Jump to content
Xan_Nava

How to dual authentication login for webUI

4 posts in this topic Last Reply

Recommended Posts

Hi I just want a nice dual authentication for the webui(something like aws has) as like a plugin or docker. I can't find anything from what I know(limited vocabulary on server management so might not know what to look for). If this isn't possible, is there a way to have like a vpn on a raspberry pi that has it so I just make a connected session then tunnel through the pi to the server resources? Main reason I am asking is I host minecraft servers from home, and want to be able to log into my unraid when I am away(not with ssh because command line sucks).

Share this post


Link to post

If you are after having an additional user on top of root to login to the webgui then it's not possible. There's only 1 user to login the GUI.

 

If you are after ways to access your server remotely then VPN is the solution to go. There's Wireguard integrated in Unraid or you can install OpenVPN plugin.

 

You should not expose your server directly to the Internet. Unraid is not hardened for that.

Share this post


Link to post
Posted (edited)

Yeah that is what I have been reading. Which luckily OpenVPN has google authentication built into it(which is what I use on aws). Though now I need to figure out how to have unraid be undiscoverable by other computers on the same network, as so a local pc has to use the vpn encase it gets hacked.

 

Edit: Yeah looks like I will be going with a managed switch to make vlans, which UniFi Dream Machine seems to also have security built in so looking into that.

Edited by Xan_Nava

Share this post


Link to post

Wireguard works well for me as well, just installed on my IOS/Android devices and access locally.


However, I've also temporarily setup external access another way with dual authentication using the NGINX proxy manager docker..

Quite setup guide (and please tell me if I'm being stupid about security)

 

Just to expose unRAID

- Port fordwarded Ext 80 -> Server IP - Port 180 on the router

- Same for Ext 443 -> Server IP - Port 1443

- NGinx proxy manager docker set with ports 180/1443 for HTTP/HTTPS

- I am using a subdomain (1and1 will register a cheap domain and give you 1 free wildcard SSL! which si perfect) 

- I've installed the 1and1 cert in NGinx Proxy Manager

- Setup a user list in the proxy manager

- Set a proxy host in the Proxy Manager with the subdomain.mydomain.com pointing to serverIP:443 and selected the user list for authentication, and SSL Cert.

- Configured unRAID for SSL and put my domain wildcard cert in the Flash:\\config\SSL folder as instructed

 

When I then try the subdomain.domain.com address externally I am greeted with a basic authentication dialog from NGINX, once past that, I'm at the unRAID UI via SSL and have to login to that..

 

I find this more convenient in work where I don't want to install a VPN Client just to check my server for 30 seconds..

 

I originally did this for Krusader as that was http only, so this way it's SSL with basic authentication provided by NGINX..

 

 

 

 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.