📄️ Security fundamentals
The principle of least privilege means granting users and devices only the minimum access necessary to perform their tasks, never more. This approach limits potential damage from compromised accounts or accidental actions and is a core concept in modern security, including zero trust models. Apply this principle throughout your Unraid configuration, especially when creating share users and assigning permissions.
📄️ Securing your flash drive
The flash drive is essential to your Unraid server, as it stores all configuration data, licensing, and system settings. Due to its importance, it’s crucial to keep its contents secure and accessible at all times.
📄�️ User management
Unraid makes managing users on your NAS simple and secure, catering to everyone from beginners to experienced users. The streamlined approach helps reduce confusion while ensuring that security and access control remain strong.
📄️ Securing your connection
Securing your Unraid %%WebGUI|web-gui%% with %%SSL|ssl%% encryption protects sensitive data—such as login credentials and configuration details—from interception or tampering on your local network or the internet. You can use wildcard %%SSL|ssl%% certificates provisioned by Let's Encrypt for both local and Unraid Connect Remote Access scenarios.
📄️ Encrypting your data
Encrypting your drives in Unraid adds a strong layer of protection for sensitive data, helping to prevent unauthorized access if a drive is lost or stolen. Encryption is available for the %%array|array%% and the %%cache pool|cache-pool%%. However, be aware that encryption can complicate data recovery, so it should be used only when you require a specific level of data confidentiality, such as when storing sensitive personal, business, or regulated information.
📄️ Tailscale
Unraid now features deep integration with %%Tailscale|tailscale%%, thanks to a technology partnership that directly connects seamless, secure networking to your server. %%Tailscale|tailscale%% isn't a traditional VPN - it's a modern, peer-to-peer overlay network built on %%WireGuard|wireguard%%. It lets you connect devices, servers, and individual Docker containers into your secure private network (%%Tailnet|tailnet%%), regardless of their physical location or network environment. The Unraid partnership ensures the %%Tailscale|tailscale%% plugin is fully maintained and tightly integrated, offering native certificate support and advanced features in Unraid 7 and newer.
📄️ WireGuard
While Tailscale provides a user-friendly experience for most, WireGuard is a robust built-in VPN solution in Unraid that shines in specific advanced networking scenarios. It’s particularly useful when you need detailed control over VPN routing or require server-to-server or LAN-to-LAN connections without relying on third-party services. Below are key scenarios where WireGuard excels.
📄️ Secure your outgoing communications
The outgoing proxy manager and %%Tailscale|tailscale%% exit nodes provide a way to route Unraid's outgoing communications through secure channels. These tools are useful for bypassing restrictive firewalls, adhering to network policies, or safeguarding your outgoing traffic. While these solutions mainly focus on Unraid's system traffic, there are configuration options to extend their coverage to your broader network.