chpoit Posted August 12, 2020 Share Posted August 12, 2020 This is an issue I have been having for a while whenever I try to connect to the webui remotely I get a redirect to the local domain name and the webui does not resolve. More precisely, lets say I have my server named "MyTower" and I try to access it with "mytower.mydomain.xyz", the "mytower.mydomain.xyz" will be replace in the url bar with "mytower.local". I think it's also preventing me from doing LetsEncrypt verification, but that's another issue. Is there any way to disable this "feature"? Thanks Quote Link to comment
JonathanM Posted August 12, 2020 Share Posted August 12, 2020 Set up the wireguard VPN and connect to the webui through the VPN tunnel. The Unraid GUI is not yet suitable for exposure to the general internet, all access should be local or through VPN. Quote Link to comment
chpoit Posted August 12, 2020 Author Share Posted August 12, 2020 I've got the same issue under wireguard, wether I access the server via the default "10.253.0.1" or the local IP, and I'm unable to resolve the DNS query after it switches to the "mytower.local" url. Thanks for reminding me that wireguard was a thing though. Quote Link to comment
JonathanM Posted August 13, 2020 Share Posted August 13, 2020 31 minutes ago, chpoit said: wether I access the server via the default "10.253.0.1" or the local IP I'm confused. 10.X.X.X is local. Quote Link to comment
chpoit Posted August 13, 2020 Author Share Posted August 13, 2020 11 minutes ago, jonathanm said: I'm confused. 10.X.X.X is local. Technically, yes, but it's only the docker local. My unraid servers run on 192.168.x.x. I left the wireguard config on 10.253 instead of 192.168 because i'm used to dockers running under 10.253s. I still get the redirect issue when I configure wireguard under 192.168, and on one of my two servers I don't even get internet access. I will keep messing around with wireguard once the two servers are in different locations, but for now that's all I got. I still would like to prevent the url redirect nonsense that is happening. It even does it when I map the IP in the windows host file to the local name. Quote Link to comment
ijuarez Posted August 13, 2020 Share Posted August 13, 2020 so you have the following networks a 10.253 that a docker custom network and a 192.168 that I assume that unraid sits on. So is it safe to assume that you have a router that know there's 2 different subnets? Quote Link to comment
ljm42 Posted August 13, 2020 Share Posted August 13, 2020 21 hours ago, chpoit said: More precisely, lets say I have my server named "MyTower" and I try to access it with "mytower.mydomain.xyz", the "mytower.mydomain.xyz" will be replace in the url bar with "mytower.local". Go to Settings -> Management Access. Under "Local TLD" remove "local", or perhaps set it to "mydomain.xyz". If you are trying to do SSL, turn on help and read through the options. The recommendation is to use Unraid's built-in Lets Encrypt functionality rather using your own domain. Quote Link to comment
chpoit Posted August 13, 2020 Author Share Posted August 13, 2020 15 hours ago, ijuarez said: so you have the following networks a 10.253 that a docker custom network and a 192.168 that I assume that unraid sits on. So is it safe to assume that you have a router that know there's 2 different subnets? Yes. 47 minutes ago, ljm42 said: Go to Settings -> Management Access. Under "Local TLD" remove "local", or perhaps set it to "mydomain.xyz". If you are trying to do SSL, turn on help and read through the options. The recommendation is to use Unraid's built-in Lets Encrypt functionality rather using your own domain. Thanks, doing this has allowed me to access one of my two boxes via wireguard. I can't use the name of the box, but eh, I know the IP. I still get redirected to mytower.local when letsencrypt tries to do the challenges, but I don't care about getting the invalid certificate warning all that much, so it's not a big issue. To be sure, though, by built-in letsencrypt, do you mean this one from linuxserver.io ? Quote Link to comment
ljm42 Posted August 13, 2020 Share Posted August 13, 2020 4 minutes ago, chpoit said: To be sure, though, by built-in letsencrypt, do you mean this one from linuxserver.io ? No, Unraid has Lets Encrypt support built-in! No docker required. You'll get a random hostname on unraid.net, something like xxxxxxxxxxxxxxxxx.unraid.net . Unraid takes care of all the details. It has been a while since I enabled it, but go to Settings -> Management Access and turn on help. You'll want to set "Use SSL/TLS" to auto and then click Provision. If you get an error about "rebinding protection", wait 10 minutes and try again. If you still get the error, the help text will explain how to adjust your router. Quote Link to comment
chpoit Posted August 13, 2020 Author Share Posted August 13, 2020 12 minutes ago, ljm42 said: No, Unraid has Lets Encrypt support built-in! No docker required. You'll get a random hostname on unraid.net, something like xxxxxxxxxxxxxxxxx.unraid.net . Unraid takes care of all the details. It has been a while since I enabled it, but go to Settings -> Management Access and turn on help. You'll want to set "Use SSL/TLS" to auto and then click Provision. If you get an error about "rebinding protection", wait 10 minutes and try again. If you still get the error, the help text will explain how to adjust your router. Alright, got it working, but now my browser complains about my box not being "jkasdhfjhaksf.unraid.net" . Thanks a lot though. I do wonder however, if the webUI truly is unsafe as jonathanm said, why is it that I get a custom domain that points to it when using unraid's provisioning? Quote Link to comment
JonathanM Posted August 13, 2020 Share Posted August 13, 2020 3 minutes ago, chpoit said: why is it that I get a custom domain that points to it when using unraid's provisioning? It points to the local non-routable IP address, which is why the rebind error is relevant. Quote Link to comment
ljm42 Posted August 13, 2020 Share Posted August 13, 2020 (edited) 5 minutes ago, chpoit said: Alright, got it working, but now my browser complains about my box not being "jkasdhfjhaksf.unraid.net" . Thanks a lot though. Visit http://<ip address> (note http not https) and Unraid will redirect to the proper https domain name. Fully supported by browsers, no certificate warnings. 5 minutes ago, chpoit said: I do wonder however, if the webUI truly is unsafe as jonathanm said, why is it that I get a custom domain that points to it when using unraid's provisioning? I don't understand the question? The jkasdhfjhaksf.unraid.net url is meant to be used inside your home network, not exposed to the outside world. Edited August 13, 2020 by ljm42 Quote Link to comment
chpoit Posted August 13, 2020 Author Share Posted August 13, 2020 2 minutes ago, ljm42 said: I don't understand the question? The jkasdhfjhaksf.unraid.net url is meant to be used inside your home network, not exposed to the outside world. I'm just dumb, I hadn't clicked save to remove the port forwarding within my router. Quote Link to comment
ljm42 Posted August 13, 2020 Share Posted August 13, 2020 Sorry, I just realized you had initially asked about remote access. I agree with jonathanm, your best bet is to enable WireGuard for that: Because "jkasdhfjhaksf.unraid.net" is a real DNS entry, it will work over WireGuard, unlike mytower.local Quote Link to comment
trurl Posted August 13, 2020 Share Posted August 13, 2020 17 minutes ago, chpoit said: hadn't clicked save to remove the port forwarding within my router. So is (or was) your server on the internet? If so, you have likely already been attacked. Quote Link to comment
chpoit Posted August 13, 2020 Author Share Posted August 13, 2020 1 minute ago, trurl said: So is (or was) your server on the internet? If so, you have likely already been attacked. Maybe, but my syslog only shows my login attempts and nothing else. Is there anywhere else I should check? Quote Link to comment
trurl Posted August 13, 2020 Share Posted August 13, 2020 43 minutes ago, chpoit said: Is there anywhere else I should check? no But syslog resets on reboot so unless you have older syslogs (Syslog Server?) no way to see what happened before last reboot. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.