Marshalleq Posted February 19, 2020 Share Posted February 19, 2020 20 minutes ago, Wavey said: I've setup letsencrypt on one of my servers, Server1, and its working great. But I have a second Unraid server, Server2, behind the same router. If I am running a docker I want to use reverse proxy on Server2 how would I go about using LetsEncrypt if 80 and 443 are pointed to Server1? I have been pondering a similar conundrum, and got to wondering if I could set up a vlan that matches the custom network created for letsencrypt. I'm pretty sure that'd be fairly easy - then if so it wouldn't be hard to set the same vlan up on other devices and do what you say. Otherwise, I'm sure lets encrypt can redirect to other addresses by a modification in the proxy-conf file. I think the Plex example explains how to do it. I think they call it host mode or something. Quote Link to comment
Wavey Posted February 19, 2020 Share Posted February 19, 2020 17 minutes ago, Marshalleq said: Otherwise, I'm sure lets encrypt can redirect to other addresses by a modification in the proxy-conf file. I think the Plex example explains how to do it. I think they call it host mode or something. Where is said Plex example? I changed the 127.0.1... blah blah in the proxy-conf file to the IP address of my other server but not sure what else to do. I'm doing this for JellyFin BTW. Quote Link to comment
Wavey Posted February 19, 2020 Share Posted February 19, 2020 Thanks @marshalleq you mentioning the conf file and host mode made me go read it, lol what a novel idea! So I got it working by reading these instructions in the conf file... Quote for host mode, replace the lines "proxy_pass http://$upstream_jellyfin:8096;" with "proxy_pass http://HOSTIP:8096;" HOSTIP being the IP address of jellyfin # in jellyfin settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url, # and set the "Secure connection mode" to "Handled by reverse proxy" Quote Link to comment
Marshalleq Posted February 20, 2020 Share Posted February 20, 2020 Ah yeah, I saw your earlier email and was about to paste it for you So that's good to know - we can probably use this to point something anywhere on the network. Quote Link to comment
TJOPTJOP Posted March 4, 2020 Share Posted March 4, 2020 Hi Guys, I setup the reverse proxy with some help of the great videos of Spaceinvader One. But there are some extra security options that I want to be fixed but no idea how I can fix that. Hopefully some one here can help me out! 1. create a redirection for all the reverse proxy dockers. What I have tried is changing the unifi-controller.subdomain.conf file of the docker located in the appdata folder "appdata\letsencrypt\nginx\proxy-confs" if i type https://unifi.domain.com everthing is working fine. But I want to enter http://unifi.domain.com end auto redirect to https://unifi.domain.com Quote #extra added for redirection server { listen 80; listen [::]:80; server_name http://unifi.domain.com; return 301 http://www.$server_name$request_uri; } server { listen 443 ssl; listen [::]:443 ssl; server_name unifi.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_unifi unifi-controller; proxy_pass https://$upstream_unifi:8443; } location /wss { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_unifi unifi-controller; proxy_pass https://$upstream_unifi:8443; proxy_buffering off; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_ssl_verify off; } } 2. setup / enable fail2ban service that is integrated in the Letsencrypt docker from Linuxserver 3. setup / enable GeoIP service that is integrated in the Letsencrypt docker from Linuxserver Thx 1 Quote Link to comment
jkp1187 Posted March 22, 2020 Share Posted March 22, 2020 On 8/6/2018 at 6:08 PM, SpaceInvaderOne said: Are you running the latest unRAID. You will only see it in the dropdown from 6.5.1 onwards. For older unRAID builds you will have to goto advance settings then manually enter into the extra parameters like this. --network=[networkname] I would upgrade to the latest stable unRAID unless there is any reason that you must stay on the older one. I am encountering this problem at setup - I create the network in terminal, but I get this error message when I go to install LetsEncrypt.... /usr/bin/docker: Error response from daemon: network tpgproxy not found. The command failed. I am on 6.7.2. Any suggestions on where to start here? I've done this repeatedly Quote Link to comment
trurl Posted March 22, 2020 Share Posted March 22, 2020 4 hours ago, jkp1187 said: Error response from daemon: network tpgproxy not found. Did you create the network? Quote Link to comment
Donnii Posted March 25, 2020 Share Posted March 25, 2020 For me everything seems good but Nextcloud does not get secure, i can see some certificat i pushed to it but the CN is just (*) and it marks it as unsecure. Any idea? Quote Link to comment
skiman384 Posted March 31, 2020 Share Posted March 31, 2020 Could use some help, I’ve been struggling with something all day. Unraid version 6.8.2 i followed the video guide was able to get ombi working through the reverse proxy on the custom proxynet network. My plex container is on custom br0 with an internal IP in my 192.168.187.0 subnet. Same subnet as my unraid box. Ombi can’t talk to plex or any of my other containers on the custom br0 network. what do I do? I do have a second nic I can configure for my containers, but I have no idea where to start.... any help would be appreciated!! Quote Link to comment
limawaken Posted April 1, 2020 Share Posted April 1, 2020 (edited) I would like to access a HTTP web server on my local network by using this reverse proxy method. i tried copying bits of conf files from examples I found here and there but nothing seems to work for me. i already have my DNS records set up and can access the web server if I port forward from my router, but I want to use this reverse proxy method because I think it would be more secure as we would be accessing via SSL. At least thats what I understand... plus I can access it by just using the sub domain without needing to add :port number in the url. if this is possible I would really like to know how. A few years ago I followed space invader’s guide and was able to set this up for my Nextcloud docker. It works great! It was the most useful thing I’ve learned in all my years of tinkering. Reverse proxy and Letsencrypt changed my life. I’d recommend everyone to do it. Edited April 1, 2020 by limawaken Quote Link to comment
SebTech33 Posted April 15, 2020 Share Posted April 15, 2020 I cant seem to figure this out. i have letsencrypt running and it says server ready on the end. but when i try to use my domain i get a popup from cloudflare that says browser works cloudflare works host error. i sat everything up according to the video and i have checked my spelling. anyone that can try to help me? Quote Link to comment
oskarax Posted April 16, 2020 Share Posted April 16, 2020 Hi Guys! I can see that there are a lot of people getting the "Welcome to our server" message. So am I!! Been trying for days to figure out why but I have to give up. Everything is set up accordingly to the guides and I have no error messages anywhere. How do i solve this issue? Please help. Quote Link to comment
Mmr8cmh Posted April 17, 2020 Share Posted April 17, 2020 I have followed the steps in the video to a T and double checked the setting but can not get to my OMBI from outside my network. I can get to it with the duckdns.org inside my network. is there more that needs to be done on the config file to set this up for OMBI? Quote Link to comment
daveo132 Posted April 23, 2020 Share Posted April 23, 2020 (edited) Hi, First off, thank you for these guides! I'm new to UnRaid and would be lost without these. I've followed this guide but encountered a few issues. When trying to follow the WebUI to Nextcloud it's defaulting to the web address rather then the local IP. Also, I cannot get my owned domain linked up, I get an error saying that the challenge failed. However, that last error may be down to the new CNAME not yet being active. How can I get Nextcloud WebUI to stop taking me to the web address and stay on the local IP? EDIT: I just found your next video about using cloudflare. Unfortunately my domain is with Wix and they do not allow you to change the name servers... Edited April 23, 2020 by daveo132 Quote Link to comment
daveo132 Posted April 24, 2020 Share Posted April 24, 2020 So I think for now I might have to leave this un-encrypted. I have another issue though. I find when I link up the mariadb to next cloud using its IP and Port i get a 504 error. When I refresh it takes me back to the next cloud login but not with any options for setting up the database. Is this normal? Quote Link to comment
yinzer Posted April 25, 2020 Share Posted April 25, 2020 For anyone else who was wondering how to support multiple domains via a single LetsEncrypt Docker, this can be accomplished via the `EXTRA_DOMAINS` Docker environment variable (see https://github.com/linuxserver/docker-letsencrypt/blob/master/README.md). In your Unraid docker setup, `Add another Path, Port, Variable, Label or Device`. Select Config Type = `Variable`. Set the Key to `EXTRA_DOMAINS`. Set the Value to your comma-separated list of domains (NO WILDCARDS!). Add and Apply, verify that it all worked. Quote Link to comment
cinereus Posted May 5, 2020 Share Posted May 5, 2020 (edited) On 8/6/2018 at 1:03 AM, SpaceInvaderOne said: So following on from the next cloud video, here is a tutorial that shows how to set up and configure a reverse proxy on unRAID You mention subfolders at the beginning but then only show examples for subdomains. I prefer subdomains too but is there anyway to allow you to use subdomains on your local network too or do you just need to set up a HOSTS file to go to the local IP? Or will that not work due to the ports? Edited May 5, 2020 by cinereus Quote Link to comment
BoKKeR Posted May 16, 2020 Share Posted May 16, 2020 (edited) Everything has been working wonderfully. With most of the configs for different linux-server containers its really easy to setup. But I ran into a issue when I wanted to set a reverse proxy for a webdav docker container. The issue is that the container runs on port 80 internally! if I add it to proxynet it will crash with letsencrypts port 80. Only way I see to fix this is by changing the port internally in the container. But I dont see that being possible without rebuilding the container https://hub.docker.com/r/bytemark/webdav/ Edited May 16, 2020 by BoKKeR Quote Link to comment
Dauser Posted June 7, 2020 Share Posted June 7, 2020 On 4/17/2020 at 8:27 AM, oskarax said: Hi Guys! I can see that there are a lot of people getting the "Welcome to our server" message. So am I!! Been trying for days to figure out why but I have to give up. Everything is set up accordingly to the guides and I have no error messages anywhere. How do i solve this issue? Please help. So this tells you that the url is accessible and it is defaulting to a landing page created by the docker. What the most likely cause will be is an incorrect .conf file setting. If you have followed the Space-invader tutorial, then you do need to make changes to the .conf files. My example is for binhex-sonarr You need to change the set $upstream_app to binhex-sonarr. So check the conf files in letsencrypt for the docker you are trying to reach, and ensure that if you are using a binhex fork you make the appropriate changes. Quote Link to comment
m0lle Posted July 5, 2020 Share Posted July 5, 2020 Is it just me or is the letsencrypt docker missing a bunch of folders and files? I just installed it and I dont have the proxy.conf file as well as the whole proxy-conf folder with all the samples? Though it seems noone else is missing them, so i wonder if its something wrong on my part? Quote Link to comment
trurl Posted July 5, 2020 Share Posted July 5, 2020 2 hours ago, m0lle said: wonder if its something wrong on my part? Post your docker run as explained at the first link in the docker FAQ pinned near the top of the Docker Engine subforum. Quote Link to comment
HumidGnome Posted July 10, 2020 Share Posted July 10, 2020 Hi All, I'm in the process of setting up my reverse proxy. I bought a domain at godaddy. I set up all of my CNAME records, entered them into letsencryt, started the container, looked at the log file and all of my certs failed. The reason according from what I am seeing they failed it because they were looking for an A record. I went to set up the A records in my godaddy account, and now it's telling me that I need to set it to a specific ip address. Now I thought that is why I needed to setup the duckdns.org site. I am really over my head right now. I could really use some guidance here. Quote Link to comment
jonasdegent Posted July 13, 2020 Share Posted July 13, 2020 So this probably sounds real dumb of me but I followed this tutorial for my Nextcloud server. Everything running smoothly. However am I now getting e-mails from Let's Encrypt to renew my certifcates. Is this a process that goes automatically (just like the Docker container says in the description)? Or do I need to do something? Quote Link to comment
tailgate Posted July 26, 2020 Share Posted July 26, 2020 I’ve had bitwarded, nextcloud, and Ombi all working perfect with Lets Encrypt for months thanks to Spaceinvaderone’s great videos. For some reason, not sure when, they’re not working outside my next work anymore. I’ve gone through Spaceinvaderone’s videos multiple times and I’m stumped. It seems that I’m not getting my certificates. The only clues that I have is that within the log file of Lets Encrypt I see that it is not performing the HTTP-01 challenges and I also see that there is a system message that reads "nginx: [alert] detected a LuaJIT version which is not OpenResty's… " And I get a warning message of, [s6-finish] sending all processes the KILL signal and exiting. Any help would be greatly appreciated. Quote Link to comment
Marshalleq Posted July 26, 2020 Share Posted July 26, 2020 That LuaJIT version / OpenResty's is normal. At least I've had it forever and it doesn't seem to impact anything, so you've probably just not noticed it before. At a wild guess - have you tried ports? Is unraid on 443 and 80 still? Obviously you can't have both letsencrypt and unraid on the same ports. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.