How to combine reverse proxy and container network vpn


Recommended Posts

I've got binhex-sonarr,binhex-radarr,binhex-sabnzbget all using the container network of binhex-delugevpn for vpn with the argument "--net=container:binhex-delugevpn".

 

I've got nextcloud,OnlyOfficeDocumentServer,tautulli,binhex-plex running through a reverse proxy using letsencrypt. Their network is 'proxynet'.

 

Now I would I go about accessing sonarr or radarr through the reverse proxy as well. I can't just change their network from none to 'proxynet' can I? My goal is to access these containers from sonarr.* and radarr.* from the internet.

Link to comment
8 minutes ago, bigbangus said:

Could you post an anonymous sample.conf. I'm fairly new to the game.

So in your conf file you have something like this:

location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_whatever <IP_ADDRESS>;
        proxy_pass http://$upstream_whatever:<PORT_NUMBER>;
		
        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;
    }

You will use the containers IP address instead of its name. In your case you would use the VPN containers IP address and whatever port you use to access the service locally.

 

Don't forget to enable some sort of security if you are exposing these services to the web. Most of the conf files have something like this that you can use to get basic http auth setup at least:

# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;

 

Edited by Mathervius
further clarification
  • Thanks 1
Link to comment
37 minutes ago, Mathervius said:

Don't forget to enable some sort of security if you are exposing these services to the web. Most of the conf files have something like this that you can use to get basic http auth setup at least:


# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;

 

So the security built into the sonarr docker GUI isn't sufficient?

image.png.15e1ff250ded102f8310c0ba493a02dd.png

Link to comment

Got it working by using 'binhex-delugevpn' in the sonar.subdomain.conf. Thanks again. Now just a question of security like you said...

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /ldaplogin;

        # enable for Authelia
        #include /config/nginx/authelia-location.conf;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app binhex-delugevpn;
        set $upstream_port 8989;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

    location ~ (/sonarr)?/api {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app binhex-delugevpn;
        set $upstream_port 8989;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

   }
}

 

Link to comment

For reference I was able to set the password in letsencrypt by opening a console window on the container:

htpasswd -c /config/nginx/.htpasswd <user>
New password: *********
Re-type new password: *********
Adding password for user <user>

Thanks again for the help. I guess it's up to me to choose between the container auth or the nginx auth.

Link to comment
  • 1 year later...

Would there be any updates to this?  I tried using both binhex-delugevpn and the local ip address in the sonarr.subdomain.conf file but neither one of them lets me through.  I still have the network type in the sonarr docker image set as None so that it goes through the binhex-delugevpn.

 

Suggestions are welcome!

Link to comment
  • 1 year later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.