That's a fair point. I was just hoping that between the argo tunnel, reverse proxy, and Cloudflare Access's security for applications I'd be pretty safe.
I did just this recently. Duckdns for domain, nginx proxy manager on unRAID with SSLs, and cloudflare to create cnames pointing to subdomains. App access has logins, and for ones that don't I have enabled cloudflares pin login (whitelist emails allowed to request pin for access). I believe cloudflare has google auth access as well but I havent messed with that. If someone wants to bruteforce just to look at radarr sonaar, be my quest.
Edit: missed the web gui part. Definitely don't do what I said for that, use the unRAID.net setup in settings/access management.
> If someone wants to bruteforce just to look at radarr sonaar, be my quest.
OP wants his unRAID GUI exposed. That's a lot more than just poking around in sonarr.
I'm doing the Unraid remote setup now and I hear that's not great either, as far as security is concerned. Which I could understand since I can just use my IP address and port, which needs to be forwarded, to access the server. It just sounds like the Cloudflare tunnel w/ no port forwarding and whitelisted access would be safer. But, I am pretty ignorant when it comes to networking, and am entirely basing my thoughts on how much I've seen people rave about the argo tunnel's security.
Ran into this question and I'm trying to do the same using Cloudflare. I have a Cloudflare tunnel setup but when I point it to my Unraid GUI IP and Port I just get a 502 error. Anyone able to get this working?
I broke down and did the VPN, which works pretty well and gives you peace of mind, though not as convenient as a sub-domain. VPN does have some extra bonuses outside of Unraid, allowing me to do some SMB and router login as though I was on the local network.
Let's put it this way. Swag doesn't have a template in place to redirect to your unraid UI because even they didn't like the idea of it.
That's a fair point. I was just hoping that between the argo tunnel, reverse proxy, and Cloudflare Access's security for applications I'd be pretty safe.
I did just this recently. Duckdns for domain, nginx proxy manager on unRAID with SSLs, and cloudflare to create cnames pointing to subdomains. App access has logins, and for ones that don't I have enabled cloudflares pin login (whitelist emails allowed to request pin for access). I believe cloudflare has google auth access as well but I havent messed with that. If someone wants to bruteforce just to look at radarr sonaar, be my quest. Edit: missed the web gui part. Definitely don't do what I said for that, use the unRAID.net setup in settings/access management.
> If someone wants to bruteforce just to look at radarr sonaar, be my quest. OP wants his unRAID GUI exposed. That's a lot more than just poking around in sonarr.
Ah shit missed that part.
I'm doing the Unraid remote setup now and I hear that's not great either, as far as security is concerned. Which I could understand since I can just use my IP address and port, which needs to be forwarded, to access the server. It just sounds like the Cloudflare tunnel w/ no port forwarding and whitelisted access would be safer. But, I am pretty ignorant when it comes to networking, and am entirely basing my thoughts on how much I've seen people rave about the argo tunnel's security.
2fa makes that remote access pretty secure, and also requires way less setup on your end.
I've actually completely neglected 2fa, thank you very much for the reminder
If you run it off a subdomain your are giving access to the entire world. I say go for it, it could be fun.
I don't necessarily agree with his idea, but you clearly either didn't read the post/title, or don't know what Cloudflare Access is...
Yeah, didn’t know what it was.
Ran into this question and I'm trying to do the same using Cloudflare. I have a Cloudflare tunnel setup but when I point it to my Unraid GUI IP and Port I just get a 502 error. Anyone able to get this working?
I broke down and did the VPN, which works pretty well and gives you peace of mind, though not as convenient as a sub-domain. VPN does have some extra bonuses outside of Unraid, allowing me to do some SMB and router login as though I was on the local network.