** VIDEO GUIDE ** How to Setup and Configure a Reverse Proxy on unRAID with LetsEncrypt & NGINX


Recommended Posts

Thanks for the reply.  I’m a very novice when it comes to this network stuff, so I hope you (and others) will bear with me, I’m a 56M fumbling my way thru this, but loving it.  I’m surprised I’ve gotten this far.  I have learned a ton as you can image.  But I’ve been working on this for weeks now.

 

How do I tell what port Unraid is using?  Under Settings, Management Access, I see HTTP(s) ports at 80 and 443.  Is this what you’re talking about for the unraid settings?  Should they be something different?

 

Like I said, this was working for a long time, but I’m not sure what happened.  My router's port forwarding hasn’t changed and Lets Encrypt is set to use 180 and 1443 as suggested by Spaceinvaderone.

 

Thanks again for helping.

Link to comment
  • 1 month later...

Thanks for another great video, they're really helpful and explained well.

 

However, I have one big problem with this one that I can't resolve.  Everything went fine and I setup with own domain / sub domains but I can no longer login to Nextcloud?   It's sits for about 20 seconds and then reports 'Wrong username or password'?   I know the password is correct (I've checked through saved login details on laptop browser to double check username and p/w.  I can also see the password in the config file that you alter in this video). 

 

I have tripled checked everything is spelled correctly when altering the config and conf files as I did find another user having this problem but they had spelt something wrong.  At a total loss now. 

 

Is it something to do with config file in Nextcloud having the variable 'dbuser' => 'nextcloud' ?  I was assuming this is more to do with actual install and share name rather than a user?  I only had one setup under admin for my Nextcloud instance but that and the password just won't let me in. 

 

Link to comment
  • 2 weeks later...
  • 1 month later...

So im trying to get https working with home assistant properly.

 

I have followed most of this video....
DuckDNS, letsencrypt, ingix, proxynet all working....

I can access Home asssistant from outside my network via https://blahblah-hass.duckdns.org

even if i do not type the https, it will go to https, i get the lock icon in the web browser.

 

That web address does not work INSIDE my network. i have to use the IP address 192.168.1.##:8123

 

So I went back over this video today.

Home assistant was not set to Network : Custom: proxynet   it was Host...
Change HA docker to proxmox... restarted, and no WebGUI... inside or outside network, Port mappings are gone ?!?

cant access from inside or outside network by any address.


Went back in to edit HA docker config to add "Fixed IP address (optional): " and i entered its IP 192.168.1.##/24  - apparently this was wrong

I still dont understand the /16 /24 stuff of an IP address...
Docker rebuild failed. docker gone. ?!?

Re-installed docker...  left it on Host.  WebUi is back while inside my network.
If I try to access HA from outside my network via my duckDNS address, i get home assistant error  message

 

Had to manually rebuid port mapping for HA docker container.... now accessible from outside network again via web address.

 

ok so...  now working same as when I started, but one difference, network is set to Proxynet.

Still cannot access containers via web addresses within the network. only outside.
IPs only work inside network.

 

i get to 21:15 in the video, he restarts letsencrypt, and he can access via webaddress with HTTPS,

i cannot.

 

here is my ngix config for HA,  the "##" and "blah-blah" were added in the addresses for security in this post.

# make sure that your dns has a cname set for homeassistant and that your homeassistant container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name blah-blah-hass.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_homeassistant home-assistant;
        proxy_pass http://192.168.1.##:8123;
    }

    location /api/websocket {
        resolver 127.0.0.11 valid=30s;
        set $upstream_homeassistant Home-Assistant-Core;
        proxy_pass http://192.168.1.##:8123;
        proxy_set_header Host $host;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

I do notice something different in my config than his....
where i have an IP address  " http://192.168.1.12:8123 "

he hass something that would translate to "http://$upstream_homeassistant:8123 "

I tried changing it... no fix.

 

im confused.

Am i missing some type of reverse dns?

 

EDIT : found this on redit

Quote

But what if your on the local network? Unless your router supports nat hairpin you can't traverse a nat from a local IP address. And it is a security risk I believe so I wouldn't recommend you set that up anyhow. What you would need is a split dns. More or less you have a local dns server like bind that would take the homenetwork.mydomain.com address and send it directly to the ip address of the reverse proxy skipping the router completely.

Bind docker... or better router...  pfsense....  I knew you were coming...

Edited by TRusselo
Link to comment
  • 2 months later...
  • 4 weeks later...

Havnt been able to find the answer through search, so apologies if I missed it, but is there was way to run a reverse proxy for some containers (sonarr, sab etc) while already having those containers routed through binhex-delugevpn? The problem obviuosly arises when you go to set the network type as they are already going through deluge.

 

I would basically like to be able to reverse proxy access these containers outside my network as individual sites, while still having them all run through a VPN.

Link to comment
2 hours ago, benyaki said:

Havnt been able to find the answer through search, so apologies if I missed it, but is there was way to run a reverse proxy for some containers (sonarr, sab etc) while already having those containers routed through binhex-delugevpn? The problem obviuosly arises when you go to set the network type as they are already going through deluge.

 

I would basically like to be able to reverse proxy access these containers outside my network as individual sites, while still having them all run through a VPN.

Should work normally, as in how you typically reverse proxy sites, not how lsio makes it work.

 

As long as you can successfully access the site through an IP and port, like http://192.168.1.5:8080, then you just plug that address in to your nginx config.

 

If you CAN'T get to the site locally, then you will need to fix that first, typically by adding the appropriate port to the delugevpn container.

 

I reverse proxy sites through swag from a VM, from a second Unraid server, and local containers, all with no issues.

 

If none of this makes any sense, then you are going to need to take a crash course in how to configure nginx. It's not that hard, but there are differences in how lsio does things that make it so you need to know a little more about how it's working.

Link to comment
1 hour ago, jonathanm said:

Should work normally, as in how you typically reverse proxy sites, not how lsio makes it work.

 

As long as you can successfully access the site through an IP and port, like http://192.168.1.5:8080, then you just plug that address in to your nginx config.

 

If you CAN'T get to the site locally, then you will need to fix that first, typically by adding the appropriate port to the delugevpn container.

 

I reverse proxy sites through swag from a VM, from a second Unraid server, and local containers, all with no issues.

 

If none of this makes any sense, then you are going to need to take a crash course in how to configure nginx. It's not that hard, but there are differences in how lsio does things that make it so you need to know a little more about how it's working.

Thanks, after reading your post I realized I was going the REALLY long way around to make this work with swag.

I just setup nginx proxy manager and everything is working well, really easy to set up.

Link to comment
  • 6 months later...

Hmm...

Everything did work fine, but the proxy passthrough does end in a 403 forbidden for me.

I did triplecheck everything, but I don't have a clue what might be wrong... 

The nextcloud container on a subdomain and a paperless instance on port 8000 and a subdomain.

For paperless I did adapt the changes from the nextcloud config.

I did enter the subdomains in my fritzbox unter dns rebind protection. But this didn't work either.

 

Any idea? Or a hint what to look at?

Link to comment
  • 2 months later...

EDIT: Ugh, pulled a stoopid. I was putting Shinobi on 'proxynet' instead of br1.

 

-----------------------------

 

Hi all. I'm having a problem with SWAG/Shinobi using an IP address in a different subnet. It _was_ working a couple days ago but then a few things blew up with UnRAID/my network and now I cannot get Shinobi to start on the correct subnet.

 

Desired: Shinobi on 'proxynet' at 192.168.2.100:8080 (I have it set correctly in the manually created shinobi.subdomain.conf)

Result: Shinobi start on 'proxynet' at 192.168.1.100:8080 (which is a problem because I also run Ubiquiti equipment)

 

Any thoughts on what could be causing SWAG to ignore the IP address/subnet in the conf file?

 

EDIT: Shinobi will start at 192.168.2.100 if I change the network to br1 1 which is on the *.2.* subnet, so it's not a routing issue. It's as if SWAG isn't seeing the shinobi.subdomain.conf file at all. But it _is_ seeing the conf file because if I set it to an IP address/port on the *.1.* subnet it works. There's just something about the *.2.* subnet SWAG doesn't like...

 

I deleted the SWAG and Shinobi containers, deleted the 'proxynet' network, and rebuilt it all. Same result. 

Edited by kazanjig
Link to comment
  • 1 month later...

Found you on YouTube and tried following your videos to setup NextCloud and I got everything working but this SSL thing. I got so frustrated then I saw the second video here about what if port 80 is blocked? I think this is my issue I will try the duckdns way tomorrow at work.

You have a lot of videos but a lot of them have prerequisites to watch other videos. You mention some but I think I missed one about why you need a domain tracker. I was confused on the cloud flare part. It may sound like I’m rambling but I think I finally got it and thank you in advance.

I have been into tech for years, I know more than most in my circle but I am still nowhere I should be to say this tech stuff is a passion of mine. I guess life does happen to get in the way.


With all that said here is my question. I have a domain that I purchased on hostgator years ago that was once a Wordpress site. I changed the name servers to cloudflare and it’s showing the provisioning went through. There are a lot of old records there that I have no clue of what they are can I just delet them all and add only what’s required for what I’m doing now? I hope so because I already deleted most.


Sent from my iPhone using Tapatalk

Link to comment
  • 1 year later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.