My Servers

From Unraid | Docs
Revision as of 17:28, 16 May 2021 by Ljm42 (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Overview

One of the core design goals of Unraid OS is its ease of use. Our users can configure server environments with minimal expertise and time. Whether that's installing the OS, configuring an array, setting up shares, or adding apps—we get you through those tasks in record time. Today we're extending that benefit beyond those core functions with the introduction of our latest offering: My Servers.

My Servers is designed to extend the value of your investment in Unraid by enabling you to more easily connect, share, monitor, and access your Unraid Server.

The first set of features for the launch of the My Servers plugin are simple, yet powerful: users can access their server remotely, backup their flash devices at the click of a button, monitor their servers at a glance, and easily manage their Unraid licenses. This is just a starting point - more great features and tools are coming in the future so be sure to stay tuned as our team works to roll out even more helpful tools!

Prerequisites

1. Please make a local backup of your USB flash drive. This can be done from the Main > Flash page. In the event you need to revert to your previous stable installation, you can use the USB Flash Creator from our website to restore this backup zip file to your flash drive.

Flash backup button (old).png

2. If you have the original Unraid.net plugin on your server, please uninstall it before continuing.

3. Update all of your plugins (older versions of some plugins are incompatible with My Servers, so it is important to update everything).

4. Upgrade to Unraid 6.9.0 or later from the Tools > Update OS page

Installing the plugin

Go to the Apps tab and search for My Servers, then click the Install plugin icon.

Don't have the Community Applications plugin installed? Navigate to the Plugins tab, click Install Plugin, and paste the following URL into the field and click Install:

 https://s3.amazonaws.com/dnld.lime-technology.com/unraid-api/dynamix.unraid.net.plg

NOTE: Please make sure you wait until the install completes before closing the window


Signing In

Once you are on the latest release and have the plugin installed, you will notice a new section in the top right which we call the User Profile Component. Depending on the registration status of your server, you may be presented with an option to sign up, sign in, or both. If you already have an existing Unraid.net account (commonly used to access the forums), please use that account to sign in. If you don't have an account yet, you can create one.

User profile component - sign in or sign up.png

Important: Sign in with your Unraid.net forum account. If you don't have one, Sign Up! If you have any difficulties, please contact us at [[1]]. We highly recommend you enable 2FA for your Unraid Forum Account. Click here for how to set this up.

Once signed in, a trial key will automatically be downloaded if available and required.

Navigating the User Profile Component

After you sign in with an Unraid.net user account, the top right section will transform into an interactive menu. From this menu you can quickly navigate between your registered servers, launch the My Servers app, connect to the forums, or modify My Servers settings.

User profile component - main navigation.png

Note: If the text in this area is hard to read, go to Settings -> Display Settings and remove any "Header custom text color" and "Header custom background color" values you had previously set. This will get you back to the standard colors for your chosen theme, and you can customize from there.

It should be rare, but if you see any error messages in the UPC please open a terminal window and type:

unraid-api restart

Configuring Remote Access

Enabling remote access.png

Note: Before you can enable remote access, you must set a root password to your Unraid server. Make it complex. You can do this from the Users page.

Also note: Remote Access is an optional feature, and is not required to use the rest of My Servers. Remote Access requires you to have an Unraid.net SSL certificate for Local Access, which the next few steps walk you through. If you choose not to use Remote Access then you do not need to install the SSL certificate either.

1. Open the drop-down on the User Profile Component and click Settings (or navigate to the Management Access settings page).

2. Click the Provision button under the Certificate section.

3. At this point your local access url will change to https://yourpersonalhash.unraid.net:port and your Local Access will be secure

4. Scroll down to the Unraid.net section and toggle Allow Remote Access to Yes.

5. Optionally (but recommended), you can change the public access port used to connect.

6. Make sure you enable port forwarding on your router to allow traffic through to the public access port you specified. You can verify access is possible by clicking the Check button.

NOTE: When setting up Remote Access in My Servers, we highly recommend you choose a random port over 1000 rather than using the default of 443.

A note regarding DNS Rebinding Protection

Dns rebinding error.png

If you see this message after clicking the Provision button, click OK, try waiting 2-5 minutes, then click Provision again. If that doesn't work, keep reading.

Many routers have a security feature known as DNS Rebinding Protection. This feature prevents public DNS entries from pointing to local IP addresses on your network. Unfortunately, this feature prevents us from providing proper SSL access when connecting to the webGui locally. As such, users must either disable this feature on their router or set their router to allow DNS rebinding for the unraid.net domain. Depending on your router, how this feature is described and whether or not it is available to configure may vary. In addition, once you have DNS rebinding disabled on your router, when you go to provision your certificate, you may still see the DNS rebinding error message the first time. This is due to the time it takes for DNS records to propagate once provisioned.

How to access your server when DNS is down

Once you enable local SSL per the instructions above, you will access your server through a Fully Qualified Domain Name:

  https://yourpersonalhash.unraid.net:port

This is required in order to utilize a fully valid SSL certificate. A downside is if you temporarily lose Internet access and your browser has not cached the DNS for yourpersonalhash.unraid.net, you will be unable to access the webgui.

There is a simple workaround while you wait for your Internet access to be restored, simply access the server with this URL:

  https://ipaddress:port

(Note that you must use https here or else the browser will redirect to the full url.)

Your browser will bring up a warning that the SSL certificate does not match the url you are tryin to visit. It is safe to ignore this warning since you are are intentionally using the wrong url.

How to disable SSL for local access

If you decide you would rather not use the secure https://yourpersonalhash.unraid.net:port url for local access, you can disable SSL. There is no need to uninstall the My Servers plugin, in fact that will have no effect on SSL as this is a core feature of Unraid and not the plugin.

First, if you have multiple tabs open to the server, close all but one of them.

Then go to Settings -> Management Access and set "Use SSL/TLS" to "No" and hit Apply. This will also disable the Remote Access feature at the same time.

Automated Flash Backup and Registration Key Download

My Servers offers users the ability to automatically back up your OS configuration settings to our cloud. In the event of flash device failure, you can download a zip file of your latest backup and restore it to a new flash drive using the USB Flash Creator. In addition, you can also download any registration key you've purchased through the My Servers dashboard.

Note: Flash Backup is an optional feature, not required to use the rest of My Servers.

Enabling Flash Backup

Until we are able to fully encrypt the flash backups on our servers, we exclude all sensitive data owned by the OS from the backups, including Unraid account passwords and WireGuard encryption keys. However, the backups do include docker template XML files, which may contain application-specific passwords and other private data. We are actively working on solutions to encrypt the backups.

  1. Open the drop-down on the User Profile Component and click Settings (or navigate to the Management Access settings page).
  2. Scroll to the Unraid.net section and under Flash backup click the Activate button.
  3. Wait for the activation and initial backup job to complete (once done, it will show Activated: Up-to-date.

Once activated, any changes to the OS configuration will automatically be replicated to the backup in our cloud servers (within 1-2 minutes of the change).

Important: Backups from the flash device do not include the config/shadow or config/smbpasswd files. User accounts are preserved, but their passwords are not. This means that when you restore from backup, you will need to set passwords for your users including root. We also don't store any of your WireGuard keys. In addition, we do not backup your entire flash drive. If you have custom scripts that you want to include in the backup, please put them in /boot/config/custom/.

Restoring Flash Backup

  1. Click Generate flash backup.
  2. This will combine your OS configuration data with the OS release version you were running and put them both into a zip file that can be used with our flash creator tool to restore the backup to a new flash device.
  3. After the backup has been generated, you can click Download flash backup to obtain it.
  4. Use the Unraid USB Flash Creator to restore your backup to a new flash drive.

Download key and flash backup animated.gif

Additional Steps Required

Once you boot the OS, there are only a few things you will need to reconfigure:

  1. On the Settings -> Management Access -> Unraid.net page, click to Activate your flash backup again.
  2. On the Users page, for each user (including root), you will need to reset your passwords.
  3. On the Settings > VPN Manager page, for each tunnel and peer, click the key icon.
  4. Click "Generate Keypair" and "Generate Key", start each tunnel, then download the new client configuration to each associated client device.

Downloading Registration Key

To download your registration key, open the My Servers dashboard. From there, you can click Download registration key to obtain your key file.

My Servers Dashboard

To get a comprehensive overview of all of your registered systems, you'll want to visit the My Servers Dashboard. From here you can see all of your servers, their online/offline status, available storage, and running apps. In addition, you can both locally and remotely access your servers, download your registration keys, and generate your flash backups. To view the My Servers Dashboard, you can either:

A. Open the drop-down in the User Profile Component and select My Servers Dashboard.

My servers dashboard link - upc.png

or

B. Click the My Servers section header on our forums.

My servers dashboard link - forums.png

Signing Out

In the event that you wish to sign out of the My Servers program on your system, you can do so from the Management Access Settings Page.

  1. Open the drop down in the User Profile Component and select Settings.
  2. Scroll down to the Unraid.net section and click the Sign Out button.

Sign out.png

NOTE: Signed-out servers will still be displayed on the My Servers Dashboard, but you will only be able to download their registration key(s).

Privacy

Maintaining your data integrity, security, and privacy are of the utmost importance to us at Lime Technology. Below is a disclosure of what we store and relay when you use My Servers. For more information, please see our policies page.

Data We Store

When a server is registered for the My Servers program, we store some data regarding your server in our hosted infrastructure. This data includes:

  • The WAN IP address for the network your server is on and the remote access port
  • The LAN IP address for your server and the local access port
  • Your server's hostname, description, and icon.
  • The URL used for both internal and external access
  • The configuration data of your server (if you use flash-backup)

This data is stored solely for the purpose of providing services to you through our platform and is not publicly accessible. To remove all data from our cloud services you must:

  1. Deactivate flash backup.
  2. Sign out from My Servers.
  3. Remove all SSL certificates generated for you through our Let's Encrypt partnership.

Data We Relay

In addition to the data we store, Lime Technology provides a reverse-proxy relay to enable users a simpler way to get meaningful data remotely without having to open a port on your firewall/router. Through this relay, your server can communicate to the My Servers web app and provide you with information such as:

  • Online / offline status
  • Storage available / in-use
  • Apps and VMs running

This information is not stored in Lime Technology's infrastructure, but rather, is pulled on-demand from your server to display on the My Servers web application whenever the app is loaded.

Flash Backups are Not Encrypted

It is important to note that at this time, all backups of your flash device are stored in our cloud in a non-encrypted format. This is why we do not store the sensitive data mentioned below.

Sensitive Data

Until we are able to fully encrypt the flash backups on our servers, to ensure absolute privacy and integrity we have a few hard and strict policies regarding the storing of sensitive data. We do not store:

  • Unraid root or user account passwords
  • Public, private, or shared WireGuard keys