Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Where to put my own SSL certificate?

Featured Replies

Hello,

I have nginx-proxy-manager up and running and configured to obtain a wildcard certificate from letsencrypt via dns challende. Under /mnt/user/appdata/Nginx-Proxy-Manager-Official/letsencrypt/live/npm-1 I can find what appears to be symlinks, pointing to

lrwxrwxrwx 1 root root 29 Jun 19 22:02 cert.pem -> ../../archive/npm-1/cert1.pem

lrwxrwxrwx 1 root root 30 Jun 19 22:02 chain.pem -> ../../archive/npm-1/chain1.pem

lrwxrwxrwx 1 root root 34 Jun 19 22:02 fullchain.pem -> ../../archive/npm-1/fullchain1.pem

lrwxrwxrwx 1 root root 32 Jun 19 22:02 privkey.pem -> ../../archive/npm-1/privkey1.pem

which of these files do I have to copy where exactly, so that unraid uses them for it's frontend?

Thanks,

Klayman

Solved by Klayman

  • Community Expert

Just add a proxy in nginx-proxy-manager to unraid's server IP and use the port for the webgui (default is 80 and 443) and you wont have to worry about it.

I would suggest adding allow and deny rules to the config to block external access. This block below covers all private IP ranges which cannot be accessed from the web.

allow 10.0.0.0/8;

allow 172.16.0.0/12;

allow 192.168.0.0/16;

deny all;

Then also if you want to add tailscale add this one above the deny rule

allow 100.64.0.0/10;

These allow rules will let you access the domain as long as your connection originates from an IP in the allowed range. (which again are only private networks like your LAN)

Edited by MowMdown

  • Author

Thank you. Unfortunately this only works while the array is up and running. I have an encrypted ZFS pool which requires a password to be entered manually, thus nginx would not run after a reboot.

I would rather like to copy the wildcard certificate from appdata to the cert store of Unraid.

Best,

Klayman

  • Community Expert

Well in that case those SSL certs will be located in the Proxy Manager's appdata folder.

  • Author

Sure. I mean I can find them in appdata (cert, chain, fullchain, key), but I do not know where to put them in the unraid config folder. My idea was to copy the certificate and the key to /boot/config/ssl/cert, so that the unraid nginx will use them. I have a valid wildcard certificate with CN *.mydomain.tld and SAN *.mydomain.tld and mydomain.tld (of course I do also have the private key).

  • Author

Bump… anyone?

  • Author
  • Solution

ok, answer to self: I figured it out with below script, which is a simplification of this:

#!/bin/bash

# Define the source directory where the certificates are stored

# In my case npm-1 contains the wildcard certificate for my domain

source_dir="/mnt/user/appdata/Nginx-Proxy-Manager-Official/letsencrypt/live/npm-1/"

src_cert="cert.pem"

src_chain="chain.pem"

src_key="privkey.pem"

server_name="gorleben" # hostname of your server

##################################################################

# Check if the source directory exists

if [ ! -d "$source_dir" ]; then

echo "Error: Source directory not found: $source_dir. Make sure you have the correct path set in the script."

exit 1

fi

# Check if the source certificate files exist

if [ ! -f "$source_dir/$src_cert" ] || [ ! -f "$source_dir/$src_chain" ] || [ ! -f "$source_dir/$src_key" ]; then

echo "Error: Source certificate files not found. Make sure you have the correct file names set in the script."

exit 1

fi

# Generate certificate file names based on server hostname.

target="/boot/config/ssl/certs/${server_name}_unraid_bundle.pem"

# Copy and rename the source certificate files to each target directory

target_dir=$(dirname "$target")

if [ ! -d "$target_dir" ]; then

echo "Error: Target directory not found: $target_dir"

continue

fi

cat "$source_dir/$src_cert" "$source_dir/$src_chain" "$source_dir/$src_key" > "$target"

# Set appropriate permissions for the certificate files

chmod 600 "$target"

echo "Successfully copied and renamed SSL certificates to $target_dir"

# Restart the Nginx web server to apply the changes

echo "Reloading Nginx web server to apply SSL certificate changes..."

/etc/rc.d/rc.nginx reload || { echo "Failed to reload Nginx"; exit 1; }

echo "SSL certificates successfully reloaded"

Edited by Klayman
error in cat command

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.