** VIDEO GUIDE ** How to Setup and Configure a Reverse Proxy on unRAID with LetsEncrypt & NGINX


Recommended Posts

Has anyone been able to get this all working with Cloudflare DNS in front of everything? I've got it working perfectly if I disable routing through Cloudflare but I'd really like to be able to use Cloudflare's access system to authenticate users as well as the built in DDOS protection.

 

Right now I'm using the NginxProxyManager docker from CA and connecting over HTTPS works like a charm. However if I enable a subdomain to route through Cloudflare then I get this error.

 

259869240_SSLerror.PNG.18bbdc8435d94c6d926c6dfe295f75df.PNG

 

I've disabled universal SSL in cloudflare and have the SSL setting to "off". Has anyone been able to get this working? Thanks

Link to comment

Really great work as always. I got it working  just 2 question 
 1 I can go nextcloud.XXXX.XX  and it work if I try too open it the docker or use the local ip it also go there   when I look on the traffic in pfsense  with ntopng it look like all data go out and ind = use my internet speed can I do so for the local it don't go that way around.

2   are there a way so you can use www. before just people often think that 

Link to comment

Hey all,

 

I am trying to set up LetsEncrypt but LetsEncrypt keeps giving me the message "Challenge failed for domain xxxx.duckdns.org".

 

I have my ports forwarded correctly and have even tried re-forwarding port 80 to say my unraid web server just to test that it's accessible from the full dns/port number and that's fine (then deleted that forward).

 

Question - Am I supposed to be able to access the http webpage of the letsencrypt docker regardless of any certs being issued? I'm just trying to make sure I can even access that port internally first.

 

Otherwise, can an ISP block port 80 depending on the kind of request? I was obviously able to access the webpage of my server via port 80 but wasn't sure if there was anything LetsEncrypt does that could be getting blocked?

 

If anyone has any idea's I could try to troubleshoot, it would be much appreciated!

 

Edit: This is working now. I decided to call my ISP anyway to at least see if they could see anything trying to connect. Turns out port 80 / 443 was blocked.

 

I assumed it wasn't as I was able to remotely connect over port 80 to other services. They said it could have been Hairpin NAT on my router basically working it out for me.

 

As a general lesson I guess - always call your ISP FIRST to make sure that those ports are going to be open on their side before you go any further.

 

 

Edited by Brandan
Link to comment
On 3/11/2019 at 5:50 AM, SpaceInvaderOne said:

Yep that will be because there is no config file that uses that subdomain. Just edit a config file to direct to whichever container you want to access from outside.

I would love a future video explaining editing out configs to point to subdomains, I still find that confusing as my goal is to limit my ports that are exposed. Do i edit/replace the default config file, this is the part I'm struggling with, how to set this up. Thanks again

Link to comment
1 hour ago, 225redstick said:

Or do you have a good example letsencrypt default config file to share that i could use as a template for my subdomains pointing to radarr, sonarr, plex etc.?

If you install the letsencrypt docker from linuxserver then it should come with template config files for radarr sonarr and plex.

 

It should be in the proxy conf folder in the appdata folder for letsencrypt

 

I can upload a template for you later if you need it.

Link to comment
9 hours ago, SeveredBox53 said:

If you install the letsencrypt docker from linuxserver then it should come with template config files for radarr sonarr and plex.

 

It should be in the proxy conf folder in the appdata folder for letsencrypt

 

I can upload a template for you later if you need it.

I see these, but not sure what do do with them. Do i copy/move them to each app folder or copy the text of each and put them all in the letsencrypt default config file? 

Link to comment
1 hour ago, 225redstick said:

I see these, but not sure what do do with them. Do i copy/move them to each app folder or copy the text of each and put them all in the letsencrypt default config file? 

No you don't need to copy them out of that folder. You just need to edit the file and put your website name where it is in the template.

 

Ex. plex.thisismyrandomexamplewebpage.edu

 

Make sure you enable viewing file extensions cause the templates are all inactive by default.

 

To activate the file rename it from subdomain.radarr.config.sample to subdomain.radarr.config

  • Like 1
Link to comment

Awesome Vid, got this all up and running quickly and on the first try. Everything working great accessing from outside with phones and tablets. HOWEVER :) , now when I launch the WebUI for Letsencrypt I get an error page that says "Welcome to our server - website currently being setup under this address"  I have restarted the containers, tried different browsers but still cannot get into the WebUI.  Any ideas or help would be greatly appreciated.  

Link to comment

Thank you for the excellent second video about using Cloudflare to workaround a closed port 80, which is the case with Cox. After purchasing a domain name from GoDaddy, I have Let's Encrypt running as a docker now using dns and the log shows that it started properly (log image enclosed). 

 

My current problem, however, relates to Home Assistant docker accessing the cert file so that it will open in https.

 

I have mucked around for more than two weeks without coming up with a solution. And, yes, I did watch the first video about setting up Let's Encrypt with dockers other than Home Assistant. i have read many, many postings and videos about how to use Let's Encrypt with Home Assistant; nothing I have attempted as a result of these how-to's has allowed me to use Let's Encrypt to successfully access Home Assistant with https. I am at a total loss and obviously need careful guidance to straighten things out. I would be happy to uninstall the version of Home Assistant which I now have installed and start over.LetsEncryptLog.thumb.png.a38989eb8fcfb7729e2afe63cf3847a3.png

Link to comment

Hi

 

So I can access my Nextcloud server using the app on my phone or a web browser from outside my network using the url of https://servername.domain.com (obviously not the real details) but when I try to use the Nextcloud app on my Windows machine it can't find the url so I have to try and use the internal private IP followed by the port number (xx.xx.xx.xx:444) but this won't let me log in and of course won't be accessible from outside my network.

 

As Nextcloud runs of my Unraid machine which has a DNS resolver hostname of UNRAID (again, not real name) if I type UNRAID.MYDOMAIN.COM I get to the login of my Unraid server via HTTPS. If I then add another hostname to the resolver of say NEXTCLOUD it will still take me to the Unraid login page unless I put the ports after....

 

How do I get https://mynextcloud.mydomain.com to resolve internally and externally for use with the desktop app, without having to enter the ports and that gumph.....?

TIA

And love the videos  

Edited by McMeanF
spelling mistake
Link to comment

Thanks for the reply

I'm using PfSense as my router, and have taken a different route.

I'm now using HAProxy on PFSense as my reverse proxy, and then using the ACME Letsencrypt package for TLS certs. I've got it all working nicely internally and externally now.

Cheers

Link to comment
On 3/29/2019 at 5:10 PM, carefreepastor said:

Thank you for the excellent second video about using Cloudflare to workaround a closed port 80, which is the case with Cox. After purchasing a domain name from GoDaddy, I have Let's Encrypt running as a docker now using dns and the log shows that it started properly (log image enclosed). 

 

My current problem, however, relates to Home Assistant docker accessing the cert file so that it will open in https.

 

I have mucked around for more than two weeks without coming up with a solution. And, yes, I did watch the first video about setting up Let's Encrypt with dockers other than Home Assistant. i have read many, many postings and videos about how to use Let's Encrypt with Home Assistant; nothing I have attempted as a result of these how-to's has allowed me to use Let's Encrypt to successfully access Home Assistant with https. I am at a total loss and obviously need careful guidance to straighten things out. I would be happy to uninstall the version of Home Assistant which I now have installed and start over.LetsEncryptLog.thumb.png.a38989eb8fcfb7729e2afe63cf3847a3.png

I still need help with this

Link to comment

Good Morning. So am trying to get Nextcloud to work with Letsencrypt using Spaceinvaders guide. Note nextcloud works before configuring letsencrypt. When trying to connect to my sub domain its getting 502 Bad gateway. In the ngnix log:

2019/04/09 08:49:58 [error] 353#353: *162 connect() failed (111: Connection refused) while connecting to upstream, client: 10.0.0.1, server: cloud.*, request: "GET /apps/files/ HTTP/2.0", upstream: "https://172.18.0.4:444/apps/files/", host: "cloud.mydomain.com" 

 

Nextcloud docker:

changed network to custom

changed port to 444

 

NextCloud config.php

    1 => 'cloud.mydomain.com',

  'trusted_proxies' => ['letsencrypt'], ( tried with and without this line. )
  'overwrite.cli.url' => 'https://cloud.mydomain.com',
  'overwritehost' => 'cloud.mydomain.com',
  'overwriteprotocol' => 'https',

 

nextcloud.subdomain.conf

just changed nextcloud.* to cloud.*

 

I have it working with ombi just cant seem to figure it out with nextcloud.

Link to comment

Hey folks,

 

I followed SpaceInvader's video and it's "working". Since I'm using this for Ombi, I'm looking to keep the end-user process as simple as possible. I have my own (easy to remember) domain, and Ideally, I'd prefer not to use a sub-domain. I currently have a single CNAME record of www. It was the only way I could think of to get my DuckDNS configured on my domain's DNS.

 

How can I set this up without the need of a subdomain, non-www URL, and redirect to HTTPS?

I want folks to type in SimpleURL.com (non-www URL) and it redirects them to https://SimpleURL.com.

 

I'm new to this process, especially NGINX. So any help with getting this configured would be amazing!

 

EDIT: I was able to get HTTP to redirect to HTTPS by adding this to my Ombi CONF file. Now I just need to figure out a way to get non-www URL working.

server {
	listen 80 default_server;
	listen [::]:80 default_server;
	server_name _;
	return 301 https://$host$request_uri;
}

EDIT-II: I set up a redirect on my domain, and that seems to be working, sorta. I set up SimpleURL.com redirect to www.SimpleURL.com. So when my friends and family enter SimpleURL.com, it now takes them to https://www.SimpleURL.com. So, in theory, it's working. :)

Edited by boostdd
Link to comment
  • 3 weeks later...

First off thank you SpaceInvaderOne for the amazing videos helped me no end of times.

 

I want to run a Bitwarden internally on Unraid which is fine i can do that no problem. But I also want to use Brave as its based on Chrome. Out of the box it will not work for a home server of Bitwarden. Due to something about how Chrome handles HTTPS. I installed Bitwarden on Unraid works great with Firefox but as I say I use Brave. 

 

It will work if I use a Reverse Proxy such as LetsEncrypt in your great video. Thing is I do not want to open any ports on my router I do not need outside access to Bitwarden. I would all be handled internally on the LAN. 

 

But I do need to have it working under HTTPS. As far as I can tell I can only use LetsEncrypt if it opens port 443 on my router or have I misunderstood that. Can I can I follow your video for the reverse proxy and leave 443 closed and still have HTTPS on the LAN ?

 

Thanks for any help.

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.