Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

The Complete UnRAID reverse proxy, Duck DNS (dynamic dns) and letsencrypt guide

Featured Replies

I followed the tutorial entirely but I can not access from outside the Unraid main page.

However I can access my Plex application from outside ...

I changed the port 80 to 81 and leave the 443 as in the tutorial, I also opened the ports on my router but when I type as address http://subdomain.duckdns.org:81 my browser runs in the Empty and I never get to the main page of unraid ...

On the other hand if I type https://subdomain.duckdns.org:443 I get a 502 Bad Gateway error message and I see that the address in my browser bar has changed to:
https://subdomain.duckdns.org:443/htpc

so normal I have this error message because I have not installed htpc and I can not access the main page of unraid I do not understand what is happening.

Thanks for your info.

Edited by snake382

  • Replies 143
  • Views 102.6k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • docker exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd <username> add: auth_basic_user_file /config/nginx/.htpasswd; to the default file under each service I wanted to protect.

  • I'm not qualified to verify the info, but it sure looks good!  Very nice work!  Hope to see more!   I've added it to the Docker section of Guides and Videos.

  • Looking good.    Sent from my LG-H815 using Tapatalk    

Posted Images

OK what do you advise me to safely access Unraid webui?
Then I still leave duckdns + let'sencrypt + Nginx to be able to access my applications by https?

Thank you.

1 hour ago, snake382 said:

OK what do you advise me to safely access Unraid webui?
Then I still leave duckdns + let'sencrypt + Nginx to be able to access my applications by https?

Thank you.

 

For the Unraid webui a VPN, for everthing else you're good with duckdns, LE, Nginx

OK I followed this tutorial :

 

Tutorial openvpn

 

but it seems to me that I do not need everything, I only seek to be able to access the webui of unraid by the outside.

And then if I understand the tutorial it is necessary to install openvpn on each external post on which I wish to take control of unraid is that?

  • 1 month later...
On 7/30/2017 at 5:23 AM, CHBMB said:

 

For the Unraid webui a VPN, for everthing else you're good with duckdns, LE, Nginx

 

Why could you not use the reverse proxy with https and username/password for the Unraid WebUI? Would this not be just as secure as OpenVPN?

6 hours ago, CHBMB said:

Reverse proxy = password

OpenVPN = Password and OpenVPN certs

 

Okay. But is using a reverse proxy with https and password protection actually a security risk!? I imagine it would be very secure as well, no?

 

 

8 minutes ago, WexfordStyle said:

 

Okay. But is using a reverse proxy with https and password protection actually a security risk!? I imagine it would be very secure as well, no?

 

 

 

Technically everything is a security risk. If a device is connected to others, there is always a security risk. ;-)

 

Openvpn happens to be much more secure than https and a password, because the password can be brute forced. Unless you use a firewall like fail2ban (works great when properly configured). 

 

If a reverse proxied docker container gets hacked into, it would be like someone breaking into your car and stealing what's in the glove box. Not much. But getting the unraid gui hacked is like someone stealing your alarm code and getting into your home, where they can get all the valuables, and the car keys. That's why they recommend using a vpn for the unraid gui. 

I need to try this when I get home ? trying to get the minio docker behind ssl for remote client backups.

have anyone tried this with the Minio docker and make it work?

I get it to work from a browser, but when I try to connect a backup client to the proxy adress I get " cause="Signature does not match" source="[auth-handler.go:122:checkRequestAuthType()]" "

 

Edit: I found the answer here: https://docs.minio.io/docs/setup-nginx-proxy-with-minio

 

so I added this:

server {
    listen 443 ssl default_server;
    server_name domain.name.;

 

location / {
       # include /config/nginx/proxy.conf;
        proxy_set_header Host $http_host;
        proxy_pass http://192.168.0.2:50001;
    }

 

 

I have not made it work with an /location

Edited by isvein

  • 2 weeks later...

Personally I only use reverse proxy for anything that the public need to access, like my ADS-B server (radar.clanlawrence.co.uk) and for my Nextcloud.

 

For everything else I use OpenVPN.

 

 

  • 1 month later...

@NeoDude I'm using LE, duckdns, nginx with my nextcloud docker. I can access from https://<server>.duckdns.org/nextcloud but internally I cannot access NextCloud. Driving me nuts!

https://192.168.1.224/nextcloud/ brings me to a blank page within my unRAID webUI??

https://192.168.1.224:444/nextcloud/ redirects me to https://server.duckdns.org/nextcloud

 

Anyone's help would be greatly appreciated!

 

15 minutes ago, blurb2m said:

@NeoDude I'm using LE, duckdns, nginx with my nextcloud docker. I can access from https://<server>.duckdns.org/nextcloud but internally I cannot access NextCloud. Driving me nuts!

https://192.168.1.224/nextcloud/ brings me to a blank page within my unRAID webUI??

https://192.168.1.224:444/nextcloud/ redirects me to https://server.duckdns.org/nextcloud

 

Anyone's help would be greatly appreciated!

 

 

Your issue is likely due to your router not allowing nat loopback. Depending on what the router is, there are different solutions

@aptalca it is a ubiquiti edge router lite. 

Every other one (radarr, sonarr, unifi, plexrequests) that I have setup through reverse proxy is accessible through IP:port

I have hairpin NAT enabled "Nat loopback"

Who know what madness I have done to my default file in nginx/site-confs. 

  • 2 weeks later...

First of all big thanks to @Fma965 for the great write-up. This is very heplful.

 

As a first step I'd just like to get Nextcloud to work, but I like to have the options of adding sabnzbd (not specified in write-up?) and other dockers at later stage.

 

Unfortunately, I am failing with some of the very basic, so will need some advice:

 

1) I cannot specify port 443 as it is used by something else. I don't know by what and "deployed host ports" within the docker settings does not show any docker using 443. Any idea how to find out what is using this port?

 

2) After setting up the docker, I cannot access unraid with my-IP:81 from my home networK. Any idea why not working. Related to (1)? Below some error messages from the log:

certbot: error: argument --cert-path: No such file or directory

 

Failed authorization procedure. myname.duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection refused

 

3) I have not forwarded the ports in my router yet. I have not tried in recent times, but I am not sure whether my ISP allows me to forward ports 443. If so, can I use a different port? Is there some app for Unraid or others that allows me to learn what ports can be forwarded and which ones are blocked by my ISP?

 

4) I actually "own" a domain and may want to use this eventually. Do I still need duckerdns in this case or how would I set it up directly? It is a domain hosted by strato.de

 

5) Any reason why sabnzbd is not part of the tutorial? More difficult to do or not suggested for security?

 

6) This thread includes something alarming. I hadn't thought about what I am doing with reverse proxy would impact what I do in my home network. Can required changes for the respective dockers to still work in the home network after setting up reverse proxies be added to the tutorial?

 

 

Thanks again for your help!

I am using the sample files from the tutorial and I am getting a 401 error in the chrome console with a blank page, any suggestions?

 

"GET https://mydomain.duckdns.org/sonarr 401 (Unauthorized)"

 

Here is the part of my config:

 

location /sonarr {
		include /config/nginx/proxy.conf;
		proxy_pass http://192.168.1.10:8989/sonarr;
	}

 

location /sonarr {
        include /config/nginx/proxy.conf;
        proxy_pass http://192.168.1.224:8989;

 

this is mine

Edited by blurb2m
checked my config

  • 1 month later...

Hi

I follow the tutorial to set reverse proxy for my dockers images but I have some issues : 

Sickrage doesn't load css and shows You have reached this page by accident, please check the url. (I check the box Reverse proxy headers in the general configuration tab)

 

Headphones displays

The path '/headphones' was not found.

Traceback (most recent call last): File "/app/headphones/lib/cherrypy/_cprequest.py", line 670, in respond response.body = self.handler() File "/app/headphones/lib/cherrypy/lib/encoding.py", line 217, in __call__ self.body = self.oldhandler(*args, **kwargs) File "/app/headphones/lib/cherrypy/_cperror.py", line 411, in __call__ raise self NotFound: (404, "The path '/headphones' was not found.")

TT-rss shows 404 not found

 

Can someone can give me his configuration or help ?

Thanks !

 

I set up DuckDNS but am having troubles with Letsencrypt. In my logs, it just keeps repeating --

 

Quote

No renewals were attempted.
No hooks were run.
-------------------------------------------------------------------------------
[cont-init.d] 50-config: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [emerg] location "/sonarr" cannot be inside the exact location "/" in /config/nginx/site-confs/default:25
Server ready
nginx: [emerg] location "/sonarr" cannot be inside the exact location "/" in /config/nginx/site-confs/default:25
nginx: [emerg] location "/sonarr" cannot be inside the exact location "/" in /config/nginx/site-confs/default:25

In my site-confs/default file, this is what I have for sonarr:

Quote

 

upstream backend {
    server 192.168.1.2:19999;
    keepalive 64;
}

server {
    listen 443 ssl default_server;
    listen 81 default_server;
    root /config/www;
    index index.html index.htm index.php;

    server_name _;

    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
    ssl_dhparam /config/nginx/dhparams.pem;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:...';
    ssl_prefer_server_ciphers on;

    client_max_body_size 0;

    location = / {
        return 301 /sabnzbd;

    location /sonarr {
        include /config/nginx/proxy.conf;
        proxy_pass http://192.168.1.2:8989/sonarr;
    }

 

Did I do something wrong? Any help would be great! Thanks so much!

 

Edited by ipreferpie

Awesome write up, thanks!

 

Dumb question, is this more secure than my current method of Firewall blocking all but certain IP's? I feel like my method is more secure, but less accessible, that sound accurate?

  • Author
On 09/01/2018 at 9:13 PM, deadnote said:

Hi

I follow the tutorial to set reverse proxy for my dockers images but I have some issues : 

Sickrage doesn't load css and shows You have reached this page by accident, please check the url. (I check the box Reverse proxy headers in the general configuration tab)

 

Headphones displays

The path '/headphones' was not found.

Traceback (most recent call last): File "/app/headphones/lib/cherrypy/_cprequest.py", line 670, in respond response.body = self.handler() File "/app/headphones/lib/cherrypy/lib/encoding.py", line 217, in __call__ self.body = self.oldhandler(*args, **kwargs) File "/app/headphones/lib/cherrypy/_cperror.py", line 411, in __call__ raise self NotFound: (404, "The path '/headphones' was not found.")

TT-rss shows 404 not found

 

Can someone can give me his configuration or help ?

Thanks !

 

Sounds like you aren't setting the base url's correctly

 

 

5 hours ago, ipreferpie said:

I set up DuckDNS but am having troubles with Letsencrypt. In my logs, it just keeps repeating --

 

In my site-confs/default file, this is what I have for sonarr:

Did I do something wrong? Any help would be great! Thanks so much!

 

this

 location = / {
        return 301 /sabnzbd;

    location /sonarr {
        include /config/nginx/proxy.conf;
        proxy_pass http://192.168.1.2:8989/sonarr;
    } 

should be (always close a location block off with a } before doing another)

 location = / {
        return 301 /sabnzbd;
	}
    
    location /sonarr {
        include /config/nginx/proxy.conf;
        proxy_pass http://192.168.1.2:8989/sonarr;
    } 

 

32 minutes ago, NotYetRated said:

Awesome write up, thanks!

 

Dumb question, is this more secure than my current method of Firewall blocking all but certain IP's? I feel like my method is more secure, but less accessible, that sound accurate?

so with this you have 2 ports accessible to the internet 80 and 443, with your way you would have to forward many ports (one for each service) in order to access them from outside your LAN (internet)

 

---

 

 

@all here is the config i currently use. https://gist.github.com/Fma965/540219ade8133e65542e9ec15651fe82

Edited by Fma965

Quick comment. Some of us might only add a docker every year or two. Such a person might be completely literal, and spend a lot of time looking for the Add button shown under the logo for the dockers in your wonderful tutorial. After much gnashing of teeth, such person might eventually figure out the interface has changed since your tutorial was made, and one needs to hover over the logo in order to see a window with a much more cryptic "add" button. 

 

Possibly.

@Fma965, thanks so much! forgot that one little thing and now it works well :)

Hi @Fma965!

 

I’m looking to take a stab at setting this up based on your guide and I’m wondering if anything’s change with the latest 6.4 release?

  1. Do we still need to install the LE docker?
  2. Should we use the Unraid UI to provision th SSL certificate? 

Still trying to figure this all out :)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.