The Complete UnRAID reverse proxy, Duck DNS (dynamic dns) and letsencrypt guide


140 posts in this topic Last Reply

Recommended Posts

  • Replies 139
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

Hi, i recently asked on the unRAID reddit what people wanted guides for, this was the top answer. i want to add further info about the nginx config but for now this should get most people up and runni

docker exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd <username> add: auth_basic_user_file /config/nginx/.htpasswd; to the default file under each service I wanted to protect.

no you need to access it from your external IP or from your DNS not from the 192.168.1.104 address   so you need to forward port 80 on your router to 85 and then try it from your duck dns ad

Posted Images

  • 2 weeks later...

Hi all hope you are finding the guide useful, any questions let me know.

 

Regarding downsides... i don't know really i mean obviously your home ip can be found by nslookup the domain, services are accessible to public (whether you protected them with a password is up to you)

Link to post
docker exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd <username>

add: auth_basic_user_file /config/nginx/.htpasswd; to the default file under each service I wanted to protect.

after doing the above, you also need to add

auth_basic "Administrator Login";

auth_basic_user_file /config/nginx/.htpasswd;

in the server config per http://www.tecmint.com/password-protect-web-directories-in-nginx/

Link to post
On 2/21/2017 at 4:54 PM, ice pube said:

Do I need to change anything within my dockers? Also can you add the HTpasswd step? 

Not on the actual docker configuration.

 

On 2/21/2017 at 8:15 PM, ChaOConnor said:

docker exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd <username>

add: auth_basic_user_file /config/nginx/.htpasswd; to the default file under each service I wanted to protect.

after doing the above, you also need to add

auth_basic "Administrator Login";

auth_basic_user_file /config/nginx/.htpasswd;

in the server config per http://www.tecmint.com/password-protect-web-directories-in-nginx/

Yea thats what i did.

Link to post
  • 1 month later...
  • 1 month later...

Hello Fma965,

thank you for the guide.

I followed it exactly, but still have one issue, I cannot resolve.

 

Following your guide I should be able access my nextcloud server from "https://mysubdomain.duckdns.org/nextcloud"

However I have add another slash at the end "https://mysubdomain.duckdns.org/nextcloud/" to login into my nextcloud server.

 

In the chapter "Fixing Nextcloud" you write:

Quote

3. Replace the following lines

# Path to the root of your installation
root /config/www/nextcloud/;

With this
# Path to the root of your installation
root /config/www;

 

It seems like nextcloud nginx webserver expects /nextcloud/ as web root.

Did I missed something?

Link to post

Solved the issue with the help of this guide https://www.linuxserver.io/2017/05/10/installing-nextcloud-on-unraid-with-letsencrypt-reverse-proxy/

As I found out it is possible to use sub-subdomains like "https://cloud.mysubdomain.duckdns.org".

 

No need to change the web configs of the applications any more.

As a bonus I get now A+ instead of A from https://scan.nextcloud.com/

Edited by Forusim
Link to post
  • 4 weeks later...
On 2/21/2017 at 3:15 PM, ChaOConnor said:

docker exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd <username>

add: auth_basic_user_file /config/nginx/.htpasswd; to the default file under each service I wanted to protect.

after doing the above, you also need to add

auth_basic "Administrator Login";

auth_basic_user_file /config/nginx/.htpasswd;

in the server config per http://www.tecmint.com/password-protect-web-directories-in-nginx/

 

Sorry if this is a dumb question, does anyone know why I'm getting a 403 Forbidden after adding .htpasswd access (using these instructions) while I wasn't before? I get the login box and my username/pw is recognized but then I get a 403 Forbidden page. 

 

 

Link to post

I completely understand the concept and appeal to be able to securely access your services remotely, but how would this impact local use? I assume you wouldn't be going to your domain (I feel like my router wouldn't allow that) but still access your various services via the traditional methods when on your internal network. If some of the apps (like sonarr, for instance) require changing the URL base, would that just mean I'd have to change the way I locally access sonarr on my network (e.g., internalip:8989/sonarr)?

Link to post
On 06/06/2017 at 7:04 PM, Forusim said:

Solved the issue with the help of this guide https://www.linuxserver.io/2017/05/10/installing-nextcloud-on-unraid-with-letsencrypt-reverse-proxy/

As I found out it is possible to use sub-subdomains like "https://cloud.mysubdomain.duckdns.org".

 

No need to change the web configs of the applications any more.

As a bonus I get now A+ instead of A from https://scan.nextcloud.com/

Great, thats just a different way of doing it.

 

On 01/07/2017 at 8:26 PM, zandrsn said:

 

Sorry if this is a dumb question, does anyone know why I'm getting a 403 Forbidden after adding .htpasswd access (using these instructions) while I wasn't before? I get the login box and my username/pw is recognized but then I get a 403 Forbidden page. 

 

 

Logs will be needed.

 

4 hours ago, kaiguy said:

I completely understand the concept and appeal to be able to securely access your services remotely, but how would this impact local use? I assume you wouldn't be going to your domain (I feel like my router wouldn't allow that) but still access your various services via the traditional methods when on your internal network. If some of the apps (like sonarr, for instance) require changing the URL base, would that just mean I'd have to change the way I locally access sonarr on my network (e.g., internalip:8989/sonarr)?

Most routers allow access the same as remotely (can't think what it's called, something to do with loopback) therefore you can just access it at xxx.duckdns.org/sonarr etc.

Link to post
2 hours ago, Fma965 said:

Most routers allow access the same as remotely (can't think what it's called, something to do with loopback)

NAT Reflection, loopback, hairpinning, depending on vendor. Not all routers expose the setting, some have it on by default, some have it off by default.

http://www.nycnetworkers.com/real-world/nat-reflectionnat-loopbacknat-hairpinning/

Link to post
I completely understand the concept and appeal to be able to securely access your services remotely, but how would this impact local use? I assume you wouldn't be going to your domain (I feel like my router wouldn't allow that) but still access your various services via the traditional methods when on your internal network. If some of the apps (like sonarr, for instance) require changing the URL base, would that just mean I'd have to change the way I locally access sonarr on my network (e.g., internalip:8989/sonarr)?

I set in my asus/merlin router in the dnsmasq.conf.add on the jffs partition (/jffs/configs/dnsmasq.conf.add). Or you can add it to your router's dnsmasq.conf with your domain name and the local ip formatted like this

# add local addressaddress=/yourserver.example.com/xxx.xxx.xxx.xxx

 

 

Link to post

Thanks, all, for clarifying. dmacias, I was curious if I'd have to manually add a dnsmasq entry in merlin, so I appreciate you specifically mentioning that.

 

Last question hopefully--I installed the letsencrypt container, exposed appropriate ports, got the certs for my domain and subdomain... https://internal.ip.of.unraid works fine (albeit the cert doesn't like the url), but I can't get into http://internal.ip.of.unraid:81 ... Does the http not matter since the whole point is we're using https now? Just want to make sure this is by design before I continue on... 

 

Edit: Nevermind. I went ahead and set it up even though I can't access port 80 (actually 81) internally. As long as I reference https locally, I can access all the server apps. Forcing 80 to 443 redirect externally. Thanks again for the writeup!

Edited by kaiguy
Link to post
  • 3 weeks later...

I'm trying to figure out how to reverse proxy my rutorrent docker. This is how my template looks  (See below) and I access the GUI through port 82. I'm not sure how to add a base url so how I access it locally is through http:[server IP]:82  When I go through my duckdns/rutorrent it isn't displaying the rutorrent gui properly.

 

    location /rutorrent {
        include /config/nginx/proxy.conf;
    proxy_bind $server_addr;
        proxy_pass http://[IP]:82/;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Real-IP $remote_addr;   
    auth_basic "Restricted";
    auth_basic_user_file /config/nginx/.htpasswd;
    }

 

RmEjmRG.png

Edited by bobokun
Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.