Remote access to my nas?

    • Official Post

    Not available for arm, cannot be installed on Raspberry.

    If he really wants to use it on a Pi and is already using docker (I personally love wetty)


    Code
    docker run --restart=always --name=wetty -p 2222:3000 wettyoss/wetty --ssh-host=your-server-ip -b

    All you need to do is adjust "your-server-ip" to your server IP and deploy. Wetty will then be reachable at ip:2222

    • Official Post
    Code
    docker run --restart=always --name=wetty -p 2222:3000 wettyoss/wetty --ssh-host=your-server-ip -b

    All you need to do is adjust "your-server-ip" to your server IP and deploy. Wetty will then be reachable at ip:2222

    For anyone reading this. If you install wetty this way it is recommended to put it behind a reverse proxy and install an https certificate.

    • Official Post

    For anyone reading this. If you install wetty this way it is recommended to put it behind a reverse proxy and install an https certificate.

    Well yeah. That would be the exact same advice to people using the plugin, unless you plan to just use it local. If you're only using it locally, just like the plugin.. there's no real reason to pull a cert.


    Not really sure what your point is. It's exactly the same as the plugin. If your'e going to access the plugin from outside your network, you should put it behind a reverse proxy...


    However none of that was even suggested. The suggestion was that wetty was not available for a Pi. Via plugin, you're correct. However it's absolutely very easy to install on a Pi, as I pointed out.

    • Official Post

    If you're only using it locally, just like the plugin.. there's no real reason to pull a cert.

    I'm not talking about accessing from outside the network, just locally.


    If you connect to wetty via http someone can intercept the communication and see the username and password at the start of the SSH connection to the server, since it is sent in plain text. An example of this would be if someone hacks into your local Wi-Fi, or some insecure IOT device on the same network could be another risk. The only way to prevent this is to install a certificate so that the connection is https. This way no one can see the communications.


    The plugin allows adding a certificate in the GUI, self-signed and created in the OMV GUI as well. So you already have the problem solved, the connection will be https locally.


    If you install wetty with docker in this way, you do not have an https certificate. The easy way to solve this is to put the connection behind a reverse proxy and install a certificate. Nginx Proxy Manager, for example, allows you to do it easily and install a Let's Encrypt certificate (or a self-signed certificate, in this case it would be enough) for that connection. It is not necessary to publish that service on the internet, it can remain local. But in this way the connection will be encrypted even if it is local.

    • Official Post

    OK, and how many users do you think enable the cert in the plugin?


    I'd bet very very few (in fact because I've helped so many who are using it.. I KNOW very very few do)


    Someone would have to compromise your network in order to get access to wetty and in that case, you probably have way bigger problems.


    But again, none of this is even remotely what I responded to. You said wetty couldn't be installed on a Pi. I showed it could.


    If someone wants to setup certs, etc.. it's their responsibility to learn those things.. but again, I've used it locally without a cert and never had an issue in several years.

    • Official Post

    I'd bet very very few

    You're right, sure very few do, but they should. They have the button right there in the GUI, and most of them won't even wonder what it's for. This is the biggest problem with novice users.

    I wouldn't have pushed that button when I was a rookie either. :) , now yes, time is teaching you what are the risks involved in having a server.

    Someone would have to compromise your network

    How many people have smart bulbs or plugs in their home made in China? Those devices are completely unsafe.

    How many users configure a vlan in their house to isolate those devices? Probably the same ones that click that certificate button in wetty, very few.

  • You need apttool plugin, and then you can install it like a regular Debian package.


    Or ,manually via curl like here described: Tailscale on OMV 6


    However, installed as a Docker container it would not affect the underlying Debian installation...

    Questions, I am running everything for OMV and docker on my raspberry pi. Functionality wise for tailscale does it matter if it is installed right on the pi or ran in a container on a pi?


    Ideally I would love to run everything on docker (except for OMV that is installed on my pi SD card). I am trying to figure out if it is possible to set up tailscale with pihole, to make my pi act as a exit node.


    I am wary however as when I tried last I failed pretty badly. I need to figure out how to configure everything so I still have local (and remote) access to my NAS along with my self hosted freshrss feed aggregator. I am just trying to figure out the optimal way to set that up with out breaking everything with dns disasters.


    So with what I am trying to accomplish, would docker still be a possibility to run, pi-hole, tailscale, freshrss, omv and nas, and still have remote access to everything with my phone, and laptop like I was local while being "secure"?

  • Questions, I am running everything for OMV and docker on my raspberry pi. Functionality wise for tailscale does it matter if it is installed right on the pi or ran in a container on a pi

    does not matter, same functionality.



    So with what I am trying to accomplish, would docker still be a possibility to run, pi-hole, tailscale, freshrss, omv and nas, and still have remote access to everything with my phone, and laptop like I was local while being "secure"?

    Can't comment on the combination of Tailscale and Pihole in Docker containers, I have no experience with that, sorry.


    However, OMV should run on top of Debian, and not in a container. Did not know that's feasible, unless I misunderstood your setup. You want OMV to control the Docker containers.


    I think that setting up Tailscale, Pihole and the other applications as Docker containers under OMV is more flexible and safer than setting them up right in Debian.


    If something fails, you just modify or delete the Docker container. Suggest to try it out.


    And not trying to confuse things, but in case the setup of Pihole is not successful, and as a backup solution, you may want to check out NextDNS.com for the clients...

  • Login via SSH and follow the steps described on the Tailscale website:

    Tailscale
    Tailscale is a zero config VPN for building secure networks. Install on any device in minutes. Remote access from any network or physical location.
    tailscale.com

    OMV7 on RPi4B, WD elements 4TB

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!