|Line 115:||Line 115:|
===Optional step for Unraid 6.10===
===Optional step for Unraid 6.10===
If you want to use secure https for local access to your server as well, navigate to Settings -> Management Access. In the CA-signed certificate area, if there are no warnings about DNS Rebinding then go ahead and set '''Use SSL/TLS''' to '''
If you want to use secure https for local access to your server as well, navigate to Settings -> Management Access. In the CA-signed certificate area, if there are no warnings about DNS Rebinding then go ahead and set '''Use SSL/TLS''' to ''''''. If there are warnings about DNS Rebinding see [[My Servers#A_note_regarding_DNS_Rebinding_Protection|A note regarding DNS Rebinding Protection]].
Note that once SSL is set to
Note that once SSL is set to , your client computers will need access to DNS in order to access your server. This means if your Internet connection drops you will likely lose access to your server's webgui. See [[My_Servers#How_to_access_your_server_when_DNS_is_down|How to access your server when DNS is down]].
===Using Custom Certificates===
===Using Custom Certificates===
Revision as of 18:29, 26 June 2022
- 1 Overview
- 1.1 Prerequisites
- 1.2 Installing the plugin
- 1.3 Navigating the User Profile Component
- 1.4 My Servers Dashboard
- 1.5 Download Registration Key
- 1.6 Automated Flash Backup
- 1.7 Enabling Flash Backup (optional)
- 1.8 Restoring Flash Backup
- 1.9 Configuring Remote Access (optional)
- 1.10 Signing Out
- 1.11 Uninstalling the plugin
- 1.12 Privacy
One of the core design goals of Unraid OS is its ease of use. Our users can configure server environments with minimal expertise and time. Whether that's installing the OS, configuring an array, setting up shares, or adding apps—we get you through those tasks in record time. Today we're extending that benefit beyond those core functions with the introduction of our latest offering: My Servers.
My Servers is designed to extend the value of your investment in Unraid by enabling you to more easily connect, share, monitor, and access your Unraid Server.
The first set of features for the launch of the My Servers plugin are simple, yet powerful: users can access their server remotely, backup their flash devices at the click of a button, monitor their servers at a glance, and easily manage their Unraid licenses. This is just a starting point - more great features and tools are coming in the future so be sure to stay tuned as our team works to roll out even more helpful tools!
1. Please make a local backup of your USB flash drive. This can be done from the Main > Flash page. In the event you need to revert to your previous stable installation, you can use the USB Flash Creator from our website to restore this backup zip file to your flash drive.
2. If you have the original Unraid.net plugin from 2018 on your server, please uninstall it before continuing.
3. Update all of your plugins (older versions of some plugins are incompatible with My Servers, so it is important to update everything).
4. Upgrade to Unraid 6.10 or later from the Tools > Update OS page.
5. Login in the top right of the webGui using your Unraid.net account (or create one if needed).
Installing the plugin
Go to the Apps tab and search for My Servers, then click the Install plugin icon.
Don't have the Community Applications plugin installed? Navigate to the Plugins tab, click Install Plugin, and paste the following URL into the field and click Install:
NOTE: Please make sure you wait until the install completes before closing the window
After you sign in with an Unraid.net user account, the top right section will transform into an interactive menu. From this menu you can quickly navigate between your registered servers, launch the My Servers app, connect to the forums, or modify My Servers settings.
Note: If the text in this area is hard to read, go to Settings -> Display Settings and remove any "Header custom text color" and "Header custom background color" values you had previously set. This will get you back to the standard colors for your chosen theme, and you can customize from there.
It should be rare, but if you see any error messages in the UPC please open a terminal window and type:
My Servers Dashboard
To get a comprehensive overview of all of your registered systems, you'll want to visit the My Servers Dashboard. From here you can see all of your servers, their online/offline status, available storage, and running apps. In addition, you can both locally and remotely access your servers, download your registration keys, and generate your flash backups. To view the My Servers Dashboard, you can either:
A. Open the drop-down in the User Profile Component and select My Servers Dashboard.
B. Click the My Servers section header on our forums.
Download Registration Key
To download your registration key, open the My Servers dashboard. From there, you can click Download registration key to obtain your key file.
Automated Flash Backup
My Servers offers users the ability to automatically back up your OS configuration settings to our cloud. In the event of flash device failure, you can download a zip file of your latest backup and restore it to a new flash drive using the USB Flash Creator.
Note: Flash Backup is an optional feature, not required to use the rest of My Servers.
Enabling Flash Backup (optional)
Until we are able to fully encrypt the flash backups on our servers, we exclude all sensitive data owned by the OS from the backups, including Unraid account passwords and WireGuard encryption keys. However, the backups do include docker template XML files, which may contain application-specific passwords and other private data. We are actively working on solutions to encrypt the backups.
- Navigate to Settings -> Management Access -> My Servers and under Flash backup click the Activate button.
- Wait for the activation and initial backup job to complete (once done, it will show Activated: Up-to-date.
Once activated, any changes to the OS configuration will automatically be replicated to the backup in our cloud servers (within 1-2 minutes of the change).
Important: Backups from the flash device do not include the config/shadow or config/smbpasswd files. User accounts are preserved, but their passwords are not. This means that when you restore from backup, you will need to set passwords for your users including root. We also don't store any of your WireGuard keys.
This flash backup service backs up your configuration, it is not a 1:1 backup of the contents of your flash drive. If you have custom scripts that you want to include in the backup, please put them in /boot/config/custom/. Also note that we backup the plugin configuration files but not the application files, as those will automatically be downloaded when you reboot.
Restoring Flash Backup
- Login to the My Servers Dashboard.
- Click Generate flash backup.
- This will combine your OS configuration data with the OS release version you were running and put them both into a zip file that can be used with our flash creator tool to restore the backup to a new flash device.
- After the backup has been generated, you can click Download flash backup to obtain it.
- Use the Unraid USB Flash Creator to restore your backup to a new flash drive.
Additional Steps Required
Once you boot the OS, there are only a few things you will need to reconfigure:
- On the Settings -> Management Access -> Unraid.net page, click to Activate your flash backup again.
- On the Users page, for each user (including root), you will need to reset your passwords.
- On the Settings > VPN Manager page, for each tunnel and peer:
- Click the key icon. Click "Generate Keypair" and "Generate Key", start each tunnel, then download the new client configuration to each associated client device.
- If your server does not have Internet access when you reboot then you will need to go to Community Apps -> Previous Apps and reinstall your plugins once you have Internet access. The configuration files will be on your system ready to use once the application files have been installed.
Configuring Remote Access (optional)
The Remote Access feature allows you to access your Unraid webgui from the Internet. If you need access to Docker containers, network drives, or other devices on your network, you'll want to setup a VPN instead.
Note: Before you can enable remote access, you must set a root password to your Unraid server. Make it complex. You can do this from the Users page.
Also note: Remote Access is an optional feature, and is not required to use the rest of My Servers.
- Navigate to Settings -> Management Access
- If you are using Unraid 6.10, be sure to set USE SSL/TLS to No. In Unraid 6.9 this should be set to Auto.
- Note the HTTPS port, it defaults to port 443. If you have Docker containers running on this port, choose an unused port over 1000 such as 3443, 4443, 5443, etc.
- If you changed any of the above settings, hit Apply for them to take effect.
- In the CA-signed certificate file area, click Provision
- If you are using Unraid 6.10 your local access url will not change.
- If you are using Unraid 6.9, your local access url will change to
https://yourpersonalhash.unraid.net, giving you secure local access
- Navigate to Settings -> Management Access -> My Servers
- Change Allow Remote Access to Yes
- Set the WAN port you want to use. We highly recommend you choose a random port over 1000 rather than using the default of 443. i.e. something like 13856, 48653, etc
- Click Apply
- Setup your router to port forward the WAN port you specified to the HTTPS port used by the server. There is a note on the screen telling you the exact ports and IP to use.
- Press the Check button. If the port is forwarded correctly you will see a message saying "Your Unraid Server is reachable from the Internet"
- To access your server using Remote Access, login to the My Servers Dashboard and click the Remote Access link.
Optional step for Unraid 6.10
If you want to use secure https for local access to your server as well, navigate to Settings -> Management Access. In the CA-signed certificate area, if there are no warnings about DNS Rebinding then go ahead and set Use SSL/TLS to Strict. If there are warnings about DNS Rebinding see A note regarding DNS Rebinding Protection.
Note that once SSL is set to Strict, your client computers will need access to DNS in order to access your server. This means if your Internet connection drops you will likely lose access to your server's webgui. See How to access your server when DNS is down.
Using Custom Certificates
If you intend to use a custom certificate for secure remote access, you will be unable to utilize the My Servers remote access solution. For more details, please see this article.
A note regarding DNS Rebinding Protection
If you see this message after clicking the Provision button, click OK, try waiting 2-5 minutes, then click Provision again. If that doesn't work, keep reading.
Many routers have a security feature known as DNS Rebinding Protection. This feature prevents public DNS entries from pointing to local IP addresses on your network. Unfortunately, this feature prevents us from providing proper SSL access when connecting to the webGui locally. As such, users must either disable this feature on their router or set their router to allow DNS rebinding for the myunraid.net domain (if the certificate was provisioned in Unraid 6.10) or unraid.net domain (if the certificate was provisioned in 6.9) Depending on your router, how this feature is described and whether or not it is available to configure may vary. In addition, once you have DNS rebinding disabled on your router, when you go to provision your certificate, you may still see the DNS rebinding error message the first time. This is due to the time it takes for DNS records to propagate once provisioned.
How to access your server when DNS is down
Once you enable local SSL per the instructions above, you will access your server through a Fully Qualified Domain Name:
https://yourpersonalhash.unraid.net:<https_port> (if your https port is not the default of 443)
This is required in order to utilize a fully valid SSL certificate. A downside is if you temporarily lose Internet access and your browser has not cached the DNS for yourpersonalhash.unraid.net, you will be unable to access the webgui.
If the Internet goes down and you lose access to DNS, do the following:
- If Use SSL/TLS is set to Yes, then you can access your server using:
https://[servername].[localTLD]:<https_port>(if your https port is not the default of 443)
- If that doesn't work, or if Use SSL/TLS is set to Auto, then using telnet, SSH or local keyboard/monitor log in to the server and type:
- Now you will be able to access your server's webgui via:
http://<ip_address>(note: http not https) or
http://<server_ip>:<http_port>(if your http port is not the default of 80)
- When the Internet comes back, navigate to Settings -> Management Access and set Use SSL/TLS back to Auto to re-enable local SSL.
While you wait for your Internet access to be restored, access the server with this URL:
https://<server_ip> (note: https not http) or
https://<server_ip>:<https_port> (if your https port is not the default of 443)
Your browser will bring up a warning that the SSL certificate does not match the url you are tryin to visit. It is safe to ignore this warning since you are are intentionally using the wrong url.
How to disable SSL for local access
If you decide you would rather not use the secure
https://yourpersonalhash.unraid.net url for local access, you can disable SSL. There is no need to uninstall the My Servers plugin, in fact that will have no effect on SSL as this is a core feature of Unraid and not the plugin.
Navigate to Settings -> Management Access, set Use SSL/TLS to No and hit Apply. In Unraid 6.9 this will also disable the Remote Access feature at the same time. (If you currently cannot access the webgui, scroll up to the previous topic.)
In the event that you wish to sign out of the My Servers program on your system, you can do so from the Management Access Settings Page.
- Open the drop down in the User Profile Component and select Settings.
- Scroll down to the My Servers section and click the Sign Out button.
NOTE: Signed-out servers will still be displayed on the My Servers Dashboard, but you will only be able to download their registration key(s).
Uninstalling the plugin
Note: if your goal is to change your url from
https://yourpersonalhash.unraid.net back to
http://computername, see How to disable SSL for local access. Uninstalling the plugin will have no effect on your url!
As of the 8/25/21 release of My Servers, uninstalling the plugin will automatically:
- Deactivate and delete the backup files from your flash drive. We will provide a way to remove them from our server later.
- Disable Remote Access and delete the corresponding DDNS entry. Please remember to disable any port forward that you configured in your router related to this feature.
- Sign Out from Unraid.net.
Note that if you have the webgui open in multiple browser tabs, you should close or reload them after uninstalling the plugin.
If you uninstalled a previous version of the plugin, here are the steps to make sure everything is deactivated:
- Login to your router and disable any port forward you setup for Remote Access
- On your flash drive, delete the .git folder. This is your local copy of the flash backup. We will provide a way to remove them from our server later.
- On your flash drive, delete the config/plugins/dynamix.my.servers/myservers.cfg file. Note that this file will be recreated in Unraid 6.10, that is not a problem.
Maintaining your data integrity, security, and privacy are of the utmost importance to us at Lime Technology. Below is a disclosure of what we store and relay when you use My Servers. For more information, please see our policies page.
Data We Store
When a server signs in to Unraid.net, it opens a secure connection to our hosted infrastructure and sends just enough data so we can give you a meaningful overview of your servers in the My Servers Dashboard. We do not keep historical data, just the most recent update from your server which includes:
- Your server's hostname, description, and icon
- Your server's keyfile details and flash GUID
- Your server's Local Access URL
- Your server's LAN IP, if an unraid.net certificate is installed
- Your server's Remote Access URL and WAN IP, if Remote Access is enabled
- The version of Unraid that is installed, and its uptime
- The version of the My Servers plugin that is installed, and version / uptime of the unraid-api
- The size of your array and the amount used (just numbers, no details about what is stored on the array)
- The number of Docker Containers and VMs installed and started
Separate and unrelated to the My Servers Dashboard, the Flash Backup service stores your server's configuration data.
This data is stored solely for the purpose of providing services to you through our platform and is not publicly accessible. To remove this data from our servers you must follow the procedure listed in the "Uninstalling the plugin" section as well as remove all SSL certificates generated for you through our Let's Encrypt partnership.
Flash Backups are Not Encrypted
It is important to note that at this time, all backups of your flash device are stored in our cloud in a non-encrypted format. This is why we do not store the sensitive data mentioned below.
Until we are able to fully encrypt the flash backups on our servers, to ensure absolute privacy and integrity we have a few hard and strict policies regarding the storing of sensitive data. We do not store:
- Unraid root or user account passwords
- Public, private, or shared WireGuard keys