Jump to content
SpaceInvaderOne

** VIDEO GUIDE ** How to Setup and Configure a Reverse Proxy on unRAID with LetsEncrypt & NGINX

39 posts in this topic Last Reply

Recommended Posts

Posted (edited)

So following on from the next cloud video, here is a tutorial that shows how to set up and configure a reverse proxy on unRAID

It uses the linuxserver's excellent docker container Letsencrypt with NGINX. You will see how to use both our own domain with the proxy as well as just using duckdns subdomains. The video covers using both subdomains and subfolders. It also goes through setting up next cloud with the reverse proxy. Hope its useful :)

 

Edited by gridrunner
  • Like 3

Share this post


Link to post

Great video as usual ! One question: why using a custom docker network ? I setup everything some months ago redirecting to my host ports. What are the benefits of this ? Thanks

Share this post


Link to post
Posted (edited)

Hi @zirconi   using the custom docker network allows us to use the config files that the Linux Server guys have included in the container. These files work 'out the box' because when using a custom docker network the containers have automatic dns resolution between each other. Check here to read more https://docs.docker.com/network/bridge/

If you have everything setup and working then no advantage that i am aware of to change to the custom network.

Edited by gridrunner

Share this post


Link to post

FINALLY

 

I managed to get sonar working with duck dns, but when I setup next cloud, it works only outside of my network. On the network when you try to access the address, it forwards to the duck dns which never resolves... any idea what I messed up? I feel like I've triple checked all the settings.

 

 

Share this post


Link to post
20 minutes ago, 1812 said:

it works only outside of my network. On the network when you try to access the address, it forwards to the duck dns which never resolves

Typically that's a problem with the router, look for hairpinning or loopback.

Share this post


Link to post
1 minute ago, jonathanm said:

Typically that's a problem with the router, look for hairpinning or loopback.

 

that's what I was guessing and digging around in for the past hour. I'm using opnsense and can't find anything about it.

Share this post


Link to post
3 minutes ago, 1812 said:

I'm using opnsense and can't find anything about it.

opnsense calls it nat reflection

Share this post


Link to post
Posted (edited)
26 minutes ago, jonathanm said:

opnsense calls it nat reflection

 

so even if it's enabled on the ports that are forwarded, I'm looking for a general "allow nat reflection" or similar, correct?

 

 

Found the setting finally :Firewall: Settings: Advanced--- Automatic outbound NAT for Reflection

 

thanks!

Edited by 1812

Share this post


Link to post
41 minutes ago, 1812 said:

 

so even if it's enabled on the ports that are forwarded, I'm looking for a general "allow nat reflection" or similar, correct?

 

 

Found the setting finally :Firewall: Settings: Advanced--- Automatic outbound NAT for Reflection

 

thanks!

How do you find opensense? I havent tried it. I know its a fork of pfsense. Any reason you use it instead of pfsense?

Share this post


Link to post

This is amazing! had been putting this off for a while. Just finished setting everything up. 
The only thing I can't get working with Letsencrypt is Rocket Chat. 

Can anyone get me with this? Is there a proxy-conf template for Rocket Chat?

 

Thanks!

Share this post


Link to post

Amazing Ed,

 

i set this up few mths back with help from CHMB.  

 

Superb video, looking forward to the menu you showed at the end. Did you say it was hindale?

Share this post


Link to post
48 minutes ago, Greygoose said:

Amazing Ed,

 

i set this up few mths back with help from CHMB.  

 

Superb video, looking forward to the menu you showed at the end. Did you say it was hindale?

 

Heimdall

 

 

Share this post


Link to post
2 hours ago, gridrunner said:

How do you find opensense? I havent tried it. I know its a fork of pfsense. Any reason you use it instead of pfsense?

 

I tired it when I was having major issues with an unstable internet connection and switched from pfsense to rule out some sort of error. It ended up being a flaky cable modem that was causing problems but not showing them diagnostically. But I found the UI to be much cleaner and nicer This is probably the biggest reason I stayed on it. Some things/settings are easier to find in terms of navigation, sort of where you expect them to be vs pfsense. Others seem way different if you've learned where they are in pfsense.

 

OPNsense says they do more updates vs pfsense and I believe them. It seems like something is updated/patched every week. There is less documentation than pfsense, but most issues are cross-resoveable if you can find the settings. 

Share this post


Link to post

I got stuck at creating custom network proxynet. It looks like everything went well with creating it in terminal but somehow letsenctrypt is not seeing that network. Any hints ?

Share this post


Link to post
Posted (edited)

heres a funny thing: so I set it up and theme'd it up. then once I route to it via the public web address/url, all theming  changes are lost....

 

edit--

 

think I figured out my issue... messed up the config files

Edited by 1812

Share this post


Link to post
19 minutes ago, Froger said:

I got stuck at creating custom network proxynet. It looks like everything went well with creating it in terminal but somehow letsenctrypt is not seeing that network. Any hints ?

Are you running the latest unRAID. You will only see it in the dropdown from 6.5.1 onwards. For older unRAID builds you will have to goto advance settings then manually enter into the extra parameters like this. 

--network=[networkname]

I would upgrade to the latest stable unRAID unless there is any reason that you must stay on the older one.

Share this post


Link to post
Posted (edited)

I have everything working flawlessly now routed through a site url with 1 exception: It's giving the browser an unsafe website waring, saying the "security certificate is from XXXXX.duckdns.org.

 

Shouldn't lets encrypt or the docker page itself be sending the certificate and not that warning?

 

Forgive me as I'm having one of those types of days. I forgot to change the lets encrypt over to that subdomain...

Edited by 1812

Share this post


Link to post
Posted (edited)
On 8/7/2018 at 12:08 AM, gridrunner said:

Are you running the latest unRAID. You will only see it in the dropdown from 6.5.1 onwards. For older unRAID builds you will have to goto advance settings then manually enter into the extra parameters like this. 


--network=[networkname]

I would upgrade to the latest stable unRAID unless there is any reason that you must stay on the older one.

 

Thanks for help! I am stuck one more time unfortunately. I got next cloud to work properly on my local network and i'm pretty sure that domain, subdomain and dns settings are set correctly. After tinkering in conf files nexcloud docker is no longer showing webUI. I mean that I can click on webIU icon but all I get is simple " Welcome to our server. The website is currently being setup up."  I am getting  the same message trying to connect via subdomain ( https://nexctoud.domain.com) and via local ip address. Any clues ?

 

solved

Edited by Froger

Share this post


Link to post
Posted (edited)

@gridrunnerThanks for this guide. Well done!

 

A couple of comments though. Firstly, I'm not totally keen on the idea of port forwarding directly to my unRAID box's IP address. Shouldn't we worry about this?

 

As such I tried to put nextcloud on it's own IP address via the br0 bridge and continued along with the guide and it did not work. I ran into errors about nginx not being able to resolve  the nextcloud docker or something similar. I later realized it probably had something to due with the inherent restriction that docker has when you attempt to have a Docker container trying to talk to its own host, since this is considered a security breach. I'm not sure there's a real way around this restriction here?

 

In any case, I know you can install letsencrypt on pfSense, and I'd love to see a pfSense, letsencrypt and haproxy guide as this particular setup is above my pay grade, so to speak...

Edited by joelones

Share this post


Link to post

Hi @gridrunner, thanks for another amazing video!!! ?

 

I've got everything setup and working per your video but I've run into two problems which I can't seem to figure out:

  1. How would I go about setting up a reverse proxy for Plex? I tried setting it up like the others however I couldn’t get it working. Do I need to do something special because it is using Host mode vs bridge mode? Should I still set it to use the custom proxynet?
  2. Is it possible to access all my dockers using the reverse proxy url when I'm inside my network? My router doesn’t support Nat Reflection and I'm not sure how to setup Nextcloud to work both inside and outside my network?

Any guidance would be greatly appreciated. 

 

Thanks

Share this post


Link to post
Posted (edited)
On 8/9/2018 at 1:45 PM, Froger said:

 

Thanks for help! I am stuck one more time unfortunately. I got next cloud to work properly on my local network and i'm pretty sure that domain, subdomain and dns settings are set correctly. After tinkering in conf files nexcloud docker is no longer showing webUI. I mean that I can click on webIU icon but all I get is simple " Welcome to our server. The website is currently being setup up."  I am getting  the same message trying to connect via subdomain ( https://nexctoud.domain.com) and via local ip address. Any clues ?

 

solved

 

Hi

can you telle me how you solve the "welcome" message error ? [SOLVED]

Thanks !

Edited by deadnote

Share this post


Link to post
Posted (edited)

Hi

Me again !

Can someone help to configure collabora for nextcloud with let's encrypt ?

Nexcloud throw me this error : Exception: Could not find urlsrc in WOPI

When i go to https://office.mydomain.fr I see

 

Welcome to nginx!

If you see this page, the nginx web server is successfully installed and working. Further configuration is required.

For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.

Thank you for using nginx.

 

I don't know how to set up the configuration file

 

It works if I create an office configuration file in the site-conf folder. Is it a good way to configure let's encrypt ?

Edited by deadnote

Share this post


Link to post
On 8/18/2018 at 4:56 AM, deadnote said:

Hi

Me again !

Can someone help to configure collabora for nextcloud with let's encrypt ?

Nexcloud throw me this error : Exception: Could not find urlsrc in WOPI

When i go to https://office.mydomain.fr I see

 

Welcome to nginx!

If you see this page, the nginx web server is successfully installed and working. Further configuration is required.

For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.

Thank you for using nginx.

 

I don't know how to set up the configuration file

 

It works if I create an office configuration file in the site-conf folder. Is it a good way to configure let's encrypt ?

 

 

Have you found the solution yet? I checked this link to get an idea how to fix it, but I got confused even more at this link 

 

Share this post


Link to post

Quick question. The command that creates the new network, will this survive a reboot? Or does it need to added to go file?

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now