The hardware this website was running on, was getting a bit outdated. And since I like to tinker with my setup, I decided to upgrade to something new.
Some time ago I bought a new motherboard and CPU as a complete package from AliExpress. I was looking for something power efficient, since running a server with the crazy energy prices in Europe became a bit more expensive. I ended up buying an Intel Pentium N6005 based platform.
The board is not really ment for consumer use, which is mostly noticable when digging into the bios. The amount of settings to tweak is quite extensive, and some of the settings I’ve never seen before on any consumer grade boards.
It also took a bit of tinkering to get it to run properly. I bought a DDR4 SODIMM kit running on 3200MT. The CPU however is only capable of running speeds up to 2933MT. This board does not automatically select the right speeds for the CPU and ends up trying to run it at 3200MT, which is an overclock for the CPU and the memorycontroller was not very happy with those speeds.
Just limiting the speeds to 2933MT in the bios made things stable, but took a bit of luck to get it to boot into the bios in the first place with it running at 3200MT by default.
When that first hurdle was taken, everything went pretty smooth, and I had no problems setting it up. In the end I’m pretty happy with the board and it’s powerconsumption, which is quite a bit lower than my previous setup. It now idles around 15w with 3 HDDs (spun down) and a couple of SSDs.
Now that I had a new system to setup, I decided that it was about time to leave Ubuntu server behind and try something new.
I was already looking at setting up either Unraid or TrueNas for some time, and read about the pro’s and cons of each. In the end I decided to go with Unraid, mainly because of the ease of use and the recommendation of using ECC memory with TrueNas setups. I didn’t want to invest in a setup that would be able to use ECC. All the low powered Intel systems are not capable of using ECC, and although I like AMD, they do not offer low powered CPUs like Intel does.
So besides ease of use, the lack of ECC which is recommended in a ZFS environment made me go for Unraid instead, which does not use ZFS by default and does not have ECC as a recommendation.
So of we go, I bought myself an Unraid license and installed it on a USB stick I still had lying around. The board I bought has some USB headers on the board itself (just like many server boards do), so that was perfect. Safes having a USB stick hanging out at the I/O on the back of the computer.
It took a bit of reading and tinkering before I had Unraid setup the way I wanted. The community of Unraid is pretty awesome and there’s lots of information out there to get you started.
So now this website is being served from Unraid in a Docker container.
So much for the little background of what have kept me busy and tinkering for the last little bit,
And of course a merry christmas to you all!
Hey there! Do you know if they make any plugins to safeguard against hackers?
I’m kinda paranoid about losing everything I’ve worked hard
on. Any suggestions?
Generally speaking you do not open the UnRAID Web GUI to the internet.
If you want to access it from outside your own network, the safest bet is to set up a VPN server and use that. Tailscale for example is super easy to setup (no portfoward or double NAT troubles etc). So than you would first connect to the VPN which provides access to your private network where the UnRAID server lives. And from there you can access the UnRAID web GUI through the private IP (or by hostname, or whatever).
If that’s too limiting for you, look at setting up something like Authelia or Authentik and a reverse proxy like NPM (NGINX Proxy Manager) or Traefik,
That’s a bit more hassle to setup, but documentation is good so with some effort you should be able to figure it out.
UnRAID itself doesn’t provide enough security measures to make it robust enough when it comes to security.
However I’ve been running various services through Authelia for years now, and never had any security related incidents (knock on wood).