plantsandbinary Posted June 17, 2018 Share Posted June 17, 2018 Hey folks. So I have a bit of a problem. I'm running a lot of docker apps but some of them are insecurely run through http. That's sadly just the way that they are set up by default. I want to expose my unraid server to the internet so I can connect to all of my docker apps away from home, but still have everything secure. Currently I am just using the Heimdall docker as a landing page on port 443 with .htpasswd support for security. However, it has no fail2ban support and it isn't acting as a reverse proxy (AFAIK) so I could do a lot better. Also when using Heimdall to connect through a lot of other services (like my PiHole) the connection has to change to http which isn't secure. So the few dockers I have running still in http are: PiHole IRC-Server Deluge etc. I want these to all run under https and I figured the easiest way is to use the Letsencrypt docker and connect everything through that, but it's a bit confusing because I am also using Heimdall which I'd like to use as a front page that connects to all of the webpages my docker apps are hosting but keep everything through https. What's the easiest way to do this? Is it using letsencrypt as a reverse proxy? Link to comment
CHBMB Posted June 17, 2018 Share Posted June 17, 2018 LetsEncrypt as a reverse proxy, Heimdall behind the reverse proxy along with everything else. Link to comment
plantsandbinary Posted June 17, 2018 Author Share Posted June 17, 2018 Sorry for the additional question but would that involve editing the config of every single docker app I have to add them behind the proxy, or is it done another way? This is the issue I'm facing. I have letsencrypt installed but it's just serving a blank page at the moment. I'm trying to work out how to put Heimdall which is running on port 80 and port 443 behind it. But if I have to do that for over 20 docker apps I'm going to maybe just throw the idea out the window... I'm still confused at how the SSL part works too, so it wouldn't matter what the SSL settings were for eg. 10.10.10.5 (if that was my PiHole webserver), if I was using the letsencrypt reverse proxy at 10.10.10.10, to browse to the PiHole or? Like sorry dude but I'm really confused here. I mean it sounds simple at first, but I don't know if I cam over complicating it or something else. I'm used to setting everything up from just one OS like on a VM, all under the same Web server. When it comes to dockers all with their own individual web server and configs. I have no idea what to do to make sure they are ALL secure behind a reverse proxy with fail2ban and .htaccess protection. Link to comment
CHBMB Posted June 17, 2018 Share Posted June 17, 2018 Start here https://github.com/linuxserver/docker-letsencrypt#site-config-and-reverse-proxy Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.