Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

How to httpcfg certificate for Sonarr plugin to enable SSL

Featured Replies

I have sonarr plugin installed from PhAzE Plugins and i wanted to enable SSL with a ssl certificate that i have. its a proper ca signed and i have a .cer, .key as well as the .pvk that Sonarr needs. In the blow wiki link, it says to run the httpcfg as the user which would be nobody. how do i go about adding this? do i just putty into the unraid server and run the below? i assume not as that would be the root account.

 

Importing

Load the certificate with httpcfg (comes with mono) with the user that runs Sonarr:

httpcfg -add -port <SSL_PORT> -pvk yourdomain.pvk -cert yourdomain.cert

Replace <SSL_PORT> with the SSL port you set in Sonarr.

 

 

https://github.com/Sonarr/Sonarr/wiki/SSL

 

Probably better off asking in the support thread I would have thought.  Personally I would skip this and just run everything behind one secure web server as a reverse proxy.

  • Author

Do you have any steps on doing this proxy setup? also if required can i move this thread to the correct sub forum?

Do you have any steps on doing this proxy setup? also if required can i move this thread to the correct sub forum?

 

Start with this docker container.

 

Fixed... copy pasta in wrong place....

 

Sent from my LG-H815 using Tapatalk

 

 

  • Author

OK so i have nginx-proxy and letsencrypt-nginx-proxy-companion dockers configured but they keep failing to assign certificates to my sabnzbd docker. Seems like its a known issue due to some update that took place in December but the author has not updated the docker letsencrypt-nginx-proxy-companion Yet.

 

Followed this: https://jamiemagee.co.uk/2016/03/28/setting-up-nginx-reverse-proxy-with-lets-encrypt-on-unraid/

 

Known issue: https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion/issues/134 and https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion/issues/131

 

Looking at the docker page, i dont see any thats taken the newest update yet.

 

https://hub.docker.com/search/?isAutomated=0&isOfficial=0&page=1&pullCount=0&q=letsencrypt-nginx-proxy-companion&starCount=0

 

Yeah, I linked to our version, know nothing about setting up jwilders....

  • Author

Ok thanks, i will try your link now. Is your link a all in one docker?

 

Ok thanks, i will try your link now. Is your link a all in one docker?

 

Yes, you just edit the default file in /config/nging/site-confs/

  • Author

Thanks, seems i got it working for sab, sonarr, couchpatato, router but i cant get it to work for the unraid UI. it just keeps prompting for nginx password.

 

 

server {
listen 443 ssl;

root /config/www;
index index.html index.htm index.php;

server_name server.*;

ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
ssl_dhparam /config/nginx/dhparams.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;

client_max_body_size 0;

location / {
	auth_basic "Restricted";
	auth_basic_user_file /config/nginx/.htpasswd;
	include /config/nginx/proxy.conf;
	proxy_pass http://192.168.0.100;	
}
}

Don't reverse proxy your Unraid webui.  Bad idea.

 

Sent from my LG-H815 using Tapatalk

 

 

  • Author

Ok thanks, last question. if i try to access something that i have not created (bla.ddnsdomain.com) i get "Your connection is not private" "NET:ERR_CERT_COMMON_NAME_INVALID". do we have a way to set a catch all in the file /config/nging/site-confs/default that it throws a 500 erorr or something?

Ok thanks, last question. if i try to access something that i have not created (bla.ddnsdomain.com) i get "Your connection is not private" "NET:ERR_CERT_COMMON_NAME_INVALID". do we have a way to set a catch all in the file /config/nging/site-confs/default that it throws a 500 erorr or something?

 

Not quite sure what you mean, but if it helps, I have my own domain and have put it in the  default file like so

 

server {
       listen         80;
       server_name    rcmpayne.org;
       return         301 https://$server_name$request_uri;
}

server {

listen 443 ssl default_server;
server_name rcmpayne.org;

###Set root directory
root /config/www;
index index.html index.htm index.php;

###Turn off client checking of client request body size
client_max_body_size 0;

###SSL Certificates
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

###Diffie–Hellman key exchange ###
ssl_dhparam /config/nginx/dhparams.pem;

###Extra Settings###
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

        ### Add HTTP Strict Transport Security ###
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header Front-End-Https on;

###SSL Ciphers
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';


location ~ \.php$ {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	# With php5-cgi alone:
	fastcgi_pass 127.0.0.1:9000;
	# With php5-fpm:
	#fastcgi_pass unix:/var/run/php5-fpm.sock;
	fastcgi_index index.php;
	include /etc/nginx/fastcgi_params;

}

 

I also run nextcloud on nextcloud.server.com by creating another file in the same folder calling it nextcloud.

 

server {
       listen         80;
       server_name    nextcloud.rcmpayne.org;
       return         301 https://$server_name$request_uri;
}

server {
listen 443 ssl;
server_name nextcloud.rcmpayne.org;

root /config/www;
index index.html index.htm index.php;

###SSL Certificates
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

###Diffie–Hellman key exchange ###
ssl_dhparam /config/nginx/dhparams.pem;

###SSL Ciphers
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

###Extra Settings###
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

        ### Add HTTP Strict Transport Security ###
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header Front-End-Https on;

client_max_body_size 0;

location / {
    proxy_pass https://192.168.0.1:444/;
  }
}

 

If i try and access owncloud.server.com for instance, which I do not have a (sub)domain name for, i get a DNS error as no record is found.

Ok thanks, last question. if i try to access something that i have not created (bla.ddnsdomain.com) i get "Your connection is not private" "NET:ERR_CERT_COMMON_NAME_INVALID". do we have a way to set a catch all in the file /config/nging/site-confs/default that it throws a 500 erorr or something?

In your main server blocks, define the server addresses, then create another server block with no server address defined, set that as the default and have it serve an error page.

 

Any domain/subdomain you set will match to one of the main server blocks, everything else will match to the default server block and get the error page

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.