Coolsaber57 Posted January 16, 2019 Share Posted January 16, 2019 3 hours ago, sasjafor said: Hi, I'm trying to setup a reverse-proxy for the unraid webUI. I only want it for my local network and not expose it to the internet. The main reason is to have uniform subdomains for all services on my local network and for the annoying invalid certificate warning to go away. So far, I have been quite successful, but I am struggling with php files getting buffered. Which is something I don't want, as for example the docker update popup box will only display text once the update is finished. Here is my config so far: server { listen 443 ssl; server_name unraid.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; fastcgi_keep_conn on; fastcgi_buffering off; proxy_buffering off; gzip off; resolver 127.0.0.11 valid=30s; set $upstream_unraid $REDACTED; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_pass https://$upstream_unraid:4433; } } I have simply tried to adapt one of the existing templates for the unraid UI. All the statements related to buffering didn't change anything. I have also tried not including /config/nginx/proxy.conf and also still no change. I would be glad if someone could help me figure out why php responses still are getting buffered. Hey this is not necessarily what you're looking for, but I had a much easier time passing the Firefox container, then just accessing the Unraid UI inside the firefox container. Much less headache IMO. 1 Quote Link to comment
sasjafor Posted January 16, 2019 Share Posted January 16, 2019 37 minutes ago, Coolsaber57 said: Hey this is not necessarily what you're looking for, but I had a much easier time passing the Firefox container, then just accessing the Unraid UI inside the firefox container. Much less headache IMO. Yeah, I'm just looking for local access to the unRAID webgui, so I really just want the benefit of accessing unRAID via unraid.mydomain.com and nothing else, but thank you for the hint anyway. Quote Link to comment
Coolsaber57 Posted January 16, 2019 Share Posted January 16, 2019 (edited) Ok I've run into an odd issue, trying to figure out where I am going wrong. I'm trying to proxy the Photoshow docker container with the following config under the https://photos.mydomain.com: # For Photoshow server { listen 443 ssl; listen [::]:443 ssl; server_name photos.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_photos photoshow; proxy_pass http://$upstream_photos:8083; } } However, when I start up the LE container, I get an error, and the container doesn't start: e': "No such container: 0a7b5297b0bc" Here's my photoshow config for reference: Am I missing something really obvious? Edit: just realized I should have set upstream_photos and used port 80. Resolved my issue. Edited January 16, 2019 by Coolsaber57 Quote Link to comment
aptalca Posted January 16, 2019 Share Posted January 16, 2019 43 minutes ago, Coolsaber57 said: Ok I've run into an odd issue, trying to figure out where I am going wrong. I'm trying to proxy the Photoshow docker container with the following config under the https://photos.mydomain.com: # For Photoshow server { listen 443 ssl; listen [::]:443 ssl; server_name photos.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_photos photoshow; proxy_pass http://$upstream_photos:8083; } } However, when I start up the LE container, I get an error, and the container doesn't start: e': "No such container: 0a7b5297b0bc" Here's my photoshow config for reference: Am I missing something really obvious? Edit: just realized I should have set upstream_photos and used port 80. Resolved my issue. Yup, when connecting container to container, remember to use the container port, not the host Quote Link to comment
maxse Posted January 16, 2019 Share Posted January 16, 2019 So it seems from googling that my ISP block port 80. I watched spaceinvader one's video but figured I would ask here before I invest a lot of time figuring how to set all this up... Is it as easy as just selecting a different port? I couldn't seem to find a straight answer on this. Is it more complicated to get around this? possible? I was planning on using DynDns as my ISP router has that function on it. Quote Link to comment
ijuarez Posted January 16, 2019 Share Posted January 16, 2019 So it seems from googling that my ISP block port 80. I watched spaceinvader one's video but figured I would ask here before I invest a lot of time figuring how to set all this up... Is it as easy as just selecting a different port? I couldn't seem to find a straight answer on this. Is it more complicated to get around this? possible? I was planning on using DynDns as my ISP router has that function on it.You don't have to use the port 80 you do have to use for 443 I don't use port 80 whatsoever and it works fineSent from my Nokia 7.1 using Tapatalk Quote Link to comment
philosoraptor Posted January 17, 2019 Share Posted January 17, 2019 Hi everyone, I've searched over this thread but I've not been able to find out what I'm trying to accomplish. I had Ombi setup on a VM already before I used this docker for LE. Does anyone know what changes I would need to make to the use the ombi.subdomain.conf file when using ombi not in a container, but on another VM? Thanks. Quote Link to comment
maxse Posted January 17, 2019 Share Posted January 17, 2019 (edited) 19 minutes ago, ijuarez said: You don't have to use the port 80 you do have to use for 443 I don't use port 80 whatsoever and it works fine Sent from my Nokia 7.1 using Tapatalk Thank you! OKay here we go, following spaceinvader one's guide now The router actually supports no-ip.com, unfrotunately no duckdns. Hopefully that's still okay? I figured once less thing to set up if it's running on the router? Edited January 17, 2019 by maxse Quote Link to comment
aptalca Posted January 17, 2019 Share Posted January 17, 2019 41 minutes ago, maxse said: So it seems from googling that my ISP block port 80. I watched spaceinvader one's video but figured I would ask here before I invest a lot of time figuring how to set all this up... Is it as easy as just selecting a different port? I couldn't seem to find a straight answer on this. Is it more complicated to get around this? possible? I was planning on using DynDns as my ISP router has that function on it. If you do http validation, port 80 is required on the wan. If you do dns validation, you don't need port 80 Quote Link to comment
maxse Posted January 17, 2019 Share Posted January 17, 2019 WOW, it worked guys! First time! Boom! I guess they are not blocking port 80 after all! Quick question, I am only using this for ombi right now. I selected an option in Ombi under Authorization to enable Plex OAuth. Is there any other password that I need to set for security reasons? Or is that fine? When I tested it, it goes to the ombi page and says log in with Ombi or Log in with plex... Is that enough? Thanks soo much! Quote Link to comment
ijuarez Posted January 17, 2019 Share Posted January 17, 2019 If you do http validation, port 80 is required on the wan. If you do dns validation, you don't need port 80Yep, Sent from my Nokia 7.1 using Tapatalk Quote Link to comment
Jclendineng Posted January 17, 2019 Share Posted January 17, 2019 I looked at the dockerfile but could not find an answer. Is it possible to tweak the nginx on here to get built with opelssl 1.1.1a? (pulling the dockerfile and doing a manual install in unraid) For TLS 1.3 support. Thanks for any advice. Quote Link to comment
aptalca Posted January 17, 2019 Share Posted January 17, 2019 5 hours ago, Jclendineng said: I looked at the dockerfile but could not find an answer. Is it possible to tweak the nginx on here to get built with opelssl 1.1.1a? (pulling the dockerfile and doing a manual install in unraid) For TLS 1.3 support. Thanks for any advice. Not easily, nginx comes from the alpine package repo. We are currently on the latest stable, 3.8, which uses libressl, which doesn't yet support TLS 1.3. However, the edge build of nginx is using openssl 1.1.1, which supports TLS 1.3. When 3.9 stable of alpine is released, it should support TLS 1.3 with nginx. Or you _could_ try and install nginx from the edge repo inside the container but we don't support it, so don't come to us if you try and have issues. 1 Quote Link to comment
Gobs Posted January 18, 2019 Share Posted January 18, 2019 On 12/19/2018 at 11:43 AM, Gobs said: @happyagnostic So I only just found out what was wrong - having done what you suggested (port forwarding parameters + using Plex with the custom network) I was able to reach my plex, but it still said server unreachable. This was because I use uMatrix to prevent websites from loading scripts, and it was preventing access to plex.tv, so I disabled this and everything works fine now, I'm so happy! I'm still a bit confused as to how the port forwarding works. If I understand correctly, I request goes to plex.mydomain.com through port 443, which is then forwarded to port 1443 by my router, letsencrypt / nginx recieves this request then forwards it to port 32400 on the plex docker? Does that sound about right? I posted here before about getting plex to work with a reverse proxy, I now have another problem. After rebooting my server, Nextcloud still works beautifully as before, however when I try to go to https://plex.mysubdomain.url I get a 502 bad gateway error. What logs could I look at to find out what's the problem? Any help on the matter? Quote Link to comment
aptalca Posted January 18, 2019 Share Posted January 18, 2019 1 hour ago, Gobs said: I posted here before about getting plex to work with a reverse proxy, I now have another problem. After rebooting my server, Nextcloud still works beautifully as before, however when I try to go to https://plex.mysubdomain.url I get a 502 bad gateway error. What logs could I look at to find out what's the problem? Any help on the matter? How did you set it up? Post your proxy conf and we'll take a look Quote Link to comment
GilbN Posted January 18, 2019 Share Posted January 18, 2019 On 1/16/2019 at 4:12 PM, sasjafor said: Hi, I'm trying to setup a reverse-proxy for the unraid webUI. I only want it for my local network and not expose it to the internet. The main reason is to have uniform subdomains for all services on my local network and for the annoying invalid certificate warning to go away. So far, I have been quite successful, but I am struggling with php files getting buffered. Which is something I don't want, as for example the docker update popup box will only display text once the update is finished. Here is my config so far: server { listen 443 ssl; server_name unraid.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; fastcgi_keep_conn on; fastcgi_buffering off; proxy_buffering off; gzip off; resolver 127.0.0.11 valid=30s; set $upstream_unraid $REDACTED; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_pass https://$upstream_unraid:4433; } } I have simply tried to adapt one of the existing templates for the unraid UI. All the statements related to buffering didn't change anything. I have also tried not including /config/nginx/proxy.conf and also still no change. I would be glad if someone could help me figure out why php responses still are getting buffered. It's not recommended to reverse proxy the unraid gui. Check out this post on a solution for you. https://technicalramblings.com/blog/remotely-accessing-the-unraid-gui-with-guacamole-and-vnc-web-browser/ Quote Link to comment
sasjafor Posted January 18, 2019 Share Posted January 18, 2019 13 minutes ago, GilbN said: It's not recommended to reverse proxy the unraid gui. Check out this post on a solution for you. https://technicalramblings.com/blog/remotely-accessing-the-unraid-gui-with-guacamole-and-vnc-web-browser/ I don't want it for remote access though. Only to have the nice green lock for a valid SSL cert when I access unraid via the nginx reverse-proxy LOCALLY. Quote Link to comment
GilbN Posted January 18, 2019 Share Posted January 18, 2019 (edited) 2 hours ago, sasjafor said: I don't want it for remote access though. Only to have the nice green lock for a valid SSL cert when I access unraid via the nginx reverse-proxy LOCALLY. 2 hours ago, sasjafor said: I don't want it for remote access though. Only to have the nice green lock for a valid SSL cert when I access unraid via the nginx reverse-proxy LOCALLY. Oh, then you dont need to do it that way https://youtu.be/T7iR1EbWqEk?t=1005 Edited January 18, 2019 by GilbN Quote Link to comment
sasjafor Posted January 18, 2019 Share Posted January 18, 2019 3 minutes ago, GilbN said: Oh, then you dont need to do it that way https://youtu.be/T7iR1EbWqEk?t=1005 I already know about that way. I wanna use a subdomain of a domain I own, which will only be accessible on my local network. It's actually memorable and looks a lot cleaner than the way with the unraid subdomain. I have it all working through the letsencrypt docker, except for the fact that php files are getting buffered instead of sent synchronously to the browser. Quote Link to comment
GilbN Posted January 18, 2019 Share Posted January 18, 2019 (edited) 3 minutes ago, sasjafor said: I already know about that way. I wanna use a subdomain of a domain I own, which will only be accessible on my local network. It's actually memorable and looks a lot cleaner than the way with the unraid subdomain. I have it all working through the letsencrypt docker, except for the fact that php files are getting buffered instead of sent synchronously to the browser. proxy_buffering off; edit: I see you already have that Edited January 18, 2019 by GilbN Quote Link to comment
sasjafor Posted January 18, 2019 Share Posted January 18, 2019 1 minute ago, GilbN said: proxy_buffering off; edit: I see you already have that I thought maybe something in /config/nginx/proxy.conf conflicts with setting proxy_buffering off, but I tried without including those config lines and it is still getting buffered. I am almost getting the feeling that there is a bug in nginx which causes this problem under my specific circumstances, unless I'm just missing something. Quote Link to comment
Coolsaber57 Posted January 18, 2019 Share Posted January 18, 2019 On 1/16/2019 at 4:59 PM, aptalca said: Yup, when connecting container to container, remember to use the container port, not the host Yeah, not sure how many times I'm going to do that 😂 Quote Link to comment
cdkauffmann Posted January 19, 2019 Share Posted January 19, 2019 (edited) Working with nextcloud and letsencrypt. When I was using cloudflare I had to change the file cloudflare.ini in the dns-conf folder and add my email address and api key to get things working. Changed my mind and went back to just using GoDaddy as my domain name provider. Is there an .ini file for godaddy that I have to change to get things to work. Do I need to go into the site-conf and under the lines ###SSL Certificates & change those paths ? Edited January 19, 2019 by cdkauffmann add more Quote Link to comment
aptalca Posted January 19, 2019 Share Posted January 19, 2019 1 hour ago, cdkauffmann said: Working with nextcloud and letsencrypt. When I was using cloudflare I had to change the file cloudflare.ini in the dns-conf folder and add my email address and api key to get things working. Changed my mind and went back to just using GoDaddy as my domain name provider. Is there an .ini file for godaddy that I have to change to get things to work. Do I need to go into the site-conf and under the lines ###SSL Certificates & change those paths ? Supported dns providers are listed in the readme. Godaddy is not one of them Quote Link to comment
Gobs Posted January 19, 2019 Share Posted January 19, 2019 On 1/18/2019 at 12:40 PM, aptalca said: How did you set it up? Post your proxy conf and we'll take a look The plex.subdomain.conf: # make sure that your dns has a cname set for plex, if plex is running in bridge mode, the below config should work as is, for host mode, # replace the line "proxy_pass https://$upstream_plex:32400;" with "proxy_pass https://HOSTIP:32400;" HOSTIP being the IP address of plex # in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://plex.yourdomain.url:443") server { listen 443 ssl; server_name plex.*; include /config/nginx/ssl.conf; client_max_body_size 0; proxy_redirect off; proxy_buffering off; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_plex plex; proxy_pass https://$upstream_plex:32400; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier; proxy_set_header X-Plex-Device $http_x_plex_device; proxy_set_header X-Plex-Device-Name $http_x_plex_device_name; proxy_set_header X-Plex-Platform $http_x_plex_platform; proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version; proxy_set_header X-Plex-Product $http_x_plex_product; proxy_set_header X-Plex-Token $http_x_plex_token; proxy_set_header X-Plex-Version $http_x_plex_version; proxy_set_header X-Plex-Nocache $http_x_plex_nocache; proxy_set_header X-Plex-Provides $http_x_plex_provides; proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor; proxy_set_header X-Plex-Model $http_x_plex_model; } } Nginx is listening to port 180 and 1443, since ports 80 and 443 are forwarded on my router to 180 and 1443. Both nginx and plex are running on a custom network in bridge mode. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.