Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Need to start exposing services to the internet

Featured Replies

So I'm at the point where I'd like to start exposing some services externally. For instance I have a Windows 10 VM running Milestone for my security cameras, and a static IP from my ISP. I want to see the live view from the Milestone Mobile app, so I've port forwarded the two ports Milestone Mobile uses. I also run the UniFi controller docker, and have a couple of external sites I manage, so I've simply port forwarded the couple of ports I needed for that. Should I be handling these situations differently, or is this the best practice from a security standpoint?

As long as you only forward ports where the answering service is auditable and trusted, you should be as secure as can be expected.

 

Every exposed application must be monitored, treated as possibly hostile, and you need to keep up with the software authors recommendations for security.

 

Ideally, the machine hosting the exposed apps should be in a different network segment than your everyday internal stuff, but that's not always doable.

  • Author

Ok, that's basically where I am. I'm up on my firewalling and VLANing, but I do see a lot of folks using Letsencrypt and a reverse proxy and I'm not up to speed on those. Would that do anything for me?

1 hour ago, Smackover said:

Ok, that's basically where I am. I'm up on my firewalling and VLANing, but I do see a lot of folks using Letsencrypt and a reverse proxy and I'm not up to speed on those. Would that do anything for me?

Sort of, for the services where you can use reverse proxy. Instead of opening up a bunch of ports, one for each app, you only open one port and can keep security audits focused on that port and the LE enabled NGINX server. However, for uncommon apps like your security cameras, it may not be possible to pass that through NGINX. You will have to research that with the author / company.

On 7/5/2019 at 5:36 PM, Smackover said:

So I'm at the point where I'd like to start exposing some services externally. For instance I have a Windows 10 VM running Milestone for my security cameras, and a static IP from my ISP. I want to see the live view from the Milestone Mobile app, so I've port forwarded the two ports Milestone Mobile uses. I also run the UniFi controller docker, and have a couple of external sites I manage, so I've simply port forwarded the couple of ports I needed for that. Should I be handling these situations differently, or is this the best practice from a security standpoint?

why not access the  vm via VNC more secure than Port Forwarding

Edited by Fiservedpi

  • 1 month later...
On 7/12/2019 at 12:49 PM, Fiservedpi said:

why not access the  vm via VNC more secure than Port Forwarding

VNC is not secure and should never be exposed to the internet unless you use Next gen Firewalls like Palo Altos. 

meehh slap a putty tunnel on that sum b%#$ch call it a dayy 

Exposing Unraid's defaut SSH config to the internet for tunnelling is one of the worst ideas, because when compromised, gives the attackers "trusted" status on the LAN, dockers, VMs, and data.

 

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.