ofthethorn Posted February 28, 2019 Share Posted February 28, 2019 Hi everyone I want to set up a reverse proxy. I've read guides and watched Spaceinvader One on YouTube and I have a pretty good understanding with regard to doing so. However, I ran into an issue with port forwarding. In this shithole of a country (Belgium) there's only 2 ISP's, so a duopoly. And the greedy plonkers I'm with don't allow you to route an external to a different internal port. So for example, routing external port 443 to internal port 444 is a no go. All this is done in order to force you to pay more if you want to have your own server. The crayon crunchers also force a worthless, overheating piece of gobshite router on you that limits customization even further. Any suggestions on a work around? I guess I could use DMZ (?) but I'd prefer not to. Exposing my network like that doesn't seem healthy to me. Thanks in advance! Link to comment
CHBMB Posted March 1, 2019 Share Posted March 1, 2019 Put a firewall like pfsense in your DMZ? Route 443 to 443 through your ISP router then to your pfsense box? Link to comment
ofthethorn Posted March 1, 2019 Author Share Posted March 1, 2019 10 hours ago, CHBMB said: Put a firewall like pfsense in your DMZ? Route 443 to 443 through your ISP router then to your pfsense box? Thanks for the response. pfsense seems rather complicated though. Are there any other possible solutions you can think of? Link to comment
CHBMB Posted March 1, 2019 Share Posted March 1, 2019 Thanks for the response. pfsense seems rather complicated though. Are there any other possible solutions you can think of? I guess the same could be said of any sort of router.Worth pointing out I have no idea of the potential issues with this, but it was the only thing that sprang to mind.Sent from my Mi A1 using Tapatalk Link to comment
ofthethorn Posted March 1, 2019 Author Share Posted March 1, 2019 6 hours ago, CHBMB said: I guess the same could be said of any sort of router. Worth pointing out I have no idea of the potential issues with this, but it was the only thing that sprang to mind. Sent from my Mi A1 using Tapatalk What if I were to change the ports of unRAID, so it doesn't run on 80 anymore? That way I wouldn't have to change the port on letsencrypt, right? And I could just forward 443 and 80? Would this have an impact on my other dockers though? Edit: Another option would be using DNS challenge, though I'm uncertained on how to do this. Link to comment
CHBMB Posted March 1, 2019 Share Posted March 1, 2019 What if I were to change the ports of unRAID, so it doesn't run on 80 anymore? That way I wouldn't have to change the port on letsencrypt, right? And I could just forward 443 and 80? Would this have an impact on my other dockers though? Edit: Another option would be using DNS challenge, though I'm uncertained on how to do this.DNS Challenge will be fine if you can forward the ports to LE.You could change the Unraid ports and that will work.I should have thought of that I guess...Sent from my Mi A1 using Tapatalk Link to comment
ofthethorn Posted March 1, 2019 Author Share Posted March 1, 2019 1 minute ago, CHBMB said: DNS Challenge will be fine if you can forward the ports to LE. You could change the Unraid ports and that will work. I should have thought of that I guess... Sent from my Mi A1 using Tapatalk I'm uncertain how the DNS challenge works, I just got the input form someone else. Is there a written guide on this? Or at least some info? I guess I'll need something like acme-dns? Not sure how to implement this though. If the above fails, will changing the unRAID port break anything? Really appreciate all your effort so far, thanks! Thorn Link to comment
CHBMB Posted March 1, 2019 Share Posted March 1, 2019 I'm uncertain how the DNS challenge works, I just got the input form someone else. Is there a written guide on this? Or at least some info? I guess I'll need something like acme-dns? Not sure how to implement this though. If the above fails, will changing the unRAID port break anything? Really appreciate all your effort so far, thanks! ThornThe LetsEncrypt container handles all that. Nope you won't break anything by changing Unraid ports.Sent from my Mi A1 using Tapatalk Link to comment
ofthethorn Posted March 1, 2019 Author Share Posted March 1, 2019 19 minutes ago, CHBMB said: The LetsEncrypt container handles all that. Nope you won't break anything by changing Unraid ports. Sent from my Mi A1 using Tapatalk I think I understand, just want to write this down for completion and good measure. On https://hub.docker.com/r/linuxserver/letsencrypt/ I can see -e VALIDATION=http I guess this will change to DNS then? But how is acme-dns implemented then? I don't see the option under -e DNSPLUGIN=cloudflare This is more curiosity on my end rather than acual solution. Link to comment
CHBMB Posted March 1, 2019 Share Posted March 1, 2019 I think I understand, just want to write this down for completion and good measure. On https://hub.docker.com/r/linuxserver/letsencrypt/ I can see -e VALIDATION=http I guess this will change to DNS then? But how is acme-dns implemented then? I don't see the option under -e DNSPLUGIN=cloudflare This is more curiosity on my end rather than acual solution.It's all automated for you. Either http or DNS validation. Honestly, as long as you've got your site A name and DNS records working, then LetsEncrypt will do the rest.@aptalca has done a fantastic job of automating everything.Sent from my Mi A1 using Tapatalk Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.