** VIDEO GUIDE ** How to Setup and Configure a Reverse Proxy on unRAID with LetsEncrypt & NGINX


Recommended Posts

20 minutes ago, Wavey said:

I've setup letsencrypt on one of my servers, Server1, and its working great.

 

But I have a second Unraid server, Server2, behind the same router.

 

If I am running a docker I want to use reverse proxy on Server2 how would I go about using LetsEncrypt if 80 and 443 are pointed to Server1?

 

I have been pondering a similar conundrum, and got to wondering if I could set up a vlan that matches the custom network created for letsencrypt.  I'm pretty sure that'd be fairly easy - then if so it wouldn't be hard to set the same vlan up on other devices and do what you say.  Otherwise, I'm sure lets encrypt can redirect to other addresses by a modification in the proxy-conf file.  I think the Plex example explains how to do it.  I think they call it host mode or something.

Link to comment
17 minutes ago, Marshalleq said:

  Otherwise, I'm sure lets encrypt can redirect to other addresses by a modification in the proxy-conf file.  I think the Plex example explains how to do it.  I think they call it host mode or something.

Where is said Plex example? I changed the 127.0.1... blah blah in the proxy-conf file to the IP address of my other server but not sure what else to do. I'm doing this for JellyFin BTW.

Link to comment

Thanks @marshalleq you mentioning the conf file and host mode made me go read it, lol what a novel idea!

 

So I got it working by reading these instructions in the conf file...

 

Quote

for host mode, replace the lines "proxy_pass http://$upstream_jellyfin:8096;" with "proxy_pass http://HOSTIP:8096;" HOSTIP being the IP address of jellyfin
# in jellyfin settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url,
# and set the "Secure connection mode" to "Handled by reverse proxy"

 

Link to comment
  • 2 weeks later...

Hi Guys,

 

I setup the reverse proxy with some help of the great videos of Spaceinvader One. But there are some extra security options that I want to be fixed but no idea how I can fix that. Hopefully some one here can help me out!

 

1. create a redirection for all the reverse proxy dockers.

What I have tried is changing the unifi-controller.subdomain.conf file of the docker located in the appdata folder "appdata\letsencrypt\nginx\proxy-confs"

 

if i type https://unifi.domain.com everthing is working fine. But I want to enter http://unifi.domain.com end auto redirect to https://unifi.domain.com

 

Quote

#extra added for redirection

server {
    listen 80;
    listen [::]:80;
    server_name http://unifi.domain.com;
    return 301 http://www.$server_name$request_uri;
}

 

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name unifi.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_unifi unifi-controller;
        proxy_pass https://$upstream_unifi:8443;
    }

    location /wss {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_unifi unifi-controller;
        proxy_pass https://$upstream_unifi:8443;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_ssl_verify off;
    }

}
 

2. setup / enable fail2ban service that is integrated in the Letsencrypt docker from Linuxserver

3. setup / enable GeoIP service that is integrated in the Letsencrypt docker from Linuxserver

 

Thx

 

  • Like 1
Link to comment
  • 3 weeks later...
On 8/6/2018 at 6:08 PM, SpaceInvaderOne said:

Are you running the latest unRAID. You will only see it in the dropdown from 6.5.1 onwards. For older unRAID builds you will have to goto advance settings then manually enter into the extra parameters like this. 


--network=[networkname]

I would upgrade to the latest stable unRAID unless there is any reason that you must stay on the older one.

I am encountering this problem at setup - I create the network in terminal, but I get this error message when I go to install LetsEncrypt....

 

/usr/bin/docker: Error response from daemon: network tpgproxy not found.

The command failed.

I am on 6.7.2.

 

Any suggestions on where to start here? I've done this repeatedly

Link to comment

Could use some help, I’ve been struggling with something all day. 

 

Unraid version 6.8.2

 

i followed the video guide was able to get ombi working through the reverse proxy on the custom proxynet network. 
 

My plex container is on custom br0 with an internal IP in my 192.168.187.0 subnet. Same subnet as my unraid box. 
 

Ombi can’t talk to plex or any of my other containers on the custom br0 network. 
 

what do I do?  I do have a second nic I can configure for my containers, but I have no idea where to start....

 

any help would be appreciated!!

Link to comment

I would like to access a HTTP web server on my local network by using this reverse proxy method.

i tried copying bits of conf files from examples I found here and there but nothing seems to work for me.

i already have my DNS records set up and can access the web server if I port forward from my router, but I want to use this reverse proxy method because I think it would be more secure as we would be accessing via SSL. At least thats what I understand... plus I can access it by just using the sub domain without needing to add :port number in the url.

if this is possible I would really like to know how.

 

A few years ago I followed space invader’s guide and was able to set this up for my Nextcloud docker. It works great! It was the most useful thing I’ve learned in all my years of tinkering. Reverse proxy and Letsencrypt changed my life. I’d recommend everyone to do it.

Edited by limawaken
Link to comment
  • 2 weeks later...

I cant seem to figure this out. i have letsencrypt running and it says server ready on the end.

but when i try to use my domain i get a popup from cloudflare that says browser works cloudflare works host error. i sat everything up according to the video and i have checked my spelling. anyone that can try to help me? 

Link to comment

Hi Guys! I can see that there are a lot of people getting the "Welcome to our server" message. So am I!! Been trying for days to figure out why but I have to give up. Everything is set up accordingly to the guides and I have no error messages anywhere.

 

How do i solve this issue? Please help.

Link to comment

I have followed the steps in the video to a T and double checked the setting but can not get to my OMBI from outside my network. I can get to it with the duckdns.org inside my network. is there more that needs to be done on the config file to set this up for OMBI?

Link to comment

Hi,

 

First off, thank you for these guides!  I'm new to UnRaid and would be lost without these.

I've followed this guide but encountered a few issues.

When trying to follow the WebUI to Nextcloud it's defaulting to the web address rather then the local IP.

Also, I cannot get my owned domain linked up, I get an error saying that the challenge failed.

 

However, that last error may be down to the new CNAME not yet being active.

 

How can I get Nextcloud WebUI to stop taking me to the web address and stay on the local IP?

 

EDIT:

I just found your next video about using cloudflare. Unfortunately my domain is with Wix and they do not allow you to change the name servers...

Edited by daveo132
Link to comment

So I think for now I might have to leave this un-encrypted.

I have another issue though.  I find when I link up the mariadb to next cloud using its IP and Port i get a 504 error.  When I refresh it takes me back to the next cloud login but not with any options for setting up the database.

 

Is this normal?

Link to comment

For anyone else who was wondering how to support multiple domains via a single LetsEncrypt Docker, this can be accomplished via the `EXTRA_DOMAINS` Docker environment variable (see https://github.com/linuxserver/docker-letsencrypt/blob/master/README.md).

 

In your Unraid docker setup, `Add another Path, Port, Variable, Label or Device`. Select Config Type = `Variable`. Set the Key to `EXTRA_DOMAINS`. Set the Value to your comma-separated list of domains (NO WILDCARDS!). Add and Apply, verify that it all worked.

 

Link to comment
  • 2 weeks later...
On 8/6/2018 at 1:03 AM, SpaceInvaderOne said:

So following on from the next cloud video, here is a tutorial that shows how to set up and configure a reverse proxy on unRAID

 

You mention subfolders at the beginning but then only show examples for subdomains.

 

I prefer subdomains too but is there anyway to allow you to use subdomains on your local network too or do you just need to set up a HOSTS file to go to the local IP? Or will that not work due to the ports?

Edited by cinereus
Link to comment
  • 2 weeks later...

Everything has been working wonderfully. With most of the configs for different linux-server containers its really easy to setup. 

 

But I ran into a issue when I wanted to set a reverse proxy for a webdav docker container.

 

The issue is that the container runs on port 80 internally! if I add it to proxynet it will crash with letsencrypts port 80. Only way I see to fix this is by changing the port internally in the container. 

 

But I dont see that being possible without rebuilding the container 

 

https://hub.docker.com/r/bytemark/webdav/

Edited by BoKKeR
Link to comment
  • 4 weeks later...
On 4/17/2020 at 8:27 AM, oskarax said:

Hi Guys! I can see that there are a lot of people getting the "Welcome to our server" message. So am I!! Been trying for days to figure out why but I have to give up. Everything is set up accordingly to the guides and I have no error messages anywhere.

 

How do i solve this issue? Please help.

FTCTR.png

 

So this tells you that the url is accessible and it is defaulting to a landing page created by the docker.

What the most likely cause will be is an incorrect .conf file setting.

If you have followed the Space-invader tutorial, then you do need to make changes to the .conf files.

 

My example is for binhex-sonarr

FTCWR.png

 

You need to change the set $upstream_app to binhex-sonarr.

 

So check the conf files in letsencrypt for the docker you are trying to reach, and ensure that if you are using a binhex fork you make the appropriate changes.

Link to comment
  • 4 weeks later...

Is it just me or is the letsencrypt docker missing a bunch of folders and files? I just installed it and I dont have the proxy.conf file as well as the whole proxy-conf folder with all the samples? Though it seems noone else is missing them, so i wonder if its something wrong on my part?

Link to comment

Hi All,

 

I'm in the process of setting up my reverse proxy.  I bought a domain at godaddy.  I set up all of my CNAME records, entered them into letsencryt, started the container, looked at the log file and all of my certs failed.  The reason according from what I am seeing they failed it because they were looking for an A record.  I went to set up the A records in my godaddy account, and now it's telling me that I need to set it to a specific ip address.  Now I thought that is why I needed to setup the duckdns.org site.  I am really over my head right now.  I could really use some guidance here.  

Link to comment

So this probably sounds real dumb of me but I followed this tutorial for my Nextcloud server. Everything running smoothly. However am I now getting e-mails from Let's Encrypt to renew my certifcates. Is this a process that goes automatically (just like the Docker container says in the description)? Or do I need to do something?

Link to comment
  • 2 weeks later...

I’ve had bitwarded, nextcloud, and Ombi all working perfect with Lets Encrypt for months thanks to Spaceinvaderone’s great videos.  For some reason, not sure when, they’re not working outside my next work anymore.  I’ve gone through Spaceinvaderone’s videos multiple times and I’m stumped.

 

It seems that I’m not getting my certificates.  The only clues that I have is that within the log file of Lets Encrypt I see that it is not performing the HTTP-01 challenges and I also see that there is a system message that reads "nginx: [alert] detected a LuaJIT version which is not OpenResty's… "  And I get a warning message of, [s6-finish] sending all processes the KILL signal and exiting.

 

Any help would be greatly appreciated.

Link to comment

That LuaJIT version / OpenResty's is normal.  At least I've had it forever and it doesn't seem to impact anything, so you've probably just not noticed it before.

 

At a wild guess - have you tried ports?  Is unraid on 443 and 80 still?  Obviously you can't have both letsencrypt and unraid on the same ports.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.