Unraid: Initial Configuration Recommendations

For this post, I'm assuming that you have successfully been able to run Unraid on your server, you have followed the official Getting Started guide, and that you've at least been able to log into your server's webGui.

Let's go over a few things you should do to get things configured properly to start using Unraid. I'm always learning so I can't guarantee this guide is comprehensive, but I'll try to keep it up to date in the future.

Users

Unraid WebGUI Login page (Default)

First, absolutely set a good root password. The only account that can log into your server's webGui is the root account. You can do this on the Users tab, just click the root user and you can change the password there.

You should also create a new user account for yourself, so you can access shares on your server without having to log in as the root account. This will be marginally safer and should be pretty straightforward. What's a share? I'll talk more about those below.

Settings

Management Access Panel - Note that you can click the setting name to see what each one does.

Next, we're going to mess with some settings. Remember to hit Apply in each section where you make changes.

Start off by going to the Settings tab and then going to the Management Access page.

Set Use TELNET to NO. TELNET is old and bad. Don't use it.
Set Use SSH to NO. You can leave this on if you want another method of accessing and managing your server.
Set Use UPnP to NO. With UPnP enabled, your server may attempt to tell your router to forward ports under some circumstances. You're going to want to handle that yourself.

Everything else can be left alone. You can configure HTTPS here for your webGui as well if you want, just click help in the top right corner of the page and explanations will be expanded for you. For some reason, this didn't work for me until I set up the Unraid.net plugin - I'll provide more info on that later. But if the Provision button doesn't work, that might be why.

Now, go back to the Settings page, go to FTP Server and disable it. FTP is a method of sending files to the server, but it is inherently insecure and we won't ever be using it.

Notification Settings page. Or, at least, the top of it.

(Optional) If you want notifications for pending updates/patches, go to Settings and then Notification Settings. In the top section, you can configure which notifications you will see. I suggest turning on Unraid OS, Plugins, and Docker update notifications and checking the boxes for which methods you want to recieve those alerts. Under SMTP Settings, you can configure how alerts will be emailed to you. In the Notification Agents section below that, you can set up other methods of receiving alerts. Those configurations will be specific to what services you want use, so I'll leave configuring them up to you.

There isn't much else you really need to do in settings right now. I would suggest setting up your UPS settings if you have one of those for your server. My server shuts down at 50% or 10 minutes of battery left - enough to survive short power outages, or shutdown safely during long ones.

Your storage array! Well, my spare parts storage array. For now.

The storage on your server is split up into Shares. These are basically folders that your server will share with users or guests on your local network. You can view these shares on the Shares page (duh) - just click the share name to configure its settings.

The way this will work is most shares will live in your storage array. If you have a cache or cache pool, your Appdata, Domains, and Systems shares are going to live in there instead. Your Appdata share contains data that your apps will use often, your Domains share will contain the images used by your VMs, and your System share will contain system files such as the image that will store all your Apps. I'll deep dive into each of those in future posts, just know that they are all full of stuff that is read and written frequently.

I've already covered how cache drives work and why you should use them so you should understand that you want those high-traffic storage locations to use your cache or cache pool for speed and other reasons. Optionally you can ignore the next few paragraphs and configure your shares so that Cache is set to Yes - this means you will be using your cache drive for reading/writing to those shares, and the data will be copied over to your array on a schedule by Unraid's Mover.

You can click the Use Cache Pool setting name to see how Mover works for each setting.

With Use Cache Pool set to NO, the share will solely use the storage array for storing data.
With Use Cache Pool set to YES, the share will write new data to your cache (until you run out of space - then it'll switch to the storage array). Then, when the Mover is scheduled to run, it will move the new data from the cache to the array. This is preferable for general use as it will allow Unraid to keep the cache drive active rather than your storage array - and because your cache should be your fastest drive(s), speeding up your frequent data reading/writing.
With Use Cache Pool set to ONLY, new data in the share will be written to the cache until the cache is out of space - then file creations will return an error.
With Use Cache Pool set to PREFER, adding data to a share will work just like if set to YES, except overflow data will be written to the array and the mover will move data from the array to the cache instead. This is preferable for high-use shares (like Appdata, Domains, System).

In order to use your cache drive/pool for your Appdata, Domains, and System shares, you will need to configure those shares like this:

For other shares, the recommended configuration is to set Use Cache Pool to YES so that new data is written to the cache and later moved over to the array all at once.

Note that if you end up configuring the CA Appdata Backup V2 plugin (more on that below), and if you are using a single drive cache or a non-redundant configuration, I suggest storing your backups on your storage array. Optimally your array would be protected by your parity drive, and storing your appdata backup outside of the cache will be useful if your cache drive ever abruptly fails.

Next, on all shares, we're going to configure the SMB Security Settings.

SMB Security Settings - "SMB" is a method Unraid uses to give access to your shares to other devices on your network

We will be using the Export and Security settings in this section. Export determines whether or not Unraid will let other devices on the local network see that share. Security determines how Unraid who can access the drive and how.

For the majority of my shares I have set Export to NO because they are only used by the server and I don't need to access them from the network. Most of your shares should be set this way, including Domains and System.

If you would like to access a share from other devices, set Export to Yes, and Security to Private - then you can give your user account read or read/write access as necessary. Remember when we created that account earlier? Good times. As an example, I have a share for storing VM operating system images, and I access it from my desktop to add new images easily. I also have my Appdata share set this way, because I'm in there often fiddling with configuration files.

If you create a share that you would like everyone on your home network to be able to access without a login, set Export to Yes and Security to Public. This can be useful in some situations - I have one set up as a central location to quickly and easily share bulk files between my devices.

Once you're done with all your shares, go to the Main page and click on your boot device flash drive. Yes, your Unraid flash drive is a share for some reason. Set Export to NO, you don't want any outside access to your boot drive.

Finally, if you have any SMB / NFS / ISO File shares configured at the bottom, click the settings button for each share and turn the share toggle off. It may take a couple toggles to get it to work. I have a separate NAS set up (a Synology DS418j from before I got into Unraid) and I share its volumes to my Unraid server this way. There's no reason to share volumes from Unraid that are mounted into Unraid from another source. If you want to access them, configure their settings correctly in their source devices.

Accessing your Shares

Windows 10 Explorer - Accessing your shares the easy way!

You might be wondering... how do I access those shares from other computers now?

In your Settings tab, there are two sections we didn't touch earlier - SMB and NFS under the Network Services section. I believe these are both enabled by default.

Typically you will use SMB in windows and NFS in non-windows operating systems to access your Unraid shares.

If you're on a Windows device, you can look at Network Devices and select Tower (or whatever you named your Unraid server, if you changed that under Settings -> Identification). Alternatively, you can type \\tower in the explorer URI bar, or you can enter \\[SERVER IP]. You may be prompted to log in your Unraid user account when accessing your shares, or accessing an individual share. Remember to log in with the account you granted share access to - NOT the root account.

I haven't set up shares on a Mac or Linux OS, but here is a thread about how to do it on a Mac - if I understand correctly, with SMB enabled, it should be as simple as opening the folder smb://tower

Here is a post I found about mounting nfs shares on Linux

If you need me to go into detail on mounting shares on Mac/Linux, let me know, I have some computers running each I can test it out on. Also, if you want to use shares for your apps or VMs, you can do that without changing any of the above configurations. I will go over that in future posts.

Useful Plugins

The Unraid Community Apps plugin

One of the coolest parts of Unraid is the community behind it. There are a few community-contributed plugins that I feel every Unraid user should have installed to vastly improve their experience.

First off, the plugin that I have used the most - the community applications plugin. This will add an "Apps" tab to your Unraid webGui where you can browse, learn about, and install apps that are generally docker containers or Unraid plugins. This is by far the most convenient tool available in Unraid, in my opinion, and it's one I use constantly.

Next, you can use the app store to install the following plugins, all three are part of the CA (community applications) family of plugins:

And this one is an official Unraid plugin, but it allows for SSL connections to your server's management dashboard, and even remote connections if you decide to do that (requires forwarding a port on your router): Unraid.net Plugin. Additionally, this lets you backup your boot flash drive to a remote location (Unraid.net) which may come in handy if you ever break or lose yours.

Feel free to read those forum threads to get an idea for what each plugin does. You don't have to actually configure or use these plugins yet - especially Backup/Restore V2, you shouldn't have a use for it at this point - but they will come in handy in the future as you add things to your server. All of the CA plugins are super useful, but I recommend these three especially.

Network Configuration

Example port forwarding form

This isn't Unraid specific, it's more general homelab advice, but I'm going to go over a few important networking things to keep in mind. Your home router is your gateway to the internet, and typically it will have a built-in firewall that by default blocks all incoming traffic (except, maybe, ports your internet service provider leaves open).

Be very careful with which ports are forwarded through your router. You will eventually forward some ports from the internet to your server if you want to access anything on it from the internet - a website, VPN, game server, etc... But, in general, you want to minimize how easy it is for devices on the internet to get to devices inside your home network.
NEVER enable the DMZ setting for your server in your router configuration. This will allow all incoming traffic to reach your server, which is unsafe. If you've heard before that DMZ's are a good place for servers, be aware that your router's DMZ is not the "real" thing. A real DMZ is set up by configuring your network hardware in a certain way, with your public-facing server sandwiched between two devices with firewalls. I may go over that in depth in a future post, but it's not absolutely necessary.

Cool things to look at next

There is a TON of stuff you can do with your server now. Here are just a few things I'm running on my Docker service.

If you're looking for a direction now, here are some suggestions.

Check out the Community Apps store, the Unraid Blog, the Subreddit, the Unraid Forums, or even Youtube for fun ideas and other guides. There's tons of stuff out there - and I'm gonna add more on this very blog, so feel free to poke around here too!
Get a VPN up and running with Wireguard. It's super easy and you can use this to securely access and manage your server (or your entire network) from the internet. The Unraid Wireguard tutorial is located here.
The wiki has some more security suggestions that I didn't include here because I don't think they're super necessary to do right away.
Go to Plugins and use the Fix Common Problems plugin you installed earlier to scan for issues you can fix. You may not have many on an initial install, but it's good to do this occasionally, especially if you change things often.

Thanks for reading! Again, feel free to comment below or contact me - especially if you need clarification or a deeper dive into anything I covered above.