Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Request/Done] Let's Encrypt Container

Featured Replies

@cglatot

 

When I try going to domain.com it says page cannot load and also the rest of my services are unreachable. But, if I remove the code everything starts working again (ex domain.com, domain.com/cp etc )

  • Replies 576
  • Views 112.7k
  • Created
  • Last Reply

@jrdnlc - Can you post your entire default file code including what you have in for the plex entries? (Make sure to X out any personal details)

 

Does the log say anything relevant?

 

And are you restarting the nginx docker after each change?

@jrdnlc - Can you post your entire default file code including what you have in for the plex entries? (Make sure to X out any personal details)

 

Does the log say anything relevant?

 

And are you restarting the nginx docker after each change?

 

I'll send you the pastebin link via Pm and yeah I'm restarting the docker after changes.

I replied with a tweak to the /web/ entry. Try that and let me know.

Thanks Bjonness406 and EdgarWallace (and of course kamhighway for the instructions). I had some typos along the way that of course messed the whole thing up. So I've got it working now if I got to https://mydomain.com/nextcloud but what I'd like to do is https://nextcloud.mydomain.com. Right now that just goes to my default index page. Any directions for making that work?

I tried using Nginex-letsencrypt with EmbyServer aswell now and it seems to work fine.

 

I just added another location I found in the Emby forums to my config.

 

location /emby {
# Send traffic to the backend
proxy_pass http://192.168.xxx.x:8096/emby;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $remote_addr;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_redirect off;

# Send websocket data to the backend aswell
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

 

As I don't really understand much from this and already got Nextcloud running fine with the help of kamhighways guide from here (https://lime-technology.com/forum/index.php?topic=51466.0) I have already included a proxy.conf file located under /mnt/cache/appdata/letsecrypt/nginx/

which looks like this

 

client_max_body_size 10m;
client_body_buffer_size 128k;

# Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;

# Basic Proxy Config
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect  http://  $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;

 

So my question is if I could just use this instead of the one I found in the Emby Forums (as some lines are a bit different) and just add the following as a location to my config.

location /emby {
include /config/nginx/proxy.conf;
proxy_pass http://192.168.xxx.x:8096/emby;

Has anyone gotten this working with a DuckDNS URL? If I ping my address with no https:// it works just fine, but once I add https:// I get "cannot resolve https://XXXXXXX.duckdns.org: Unknown host"

I tried using Nginex-letsencrypt with EmbyServer aswell now and it seems to work fine.

Have you tested any of the apps externally? I have my emby set up behind apache, and it works great with the web client, but I can't get any of the emby apps to see it.

Have you tested any of the apps externally? I have my emby set up behind apache, and it works great with the web client, but I can't get any of the emby apps to see it.

I have Emby setup behind nginx and working both on internal and external network on both Android and ios :)

Has anyone gotten this working with a DuckDNS URL? If I ping my address with no https:// it works just fine, but once I add https:// I get "cannot resolve https://XXXXXXX.duckdns.org: Unknown host"

Forward port 443 on the router

 

Duckdns works fine for me

How can I block access to domain.com/test.txt, /folder, /sample.doc etc etc ?

Have you tested any of the apps externally? I have my emby set up behind apache, and it works great with the web client, but I can't get any of the emby apps to see it.

I have Emby setup behind nginx and working both on internal and external network on both Android and ios :)

 

Its working for me aswell.

Just kept it like this now with the proxy.conf file included.

 

location /emby {
include /config/nginx/proxy.conf;
proxy_pass http://192.168.xxx.x:8096/emby;

 

Did you do it the same way?

 

Would it be possible to use localhost instead of my unraid ip btw and is it a good idea generally?

How can I block access to domain.com/test.txt, /folder, /sample.doc etc etc ?

 

EDIT: I would like to know a more elegant method to do this, but in the meantime you can block multiple files / directories using this location format:

 

location ~ /(dir1|dir2|dir3|file1.ext|file2.ext|file3.ext) {
	deny all;
	return 404;
}

 

I would also like to know this! I didn't even realise that they could be accessed!

Has anyone gotten this working with a DuckDNS URL? If I ping my address with no https:// it works just fine, but once I add https:// I get "cannot resolve https://XXXXXXX.duckdns.org: Unknown host"

Forward port 443 on the router

 

Duckdns works fine for me

 

443 is forwarded. Still have the issue. Issue might be in my router.

Has anyone gotten this working with a DuckDNS URL? If I ping my address with no https:// it works just fine, but once I add https:// I get "cannot resolve https://XXXXXXX.duckdns.org: Unknown host"

Forward port 443 on the router

 

Duckdns works fine for me

 

443 is forwarded. Still have the issue. Issue might be in my router.

post config

How can I block access to domain.com/test.txt, /folder, /sample.doc etc etc ?

 

EDIT: I would like to know a more elegant method to do this, but in the meantime you can block multiple files / directories using this location format:

 

location ~ /(dir1|dir2|dir3|file1.ext|file2.ext|file3.ext) {
	deny all;
	return 404;
}

 

I would also like to know this! I didn't even realise that they could be accessed!

 

Where in the config file do I enter that code? I tried all the way at the bottom but it messes up my whole domain.com page.

Have you tested any of the apps externally? I have my emby set up behind apache, and it works great with the web client, but I can't get any of the emby apps to see it.

I have Emby setup behind nginx and working both on internal and external network on both Android and ios :)

 

 

I'm having trouble adding the server to android devices (android app) outside of local network.

web broswer traffic works fine internal and external

When you add the server are you putting port 443 as the port? and the host as https://my.subdomain/emby

 

my proxy and default conf below

Thanks!

 

Proxy.conf

client_max_body_size 10m;
client_body_buffer_size 128k;

#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;

# Basic Proxy Config
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect  http://  $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;

 

	
location /emby {
include /config/nginx/proxy.conf;
proxy_pass http://192.168.#.#:8096/emby;

How can I block access to domain.com/test.txt, /folder, /sample.doc etc etc ?

 

EDIT: I would like to know a more elegant method to do this, but in the meantime you can block multiple files / directories using this location format:

 

location ~ /(dir1|dir2|dir3|file1.ext|file2.ext|file3.ext) {
	deny all;
	return 404;
}

 

I would also like to know this! I didn't even realise that they could be accessed!

 

Where in the config file do I enter that code? I tried all the way at the bottom but it messes up my whole domain.com page.

 

Put it in the same place as your other location directives. Make sure that you do not include any directories that house resources like CSS, images, etc. that any html/php files need access to. The deny all is a literal deny ALL.

 

I'm still trying to work out how to stop direct-linking to images / css files whilst still allowing the server to serve them in web-pages. Apparently it can be done with nginx referer parameters, but I couldn't get it to work.

I'm using a template from here: html5up.net

 

Just download one and modify the index.html

 

The guy is super talented and these are really easy to customize

Thanks for sharing aptalca. The webUI is showing a nice overview now :-) However I don't quite understand how to open the Apps by clicking on the nice buttons. Where does this need to be added? https://192.168.xxx.xxx:xxx/nextcloud

 

Another question on how the conf files act together. E.g. the definition client_max_body_size can be found in all three files below.

What is best practice for all these definitions?

 

Would that work:

proxy.conf: anything starting with proxy_ and removing the rest

default: removing this as nginx.conf already contains these definitions.

ssl_prefer_server_ciphers on

add_header Strict-Transport-Security

client_max_body_size

 

proxy.conf:

client_max_body_size 10m;
client_body_buffer_size 128k;

proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect  http://  $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;

 

nginx.conf:

user nobody users;
worker_processes 4;
pid /run/nginx.pid;

events {
worker_connections 768;
}

http {

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

client_max_body_size 0;

include /etc/nginx/mime.types;
default_type application/octet-stream;

access_log /config/log/nginx/access.log;
error_log /config/log/nginx/error.log;

gzip on;
gzip_disable "msie6";

text/javascript;

include /etc/nginx/conf.d/*.conf;
        include /config/nginx/site-confs/*;
        
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7

}

 

default:

server {
listen 80;

listen 443 ssl default_server;

root /config/www;
index index.html index.htm index.php;

server_name server.dyndns.com;

ssl_certificate /config/keys/fullchain.pem;
ssl_certificate_key /config/keys/privkey.pem;
ssl_dhparam /config/nginx/dhparams.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;

add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header Front-End-Https on;

        client_max_body_size 10G;
        fastcgi_buffers 64 4K;

location / {
	try_files $uri $uri/ /index.html /index.php?$args =404;
}

location ~ \.php$ {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
}

location /nextcloud {
        include /config/nginx/proxy.conf;
        proxy_pass https://192.168.178.28:444/nextcloud;
}

        location /emby {
include /config/nginx/proxy.conf;
proxy_pass http://192.168.178.28:8096/emby;
        }

        location /calibre {
        include /config/nginx/proxy.conf;
        proxy_pass http://192.168.178.28:8083/calibre;
        }

        location /tvheadend {
        include /config/nginx/proxy.conf;
        proxy_pass http://192.168.178.28:9982/tvheadend;
        }
}

I'm using a template from here: html5up.net

 

Just download one and modify the index.html

 

The guy is super talented and these are really easy to customize

Thanks for sharing aptalca. The webUI is showing a nice overview now :-) However I don't quite understand how to open the Apps by clicking on the nice buttons. Where does this need to be added? https://192.168.xxx.xxx:xxx/nextcloud

 

You need to edit the HTML file(s) to include links to your apps. If you are using reverse proxy, use your domain, not the IP (local IPs will only work from the local network / VPN).

 

If you don't know HTML: http://www.w3schools.com/html/

Great link, thanks a lot cglatot.

 

Is there anyone with some advise on the 2nd question on how the conf files are working together?

Great link, thanks a lot cglatot.

 

Is there anyone with some advise on the 2nd question on how the conf files are working together?

Sure, you can modify them however you like. Nginx gives different priorities to different config files when there are duplicate parameters set.

 

For instance nginx.conf can set a parameter for all, but then you can override that in a specific server block while leaving the others as default

@cglatot

 

Have you figured it out how to block access to certain files/directories?

So I can't seem to get this figured out. I have the  default page working but when I edit the "default" file to add the location for one of my services, once i restart the docker it shows  *starting nginx nginx ...fail!

 

I've looked at multiple file setups and tried to emulate but nothing so far has worked :(

So I can't seem to get this figured out. I have the  default page working but when I edit the "default" file to add the location for one of my services, once i restart the docker it shows  *starting nginx nginx ...fail!

 

I've looked at multiple file setups and tried to emulate but nothing so far has worked :(

We can't say anything without seeing the config file

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.