Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

** VIDEO GUIDE ** How to Setup and Configure a Reverse Proxy on unRAID with LetsEncrypt & NGINX

Featured Replies

27 minutes ago, Kyubey said:

How could you set up in a double reverse proxy with a vps like in this image?2075205148_2019-03-0719_02_19.png.dc0ae7e59f55087b2046d9e8bc1cab23.png

What's the purpose of the second reverse proxy? (Between the internet and the router)

 

Wouldn't a regular proxy be better in that spot?

  • Replies 138
  • Views 83.5k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • I followed the video to a tee and use pfSense for my router.  After getting everything set up, if I try and access any of the dockers from outside my home network they all give me the same white scree

  • Hi im unsure if anyone else is experiencing this issue but ive followed everything down to the letter and when i go to the sonarr webpage outside my network i keep getting the letsencrypt landing page

  • This helped me thanks ..    What i did was edited the plex.subdomain.conf file and replaced proxy_pass  https://$upstream_plex:32400 with proxy_pass http://192.168.178.23:32400 <-- your l

Posted Images

getting this on my domain and subdomain (cnames 😞

image.png.f13bb3ac76a103206ba670a3783e2cf3.png

do i need to edit config files next??? 

 

  • Author
13 hours ago, 225redstick said:

getting this on my domain and subdomain (cnames 😞

image.png.f13bb3ac76a103206ba670a3783e2cf3.png

do i need to edit config files next??? 

 

Yep that will be because there is no config file that uses that subdomain. Just edit a config file to direct to whichever container you want to access from outside.

Has anyone been able to get this all working with Cloudflare DNS in front of everything? I've got it working perfectly if I disable routing through Cloudflare but I'd really like to be able to use Cloudflare's access system to authenticate users as well as the built in DDOS protection.

 

Right now I'm using the NginxProxyManager docker from CA and connecting over HTTPS works like a charm. However if I enable a subdomain to route through Cloudflare then I get this error.

 

259869240_SSLerror.PNG.18bbdc8435d94c6d926c6dfe295f75df.PNG

 

I've disabled universal SSL in cloudflare and have the SSL setting to "off". Has anyone been able to get this working? Thanks

Really great work as always. I got it working  just 2 question 
 1 I can go nextcloud.XXXX.XX  and it work if I try too open it the docker or use the local ip it also go there   when I look on the traffic in pfsense  with ntopng it look like all data go out and ind = use my internet speed can I do so for the local it don't go that way around.

2   are there a way so you can use www. before just people often think that 

Is there a way to use subdomains to access virtual machines?

1 hour ago, hgelpke said:

Is there a way to use subdomains to access virtual machines?

What do you mean by that? You can use subdomains to access pretty much anything you can access with a web browser.

Hey all,

 

I am trying to set up LetsEncrypt but LetsEncrypt keeps giving me the message "Challenge failed for domain xxxx.duckdns.org".

 

I have my ports forwarded correctly and have even tried re-forwarding port 80 to say my unraid web server just to test that it's accessible from the full dns/port number and that's fine (then deleted that forward).

 

Question - Am I supposed to be able to access the http webpage of the letsencrypt docker regardless of any certs being issued? I'm just trying to make sure I can even access that port internally first.

 

Otherwise, can an ISP block port 80 depending on the kind of request? I was obviously able to access the webpage of my server via port 80 but wasn't sure if there was anything LetsEncrypt does that could be getting blocked?

 

If anyone has any idea's I could try to troubleshoot, it would be much appreciated!

 

Edit: This is working now. I decided to call my ISP anyway to at least see if they could see anything trying to connect. Turns out port 80 / 443 was blocked.

 

I assumed it wasn't as I was able to remotely connect over port 80 to other services. They said it could have been Hairpin NAT on my router basically working it out for me.

 

As a general lesson I guess - always call your ISP FIRST to make sure that those ports are going to be open on their side before you go any further.

 

 

Edited by Brandan

On 3/11/2019 at 5:50 AM, SpaceInvaderOne said:

Yep that will be because there is no config file that uses that subdomain. Just edit a config file to direct to whichever container you want to access from outside.

I would love a future video explaining editing out configs to point to subdomains, I still find that confusing as my goal is to limit my ports that are exposed. Do i edit/replace the default config file, this is the part I'm struggling with, how to set this up. Thanks again

Or do you have a good example letsencrypt default config file to share that i could use as a template for my subdomains pointing to radarr, sonarr, plex etc.?

1 hour ago, 225redstick said:

Or do you have a good example letsencrypt default config file to share that i could use as a template for my subdomains pointing to radarr, sonarr, plex etc.?

If you install the letsencrypt docker from linuxserver then it should come with template config files for radarr sonarr and plex.

 

It should be in the proxy conf folder in the appdata folder for letsencrypt

 

I can upload a template for you later if you need it.

  • Author

Heres what to do if your isp blocks port 80 and you cant use http authentication to create your certificates. Also how to make a wildcard certificate.

 

 

9 hours ago, SeveredBox53 said:

If you install the letsencrypt docker from linuxserver then it should come with template config files for radarr sonarr and plex.

 

It should be in the proxy conf folder in the appdata folder for letsencrypt

 

I can upload a template for you later if you need it.

I see these, but not sure what do do with them. Do i copy/move them to each app folder or copy the text of each and put them all in the letsencrypt default config file? 

1 hour ago, 225redstick said:

I see these, but not sure what do do with them. Do i copy/move them to each app folder or copy the text of each and put them all in the letsencrypt default config file? 

No you don't need to copy them out of that folder. You just need to edit the file and put your website name where it is in the template.

 

Ex. plex.thisismyrandomexamplewebpage.edu

 

Make sure you enable viewing file extensions cause the templates are all inactive by default.

 

To activate the file rename it from subdomain.radarr.config.sample to subdomain.radarr.config

Awesome Vid, got this all up and running quickly and on the first try. Everything working great accessing from outside with phones and tablets. HOWEVER :) , now when I launch the WebUI for Letsencrypt I get an error page that says "Welcome to our server - website currently being setup under this address"  I have restarted the containers, tried different browsers but still cannot get into the WebUI.  Any ideas or help would be greatly appreciated.  

Thank you for the excellent second video about using Cloudflare to workaround a closed port 80, which is the case with Cox. After purchasing a domain name from GoDaddy, I have Let's Encrypt running as a docker now using dns and the log shows that it started properly (log image enclosed). 

 

My current problem, however, relates to Home Assistant docker accessing the cert file so that it will open in https.

 

I have mucked around for more than two weeks without coming up with a solution. And, yes, I did watch the first video about setting up Let's Encrypt with dockers other than Home Assistant. i have read many, many postings and videos about how to use Let's Encrypt with Home Assistant; nothing I have attempted as a result of these how-to's has allowed me to use Let's Encrypt to successfully access Home Assistant with https. I am at a total loss and obviously need careful guidance to straighten things out. I would be happy to uninstall the version of Home Assistant which I now have installed and start over.LetsEncryptLog.thumb.png.a38989eb8fcfb7729e2afe63cf3847a3.png

Hi

 

So I can access my Nextcloud server using the app on my phone or a web browser from outside my network using the url of https://servername.domain.com (obviously not the real details) but when I try to use the Nextcloud app on my Windows machine it can't find the url so I have to try and use the internal private IP followed by the port number (xx.xx.xx.xx:444) but this won't let me log in and of course won't be accessible from outside my network.

 

As Nextcloud runs of my Unraid machine which has a DNS resolver hostname of UNRAID (again, not real name) if I type UNRAID.MYDOMAIN.COM I get to the login of my Unraid server via HTTPS. If I then add another hostname to the resolver of say NEXTCLOUD it will still take me to the Unraid login page unless I put the ports after....

 

How do I get https://mynextcloud.mydomain.com to resolve internally and externally for use with the desktop app, without having to enter the ports and that gumph.....?

TIA

And love the videos  

Edited by McMeanF
spelling mistake

Thanks for the reply

I'm using PfSense as my router, and have taken a different route.

I'm now using HAProxy on PFSense as my reverse proxy, and then using the ACME Letsencrypt package for TLS certs. I've got it all working nicely internally and externally now.

Cheers

On 3/29/2019 at 5:10 PM, carefreepastor said:

Thank you for the excellent second video about using Cloudflare to workaround a closed port 80, which is the case with Cox. After purchasing a domain name from GoDaddy, I have Let's Encrypt running as a docker now using dns and the log shows that it started properly (log image enclosed). 

 

My current problem, however, relates to Home Assistant docker accessing the cert file so that it will open in https.

 

I have mucked around for more than two weeks without coming up with a solution. And, yes, I did watch the first video about setting up Let's Encrypt with dockers other than Home Assistant. i have read many, many postings and videos about how to use Let's Encrypt with Home Assistant; nothing I have attempted as a result of these how-to's has allowed me to use Let's Encrypt to successfully access Home Assistant with https. I am at a total loss and obviously need careful guidance to straighten things out. I would be happy to uninstall the version of Home Assistant which I now have installed and start over.LetsEncryptLog.thumb.png.a38989eb8fcfb7729e2afe63cf3847a3.png

I still need help with this

Good Morning. So am trying to get Nextcloud to work with Letsencrypt using Spaceinvaders guide. Note nextcloud works before configuring letsencrypt. When trying to connect to my sub domain its getting 502 Bad gateway. In the ngnix log:

2019/04/09 08:49:58 [error] 353#353: *162 connect() failed (111: Connection refused) while connecting to upstream, client: 10.0.0.1, server: cloud.*, request: "GET /apps/files/ HTTP/2.0", upstream: "https://172.18.0.4:444/apps/files/", host: "cloud.mydomain.com" 

 

Nextcloud docker:

changed network to custom

changed port to 444

 

NextCloud config.php

    1 => 'cloud.mydomain.com',

  'trusted_proxies' => ['letsencrypt'], ( tried with and without this line. )
  'overwrite.cli.url' => 'https://cloud.mydomain.com',
  'overwritehost' => 'cloud.mydomain.com',
  'overwriteprotocol' => 'https',

 

nextcloud.subdomain.conf

just changed nextcloud.* to cloud.*

 

I have it working with ombi just cant seem to figure it out with nextcloud.

Hey folks,

 

I followed SpaceInvader's video and it's "working". Since I'm using this for Ombi, I'm looking to keep the end-user process as simple as possible. I have my own (easy to remember) domain, and Ideally, I'd prefer not to use a sub-domain. I currently have a single CNAME record of www. It was the only way I could think of to get my DuckDNS configured on my domain's DNS.

 

How can I set this up without the need of a subdomain, non-www URL, and redirect to HTTPS?

I want folks to type in SimpleURL.com (non-www URL) and it redirects them to https://SimpleURL.com.

 

I'm new to this process, especially NGINX. So any help with getting this configured would be amazing!

 

EDIT: I was able to get HTTP to redirect to HTTPS by adding this to my Ombi CONF file. Now I just need to figure out a way to get non-www URL working.

server {
	listen 80 default_server;
	listen [::]:80 default_server;
	server_name _;
	return 301 https://$host$request_uri;
}

EDIT-II: I set up a redirect on my domain, and that seems to be working, sorta. I set up SimpleURL.com redirect to www.SimpleURL.com. So when my friends and family enter SimpleURL.com, it now takes them to https://www.SimpleURL.com. So, in theory, it's working. :)

Edited by boostdd

  • 3 weeks later...

Could someone provide a templete or give an idea how I can host multiple websites of my own making.  I have this setup.  Do I need to somehow configure the ngiinx in this container for additional sites or add and additional nginx server on the proxy network?

First off thank you SpaceInvaderOne for the amazing videos helped me no end of times.

 

I want to run a Bitwarden internally on Unraid which is fine i can do that no problem. But I also want to use Brave as its based on Chrome. Out of the box it will not work for a home server of Bitwarden. Due to something about how Chrome handles HTTPS. I installed Bitwarden on Unraid works great with Firefox but as I say I use Brave. 

 

It will work if I use a Reverse Proxy such as LetsEncrypt in your great video. Thing is I do not want to open any ports on my router I do not need outside access to Bitwarden. I would all be handled internally on the LAN. 

 

But I do need to have it working under HTTPS. As far as I can tell I can only use LetsEncrypt if it opens port 443 on my router or have I misunderstood that. Can I can I follow your video for the reverse proxy and leave 443 closed and still have HTTPS on the LAN ?

 

Thanks for any help.

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.