** VIDEO GUIDE ** How to Setup and Configure a Reverse Proxy on unRAID with LetsEncrypt & NGINX


Recommended Posts

So following on from the next cloud video, here is a tutorial that shows how to set up and configure a reverse proxy on unRAID

It uses the linuxserver's excellent docker container Letsencrypt with NGINX. You will see how to use both our own domain with the proxy as well as just using duckdns subdomains. The video covers using both subdomains and subfolders. It also goes through setting up next cloud with the reverse proxy. Hope its useful :)

 

 

Heres what to do if your isp blocks port 80 and you cant use http authentication to create your certificates. Also how to make a wildcard certificate.

 

 

  • Like 4
Link to comment

Hi @zirconi   using the custom docker network allows us to use the config files that the Linux Server guys have included in the container. These files work 'out the box' because when using a custom docker network the containers have automatic dns resolution between each other. Check here to read more https://docs.docker.com/network/bridge/

If you have everything setup and working then no advantage that i am aware of to change to the custom network.

Edited by gridrunner
Link to comment

FINALLY

 

I managed to get sonar working with duck dns, but when I setup next cloud, it works only outside of my network. On the network when you try to access the address, it forwards to the duck dns which never resolves... any idea what I messed up? I feel like I've triple checked all the settings.

 

 

Link to comment
26 minutes ago, jonathanm said:

opnsense calls it nat reflection

 

so even if it's enabled on the ports that are forwarded, I'm looking for a general "allow nat reflection" or similar, correct?

 

 

Found the setting finally :Firewall: Settings: Advanced--- Automatic outbound NAT for Reflection

 

thanks!

Edited by 1812
Link to comment
41 minutes ago, 1812 said:

 

so even if it's enabled on the ports that are forwarded, I'm looking for a general "allow nat reflection" or similar, correct?

 

 

Found the setting finally :Firewall: Settings: Advanced--- Automatic outbound NAT for Reflection

 

thanks!

How do you find opensense? I havent tried it. I know its a fork of pfsense. Any reason you use it instead of pfsense?

Link to comment

This is amazing! had been putting this off for a while. Just finished setting everything up. 
The only thing I can't get working with Letsencrypt is Rocket Chat. 

Can anyone get me with this? Is there a proxy-conf template for Rocket Chat?

 

Thanks!

Link to comment
2 hours ago, gridrunner said:

How do you find opensense? I havent tried it. I know its a fork of pfsense. Any reason you use it instead of pfsense?

 

I tired it when I was having major issues with an unstable internet connection and switched from pfsense to rule out some sort of error. It ended up being a flaky cable modem that was causing problems but not showing them diagnostically. But I found the UI to be much cleaner and nicer This is probably the biggest reason I stayed on it. Some things/settings are easier to find in terms of navigation, sort of where you expect them to be vs pfsense. Others seem way different if you've learned where they are in pfsense.

 

OPNsense says they do more updates vs pfsense and I believe them. It seems like something is updated/patched every week. There is less documentation than pfsense, but most issues are cross-resoveable if you can find the settings. 

Link to comment

heres a funny thing: so I set it up and theme'd it up. then once I route to it via the public web address/url, all theming  changes are lost....

 

edit--

 

think I figured out my issue... messed up the config files

Edited by 1812
Link to comment
19 minutes ago, Froger said:

I got stuck at creating custom network proxynet. It looks like everything went well with creating it in terminal but somehow letsenctrypt is not seeing that network. Any hints ?

Are you running the latest unRAID. You will only see it in the dropdown from 6.5.1 onwards. For older unRAID builds you will have to goto advance settings then manually enter into the extra parameters like this. 

--network=[networkname]

I would upgrade to the latest stable unRAID unless there is any reason that you must stay on the older one.

Link to comment

I have everything working flawlessly now routed through a site url with 1 exception: It's giving the browser an unsafe website waring, saying the "security certificate is from XXXXX.duckdns.org.

 

Shouldn't lets encrypt or the docker page itself be sending the certificate and not that warning?

 

Forgive me as I'm having one of those types of days. I forgot to change the lets encrypt over to that subdomain...

Edited by 1812
Link to comment
On 8/7/2018 at 12:08 AM, gridrunner said:

Are you running the latest unRAID. You will only see it in the dropdown from 6.5.1 onwards. For older unRAID builds you will have to goto advance settings then manually enter into the extra parameters like this. 


--network=[networkname]

I would upgrade to the latest stable unRAID unless there is any reason that you must stay on the older one.

 

Thanks for help! I am stuck one more time unfortunately. I got next cloud to work properly on my local network and i'm pretty sure that domain, subdomain and dns settings are set correctly. After tinkering in conf files nexcloud docker is no longer showing webUI. I mean that I can click on webIU icon but all I get is simple " Welcome to our server. The website is currently being setup up."  I am getting  the same message trying to connect via subdomain ( https://nexctoud.domain.com) and via local ip address. Any clues ?

 

solved

Edited by Froger
Link to comment

@gridrunnerThanks for this guide. Well done!

 

A couple of comments though. Firstly, I'm not totally keen on the idea of port forwarding directly to my unRAID box's IP address. Shouldn't we worry about this?

 

As such I tried to put nextcloud on it's own IP address via the br0 bridge and continued along with the guide and it did not work. I ran into errors about nginx not being able to resolve  the nextcloud docker or something similar. I later realized it probably had something to due with the inherent restriction that docker has when you attempt to have a Docker container trying to talk to its own host, since this is considered a security breach. I'm not sure there's a real way around this restriction here?

 

In any case, I know you can install letsencrypt on pfSense, and I'd love to see a pfSense, letsencrypt and haproxy guide as this particular setup is above my pay grade, so to speak...

Edited by joelones
Link to comment

Hi @gridrunner, thanks for another amazing video!!! ?

 

I've got everything setup and working per your video but I've run into two problems which I can't seem to figure out:

  1. How would I go about setting up a reverse proxy for Plex? I tried setting it up like the others however I couldn’t get it working. Do I need to do something special because it is using Host mode vs bridge mode? Should I still set it to use the custom proxynet?
  2. Is it possible to access all my dockers using the reverse proxy url when I'm inside my network? My router doesn’t support Nat Reflection and I'm not sure how to setup Nextcloud to work both inside and outside my network?

Any guidance would be greatly appreciated. 

 

Thanks

Link to comment
On 8/9/2018 at 1:45 PM, Froger said:

 

Thanks for help! I am stuck one more time unfortunately. I got next cloud to work properly on my local network and i'm pretty sure that domain, subdomain and dns settings are set correctly. After tinkering in conf files nexcloud docker is no longer showing webUI. I mean that I can click on webIU icon but all I get is simple " Welcome to our server. The website is currently being setup up."  I am getting  the same message trying to connect via subdomain ( https://nexctoud.domain.com) and via local ip address. Any clues ?

 

solved

 

Hi

can you telle me how you solve the "welcome" message error ? [SOLVED]

Thanks !

Edited by deadnote
Link to comment

Hi

Me again !

Can someone help to configure collabora for nextcloud with let's encrypt ?

Nexcloud throw me this error : Exception: Could not find urlsrc in WOPI

When i go to https://office.mydomain.fr I see

 

Welcome to nginx!

If you see this page, the nginx web server is successfully installed and working. Further configuration is required.

For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.

Thank you for using nginx.

 

I don't know how to set up the configuration file

 

It works if I create an office configuration file in the site-conf folder. Is it a good way to configure let's encrypt ?

Edited by deadnote
Link to comment
On 8/18/2018 at 4:56 AM, deadnote said:

Hi

Me again !

Can someone help to configure collabora for nextcloud with let's encrypt ?

Nexcloud throw me this error : Exception: Could not find urlsrc in WOPI

When i go to https://office.mydomain.fr I see

 

Welcome to nginx!

If you see this page, the nginx web server is successfully installed and working. Further configuration is required.

For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.

Thank you for using nginx.

 

I don't know how to set up the configuration file

 

It works if I create an office configuration file in the site-conf folder. Is it a good way to configure let's encrypt ?

 

 

Have you found the solution yet? I checked this link to get an idea how to fix it, but I got confused even more at this link 

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.