** VIDEO GUIDE ** How to Setup and Configure a Reverse Proxy on unRAID with LetsEncrypt & NGINX

[tailgate]

Thanks for the reply.  I’m a very novice when it comes to this network stuff, so I hope you (and others) will bear with me, I’m a 56M fumbling my way thru this, but loving it.  I’m surprised I’ve gotten this far.  I have learned a ton as you can image.  But I’ve been working on this for weeks now.

 

How do I tell what port Unraid is using?  Under Settings, Management Access, I see HTTP(s) ports at 80 and 443.  Is this what you’re talking about for the unraid settings?  Should they be something different?

 

Like I said, this was working for a long time, but I’m not sure what happened.  My router's port forwarding hasn’t changed and Lets Encrypt is set to use 180 and 1443 as suggested by Spaceinvaderone.

 

Thanks again for helping.

[1300GT]

Thanks for another great video, they're really helpful and explained well.

 

However, I have one big problem with this one that I can't resolve.  Everything went fine and I setup with own domain / sub domains but I can no longer login to Nextcloud?   It's sits for about 20 seconds and then reports 'Wrong username or password'?   I know the password is correct (I've checked through saved login details on laptop browser to double check username and p/w.  I can also see the password in the config file that you alter in this video). 

 

I have tripled checked everything is spelled correctly when altering the config and conf files as I did find another user having this problem but they had spelt something wrong.  At a total loss now. 

 

Is it something to do with config file in Nextcloud having the variable 'dbuser' => 'nextcloud' ?  I was assuming this is more to do with actual install and share name rather than a user?  I only had one setup under admin for my Nextcloud instance but that and the password just won't let me in. 

 

[XisoP]

Hi all,

 

I was wondering.. are there more people having issues installing LetsEncrypt in Unraid 6.8.3?

I can't find the app in CA. I can extend my search directly to docker hub. There is a linuxserver version there, but all the parameters have to be added manually.

[Marshalleq]

I think they’ve renamed it to Swag.


Sent from my iPhone using Tapatalk

[XisoP]

Looks like it. Thanks. Going to try it later today 

[TRusselo]

So im trying to get https working with home assistant properly.

 

I have followed most of this video....
DuckDNS, letsencrypt, ingix, proxynet all working....

I can access Home asssistant from outside my network via https://blahblah-hass.duckdns.org

even if i do not type the https, it will go to https, i get the lock icon in the web browser.

 

That web address does not work INSIDE my network. i have to use the IP address 192.168.1.##:8123

 

So I went back over this video today.

Home assistant was not set to Network : Custom: proxynet   it was Host...
Change HA docker to proxmox... restarted, and no WebGUI... inside or outside network, Port mappings are gone ?!?

cant access from inside or outside network by any address.

Went back in to edit HA docker config to add "Fixed IP address (optional): " and i entered its IP 192.168.1.##/24  - apparently this was wrong

I still dont understand the /16 /24 stuff of an IP address...
Docker rebuild failed. docker gone. ?!?

Re-installed docker...  left it on Host.  WebUi is back while inside my network.
If I try to access HA from outside my network via my duckDNS address, i get home assistant error  message

 

Had to manually rebuid port mapping for HA docker container.... now accessible from outside network again via web address.

 

ok so...  now working same as when I started, but one difference, network is set to Proxynet.

Still cannot access containers via web addresses within the network. only outside.
IPs only work inside network.

 

i get to 21:15 in the video, he restarts letsencrypt, and he can access via webaddress with HTTPS,

i cannot.

 

here is my ngix config for HA,  the "##" and "blah-blah" were added in the addresses for security in this post.

# make sure that your dns has a cname set for homeassistant and that your homeassistant container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name blah-blah-hass.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_homeassistant home-assistant;
        proxy_pass http://192.168.1.##:8123;
    }

    location /api/websocket {
        resolver 127.0.0.11 valid=30s;
        set $upstream_homeassistant Home-Assistant-Core;
        proxy_pass http://192.168.1.##:8123;
        proxy_set_header Host $host;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

I do notice something different in my config than his....
where i have an IP address  " http://192.168.1.12:8123 "

he hass something that would translate to "http://$upstream_homeassistant:8123 "

I tried changing it... no fix.

 

im confused.

Am i missing some type of reverse dns?

 

EDIT : found this on redit

Quote

But what if your on the local network? Unless your router supports nat hairpin you can't traverse a nat from a local IP address. And it is a security risk I believe so I wouldn't recommend you set that up anyhow. What you would need is a split dns. More or less you have a local dns server like bind that would take the homenetwork.mydomain.com address and send it directly to the ip address of the reverse proxy skipping the router completely.

Bind docker... or better router...  pfsense....  I knew you were coming...

Edited November 2, 2020 by TRusselo

[Bjur]

Hi first thanks for the excellent videos SpaceInvader. I have downloaded letsencrypt and followed the video but after selecting the newly created network with Sonarr I can't access Sonarr event locally. Do any of you have an idea what is wrong? 

[benyaki]

Havnt been able to find the answer through search, so apologies if I missed it, but is there was way to run a reverse proxy for some containers (sonarr, sab etc) while already having those containers routed through binhex-delugevpn? The problem obviuosly arises when you go to set the network type as they are already going through deluge.

 

I would basically like to be able to reverse proxy access these containers outside my network as individual sites, while still having them all run through a VPN.

[JonathanM]

2 hours ago, benyaki said:

Havnt been able to find the answer through search, so apologies if I missed it, but is there was way to run a reverse proxy for some containers (sonarr, sab etc) while already having those containers routed through binhex-delugevpn? The problem obviuosly arises when you go to set the network type as they are already going through deluge.

 

I would basically like to be able to reverse proxy access these containers outside my network as individual sites, while still having them all run through a VPN.

Should work normally, as in how you typically reverse proxy sites, not how lsio makes it work.

 

As long as you can successfully access the site through an IP and port, like http://192.168.1.5:8080, then you just plug that address in to your nginx config.

 

If you CAN'T get to the site locally, then you will need to fix that first, typically by adding the appropriate port to the delugevpn container.

 

I reverse proxy sites through swag from a VM, from a second Unraid server, and local containers, all with no issues.

 

If none of this makes any sense, then you are going to need to take a crash course in how to configure nginx. It's not that hard, but there are differences in how lsio does things that make it so you need to know a little more about how it's working.

[benyaki]

1 hour ago, jonathanm said:

Should work normally, as in how you typically reverse proxy sites, not how lsio makes it work.

 

As long as you can successfully access the site through an IP and port, like http://192.168.1.5:8080, then you just plug that address in to your nginx config.

 

If you CAN'T get to the site locally, then you will need to fix that first, typically by adding the appropriate port to the delugevpn container.

 

I reverse proxy sites through swag from a VM, from a second Unraid server, and local containers, all with no issues.

 

If none of this makes any sense, then you are going to need to take a crash course in how to configure nginx. It's not that hard, but there are differences in how lsio does things that make it so you need to know a little more about how it's working.

Thanks, after reading your post I realized I was going the REALLY long way around to make this work with swag.

I just setup nginx proxy manager and everything is working well, really easy to set up.

[masterdot]

Hmm...

Everything did work fine, but the proxy passthrough does end in a 403 forbidden for me.

I did triplecheck everything, but I don't have a clue what might be wrong... 

The nextcloud container on a subdomain and a paperless instance on port 8000 and a subdomain.

For paperless I did adapt the changes from the nextcloud config.

I did enter the subdomains in my fritzbox unter dns rebind protection. But this didn't work either.

 

Any idea? Or a hint what to look at?