CHBMB Posted February 27, 2017 Share Posted February 27, 2017 I want to set this up for my family that lives out of state. Anyone have a guide on how to best secure this? Using letsencrypt reverse proxy, get that setup first, after that, configuring it to proxy this is straightforward. Quote Link to comment
bobbintb Posted February 27, 2017 Share Posted February 27, 2017 16 minutes ago, CHBMB said: Using letsencrypt reverse proxy, get that setup first, after that, configuring it to proxy this is straightforward. I was looking at that but don't know too much about it and was wondering if there was a guide. I guess I'll just mess around with it first once I find the time. Quote Link to comment
CHBMB Posted February 27, 2017 Share Posted February 27, 2017 Just now, bobbintb said: I was looking at that but don't know too much about it and was wondering if there was a guide. I guess I'll just mess around with it first once I find the time. Once you've got a domain name and your DNS setup, then the template is pretty self-explanatory. Problem with doing a guide is the domain name and DNS setup are the awkward bits and it varies from supplier to supplier in terms of how you accomplish this exactly. Quote Link to comment
jrdnlc Posted February 28, 2017 Share Posted February 28, 2017 22 hours ago, bobbintb said: I was looking at that but don't know too much about it and was wondering if there was a guide. I guess I'll just mess around with it first once I find the time. It's easy to setup. Setup teamviewer so I can remote in and help you out Quote Link to comment
bobbintb Posted February 28, 2017 Share Posted February 28, 2017 12 hours ago, jrdnlc said: It's easy to setup. Setup teamviewer so I can remote in and help you out Oh it will be a while before I'll have the time. I'm sure I can do it if I can just sit down and spend some time with it. It's about time I got comfortable with certificates anyway but I'll definitely hit you up if it comes to that. Thanks. Quote Link to comment
bobbintb Posted March 3, 2017 Share Posted March 3, 2017 I think I got my letsencrypt done. I got a dynamic dns and ran the letsencrypt docker. I can go to my dns in a web browser and it show the example page and it has the green lock so that's good. How do I implement Ombi now? Quote Link to comment
CHBMB Posted March 3, 2017 Share Posted March 3, 2017 2 hours ago, bobbintb said: I think I got my letsencrypt done. I got a dynamic dns and ran the letsencrypt docker. I can go to my dns in a web browser and it show the example page and it has the green lock so that's good. How do I implement Ombi now? Log into Ombi as the admin, go to admin => settings => ombi configuration and change the Base URL to ombi now restart the docker container. You will need to change the webui parameter in your docker template to http://[IP]:[PORT:3579]/ombi Now edit /config/nginx/site-confs/default and paste in the following code, changing $UNRAID-IP to and $PORT to whatever fits your setup. location /ombi { proxy_pass http://$UNRAID-IP:$PORT/ombi; include /config/nginx/proxy.conf; } Restart letsencrypt and you should be good 1 Quote Link to comment
bobbintb Posted March 3, 2017 Share Posted March 3, 2017 (edited) 6 hours ago, CHBMB said: Log into Ombi as the admin, go to admin => settings => ombi configuration and change the Base URL to ombi now restart the docker container. You will need to change the webui parameter in your docker template to http://[IP]:[PORT:3579]/ombi Now edit /config/nginx/site-confs/default and paste in the following code, changing $UNRAID-IP to and $PORT to whatever fits your setup. location /ombi { proxy_pass http://$UNRAID-IP:$PORT/ombi; include /config/nginx/proxy.conf; } Restart letsencrypt and you should be good Ok, I had gleaned bits and pieces of that but didn't quit get it. Probably because it was 2am at that point. And on a work night too. I followed your instructions but I am getting this error from letsencrypt: nginx: [emerg] "location" directive is not allowed here in /config/nginx/site-confs/default:78 EDIT: Nevermind, I had to move the code in default so that it was inside the server block. I'm trying to tweak it a bit because I don't want the base url of /ombi. I just want to use the DNS with no base URL. I should be able to figure that out on my own though. Thanks for the help. Edited March 3, 2017 by bobbintb Quote Link to comment
CHBMB Posted March 3, 2017 Share Posted March 3, 2017 30 minutes ago, bobbintb said: I don't want the base url of /ombi. I just want to use the DNS with no base URL. Then just use this, without changing Base URL in th Ombi webui. location / { proxy_pass http://$UNRAID-IP:$PORT; include /config/nginx/proxy.conf; } Quote Link to comment
bobbintb Posted March 3, 2017 Share Posted March 3, 2017 (edited) 14 minutes ago, CHBMB said: Then just use this, without changing Base URL in th Ombi webui. location / { proxy_pass http://$UNRAID-IP:$PORT; include /config/nginx/proxy.conf; } Thanks, that did it. I had tried removing ombi form the location/ part but left it in the proxy_pass and buseurl of ombi but that didn't work. I also had to comment out the existing location section in default: location / { try_files $uri $uri/ /index.html /index.php?$args =404; } It's working now. Thanks again. One last thing. Do I need to do anything with .htpasswd for this? I've seen mentions of it but didn't seem to need it. Is that a security issue? Edited March 3, 2017 by bobbintb Quote Link to comment
CHBMB Posted March 3, 2017 Share Posted March 3, 2017 3 minutes ago, bobbintb said: Do I need to do anything with .htpasswd for this? I've seen mentions of it but didn't seem to need it. Is that a security issue? Personally as it locks into the Plex auth I'd leave it at that. Quote Link to comment
bobbintb Posted March 3, 2017 Share Posted March 3, 2017 Just now, CHBMB said: Personally as it locks into the Plex auth I'd leave it at that. Ok. I only plan on exposing Ombi anyway. I was hoping I'd get a little more familiar with certs with this but letsencrypt is so automated. I have to deal with certs for my servers at work and it's not my thing. But it's been a learning experience none the less. I got a little better at reverse proxies, with I'll be doing soon as well so that's good. I'm really liking Ombi so far. I never got into setting up any of the older solutions like Plex Requests because I just didn't really like the layout. It just felt clunky. Quote Link to comment
CHBMB Posted March 3, 2017 Share Posted March 3, 2017 You can still use .hpasswd with other components that you reverse proxy. I have it on for some things and not for others. Yeah LE does make it a lot easier, renewing my certs with StartSSL was a major ballache... Quote Link to comment
bobbintb Posted March 3, 2017 Share Posted March 3, 2017 What exactly does the .htpasswd part do? Encrypt https logins or something? Quote Link to comment
CHBMB Posted March 3, 2017 Share Posted March 3, 2017 (edited) You create a .htpasswd file with username and passwords, using a site like this is the easiest way. Then you can password protect access. Like so: location ^~ /books { proxy_pass http://192.168.0.1:82/; auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; } The two middle lines are the bits appertaining to .htpasswd Edited March 3, 2017 by CHBMB Quote Link to comment
bobbintb Posted March 3, 2017 Share Posted March 3, 2017 30 minutes ago, CHBMB said: You create a .htpasswd file with username and passwords, using a site like this is the easiest way. Then you can password protect access. Like so: location ^~ /books { proxy_pass http://192.168.0.1:82/; auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; } The two middle lines are the bits appertaining to .htpasswd Oh, so it adds a basic auth login to webuis that don't have one? Quote Link to comment
CHBMB Posted March 3, 2017 Share Posted March 3, 2017 Yep.... and in my mind it's better to implement it at the reverse proxy level than let some random app handle it. Quote Link to comment
bobbintb Posted March 4, 2017 Share Posted March 4, 2017 (edited) I just thought I'd share something. No endorsement implied but I found two websites were you can automatically create an app out of a website. If you make your Ombi publicly available (making sure you secure it, of course) you can very easily create an app for your friends and family to use for making Plex requests. The sites are appsgeyser.com and gonative.io. I get a message every once in a while with the gonative.io app when I open it informing me that it cannot be published without licensing. That can be a little annoying but can be turned off in the Android settings. The appsgeyser one doesn't seem to save cookies even though the option is on so users have to log in every time. That might be fixable but I haven't tried. You can change the icon and splash screen from the default and use whatever image you like. I just used the Ombi logo from the site. Both sites are free to use. Edited March 4, 2017 by bobbintb 1 Quote Link to comment
CHBMB Posted March 4, 2017 Share Posted March 4, 2017 38 minutes ago, bobbintb said: I just thought I'd share something. No endorsement implied but I found two websites were you can automatically create an app out of a website. If you make your Ombi publicly available (making sure you secure it, of course) you can very easily create an app for your friends and family to use for making Plex requests. The sites are appsgeyser.com and gonative.io. I get a message every once in a while with the gonative.io app when I open it informing me that it cannot be published without licensing. That can be a little annoying but can be turned off in the Android settings. The appsgeyser one doesn't seem to save cookies even though the option is on so users have to log in every time. That might be fixable but I haven't tried. You can change the icon and splash screen from the default and use whatever image you like. I just used the Ombi logo from the site. Both sites are free to use. Nice, got to say, I'm impressed. Quote Link to comment
ziggie216 Posted March 17, 2017 Share Posted March 17, 2017 Anyone using their plex credential to login? Are you able to request for a movie / tv show? I keep getting "Sorry, you do not have the correct permissions to request a <movie / tv show>" error message. Not sure if it's related to this release or general issue. Quote Link to comment
bobbintb Posted March 17, 2017 Share Posted March 17, 2017 9 minutes ago, ziggie216 said: Anyone using their plex credential to login? Are you able to request for a movie / tv show? I keep getting "Sorry, you do not have the correct permissions to request a <movie / tv show>" error message. Not sure if it's related to this release or general issue. I'm not having any issues. I hate to state the obvious but are you using the right username and password? Quote Link to comment
ziggie216 Posted March 17, 2017 Share Posted March 17, 2017 17 hours ago, bobbintb said: I'm not having any issues. I hate to state the obvious but are you using the right username and password? Yes. I know it work with local user, but just not with plex user account. Quote Link to comment
bobbintb Posted March 18, 2017 Share Posted March 18, 2017 4 hours ago, ziggie216 said: Yes. I know it work with local user, but just not with plex user account. I'm not having any issues with Plex account is what I'm saying. Screenshot? Quote Link to comment
CyberMew Posted March 26, 2017 Share Posted March 26, 2017 I always have that login issue, but logging in as the default user admin works fine. Any idea how to set the default branch to early access? The docker image update keeps resetting me to the default branch and I have to update manually again inside the ombi admin panel. Quote Link to comment
bobbintb Posted March 26, 2017 Share Posted March 26, 2017 (edited) For those having login issues, are you using your Plex username? It needs the username, not the email. You also have to add Plex users to Ombi that are allowed to make requests. Edited March 26, 2017 by bobbintb Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.