redalert11 Posted September 9, 2016 Share Posted September 9, 2016 i know that unraid does not recommend this. but i have been looking around and couldn't really find any help on this. i have only been using nginx-let's encrypt for a week now. i got most things working in a reverse proxy. but the unraid dashboard has been a little tricky. it mostly works except for logs and control. but it does looks like the dashboard if you were at home. some feedback would be welcome I'm not very experienced in this. just thought i would put it out there to save some headache for others. this is what i got... it gives me a "A" for my encryption at https://www.ssllabs.com/ssltest/ server { # redirect all trafic to HTTPS listen 80; server_name my.domain.com; # change this to your ip or domain that is pointed at your server return 301 https://$server_name$request_uri; } server { listen 443 ssl default_server; root /config/www; index index.html index.htm index.php; server_name _; ssl_certificate /config/keys/fullchain.pem; ssl_certificate_key /config/keys/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; client_max_body_size 0; # location / { # root /config/www; # index index.html index.htm index.php; # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; # } location /couchpotato { include /config/nginx/proxy.conf; proxy_pass http://xxx.xxx.xxx.xxx:5050/couchpotato; } location /requests { include /config/nginx/proxy.conf; proxy_pass http://xxx.xxx.xxx.xxx:3000/requests; } location /sickrage { include /config/nginx/proxy.conf; proxy_pass http://xxx.xxx.xxx.xxx:8081/sickrage; } location /transmission { include /config/nginx/proxy.conf; proxy_pass http://xxx.xxx.xxx.xxx:9091/transmission; } # not working yet needs to be its own domain I'm assuming # location /owncloud { # include /config/nginx/proxy.conf; # proxy_pass http://xxx.xxx.xxx.xxx:8000/owncloud; # } location / { include /config/nginx/proxy.conf; proxy_pass http://xxx.xxx.xxx.xxx:78/; } } proxy.conf client_max_body_size 10m; client_body_buffer_size 128k; #Timeout if the real server is dead proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; # Advanced Proxy Config send_timeout 5m; proxy_read_timeout 240; proxy_send_timeout 240; proxy_connect_timeout 240; # Basic Proxy Config proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_redirect http:// $scheme://; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_cache_bypass $cookie_session; proxy_no_cache $cookie_session; proxy_buffers 32 4k; i did not create these configs myself if i find the links to the unraid posts ill add them. but this was a what worked for me from the unraid forms. thank you to the previous people that have posted on this. http://lime-technology.com/forum/index.php?topic=38875.0 https://www.linuxserver.io/index.php/overview-reverse-proxy-with-docker/ http://www.htaccesstools.com/htpasswd-generator/ Link to comment
ljm42 Posted September 9, 2016 Share Posted September 9, 2016 This is how I achieved A+ 100/100/100/100 at ssllabs: https://lime-technology.com/forum/index.php?topic=43696.msg465896#msg465896 And this is how I proxy unRAID, including the logs: https://lime-technology.com/forum/index.php?topic=43696.msg465800#msg465800 maybe it will be helpful. Link to comment
redalert11 Posted September 10, 2016 Author Share Posted September 10, 2016 This is how I achieved A+ 100/100/100/100 at ssllabs: https://lime-technology.com/forum/index.php?topic=43696.msg465896#msg465896 And this is how I proxy unRAID, including the logs: https://lime-technology.com/forum/index.php?topic=43696.msg465800#msg465800 maybe it will be helpful. that's looks awesome. i was wondering about making a sub domain and seeing how it worked. when i was looking around i seen that to get plex to work you needed to make a sub domain. so i happy to see your post. ill update mine after i make the changes. i work for a company that blocks everything on there corporate network but when i reverse proxy it allows to get to everything. that my reason for reverse proxy and going through all this trouble. here we are "not" allowed to VPN or remote desktop on the corporate computers and cell phone data doesn't make it very far. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.