Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

LXC Nginx Proxy Manager + Tailscale (Secure Reverse Proxy without Opening Ports)

Featured Replies

  

Here's a bit of info about an NPM installation that's working solidly for me.

 

You should install Tailscale using the Tailscale plugin for Unraid on every Unraid machine, then on any machines and mobile devices you plan to also use within the tailnet.

 

You can install NPM inside a Linux Container (instead of docker) along with Tailscale.

 

Running NPM on Debian LXC - Instructions:

 

Installing NPM in an LXC: https://medium.com/@rar1871/nginx-installing-proxy-manager-in-lxc-v2-debian-d4d4c98109b1

Script for above instructions: https://github.com/ej52/proxmox-scripts/tree/main/apps/nginx-proxy-manager

Setting up Tailscale on Debian (in the LXC): https://tailscale.com/kb/1174/install-debian-bookworm

 

  • Install LXC Plugin on Unraid from Community Apps (I like to use Default Network br0)
  • Go to LXC page/tab next to Docker page/tab
  • Add LXC Container
  • Enter a name for your container (no spaces)
  • Enter an optional description
  • Distribution: Debian
  • Release : Bookworm
  • MAC Address: (automatically generated - or enter your own)
  • Start after creation: ON
  • Click icon for container and select Terminal

 

  • Install Updates & a couple of packages needed for the installations to follow

 

apt-get update
apt-get upgrade
apt-get install apt-utils
apt-get install wget
apt-get install curl 

 

 

  • Nginx Proxy Manager install using script in LXC

 

sh -c "$(wget --no-cache -qO- https://raw.githubusercontent.com/ej52/proxmox/main/install.sh)" -s --app nginx-proxy-manager

 

  • Click container icon and Show Config
  • Copy the location of the config file to clipboard (/mnt/path_to_config_file…)
  • Stop container
  • Open Unraid terminal and edit the config file (nano /mnt/path_to_config_file…)

 

  • Add the following to the end of the LXC Config (TUN access so Tailscale can create its network)

 

#Allow TUN access
lxc.cgroup2.devices.allow = c 10:200 rwm
lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file

#Resource limitation
lxc.cgroup2.cpuset.cpus = 1	# This is a CPU core or list of cores to use for the LXC - omit line to allow all cores
lxc.cgroup2.memory.low = 256M
lxc.cgroup2.memory.high = 768M
lxc.cgroup2.memory.max = 1024M

 

  • Save the config file
  • Close terminal
  • Start LXC container
  • Open Terminal into LXC container

 

 

  • Install Tailscale inside LXC
    • First the package sources

 

curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list

 

    • Next the install

 

sudo apt-get update
sudo apt-get install tailscale

 

    • Finally running/activating (paste the tailscale up command with the key you copied earlier)

 


sudo tailscale up —auth-key AUTHORIZATION_KEY_GENERATED_ON_TAILSCALE_ADMIN_SITE

 

 

  • Access your NPM installation - make sure you enter HTTP and NOT HTTPS or the page won't load

 

 

 

You'll need to create DNS resolver overrides for Unbound if running that, or DNS entries in something like PiHole or AdGuard Home to send specific subdomains to your NPM IP.

 

NPM cert and proxy for every service/FQDN gets filled in the same way as if you were using it from Docker. Don't forget to make a proxy entry for NPM itself.

 

 

Edited by Espressomatic
fix typos

  • Author

[Reserved for additional content]

  • Author

[Final reserved post] - First post is being edited right now

  • Author

Yes, thanks.  Give me a couple of days to go over everything with a closer look, as I want to redeploy from scratch using my instructions to make sure they're clear and work as expected. I wrote that after setting up myself and need to make sure I didn't accidentally forget something. :)

 

 

1 hour ago, Espressomatic said:

Yes, thanks.  Give me a couple of days to go over everything with a closer look, as I want to redeploy from scratch using my instructions to make sure they're clear and work as expected. I wrote that after setting up myself and need to make sure I didn't accidentally forget something. :)

Sure, just take a look at the build directory in the linked Git Repo how I create the archives, it should be prette easy to understand and re deployment or even sharing the container archive with others should be pretty simle.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.