February 28, 20197 yr Hi everyone I want to set up a reverse proxy. I've read guides and watched Spaceinvader One on YouTube and I have a pretty good understanding with regard to doing so. However, I ran into an issue with port forwarding. In this shithole of a country (Belgium) there's only 2 ISP's, so a duopoly. And the greedy plonkers I'm with don't allow you to route an external to a different internal port. So for example, routing external port 443 to internal port 444 is a no go. All this is done in order to force you to pay more if you want to have your own server. The crayon crunchers also force a worthless, overheating piece of gobshite router on you that limits customization even further. Any suggestions on a work around? I guess I could use DMZ (?) but I'd prefer not to. Exposing my network like that doesn't seem healthy to me. Thanks in advance! Edited February 28, 20197 yr by ofthethorn
March 1, 20197 yr Put a firewall like pfsense in your DMZ? Route 443 to 443 through your ISP router then to your pfsense box?
March 1, 20197 yr Author 10 hours ago, CHBMB said: Put a firewall like pfsense in your DMZ? Route 443 to 443 through your ISP router then to your pfsense box? Thanks for the response. pfsense seems rather complicated though. Are there any other possible solutions you can think of?
March 1, 20197 yr Thanks for the response. pfsense seems rather complicated though. Are there any other possible solutions you can think of? I guess the same could be said of any sort of router.Worth pointing out I have no idea of the potential issues with this, but it was the only thing that sprang to mind.Sent from my Mi A1 using Tapatalk
March 1, 20197 yr Author 6 hours ago, CHBMB said: I guess the same could be said of any sort of router. Worth pointing out I have no idea of the potential issues with this, but it was the only thing that sprang to mind. Sent from my Mi A1 using Tapatalk What if I were to change the ports of unRAID, so it doesn't run on 80 anymore? That way I wouldn't have to change the port on letsencrypt, right? And I could just forward 443 and 80? Would this have an impact on my other dockers though? Edit: Another option would be using DNS challenge, though I'm uncertained on how to do this. Edited March 1, 20197 yr by ofthethorn
March 1, 20197 yr What if I were to change the ports of unRAID, so it doesn't run on 80 anymore? That way I wouldn't have to change the port on letsencrypt, right? And I could just forward 443 and 80? Would this have an impact on my other dockers though? Edit: Another option would be using DNS challenge, though I'm uncertained on how to do this.DNS Challenge will be fine if you can forward the ports to LE.You could change the Unraid ports and that will work.I should have thought of that I guess...Sent from my Mi A1 using Tapatalk
March 1, 20197 yr Author 1 minute ago, CHBMB said: DNS Challenge will be fine if you can forward the ports to LE. You could change the Unraid ports and that will work. I should have thought of that I guess... Sent from my Mi A1 using Tapatalk I'm uncertain how the DNS challenge works, I just got the input form someone else. Is there a written guide on this? Or at least some info? I guess I'll need something like acme-dns? Not sure how to implement this though. If the above fails, will changing the unRAID port break anything? Really appreciate all your effort so far, thanks! Thorn
March 1, 20197 yr I'm uncertain how the DNS challenge works, I just got the input form someone else. Is there a written guide on this? Or at least some info? I guess I'll need something like acme-dns? Not sure how to implement this though. If the above fails, will changing the unRAID port break anything? Really appreciate all your effort so far, thanks! ThornThe LetsEncrypt container handles all that. Nope you won't break anything by changing Unraid ports.Sent from my Mi A1 using Tapatalk
March 1, 20197 yr Author 19 minutes ago, CHBMB said: The LetsEncrypt container handles all that. Nope you won't break anything by changing Unraid ports. Sent from my Mi A1 using Tapatalk I think I understand, just want to write this down for completion and good measure. On https://hub.docker.com/r/linuxserver/letsencrypt/ I can see -e VALIDATION=http I guess this will change to DNS then? But how is acme-dns implemented then? I don't see the option under -e DNSPLUGIN=cloudflare This is more curiosity on my end rather than acual solution.
March 1, 20197 yr I think I understand, just want to write this down for completion and good measure. On https://hub.docker.com/r/linuxserver/letsencrypt/ I can see -e VALIDATION=http I guess this will change to DNS then? But how is acme-dns implemented then? I don't see the option under -e DNSPLUGIN=cloudflare This is more curiosity on my end rather than acual solution.It's all automated for you. Either http or DNS validation. Honestly, as long as you've got your site A name and DNS records working, then LetsEncrypt will do the rest.@aptalca has done a fantastic job of automating everything.Sent from my Mi A1 using Tapatalk
Archived
This topic is now archived and is closed to further replies.