[[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)]

2 hours ago, sgt_spike said:

for the settings, duckdns.org should be the domain and bacnet should be in the subdomain?

 

to forward bacnet to unraid do I edit the duckdns docker?

@sgt_spike does duckdns.org have your updated IP when you log into duckdns website?

[[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)]

On 12/9/2016 at 3:01 PM, CHBMB said:

 

Let's look at the above as an example.

 

 

location ^~ /plexpy/

 

 

Tells the webserver that this will be located at the server.com/plexpy address

 

 

 proxy_pass http://192.168.1.28:8181;
    include /config/nginx/proxy.conf;

 

 

Tells nginx where to find the plexpy app and to use the proxy settings in the proxy.conf file

 

 

 proxy_bind $server_addr;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Forwarded-Ssl     on;

 

 

Tells plexpy to use some extra settings necessary to get this working.  Don't worry about these, app specific settings can often be found with a bit of googling though.

 

 

auth_basic "Restricted";
auth_basic_user_file /config/.htpasswd;

 

 

Now to add password protection, you need to add the above lines to that config but you also need to create a .htpasswd file.  There are instructions here in the readme or if you prefer you can use an online tool like this one.

 

 

Copying the last line of chbmb:osQXeEdll4XFk to a file called .htpasswd and placing it in the /config folder (/mnt/user/appdata/nginx or something similar)  Note whatever text editor you use (NOT NOTEPAD ON WINDOWS) must use linux line endings.  If you want to use multiple users then just add a new line for each user.  So the linuxserver .htpasswd may end up looking like this.

 

username:hashedpassword  Obviously this example below doesn't have real hashed passwords in... 

 

 

aptalca:weneedatokenyank
asshopo:notanotheryankwhokeepswaving
chbmb:theonlysaneone
danioj:britabroaddownunder
ironicbadger:gladbadgerbaitingisillegal
j0nnymoe:toocoolforschool
kode:phpninjamaster
saarg:tokenswedishguy
smdion:wethinkhesstillalivebutnotreallysure
sparklyballs:grumpyoldman
stark:anyexcusetowearleather
squid:yumyumcouldbedinner
xe:themannoonereallyknowsexists
stark:anyexcusetowearleather

 

 

 

So final "block" looks like this:

 

 

location ^~ /plexpy/ {
    proxy_pass http://192.168.1.28:8181;
    include /config/nginx/proxy.conf;
    proxy_bind $server_addr;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Forwarded-Ssl     on;
    auth_basic "Restricted";
    auth_basic_user_file /config/.htpasswd;
}

 

 

 

 

 

 

No, you'd place .htpasswd in the /config folder.  As shown in the example above.

 

 

 

Yes it is, has more functionality, so is more complicated, essentially it's a pretty much fully blown webserver, rather than a single app that runs on a webserver.

 

 

 

That's achievable and what this docker is designed for.  Once you've done one or two apps, it kind of click.  However you've got the above bit a little wrong.  The whole point of this is so you DON'T open a ton of ports on your router.  Just 80 & 443 both forwarded to your Unraid box.  Then all communication with any app is proxied through the nginx container.  The config out of the box will automatically forward all port 80 requests to 443, so all communication actually takes place over https and is encrypted.  Now go and close those ports again! 

 

 

 

It's difficult to point at one single resource.  We're working on something to try and make this a bit easier but, don't worry, we'll get you going.  Just bear with it.

I tried the above for plexpy 

    location ^~ /plexpy {
        proxy_pass http://192.168.99.224:8181/plexpy;
        include /config/nginx/proxy.conf;
        proxy_bind $server_addr;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Forwarded-Ssl on;
        auth_basic "Restricted";
        auth_basic_user_file /config/.htpasswd;
    }

 

Without the auth_basic it works and I can get in with plexpy login, but with the auth_basic in there I get a pop up for u/pw.

I put in my username and password from my .htaccess file which is stored in /config/ directory but it takes me to a 403 Forbidden page. Thoughts?

My .htaccess file only has

username:hashedpw

 

does it need to have the other stuff in there as well?

*Edit: ran docker exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd <username>

to generate the .htaccess file and it works now. 

[The Complete UnRAID reverse proxy, Duck DNS (dynamic dns) and letsencrypt guide]

location /sonarr {
        include /config/nginx/proxy.conf;
        proxy_pass http://192.168.1.224:8989;

 

this is mine

[The Complete UnRAID reverse proxy, Duck DNS (dynamic dns) and letsencrypt guide]

@aptalca it is a ubiquiti edge router lite. 

Every other one (radarr, sonarr, unifi, plexrequests) that I have setup through reverse proxy is accessible through IP:port

I have hairpin NAT enabled "Nat loopback"

Who know what madness I have done to my default file in nginx/site-confs. 

[The Complete UnRAID reverse proxy, Duck DNS (dynamic dns) and letsencrypt guide]

@NeoDude I'm using LE, duckdns, nginx with my nextcloud docker. I can access from https://<server>.duckdns.org/nextcloud but internally I cannot access NextCloud. Driving me nuts!

https://192.168.1.224/nextcloud/ brings me to a blank page within my unRAID webUI??

https://192.168.1.224:444/nextcloud/ redirects me to https://server.duckdns.org/nextcloud

 

Anyone's help would be greatly appreciated!