Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

The Complete UnRAID reverse proxy, Duck DNS (dynamic dns) and letsencrypt guide

Featured Replies

  • Author
23 hours ago, RockDawg said:

Since I am getting the nginx 404 page, doesn't that mean that the request is getting through to the Letsencrypt container and therefore my port forwarding is working correctly?

yes

  • Replies 143
  • Views 102.7k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • docker exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd <username> add: auth_basic_user_file /config/nginx/.htpasswd; to the default file under each service I wanted to protect.

  • I'm not qualified to verify the info, but it sure looks good!  Very nice work!  Hope to see more!   I've added it to the Docker section of Guides and Videos.

  • Looking good.    Sent from my LG-H815 using Tapatalk    

Posted Images

20 minutes ago, Fma965 said:

yes

 

So then my issue has to be with nginx configuration then, right? Then I don't understand what's wrong because I took your default fie and changed all you IP references mine and saved it.

@Fma965, Actually, restarted everything, except for letsencrypt docker app :D   It was a gross oversight!  After restarting, Deluge is working already.  Can't get Sonarr to work yet.  Will keep trying.  At least I know it's working already.

 

BTW, can OpenVPN Server and Letsencrypt (with NginX reverse proxy) docker container both be up at the same time?  Meaning, even with Reverse Proxy running, I can still VPN into the NAS and manage it?

Well I managed to fix my issues.  Unfortunately, I don't know what fixed it.  I just started from scratch, reinstalled the container and reconfigured.  I could swear I did everything the same but this time it worked.  I hate that because you don't learn anything that way.  Glad it's working though.  Thanks for the guide @Fma965!

Edited by RockDawg

I do have another question.  I decided get a domain (myserver.com) from namecheap.comrather than use the one I have at duckdns.  I have it set up to to work with my dynamic IP and it knows my current IP.  So I edit the Letsencrypt container simply changing the Domain Name field from mydomain.duckdns.org to myserver.com.  Now the log shows the following error:

 

Failed authorization procedure. www.myserver.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.myserver.com/.well-known/acme-challenge/frBvtzHSCyTZlFDxm6HDnxMdRiFCKLCCF8fzciyZfP4: Error getting validation data

 

and

 

Error getting validation data

 

If I simply change the domain back to my duckdns one it gives no error and it gets certs.  So it's not a port issue.  Any idea why I can't get certs for me new domain?

Now it appears that I've played around with things too much and my duckdns domain has been given too many certificates and now it won't validate!  What the heck do I do now?!

 

One step forward.  Two steps back.

  • Author
On 7/17/2018 at 4:11 PM, RockDawg said:

Now it appears that I've played around with things too much and my duckdns domain has been given too many certificates and now it won't validate!  What the heck do I do now?!

 

One step forward.  Two steps back.

You have to wait now before it will let you cert again, most likely your DNS hadn't propogated across the net so letsnecrypt wasn't going to the correct domain/ip

Thanks.  Everything is mostly working now but one thing I notice is the if I type myserver.com/app or www.myserver.com/app inside my network, both are redircted to HTTPS and show the secure symbol.

 

Outside my network (cell phone on cellular network), myserver.com/app connects without being redirected to HTTPS and, obviously, doesn't show the secure symbol.  On the the other hand, www.myserver.com/app doesn't connect at all.

 

How do I fix that?

Additionally, there is usually a 30-40 second delay when accessing the apps.  After typing the address and hitting enter it just sits there for 30-40 seconds and the the page will usually load quickly like it should.  Sometimes it never loads the page and it will just say request timed out.  Once the page is loaded I can usually try that one again or some of the others and they will load just fine.  If I try again later, I will either get the delay or the timeout.

 

Any ideas what could be going on?

On 6/6/2017 at 8:04 PM, Forusim said:

Solved the issue with the help of this guide https://www.linuxserver.io/2017/05/10/installing-nextcloud-on-unraid-with-letsencrypt-reverse-proxy/

As I found out it is possible to use sub-subdomains like "https://cloud.mysubdomain.duckdns.org".

 

No need to change the web configs of the applications any more.

As a bonus I get now A+ instead of A from https://scan.nextcloud.com/

how do you realize that?
Currently I have a domain with duckdns.org that refers to my NAS but I can not create sub-subdomains with duckdns.org.

Nextcloud works very well locally with Mariadb but can not access from outside, I followed the link you give but I do not understand the end.

3 hours ago, snake382 said:

how do you realize that?
Currently I have a domain with duckdns.org that refers to my NAS but I can not create sub-subdomains with duckdns.org.

Nextcloud works very well locally with Mariadb but can not access from outside, I followed the link you give but I do not understand the end.

 

You can use sub-subdomains with duckdns. They all automatically forward to your main subdomain ip. 

 

You do need to add those to your subdomains variable in the container settings, though

What container ? Letsencrypt ? i have try to add in my container letsencrypt but i don't work ...

 

everything works well locally until the point explained to reach nextcloud outside my local network. If anyone could guide me by posting a simplified procedure with screen I start on unraid thank you.

Edited by snake382

On 7/24/2018 at 11:16 AM, snake382 said:

What container ? Letsencrypt ? i have try to add in my container letsencrypt but i don't work ...

 

everything works well locally until the point explained to reach nextcloud outside my local network. If anyone could guide me by posting a simplified procedure with screen I start on unraid thank you.

 

Actually it pretty straight forward, here my configs:

 

/mnt/cache/appdata/letsencrypt/nginx/site-confs/yourdomain.duckdns.org

# listening on port 80 disabled by default, remove the "#" signs to enable
# redirect all traffic to https
#server {
#	listen 80;
#	server_name _;
#	return 301 https://$host$request_uri;
#}

# main server block
server {
	listen 443 ssl http2;
	server_name cloud.yourdomain.duckdns.org;

	root /config/www;
	index index.html index.htm index.php;


	ssl_certificate /config/keys/letsencrypt/fullchain.pem;
	ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
	ssl_dhparam /config/nginx/dhparams.pem;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

	###Extra Settings###
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:10m;

	### Add HTTP Strict Transport Security ###
	add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
	add_header Front-End-Https on;

	client_max_body_size 0;

	location / {
		include /config/nginx/proxy.conf;
		proxy_max_temp_file_size 2048m;
		proxy_pass https://<nextclouddockerip>:443/;
	}
}

You may have to change the root of nextcloud webserver:

/mnt/cache/appdata/nextcloud/nginx/site-confs/default

# Path to the root of your installation
  root /config/www/nextcloud/;

/mnt/cache/appdata/nextcloud/www/nextcloud/config/config.php

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => '<instance>',
  'passwordsalt' => '<salt>',
  'secret' => '<secret>',
  'trusted_domains' => 
  array (
    0 => '<nextclouddockerip>',
    1 => 'cloud.yourdomain.duckdns.org',
  ),
  'overwriteprotocol' => 'https',
  'overwritehost' => 'cloud.yourdomain.duckdns.org',
  'overwrite.cli.url' => 'https://cloud.yourdomain.duckdns.org',
  'version' => '12.0.6.1',
  'dbtype' => 'mysql',
  'dbname' => 'nextcloud',
  'dbhost' => '<mariadbdockerip>:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_admin',
  'dbpassword' => '<pw>',
  'installed' => true,
  'theme' => '',
  'loglevel' => 2,
  'maintenance' => false,
);

Of course you have to edit your LetsEncrypt docker:

Domain Name:      yourdomain.duckdns.org

Subdomain(s):      cloud

Edited by Forusim

  • 2 weeks later...

How would I go about setting up NZBGet as a subfolder? 

 

location /nzb {
        include /config/nginx/proxy.conf;
        proxy_pass http://192.168.1.3:6789/;
    }

 

I either get the 404 error or I get this

nzbget.PNG

  • 3 weeks later...

well i recently moved and now i have a new ISP, router and so on.

I managed to get almost everything working, exept letsencryt/ nginx. 

all my reverse proxys seem to be down, and i can't reach anything via my public domain.

 

I went through the site-configs and changed the ip adresses to the new one, but i have no idea what else i need to do :/

 

I get only "Site can't be reached" messages, so it seems like nothing is working. Ports are open.

 

Any ideas?

well i recently moved and now i have a new ISP, router and so on.
I managed to get almost everything working, exept letsencryt/ nginx. 
all my reverse proxys seem to be down, and i can't reach anything via my public domain.
 
I went through the site-configs and changed the ip adresses to the new one, but i have no idea what else i need to do [emoji32]
 
I get only "Site can't be reached" messages, so it seems like nothing is working. Ports are open.
 
Any ideas?
Is your new isp blocking port 80 or 443?

Sent from my SM-G955U using Tapatalk

40 minutes ago, david279 said:

Is your new isp blocking port 80 or 443?

Sent from my SM-G955U using Tapatalk


does not seem like it, port 443 is open as far as i can see.

54 minutes ago, Random.Name said:

does not seem like it, port 443 is open as far as i can see.

How did you come to that conclusion?

 

Does your new IP respond to pings externally? Does your domain properly resolve to that IP?

22 minutes ago, jonathanm said:

How did you come to that conclusion?

 

Does your new IP respond to pings externally? Does your domain properly resolve to that IP?

i checked for open ports with http://canyouseeme.org/ and for 443 i get an open port message.

 

i checked for pings with https://ping.eu/ping/ the packages get lost, but the ip seems to be right.

 

Also my VPN connction works just fine...

Edited by Random.Name

Wait, have you tried actually connecting from an external address, or are you just trying to connect from inside the same network?

sorry for the late reply. It got quite late over here.

 

i tried connecting to it via my smartphone (wifi off) and it did not work... today after a few hours of sleep everything seems to be just fine and running.

V>ery strange, but i will not complain ;)

  • 1 month later...

I'm on Cox residential.  Is there no way for me to do this since port 80 is blocked?  I've tried to go around this by circumventing DuckDNS and registering a domain, and using CloudFlare as my name server, but I still can't figure out how to make DNS Validation work.

Edited by adammerkley

1 hour ago, adammerkley said:

I'm on Cox residential.  Is there no way for me to do this since port 80 is blocked?  I've tried to go around this by circumventing DuckDNS and registering a domain, and using CloudFlare as my name server, but I still can't figure out how to make DNS Validation work.

 

It's all explained in the docker image description on both github and docker hub

12 hours ago, adammerkley said:

I'm on Cox residential.  Is there no way for me to do this since port 80 is blocked?  I've tried to go around this by circumventing DuckDNS and registering a domain, and using CloudFlare as my name server, but I still can't figure out how to make DNS Validation work.

I'm on COX residential as well. Please refer to these posts as to how I was able to get it set up (per aptalca's excellent dockers and documentation!)

and

 

 

Hope it helps!

Thank for the replies.  Got LetsEncrypt DNS verification to work after messing around with various security settings on CloudFlare.

Edited by adammerkley

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.