HomeLab/unraid-mcp
2
0
Fork 1
mirror of https://github.com/jmagar/unraid-mcp.git synced 2026-03-02 08:14:43 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
f76e676fd41159942b42ea6367277d28bfeb6d48
unraid-mcp/docs/research/raw/connect-remote-access.md
Jacob Magar 37e9424a5c fix: address 54 MEDIUM/LOW priority PR review issues 
Comprehensive fixes across Python code, shell scripts, and documentation
addressing all remaining MEDIUM and LOW priority review comments.

Python Code Fixes (27 fixes):
- tools/info.py: Simplified dispatch with lookup tables, defensive guards,
  CPU fallback formatting, !s conversion flags, module-level sync assertion
- tools/docker.py: Case-insensitive container ID regex, keyword-only confirm,
  module-level ALL_ACTIONS constant
- tools/virtualization.py: Normalized single-VM dict responses, unified
  list/details queries
- core/client.py: Fixed HTTP client singleton race condition, compound key
  substring matching for sensitive data redaction
- subscriptions/: Extracted SSL context creation to shared helper in utils.py,
  replaced deprecated ssl._create_unverified_context API
- tools/array.py: Renamed parity_history to parity_status, hoisted ALL_ACTIONS
- tools/storage.py: Fixed dict(None) risks, temperature 0 falsiness bug
- tools/notifications.py, keys.py, rclone.py: Fixed dict(None) TypeError risks
- tests/: Fixed generator type annotations, added coverage for compound keys

Shell Script Fixes (13 fixes):
- dashboard.sh: Dynamic server discovery, conditional debug output, null-safe
  jq, notification count guard order, removed unused variables
- unraid-query.sh: Proper JSON escaping via jq, --ignore-errors and --insecure
  CLI flags, TLS verification now on by default
- validate-marketplace.sh: Removed unused YELLOW variable, defensive jq,
  simplified repository URL output

Documentation Fixes (24+ fixes):
- Version consistency: Updated all references to v0.2.0 across pyproject.toml,
  plugin.json, marketplace.json, MARKETPLACE.md, __init__.py, README files
- Tool count updates: Changed all "26 tools" references to "10 tools, 90 actions"
- Markdown lint: Fixed MD022, MD031, MD047 issues across multiple files
- Research docs: Fixed auth headers, removed web artifacts, corrected stale info
- Skills docs: Fixed query examples, endpoint counts, env var references

All 227 tests pass, ruff and ty checks clean.
2026-02-15 17:09:31 -05:00

10 KiB
Raw Blame History

Remote Access (Unraid Connect)

Source: Unraid Documentation - Remote Access Scraped: 2026-02-07 | Raw content for reference purposes

Unlock secure, browser-based access to your Unraid WebGUI from anywhere with remote access. This feature is ideal for managing your server when you're away from home - no complicated networking or VPN Tunnel setup is required. For more advanced needs, such as connecting to Docker containers or accessing network drives, a VPN Tunnel remains the recommended solution.

Security reminder

Before enabling remote access, ensure your root password is strong and unique. Update it on the Users page if required. Additionally, keep your Unraid OS updated to the latest version to protect against security vulnerabilities. Learn more about updating Unraid here .

Remote access through Unraid Connect provides:

  • Convenience - Quickly access your servers management interface from anywhere, using a secure, cloud-managed connection.
  • Security - Dynamic access modes limit exposure by only allowing access to the internet when necessary, which helps reduce risks from automated attacks.
  • Simplicity - No need for manual port forwarding or VPN client setup for basic management tasks.

tip

For full network access or advanced use cases, consider setting up Tailscale or a VPN solution.

Initial setup

To enable remote access:

  1. In the Unraid WebGUI, navigate to Settings → Management Access.
  2. Check the HTTPS port (default: 443). If this port is in use (e.g., by Docker), select an unused port above 1000 (like 3443, 4443, or 5443).
  3. Click Apply if you changed any settings.
  4. Under CA-signed certificate file, click Provision to generate a trusted certificate.

Your Unraid server will be ready to accept secure remote connections via the WebGUI, using the configured port and a trusted certificate.

Choosing a remote access type

Unraid Connect offers two modes:

  • Dynamic remote access
  • Static remote access

Dynamic remote access provides secure, on-demand access to your WebGUI.

  • Access is enabled only when you need it. The WebGUI remains closed to the internet by default, minimizing the attack surface.
  • Works with UPnP or manual port forwarding.
  • Automatically opens and closes access through the Connect dashboard or API, with sessions limited by time for added security.

Static remote access keeps your WebGUI continuously available from the internet.

  • Server is always accessible from the internet on the configured port.
  • Higher risk: The WebGUI is exposed to WAN traffic at all times, increasing potential vulnerability.
Feature Dynamic remote access Static remote access
WebGUI open to internet Only when enabled Always
Attack surface Minimized Maximized
Automation Auto open/close via Connect Manual setup, always open
UPnP support Yes Yes
Recommended for most

Dynamic remote access setup

To set up dynamic remote access:

  1. In Settings → Management Access → Unraid API, select a dynamic option from the Remote Access dropdown:

    • Dynamic - UPnP: Uses UPnP to open and close a random port automatically (requires UPnP enabled on your router).
    • Dynamic - Manual port forward: Requires you to forward the selected port on your router manually.

  2. Navigate to Unraid Connect , and go to the management or server details page.

  3. The Dynamic remote access card will show a button if your server isnt currently accessible from your location.

  4. Click the button to enable WAN access. If using UPnP, a new port forward lease is created (typically for 30 minutes) and auto-renewed while active.

  5. The card will display the current status and UPnP state.

  6. After 10 minutes of inactivity - or if you click Disable remote access - internet access is automatically revoked. UPnP leases are removed as well.

Using UPnP (Universal Plug and Play)

UPnP automates port forwarding, simplifying remote access without requiring manual router configuration.

To configure UPnP:

  1. Enable UPnP on your router. Ensure that your router supports UPnP and verify that it is enabled in the router settings.

  2. Enable UPnP in Unraid. Navigate to Settings → Management Access and change Use UPnP to Yes.

  3. Select UPnP in Unraid Connect. On the Unraid Connect settings page, choose the remote access option as UPnP (select either Dynamic or Always On) and then click Apply.

  4. Verify port forwarding (Always On only). Click the Check button. If successful, you'll see the message, "Your Unraid Server is reachable from the Internet."

    For Dynamic forwarding, you need to click Enable Dynamic Remote Access in Unraid Connect to allow access.

Troubleshooting

If the setting changes from UPnP to Manual Port Forward upon reloading, Unraid might not be able to communicate with your router. Double-check that UPnP is enabled and consider updating your router's firmware.

Using manual port forwarding

Manual port forwarding provides greater control and is compatible with most routers.

To configure manual port forwarding:

  1. Choose a WAN port: Pick a random port number above 1000 (for example, 13856 or 48653), rather than using the default 443.

  2. Apply settings in Unraid: Click Apply to save the port you selected.

  3. Configure your router: Set up a port forwarding rule on your router, directing your chosen WAN port to your servers HTTPS port. The Unraid interface provides the correct ports and IP address.

    Some routers may require the WAN port and HTTPS port to match. If so, use the same high random number for both.

  4. Verify port forwarding (Always On only): Press the Check button. If everything is correct, youll see “Your Unraid Server is reachable from the Internet.”

    For dynamic forwarding, ensure to click Enable Dynamic Remote Access in Unraid Connect to enable access.

  5. Access your server: Log in to Unraid Connect and click the Manage link to connect to your server remotely.

Enabling secure local access

Secure local access ensures that all connections to your Unraid WebGUI, even within your home or office network, are encrypted using HTTPS, thereby safeguarding any sensitive information, such as login credentials and configuration data.

Benefits of secure local access include:

  • Encryption - All data exchanged between your browser and the server is protected.
  • Consistency - Use the same secure URL for both local and remote access.
  • Compliance - Adheres to security best practices for protecting administrative interfaces.

To enable secure local access:

  1. Go to Settings → Management Access.
  2. In the CA-signed certificate section, check for DNS Rebinding warnings.

important

With SSL/TLS set to Strict, client devices must resolve your servers DNS name. If your Internet connection fails, access to the WebGUI may be lost. See Accessing your server when DNS is down for recovery steps.

Reference in New Issue View Git Blame Copy Permalink