Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

is your cloud exposed to WAN?

Featured Replies

Hey guys, kinda question that maybe does not really fit here but I don't know where else to ask.

Did a little search but found nothing that could push me to either side (open services to wan or access them through vpn). :)

 

Basically: is your cloud exposed to WAN? if so, why and how "secure" is it to do that.

 

My current setup would look like this:

Three different subdomains handled by cloudflare to hide IP's and proxy them through cloudflare services ending on my ISP router on TCP 443 which is natted to my fortigate firewall on TCP 443.

That traffic is checked for source (only allowing cloudflare ips) and then natted on the fortigate to a VLAN in unraid where the letsencrypt docker and the three services reside.

So firewall side looks okay I guess but I still worry what will / could happen if someone cracks lets say the nextcloud instance through a security issue of nextcloud / proxy server.

Because of this anxiety I have of not knowing if this is secure enough, I've currently disabled the WAN facing side of my setup and access it through vpn.

But this kinda sucks because not accessible at work and cannot share files.

 

Thanks

Cherry

  • 3 weeks later...

I'm wondering what the best way to do this is... I would not just expose the whole machine - something about root logins and no password is just not right.

 

There is an app called "sftp" that might be good for you, you can port forward to that container.  I wanted to use this but he disabled regular SSH, and I'd much prefer SSH over SFTP.

3 hours ago, BoxOfSnoo said:

I would not just expose the whole machine - something about root logins and no password is just not right.

Absolutely correct. You should never expose the unRAID OS itself to directly to the internet (Web GUI, SSH, FTP, etc) It is simply not meant for that purpose. I do expose several docker containers though, taking care to secure them as much as is possible with the docker features that are available (never privileged, limited mount points, always behind a reverse proxy with lets encrypt and a separate authentication container). 

1 hour ago, primeval_god said:

Absolutely correct. You should never expose the unRAID OS itself to directly to the internet (Web GUI, SSH, FTP, etc) It is simply not meant for that purpose. I do expose several docker containers though, taking care to secure them as much as is possible with the docker features that are available (never privileged, limited mount points, always behind a reverse proxy with lets encrypt and a separate authentication container). 

Do you have a suggestion for how to set up a *safe* Internet-accessible SSH server?

I would setup a VPN server on unRAID and then client on your laptop or remote computer to establish a secure VPN connection between the remote computer and the unRAID server, then you can do whatever you want across the VPN tunnel.

  • Author

I guess I worded myself wrongly because I was talking about a cloud-app like nextcloud or owncloud.

 

Basically everything I said up there is pointing in the end to a nextcloud docker on my unraid system.

I would never expose my unraid server itself.

But I'm still afraid that an attacker might get into my unraid server through the docker part of unraid or something like that.

 

Thanks

Cherry

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.