** VIDEO GUIDE ** How to Setup and Configure a Reverse Proxy on unRAID with LetsEncrypt & NGINX

[unRaide]

Has anyone figured out how to get this type of setup working with a Plex Docker? I tried using the suddomain sample conf, updating the settings based on the other examples but I get a "502 Bad Gateway" when trying to load that page?

[Rothan]

On 8/9/2018 at 12:45 PM, Froger said:

 

Thanks for help! I am stuck one more time unfortunately. I got next cloud to work properly on my local network and i'm pretty sure that domain, subdomain and dns settings are set correctly. After tinkering in conf files nexcloud docker is no longer showing webUI. I mean that I can click on webIU icon but all I get is simple " Welcome to our server. The website is currently being setup up."  I am getting  the same message trying to connect via subdomain ( https://nexctoud.domain.com) and via local ip address. Any clues ?

 

solved

 

On 8/18/2018 at 9:16 AM, deadnote said:

 

Hi

can you telle me how you solve the "welcome" message error ? [SOLVED]

Thanks !

 

 

Hi,

 

As i am having the same issue can you share how you resolved the problem.

 

I get to the nginx welcome page for my subdomains nextcloud and sonarr on or off my network.

 

Thanks

[deadnote]

8 hours ago, Rothan said:

 

 

 

Hi,

 

As i am having the same issue can you share how you resolved the problem.

 

I get to the nginx welcome page for my subdomains nextcloud and sonarr on or off my network.

 

Thanks

 

Sorry, I don't remember.

I believe all i did is to wait a few seconds after the docker restart

[SCSI]

Thanks for another great tutorial. Is there a way to disable the Letsencrypt welcome page to hide the service even more? I currently use subfolders that is named differently than the dockers pointed to them.

[Biff Bojangles]

On 8/26/2018 at 12:31 AM, unRaide said:

Has anyone figured out how to get this type of setup working with a Plex Docker? I tried using the suddomain sample conf, updating the settings based on the other examples but I get a "502 Bad Gateway" when trying to load that page?

Have you been able to figure this out.  I am having the same issue with the 502 Bad Gateway.  For the tutorial, I set up the proxynet network, but if I select that, I get an error for plex.  

[unRaide]

8 hours ago, Biff Bojangles said:

Have you been able to figure this out.  I am having the same issue with the 502 Bad Gateway.  For the tutorial, I set up the proxynet network, but if I select that, I get an error for plex.  

Yea, I ended fixing this by keeping the network type as host and following the steps outlined at the top of the plex sample config file.

 

Can’t remember the exact steps but it’s laid out clearly and should work if you follow them closely. 

[Biff Bojangles]

8 hours ago, unRaide said:

Yea, I ended fixing this by keeping the network type as host and following the steps outlined at the top of the plex sample config file.

 

Can’t remember the exact steps but it’s laid out clearly and should work if you follow them closely. 

I ended up doing the same thing.  Kept it off the proxynet and put in the mydomain.  

 

By any chance do you also run OMBI?  Having trouble utilizing .htpasswd to access it.  

[Sinister]

Hi im unsure if anyone else is experiencing this issue but ive followed everything down to the letter and when i go to the sonarr webpage outside my network i keep getting the letsencrypt landing page can someone tell me what i did wrong ?

Welcome to our server

The website is currently being setup under this address.

For help and support, please contact: [email protected]

 

 

this is my nextcloud config php

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'ocvagavyiudq',
  'passwordsalt' => '66cAD3+nO/lNspfvs9urUMR3Y/n3Am',
  'secret' => 'qXhHGYee7Dftjk3h/6a/UPchu1pWJBUgHNZm/iLiIExSwZjJ',
  'trusted_domains' =>
  array (
    0 => '192.168.1.113:444',
    1 => 'xxxxx.duckdns.org',
  ),
  'overwrite.cli.url' => 'https://xxxxx.duckdns.org/',
  'overwritehost' => 'xxxxx.duckdns.org',
  'overwriteprotocol' => 'https',
  'dbtype' => 'mysql',
  'version' => '14.0.1.1',
  'dbname' => 'nextcloud',
  'dbhost' => '192.168.1.113:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'xxxxxxxx',
  'dbpassword' => 'xxxxxxxxx',
  'installed' => true,
);

 

 

this is my proxy-confs file

 

# make sure that your dns has a cname set for nextcloud
# assuming this container is called "letsencrypt", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
#  'trusted_proxies' => ['letsencrypt'],
#  'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
#  'overwritehost' => 'nextcloud.your-domain.com',
#  'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
#  array (
#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
#    1 => 'nextcloud.your-domain.com',
#  ),

server {
    listen 443 ssl;

    server_name xxxxx.duckdns.org*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_nextcloud nextcloud;
        proxy_max_temp_file_size 2048m;
        proxy_pass https://$upstream_nextcloud:443;
    }
}

 

 

Edited September 27, 2018 by Sinister
sensitive information

[technologiq]

I followed the video to a tee and use pfSense for my router.  After getting everything set up, if I try and access any of the dockers from outside my home network they all give me the same white screen that says "Welcome to our server The website is currently being setup under this address. For help and support, please contact: [email protected]example.com"

 

Any ideas?

Edited September 26, 2018 by technologiq

[SeveredBox53]

@technologiq did you manage to figure out how to solve this? I've checked other sites but this is the only place I can even find the error posted.

[charlieny100]

I love these videos. My situation is a little different. Besides dockers I have another server running a self hosted web server. Is there a way to get the reverse proxy to go to the other server when someone enters "self.mydomain.com"?

[cheww]

On 9/20/2018 at 2:20 PM, unRaide said:

Yea, I ended fixing this by keeping the network type as host and following the steps outlined at the top of the plex sample config file.

 

Can’t remember the exact steps but it’s laid out clearly and should work if you follow them closely. 

 

This helped me thanks .. 

 

What i did was edited the plex.subdomain.conf file and replaced proxy_pass  https://$upstream_plex:32400 with proxy_pass http://192.168.178.23:32400 <-- your local ip for plex .. My plex docker stayed at host

 

Then the second part was you had to go into plex > Settings > network. under Custom server access URLs put the plex domain in i.e https://plex.yourdomain.com:443 

 

i when to the domain and it worked. it asked me to sign in again and bingo!

 

hope this helps someone .. 

[Leuchtekulli]

Has someone had any luck with collabora and nextcloud?

[Runtime24]

So I am able to reach Sonarr using my subdomain web address and it will ask me to login but after that I just get a loading animation at the top and it says Sonarr Ver in the center of the screen and nothing else. Any advice on what this could be?

 

For Nextcloud I am getting either a 502 Bad gateway or the letsencrypt webui.

Edited December 8, 2018 by Runtime24

[Vesko]

I also cant fix this LetsEncrypt and Nextcloud and now my Nextcloud is useless for sharing the people asking me:

what is this 

i didn't get file etc. 

I have to explain how to go around and where to click. 

I dont understand why Nextcloud cant make something to be more easy for regular people or to integrate in the installation. Thank you. 

Thanks for all videos they are great. 

[macieksoft]

Cant aces the web ui for lets encrypt and nextcloud but they both are functioning properly. Anyone know here I might have messed up? Im assuming it has to  do with the 444,443, and 1443 changes. 

[foerl]

first of all, thanks for all your great guides! they're well explained and easy to follow.

 

i was following your guide until the point where i set up port forwarding - i went to my subdomain (using my own website) and it shows my unraid dashboard instead of nextcloud! i used my mobile network to verify - i now disabled port forwarding because that's something i don#t want lol... 

 

what did i miss, what went wrong? any help would be greatly appreciated! 

[DaveW42]

I want to emphasize how exceptional these guides are.  As a complete newbie to unraid and Linux, they are absolutely invaluable.  I would never have been able to use unraid without them.

 

I think I may have discovered the problem that results in receiving the following error:  "Welcome to our server.  The website is currently being setup under this address.  For help and support, please contact: [email protected]"

 

I encountered this when trying to setup nextcloud.  I believe the issue is in the config php file.

 

If you look at nextcloud.subdomain.conf.sample it provides setup instructions for the nextcloud config php file.  These setup instructions include the following line, which didn't appear in the video: 

'trusted_proxies' => ['letsencrypt'],

 

In other words, config php should be as follows:

'trusted_proxies' => ['letsencrypt'],
'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
'overwritehost' => 'nextcloud.your-domain.com',
'overwriteprotocol' => 'https',

 

The only other thing I did differently was to make absolutely sure that my subdomains were separated by commas (but no spaces!) in the letsencrypt docker container file.  I tried some of the suggestions above, but unfortunately something got messed up along the way (I no longer even got the 'welcome' message).  I had to delete the letsencrypt container and configure it over again to recover.

 

One more thing I did (unrelated to the problem) was to make sure that all the relevant docker containers autostart (selecting the option on the main docker page). 

 

Hope this helps someone else.   For my part, I am going to now go and make a donation to spaceinvaderone for how amazing this video was (and the preceding one on nextcloud).  I now have a cloud server operating at home!!!

 

Dave

 

[chiefo]

Great guide! I believe I have everything working correctly but I'm running into one issue. Not sure if its a letsencrypt/ngix issue or my domain. If i hit sonarr.example.com or http://sonarr.example.com the site refuses to load. Hitting https://sonarr.example.com loads perfectly. I know the setup is only supposed to work with https, but shouldn't the reverse proxy force the browser to https even if the user only puts in http? Or is there another layer of software required for that?

 

 

Thanks!

[cpshoemake]

On 2/21/2019 at 12:18 AM, chiefo said:

Great guide! I believe I have everything working correctly but I'm running into one issue. Not sure if its a letsencrypt/ngix issue or my domain. If i hit sonarr.example.com or http://sonarr.example.com the site refuses to load. Hitting https://sonarr.example.com loads perfectly. I know the setup is only supposed to work with https, but shouldn't the reverse proxy force the browser to https even if the user only puts in http? Or is there another layer of software required for that?

Open appdata/letsencrypt/nginx/site-confs/default. Uncomment (delete leading #) lines 5-10. That tells nginx to redirect http traffic to https.

Just in case you have a different version of the file, these are the relevant lines:

server {
	listen 80;
	listen [::]:80;
	server_name _;
	return 301 https://$host$request_uri;
}

 

Edited February 27, 2019 by cpshoemake
grammar & spelling

[chiefo]

3 hours ago, cpshoemake said:

Open appdata/letsencrypt/nginx/site-confs/default. Uncomment (delete leading #) lines 5-10. That tells nginx to redirect http traffic to https.

Just in case you have a different version of the file, these are the relevant lines:

server {
	listen 80;
	listen [::]:80;
	server_name _;
	return 301 https://$host$request_uri;
}

 

My Man! Appreciate the help, worked like a charm.

[225redstick]

Newbie questions #1,  I previously added SSL, HTTPS in unraid settings. Using this guide do i remove those settings/changes for this letsencrypt tutorial? Question #2, I previously set some things up with duckdns and my previous router and dockers and they were working fine, now i have changed to a new pfsense box and want to use cloudflare with my own domain name, does duckdns still have a role to play? Sorry for basic questions, just trying to figure all this out. Big thanks for any help/knowledge

[SpaceInvaderOne]

On 3/1/2019 at 3:19 PM, 225redstick said:

Newbie questions #1,  I previously added SSL, HTTPS in unraid settings. Using this guide do i remove those settings/changes for this letsencrypt tutorial? 

Were you forwarding port 443 to your Unraid server to access the webUI from outside? If not you need make no changes.

If you were then you will need to change the forwarding of external port 443 to internal port 443. Change it to forward external port 443 to for example internal port 1443. Then map in the letsencrypt template port 1443 to 443 in the container like below

 

On 3/1/2019 at 3:19 PM, 225redstick said:

 Question #2, I previously set some things up with duckdns and my previous router and dockers and they were working fine, now i have changed to a new pfsense box and want to use cloudflare with my own domain name, does duckdns still have a role to play? Sorry for basic questions, just trying to figure all this out. Big thanks for any help/knowledge

You dont have to use duckdns if using your own domain. But you need to make sure that your subdomain is always pointing to your wan Ip if you dont have a static wan IP. So you would need to have some dynamic dns tracker.

If you are using cloudflare you can setup cloudflare dns in pfSense and use that with your subdomain. Hope thats helps.

 

[225redstick]

Thanks, for some reason it was still not completing the validation. I got validations to work by following this:

 

If you get a fail message, Let's Encrypt can't access your server. This could be from the router blocking it or the ISP blocking it. You can go back to the dashboard, click on Let's Encrypt → Edit. Change validation method to DNS and put “cloudflare” under “DNS-plugin” but don't hit apply yet.

 

You need to give it access to your DNS records on cloudflare. To do this, SSH into the unraid server, go to

/mnt/user/appdata/letsencrypt/dns-conf, and find cloudflare.ini. Edit the file “nano cloudflare.ini” and put your email and cloudflare global API key on the appropriate lines. Save the file. Note that now that this file contains sensitive information you need to lock down the permissions. Run

sudo chmod 600 cloudflar.ini (this command didn't seem to work)

to make sure only the owner can access this file.

 

Now go back to the Unraid GUI and hit apply to validate with the DNS method.

Check the logs of the container, if all went well the validation will work, certificates will be issued and the server will be ready. You should now be able to go to https://domain:8443/ and see the default welcome page for NGINX. (got this instead: error 1016)

In the top corner of the browser you should see a green lock next to the URL to indicate that your connection is encrypted. (did see this, so I think I'm making progress) 

 

So, for my domain i have the "A" record (cloudflare) set to my WAN address of my router. is this correct?

 

Back to trying to make this work. I will watch more videos and hopefully just have to edit a few things to point everything in the right direction. This is all new to me, but i enjoy trying to figure new things out...besides the frustrating parts of course.

Cheers!

[Kyubey]

How could you set up in a double reverse proxy with a vps like in this image?