📄️ 安全基础
The principle of least privilege means granting users and devices only the minimum access necessary to perform their tasks, never more. This approach limits potential damage from compromised accounts or accidental actions and is a core concept in modern security, including zero trust models. Apply this principle throughout your Unraid configuration, especially when creating share users and assigning permissions.
📄️ 确保您的闪存驱动器安全
The flash drive is essential to your Unraid server, as it stores all configuration data, licensing, and system settings. Due to its importance, it’s crucial to keep its contents secure and accessible at all times.
📄️ 用户管理
Unraid 使管理您的 NAS 上的用户变得简单安全,适合从初学者到经验丰富的用户。精简的方法有助于减少混淆,同时确保安全性和访问控制保持强大。
📄️ 保护您的连接
使用%%SSL|ssl%%加密保护你的Unraid %%WebGUI|web-gui%%安全,保护敏感数据(如登录凭证和配置细节)免于在本地网络或互联网被截取或篡改。你可以使用由Let's Encrypt在本地及Unraid Connect远程访问场景下获得的通配符%%SSL|ssl%%证书。
📄️ 加密您的数据
Encrypting your drives in Unraid adds a strong layer of protection for sensitive data, helping to prevent unauthorized access if a drive is lost or stolen. Encryption is available for the %%array|array%% and the %%cache pool|cache-pool%%. However, be aware that encryption can complicate data recovery, so it should be used only when you require a specific level of data confidentiality, such as when storing sensitive personal, business, or regulated information.
📄️ Tailscale
Unraid 现在通过与 %%Tailscale|tailscale%% 的技术合作,提供了深度集成,使您的服务器能够实现无缝、安全的网络连接。%%Tailscale|tailscale%% 不是传统的 VPN,而是一种基于 %%WireGuard|wireguard%% 的现代点对点覆盖网络。它可以将设备、服务器和单个 Docker 容器连接到您的安全私人网络 (%%Tailnet|tailnet%%),无论其物理位置或网络环境如何。Unraid 的合作确保了 %%Tailscale|tailscale%% 插件的完整��维护和紧密集成,为 Unraid 7 及更新版本提供原生证书支持和高级功能。
📄️ WireGuard
While Tailscale provides a user-friendly experience for most, WireGuard is a robust built-in VPN solution in Unraid that shines in specific advanced networking scenarios. It’s particularly useful when you need detailed control over VPN routing or require server-to-server or LAN-to-LAN connections without relying on third-party services. Below are key scenarios where WireGuard excels.
📄️ 确保您的外发通信安全
The outgoing proxy manager and %%Tailscale|tailscale%% exit nodes provide a way to route Unraid's outgoing communications through secure channels. These tools are useful for bypassing restrictive firewalls, adhering to network policies, or safeguarding your outgoing traffic. While these solutions mainly focus on Unraid's system traffic, there are configuration options to extend their coverage to your broader network.