August 12, 20205 yr This is an issue I have been having for a while whenever I try to connect to the webui remotely I get a redirect to the local domain name and the webui does not resolve. More precisely, lets say I have my server named "MyTower" and I try to access it with "mytower.mydomain.xyz", the "mytower.mydomain.xyz" will be replace in the url bar with "mytower.local". I think it's also preventing me from doing LetsEncrypt verification, but that's another issue. Is there any way to disable this "feature"? Thanks
August 12, 20205 yr Set up the wireguard VPN and connect to the webui through the VPN tunnel. The Unraid GUI is not yet suitable for exposure to the general internet, all access should be local or through VPN.
August 12, 20205 yr Author I've got the same issue under wireguard, wether I access the server via the default "10.253.0.1" or the local IP, and I'm unable to resolve the DNS query after it switches to the "mytower.local" url. Thanks for reminding me that wireguard was a thing though.
August 13, 20205 yr 31 minutes ago, chpoit said: wether I access the server via the default "10.253.0.1" or the local IP I'm confused. 10.X.X.X is local.
August 13, 20205 yr Author 11 minutes ago, jonathanm said: I'm confused. 10.X.X.X is local. Technically, yes, but it's only the docker local. My unraid servers run on 192.168.x.x. I left the wireguard config on 10.253 instead of 192.168 because i'm used to dockers running under 10.253s. I still get the redirect issue when I configure wireguard under 192.168, and on one of my two servers I don't even get internet access. I will keep messing around with wireguard once the two servers are in different locations, but for now that's all I got. I still would like to prevent the url redirect nonsense that is happening. It even does it when I map the IP in the windows host file to the local name.
August 13, 20205 yr so you have the following networks a 10.253 that a docker custom network and a 192.168 that I assume that unraid sits on. So is it safe to assume that you have a router that know there's 2 different subnets?
August 13, 20205 yr 21 hours ago, chpoit said: More precisely, lets say I have my server named "MyTower" and I try to access it with "mytower.mydomain.xyz", the "mytower.mydomain.xyz" will be replace in the url bar with "mytower.local". Go to Settings -> Management Access. Under "Local TLD" remove "local", or perhaps set it to "mydomain.xyz". If you are trying to do SSL, turn on help and read through the options. The recommendation is to use Unraid's built-in Lets Encrypt functionality rather using your own domain.
August 13, 20205 yr Author 15 hours ago, ijuarez said: so you have the following networks a 10.253 that a docker custom network and a 192.168 that I assume that unraid sits on. So is it safe to assume that you have a router that know there's 2 different subnets? Yes. 47 minutes ago, ljm42 said: Go to Settings -> Management Access. Under "Local TLD" remove "local", or perhaps set it to "mydomain.xyz". If you are trying to do SSL, turn on help and read through the options. The recommendation is to use Unraid's built-in Lets Encrypt functionality rather using your own domain. Thanks, doing this has allowed me to access one of my two boxes via wireguard. I can't use the name of the box, but eh, I know the IP. I still get redirected to mytower.local when letsencrypt tries to do the challenges, but I don't care about getting the invalid certificate warning all that much, so it's not a big issue. To be sure, though, by built-in letsencrypt, do you mean this one from linuxserver.io ?
August 13, 20205 yr 4 minutes ago, chpoit said: To be sure, though, by built-in letsencrypt, do you mean this one from linuxserver.io ? No, Unraid has Lets Encrypt support built-in! No docker required. You'll get a random hostname on unraid.net, something like xxxxxxxxxxxxxxxxx.unraid.net . Unraid takes care of all the details. It has been a while since I enabled it, but go to Settings -> Management Access and turn on help. You'll want to set "Use SSL/TLS" to auto and then click Provision. If you get an error about "rebinding protection", wait 10 minutes and try again. If you still get the error, the help text will explain how to adjust your router.
August 13, 20205 yr Author 12 minutes ago, ljm42 said: No, Unraid has Lets Encrypt support built-in! No docker required. You'll get a random hostname on unraid.net, something like xxxxxxxxxxxxxxxxx.unraid.net . Unraid takes care of all the details. It has been a while since I enabled it, but go to Settings -> Management Access and turn on help. You'll want to set "Use SSL/TLS" to auto and then click Provision. If you get an error about "rebinding protection", wait 10 minutes and try again. If you still get the error, the help text will explain how to adjust your router. Alright, got it working, but now my browser complains about my box not being "jkasdhfjhaksf.unraid.net" . Thanks a lot though. I do wonder however, if the webUI truly is unsafe as jonathanm said, why is it that I get a custom domain that points to it when using unraid's provisioning?
August 13, 20205 yr 3 minutes ago, chpoit said: why is it that I get a custom domain that points to it when using unraid's provisioning? It points to the local non-routable IP address, which is why the rebind error is relevant.
August 13, 20205 yr 5 minutes ago, chpoit said: Alright, got it working, but now my browser complains about my box not being "jkasdhfjhaksf.unraid.net" . Thanks a lot though. Visit http://<ip address> (note http not https) and Unraid will redirect to the proper https domain name. Fully supported by browsers, no certificate warnings. 5 minutes ago, chpoit said: I do wonder however, if the webUI truly is unsafe as jonathanm said, why is it that I get a custom domain that points to it when using unraid's provisioning? I don't understand the question? The jkasdhfjhaksf.unraid.net url is meant to be used inside your home network, not exposed to the outside world. Edited August 13, 20205 yr by ljm42
August 13, 20205 yr Author 2 minutes ago, ljm42 said: I don't understand the question? The jkasdhfjhaksf.unraid.net url is meant to be used inside your home network, not exposed to the outside world. I'm just dumb, I hadn't clicked save to remove the port forwarding within my router.
August 13, 20205 yr Sorry, I just realized you had initially asked about remote access. I agree with jonathanm, your best bet is to enable WireGuard for that: Because "jkasdhfjhaksf.unraid.net" is a real DNS entry, it will work over WireGuard, unlike mytower.local
August 13, 20205 yr Community Expert 17 minutes ago, chpoit said: hadn't clicked save to remove the port forwarding within my router. So is (or was) your server on the internet? If so, you have likely already been attacked.
August 13, 20205 yr Author 1 minute ago, trurl said: So is (or was) your server on the internet? If so, you have likely already been attacked. Maybe, but my syslog only shows my login attempts and nothing else. Is there anywhere else I should check?
August 13, 20205 yr Community Expert 43 minutes ago, chpoit said: Is there anywhere else I should check? no But syslog resets on reboot so unless you have older syslogs (Syslog Server?) no way to see what happened before last reboot.
Archived
This topic is now archived and is closed to further replies.