 hour ago, testdasi said:

Question: are you not afraid that exposing your server to the Internet is rather risky? Or is OpenVPN generally safe?

With OpenVPN you are NOT exposing your server to the internet - just the OpenVPN port and that is considered safe.   If OpenVPN gets cracked then there will be probably be millions of servers that suddenly become insecure.

Share this post


Link to post
8 hours ago, testdasi said:

Question: are you not afraid that exposing your server to the Internet is rather risky? Or is OpenVPN generally safe?

Great question. See below!

6 hours ago, itimpi said:

With OpenVPN you are NOT exposing your server to the internet - just the OpenVPN port and that is considered safe.   If OpenVPN gets cracked then there will be probably be millions of servers that suddenly become insecure.

Exactly. Just to add to this and where I think some people may get confused, port forwarding to your OpenVPN port isn't the same as, say, port forwarding port 80 (web traffic) to your unRAID/tower page. Now that would be VERY insecure. In that situation, anyone who visited your IP address would be sent straight to your tower admin page. On a high level, OpenVPN in contrast only has the one port forwarded to it and the connection attempt has to use a pre-generated key known only to the server and your workstation where the certificate is installed. This allows you to sit on your network as just another client, no matter where you are in the world, without exposure to the internet.

 

As an extra precaution, my unRAID server sits in a DMZ behind a hardware firewall, isolated from my home network. If you (or anyone else) would be interested in that, I could write up another article on setting up a DMZ and a hardware firewall. It can be done surprisingly well on a very modest budget (<$200).

 

-Torquewrench

Share this post


Link to post

Yeah, I'd be more concerned about having a decent firewall, than opening a port.  I use opnsense which has some nice intrusion detection and prevention, but there are others like pfsense, IPFire to name three but there are heaps.  I'd be interested to know what a good hardware based one is for under $200 as I've been looking for a while and haven't found anything.  One of the big challenges these days is the companies can't scale their offerings to consumers by lower CPU etc as consumers have got Gigabit connections all over the place.  That's one of my problems, the off the shelf offerings slow down my connections to a crawl.  

Share this post


Link to post
5 hours ago, T0rqueWr3nch said:

As an extra precaution, my unRAID server sits in a DMZ behind a hardware firewall, isolated from my home network. If you (or anyone else) would be interested in that, I could write up another article on setting up a DMZ and a hardware firewall. It can be done surprisingly well on a very modest budget (<$200).

 

-Torquewrench

I am also very much interested in the <$200 part. I have looked around but have not found anything at that price point.

Share this post


Link to post
3 hours ago, Marshalleq said:

Yeah, I'd be more concerned about having a decent firewall, than opening a port.  I use opnsense which has some nice intrusion detection and prevention, but there are others like pfsense, IPFire to name three but there are heaps.  I'd be interested to know what a good hardware based one is for under $200 as I've been looking for a while and haven't found anything.  One of the big challenges these days is the companies can't scale their offerings to consumers by lower CPU etc as consumers have got Gigabit connections all over the place.  That's one of my problems, the off the shelf offerings slow down my connections to a crawl.  

OPNsense is a good choice. Are you saying you have a bottleneck with it? If so, what hardware are you running it on?

Share this post


Link to post
On 6/21/2019 at 3:30 AM, T0rqueWr3nch said:

If you (or anyone else) would be interested in that, I could write up another article on setting up a DMZ and a hardware firewall. It can be done surprisingly well on a very modest budget (<$200).

Hi T0rqueWr3nch,

 

I'm also interessed.

Share this post


Link to post

And to minimise the need to SSH in, switch off automatic updates of docker containers, it's not worth risking stability just to say you are running latest shiny code.

Sent from my EML-L29 using Tapatalk

Share this post


Link to post
13 hours ago, binhex said:

And to minimise the need to SSH in, switch off automatic updates of docker containers, it's not worth risking stability just to say you are running latest shiny code.

Sent from my EML-L29 using Tapatalk
 

That's a good point. I also implement a moratorium on updates in general one week prior to departure. I haven't had this problem with unRAID specifically, but I have had it with various virtual environments and my web server; some update somewhere introduces a memory leak and a week later your web server is down. Not worth the risk.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.