Hey all,
I'm new here, but I'm at the point where I really need to stop bashing my head against the wall and seek help for this. I'm doing my best to set up an automated media server from my home pc. I've gotten it to the point where it works pretty much perfectly... internally. I have containers for Transmission-vpn, Sonarr, Radarr, Jackett, Ombi, etc.
However, I really want to be able to access some of these containers externally as well (ombi) or view the status of my downloads in an android app like nzb360 (which supports sonarr, radar, transmission).
I was really excited when I came across the linuxserver/letsencrypt image (as I am on a Win10 pc and am unable to use alternatives like Traefik because I can't chmod permissions for the ssl key file -- but that's another topic), and the setup/config for it seemed pretty straightforward.
In terms of the domain itself, I purchased a domain name from google domains and transferred it to Cloudflare DNS. There I set up some A records (www.*, *.domain.net) and CNAME records for the subdomains for each container I want to make available externally.
I have also forwarded both ports 80 and 443 on my dd-wrt router.
I'm using docker-compose to make it a lot easier to test changes and bring up/down the containers as I go. Here is the compose entry for letsencrypt (minus sensitive info [email, domain name, etc]):
letsencrypt:
image: linuxserver/letsencrypt
container_name: le
ports:
- "80:80"
- "443:443"
volumes:
- ${CONFIG}/letsencrypt:/config
restart: always
depends_on:
- transmission-vpn
- sonarr
- radarr
- ombi
- jackett
environment:
- PUID=${PUID}
- PGID=${PGID}
-
[email protected]
- URL=domain.net
- SUBDOMAINS=tv,movies,downloads,requests,ombi,transmission,radarr,sonarr,jackett
- ONLY_SUBDOMAINS=false
- VALIDATION=dns
- DNSPLUGIN=cloudflare
- DHLEVEL=4096
- TZ=America/Los_Angeles
My \letsencrypt\nginx\site-confs\default file looks like this:
# main server block
server {
listen 443 ssl default_server;
root /config/www;
index index.html index.htm index.php;
server_name domain.net;
# enable subfolder method reverse proxy confs
include /config/nginx/proxy-confs/*.subfolder.conf;
# all ssl related config moved to ssl.conf
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
try_files $uri $uri/ /index.html /index.php?$args =404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# With php7-cgi alone:
fastcgi_pass 127.0.0.1:9000;
# With php7-fpm:
#fastcgi_pass unix:/var/run/php7-fpm.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
# sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp"
# notice this is within the same server block as the base
# don't forget to generate the .htpasswd file as described on docker hub
# location ^~ /cp {
# auth_basic "Restricted";
# auth_basic_user_file /config/nginx/.htpasswd;
# include /config/nginx/proxy.conf;
# proxy_pass http://192.168.1.50:5050/cp;
# }
}
# sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above
# notice this is a new server block, you need a new server block for each subdomain
#server {
# listen 443 ssl;
#
# root /config/www;
# index index.html index.htm index.php;
#
# server_name cp.*;
#
# include /config/nginx/ssl.conf;
#
# client_max_body_size 0;
#
# location / {
# auth_basic "Restricted";
# auth_basic_user_file /config/nginx/.htpasswd;
# include /config/nginx/proxy.conf;
# proxy_pass http://192.168.1.50:5050;
# }
#}
# enable subdomain method reverse proxy confs
include /config/nginx/proxy-confs/*.subdomain.conf;
And I've renamed the subdomain files I want to use under \proxy-confs\ and they look like this (sonarr example):
# make sure that your dns has a cname set for sonarr and that your sonarr container is not using a base url
# to enable password access, uncomment the two auth_basic lines
server {
listen 80;
server_name sonarr.domain.net;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name sonarr.domain.net;
access_log /var/log/nginx/sonarr.domain.net.log;
location / {
proxy_pass http://127.0.0.1:8989;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_buffering off;
}
}
To my eye, all of that looks like it *should* be working and allowing me to access sonarr from "sonarr.domain.net" -- but instead I get "ERR_CONNECTION_TIMED_OUT" page.
I can ping sonarr.domain.net -- and it returns a reply, along with my valid WAN IP. But I can't reach it in a browser window, and I have no idea what the cause of the issue is.
If anyone can help me figure this out, I would be eternally grateful. I've spent the past week or two staying up late trying to get all of this set up correctly, and I feel like I'm *SO CLOSE*!
Thanks in advance!
-Adam