Introduction and requirements.
UPDATED FOR UNRAID 6.4
Here you will find a guide on installing letsencrypt and duckdns docker containers on UnRAID. You will be guided on creating a account with the dynamic dns service known as duckdns aswell as shown how to use letsencrypt and reverse proxy your internal applications such as plex, deluge, sonarr, couchpotato etc. they will even be accesible via HTTPS securely.
Requirements
- UnRAID all configured and set up to use dockers (6.2.4 was what this tutorial was written against).
- An internet connection on your UnRAID server.
- The Community Applications plugin installed and configured.
Goals
- To be able to access UnRAID dockers such as sonarr, radarr, couchpotato, htpc-manager from outside of your LAN in a secure way via HTTPS.
- To make the more complicated Nextcloud work via reverse proxy.
- Enable automatic IP address updating to your chosen DuckDNS domain.
216 Comments. Leave new
Thanks for this tutorial!
One question, when navigating to Sonarr remotely I only receive a webpage containing the text “Sonar Verr.” With nothing else. I’m wondering if you’ve run into this.
Thanks!
you need to set the base path in sonarr, (having notification issues so not getting told about comments)
very help, long time user of unraid, followed your steps and when i try https://XXX.duckdns.org/sonarr i get a NGIX Bad Gatewat error 502. Install went as descibed.
Clear browser started working
Hi, I will add this step in extras
Dont forget to clear your browser cache if you have gotten errors and have corrected settings!
good call!
Hi, Are you able to go through with me if you have 10 mins on team viewer, struggling a lot with the installation. Cheers
sure send me an email with the subject “Joe – Teamviewer” to [email protected]
If I have my own domain name (instead of using duckdns), does this process still work or are there additional steps that need to be taken?
simple answer: yes, depends on if you need a dynamic DNS still or not.
Thanks so much for this tutorial, it has helped get me set up for remote access to my network. I do have to admit I’m not quite sure what everything that I did in this tutorial has actually done. This became quite apparent when I tried to set up two servers on my network running the same two dockers.
I have two dockers running the same app on two different unraid boxes. I have the ports set to 192.x.x.0:xxx0 and 192.x.x.1:xxx1 but I’m not sure how to set up the ‘default’ file to point to each one separately. At first I thought I could just change the name after the ‘location/xxx’ but quickly found out that broke everything. The app I’m trying to point to is Sabnzbd which doesn’t seem to let you set the base url.
I can successfully get to one of the SAB instances, but not the other. What am I missing?
if you can’t change the basepath i don’t think you will be able to without a seperate domain / sub domain
for radarr/sonarr its like this
Instance 1
location /radarr {
include /config/nginx/proxy.conf;
proxy_pass http://192.168.1.3:7878/radarr;
}
Base path set to /radarr
Instance 2
location /radarr2 {
include /config/nginx/proxy.conf;
proxy_pass http://192.168.1.4:7878/radarr2;
}
Base path set to /radarr2
Hope this helps.
Hi All, for some reason i have been having issues with getting notifications of stuff on my website, comments, forum posts etc… due to this i haven’t been able to reply to you as i haven’t actively been checking it.
i am working on fixing these issues so i can provide a quicker response time.
UPDATE: i have fixed the email notification issue so will reply quicker to comments/replies now.
Sorry for the inconvenience.
How would you get Zoneminder working with this?
No idea without more information, need to know things like what the current url structure is… e.g http://192.168.1.45:3867/web or http://192.168.1.45:3867/ etc also if there is a “basepath” option in zoneminder
give me a list of a couple of the URL’s from a few different pages of zoneminder
main page = http://192.168.2.90:8084/zm/index.php
options page = http://192.168.2.90:8084/zm/index.php?view=options
it looks like all pages start with http://192.168.2.90:8084/zm/index.php and i do not see anything in options/settings for a basepath. Does this info help at all?
try this
location /zm {
include /config/nginx/proxy.conf;
proxy_pass http://192.168.2.90:8084/zm/;
}
or
location /zm {
include /config/nginx/proxy.conf;
proxy_pass http://192.168.2.90:8084/zm;
}
tbh i’m going to configure Zoneminder my self in the coming days/weeks so if this doesn’t work i can look in the future.
the top one worked!! woohoo thank you! this is great!
Hi, so I got everything to work thanks to your awesome writeup. My only problem is with ZoneMinder. Once I click the tab in Organizr, it kicks me out of organizr and straight to the zoneminder login page. I was wondering if you every had this problem.
Thanks!
I don’t use zoneminder but it sounds like you have enabled the organizr option which makes it open in a new window/tab instead of as a iframe.
are you using a docker? if so which one? just curious
I am using a Docker
Well, I followed your directions, but i seem to be running into errors trying to get the letsencrypt docker started. No confirmation in logs. Instead im getting that my port “entered disabled state”, “left promiscuous mode” and ultimately “Deleting interface #13 docker0”
oh boy, Im a total idiot. Capitalized the ‘T’ in ‘true’. Removed the docker, reinstalled, totally working…soooo to all you out there, dont do that! And thank you very much for putting this tutorial together. Ill try to actually follow the rest of the directions!
glad you got it fixed 🙂
i get a bad gateway for nextcloud only. i refreshed the cache and still the same issue.
it seems you are missing something then, make sure to change the config file for nextcloud as shown in the tutorial, also make sure to restart both dockers.
i went through everything again, and it all seems to be what you have. i’m at a loss since it’s only nextcloud
send me [email protected] the contents of these, feel free to remove passwords or private data.
\\UnRAIDIP\appdata\nextcloud\nginx\site-confs\default
\\UnRAIDIP\appdata\nextcloud\config\www\nextcloud\config
\\UnRAIDIP\appdata\letsencrypt\nginx\site-confs\default
this has been resolved by re-doing the nextcloud docker.
Trying to figure out how to change the baseurl of Pydio and Guacamole to get this working. Also I am trying to get Muximux setup as well, it appears as though it is going to be similar to Nextcloud by changing roots. Any thoughts?
hi, not without more information, if you want muximux at / then its easy, i use organizr the same way. the others i have no idea on.
Before you do all of this, you have to install NGINX – yes? How do you do that bit? Do you use another port besides 80 on this too? Thanks!
No, the letsencrypt docker includes nginx
Thanks for the guide. Are you able to advise on how to password protect the nginx webserver? I’d prefer to do that so I don’t need to password protect each application.
Hi,
“If you’d like to password protect your sites, you can use htpasswd. Run the following command on your host to generate the htpasswd file docker exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd”
https://github.com/linuxserver/docker-letsencrypt
and then add the following
auth_basic "Restricted";
auth_basic_user_file /config/nginx/.htpasswd;
Just got this going! Thanks for putting it all togther. Can you elaborate on where to put the auth_basic paramaters? Is it in the nginx/site-confs/default file? Thanks!
auth parameters will go in any location block in the default config file, you can add it to each location block or you can add it to some, you can also put it in a seperate file then include it.
Also, am I putting this on every internet facing applications (ie nextcloud, couch potato, etc..)?
hi when i visit this url http://xxxx.duckdns.org/sonarr it says 404 and the url changed to http://xxxx.duckdns.org/login?returnUrl=/sonarr do you know how i fix this?
Hi, Have you set the path on sonarr? in settings…
restart your sonarr docker afterwards
hi that dit work thank you so much, but somehow I can’t get this to work for plexpy (did the same thing after I restart it I keep getting a blank screen and nothing interesting happens in the log), couch potato (can’t find the setting) and htpc just keeps giving me the error ( anerror has occured on a blank page) i’am a bit of a noob in unraid territory and I would love to get some more help 🙂
location /plexpy {
proxy_bind $server_addr;
proxy_pass http://[IP]:8181;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
}
can you please advise in how to integrate emby with this setup?
i used to use emby but due to the xbox one app not being free moved to plex.
try
location /emby {include /config/nginx/proxy.conf;
proxy_pass http://[IP]:8096;
}
make sure to reload the letsencrypt docker after saving the changes
I was wondering how this process would differ if I have a dynamic dns through dyn as opposed to duckdns?
I also own a domain that I am currently pointing the ddns to.
Install the DDclient docker: https://github.com/macexx/ddclient
Connect to \appdata\ddclient and use this as your ddclient.conf (edit the items inside ):
## ddclient configuration file
daemon=600
# check every 600 seconds
syslog=yes
# log update msgs to syslog
mail-failure= # Mail failed updates to user
pid=/var/run/ddclient.pid
# record PID in file.
## Detect IP with our CheckIP server
use=web, web=checkip.dyndns.com/, web-skip=’IP Address’
## DynDNS username and password here
login=
password=
## Default options
protocol=dyndns2
server=members.dyndns.org
## Dynamic DNS hosts
In the LETSENCRYPT settings make sure to put your DOMAIN and the SUBDOMAIN, you’re using.
My tags didnt transfer properly to my post.
Make sure to add your email after “mail-failure=”, your username for dyn after “login=” and password after “password=”
Under the ## Dynamic DNS hosts section, you need to add your DYN URL; i.e. test-server.dynalias.org
Great, Thanks for your contribution 🙂
Thank you so much. i will check this out as soon as I am able and will comment back with the results.
Wait, so do I just replace everything in the conf file with what you have written or just the relevant lines?
Use this link when signed in to dyn.com to create your own: https://account.dyn.com/tools/clientconfig.html
I have followed your tutorial closely but i could not get to the nginx default webpage. Set port 80 to 81, and leave the default port 443. The container log has nothing relevant.
Hi, sorry for the late reply, i’ve been out of the country on holiday without access to a computer.
have you forwarded the router ports, i need more information, i need your config files, or docker settings or something more than “container log has nothing relevant”
Hey
What should i do if i have my own domain and a public static ip
Should i just make a single A record pointing to my public static ip
skip all the duckdns stuff and just add your static ip to the A record of your domain.
Thanks 🙂
if I’m not using some of the services in the template I would just delete them right?
When I’m not using Netdata I can just remove the following text from the header?:
upstream backend {
server 192.168.1.3:19999;
keepalive 64;
}
Thanks for the guide 🙂
Could I also delete this, when not using netdata?
location ~ /netdata/(?.*) {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://backend/$ndpath$is_args$args;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection “keep-alive”;
proxy_store off;
If you’re not using any of the services then you can delete the section without issue, although you might prefer to comment it (should you need it in the future) by adding a # at the start of each line.
Thanks 🙂 I’m also trying to add SABNZBD.
Under NGinx they want
https://sabnzbd.org/wiki/extra/howto-apache
location /sabnzbd {
include /etc/nginx/conf.d/proxy.conf;
proxy_pass http://localhost:8080/sabnzbd;
}
They also want to add
upstream SABnzbd {
server localhost:8080;
keepalive 512;
}
What does that do? Is it necessary?
Thanks in advance 🙂
if that what they want then add it all, i haven’t took the time to understand what the “upstream” stuff does yet.
Frederik Christiansen: did you ever figure out where you need to put upstream, or if it is even needed? My docker is yelling at me that it shouldn’t be in the default file.
nginx: [emerg] “upstream” directive is not allowed here in /config/nginx/site-confs/default:47
it needs to be at the complete top of the file, as shown in my example.
As a sidenote. I was recommended to add the following to my default file
server {
listen 80 default_server
listen [::]:80 default_server
server_name _;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl default_server;
root /config/www;
index index.html index.htm index.php;
server_name _;
After this comes the certificates and location tags.
This forces a SSL connection
I thought it would be relevant to know
yes that is just standard 80 http -> 443 https
Hi, I followed your guide and got next cloud accessible from the outside world everything works except the part where in upload files to the server. it keeps giving me this error: Not enough free space, you are uploading xx MB but only 0 B is left you (even when I have 13tb free). it worked before I attempted to install lets encrypt. could you please help me?
Hi,
No idea on this one sorry, mine definitely works fine, i would check all your permissions and settings and config files for both nginx and nextcloud.
I’m having this exact issue right now. Did you ever work out a fix?
I just corrected the same issue for myself Thanks to a comment on a similar post on reddit. Make sure you have “location ^~/nextcloud {” for the nextcloud location in the letsencrypt-nginx/site-confs default file.
Have anyone succed in making plex work without forwarding port 32400
Yes mine works fine, i’ve set it up for multiple people now, please follow the steps in the guide.
I have followed the exact steps in the guide both changed the default file and the plex setting, it works when I have forwarded port 32400, if I dont then it won’t work
Great writeup so far! Been able to get Sonarr to work. Nextcloud is another story. Getting ‘400 Bad Request’ when I go to https://[SUBSITE].duckdns.org/nextcloud
Says “The plain HTTP request was sent to HTTPS port”.
Followed everything exactly. I have my Nextcloud mapped to another port, but other than that I can’t figure out what’s wrong. Works just fine at https://[UNRAID-IP]:[CUSTOM-PORT].
Hi,
make sure you have the nextcloud entry in your default file set to https like so
proxy_pass https://[IP]:444/nextcloud;
all the others are http but this one is https.
also make sure you did the edit to the nextcloud config file and nginx config file
Hey, thanks! Changing it to HTTPS worked! However, new problem. It’s SUPER slow via URL, but speedy via external IP. See screenshots.
http://imgur.com/a/eyc1H
Hmm, i’m not sure on why you’re having speed issues, are you comparing it with the external ip or internal ip? could be DNS resolution issues or your router may be clever enough to route the external IP internally avoiding the internet but not so much for the domain name.
Should I be seeing something at https://.duckdns.org/services — for me, Chrome refuses to connect.
Sorry, the formatting on the site doesn’t let me type it correctly. Basically, when I substitute my subdomain at domain dot duckdns dot org forward-slash services, I get an error within my browser.
you aren’t meant to do /services, you do /plex or /sonarr or /radarr etc.
Ah, well /plex is not working. Any ideas?
Hi, No sorry i don’t know why it’s not working, please double check all the steps as others have it working correctly.
Hi,
I was able to get nextcloud together with LetsEncrypt running.
Each docker for LetsEncrypt and also NextCloud are running on a seperate (virtual) IP.
But I am struggeling with another problem, maybe someone can help me?
I have a domain “my-domain.at”. I am already using “nextcloud.my-domain.at” for nextcloud.
Next I wanted to work on some Webprojects like wordpress, joomla and other PHP Tools.
First I wanted to do it via Apache, as I know apache from my native Server. So I installed apache on a docker with a dedicated (virtual) IP.
But somehow I was not able to get the forwarding from LetsEncrypt to Apache working. Somehow I always ended with “ERR_TO_MANY_REDIRECTS” in the browser.
Then I thought I could do it with LetsEncrypt as it also has a Webserver with PHP Support, isn’t it?
So I tried several “site-conf” examples, but somehow I never got it working correctly.
What would be an example for wordpress to get it working?
Asuming the domain “wordpress.my-domain.com” and the site is located under “/var/www/wordpress”?
Br,
Johannes
Hi,
unfortunately this is not related to this tutorial so the best i can do is give you an example, i won’t be able to further exist regarding this though.
you can try something like this
SSL (HTTPS)
server {listen 443 ssl default_server;
root /config/www/wordpress;
index index.html index.htm index.php;
server_name wordpress.cyanlabs.net;
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
ssl_dhparam /config/nginx/dhparams.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
client_max_body_size 0;
location / {
try_files $uri $uri/ /index.html /index.php?$args =404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
or
Non-SSL (HTTP)
server {listen 80 default_server;
root /config/www/wordpress;
index index.html index.htm index.php;
server_name wordpress.cyanlabs.net;
client_max_body_size 0;
location / {
try_files $uri $uri/ /index.html /index.php?$args =404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
Is there any way to get this tow work with the unraid webgui? I tried but the page loaded a bunch of text and no graphical elements.
the best way is to just setup a subdomain like unraid.xxx.xxx and set up a new server block just for unraid.
You could always just setup OpenVPN on your unraid server with DuckDNS or whatever service you use for dynamic IP address. Just make a note that most schools and businesses block DuckDNS.
Hello, thank you for this tutorial but im stuck with the lets encrpt certificate…. i made a post at https://forums.lime-technology.com/topic/51808-support-linuxserverio-letsencrypt-nginx/?page=25#comment-572672 but nobody is answering. Could it be that there is an update that this guide wont work anymore?
Regards
Bengele
It seems like you are using subdomains on duckdns but as far as i know you can’t do that. try 1 domain and use /service e.g /plex etc.
Thanks for this awesome write-up! It’s super helpful. I was able to get everything setup correctly (I think…I know Deluge is accessible via my domain/downloads), however I’m having trouble with both radarr and sonarr. When I go to domain/radarr or domain/sonarr the page loads but only says Radarr Ver. or Sonarr Ver. (respectively). Any idea how to fix this?
you need to set the path on sonarr/radarr’s settings
Settings > General > URL Path = /sonarr or /radarr
Then restart sonarr and radarr.
I’m having real trouble getting letsencrypt to work.
I’m not sure where I’m going wrong, the relevant error from the logs seems to be:
[code]Failed authorization procedure. towerlocal.duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout[/code]
make sure port 443 is accessible from outside your LAN and that it is forwarded in your router to your Unraid Box.
http://portforward.com
Hi there, thanks for the guide, I’m currently running No-IP on my pfSense router so I didn’t use the DuckDNS container and went straight into the setup at the LetsEncrypt section. I put the details in for my No-IP DynDNS setup and then completed the install of the LetsEncrypt container, however, I cannot access the “Welcome to the server” page locally. For me I use 192.168.1.5 for my unRAID setup so when I go to http://192.168.1.5:81, it cannot find a page, in Chrome I get “This site can’t be reached”
Any ideas?
Thanks
you need to view the logs of the letsencrypt container.
This is what it’s showing:
Failed authorization procedure. *my domain**.duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout
Though looking further at the log I think this info may be more pertinent:
certbot: error: argument –cert-path: No such file or directory
Maybe that is stopping it from starting up?
You are missing some of the steps here then, you need to forward port 443 to your internal IP (i assume since you have pfsense i don’t need to explain this) so whenever the letsencrypt bot goes to https://XXX.duckdns.org:443 it will authenticate
You said before you weren’t using duckdns but you are saying your log is using it, can you clarify this as if your log is saying that then you have done something wrong (outside of this guide)
Yeh I don’t think I was helping myself there, I set up DuckDNS to test if it was just some issue with the pfSense DDNS. I’ve removed that and now set it up with the port redirect and my own DNS and it’s now started, though I still can’t get to 192.168.1.5:81 locally or remotely
OK it seems to have kinda started now but I can’t actually access anything remotely yet… I have Sonarr etc running on a VM on my server (separate to my unRAID server) so I edited that config file you supplied to that IP and the port I use and when I go with mydomain.ddns.net/sonarr it just spins…. Not sure what I’m doing wrong! I get nothing locally on 192.168.1.5 either on port 80 or 81 but I’m not sure if this is the issue or not , LetsEncypt shows no errors in the log now…
Hello, great article that walks through everything I need to set things up. My main issue is that my unRAID server is behind my Asus Merlin router running OpenVPN client connecting to AirVPN service. The AirVPN has a port forwarding service as well as a static exit IP. They also provide a DDNS. So right now I have subdomain.airdns.org:PORT forwarded via IP tables script on my router to 443 port on my unRAID server. So remotely I can easily access my Nextcloud server. Using https://scan.nextcloud.com/ I get a A+ rating even though I have not setup Letsencrypt or any specific SLL. Not sure if this is done through their DDNS service.
Anyway this makes it impossible for Letsencrypt docker to access that external link (https://subdomain.airdns.org:PORT) from behind the VPN. I guess I don’t even need to setup DuckDNS or Letsencrypt as my Nextcloud is behind a VPN and should be secure.
My question then is how do I setup reverse proxy if not using the nginx in the Letsencrypt docker. I have already setup dnsmasq on my router: address=/airdns.org/192.168.1.5 #(unRIAD IP). Also the DDNS currently has a PORT associated with it and dnsmasq does not allow ports to be used. I am basically trying to access my Nextcloud server using the same address whether it is remote or internal. Is there a way to change the default port on unRAID so if I goto http://192.168.1.5 it will automatically redirect to https://192.68.1.5?
Any help would be greatly appreciated!
Hi,
Don’t have much experience in this aspect, if you want to change unraid’s port you can edit the go file in the config folder of your flash drive (/boot/config/go) and change emhttp to emhttp -p XXXX (where XXXX is the port number)
If you then add 80 and 443 as the actual ports 80 and 443 in the docker that should work for you.
Hope this helps.
Awesome thanks for the quick reply. I guess I could also try giving the nextcloud container a separate IP. Where would you edit the nginx for reverse proxy? In the Nextcloud app folder?
You just need to edit the “default” file in the letsencrypt nginx folder
this guide helped me a lot but i have one question.
i have everything set to be on a subdomain ie: sabnzbd.DOMAIN.com, sonarr.DOMAIN.com
how do i edit the deluge block to work as deluge.DOMAIN.com?
i’m using the below but all i get is a blank screen with the webpage title Deluge: Web UI
location /{
include /config/nginx/proxy.conf;
proxy_pass http://[IP]:8112/;
proxy_set_header X-Deluge-Base “/downloads/”;
}
Hi, sorry late reply, remove “proxy_set_header X-Deluge-Base “/downloads/”;”
I really cannot get plexpy to work just cannot get anything to load anyone help me out the other comment in this section doesnt really help
i don’t use plexpy so can’t help sorry.
Hey, everything worked flawlessly for plex/sonarr/radarr/netdata. Thank you!
I tried modifying the site-confs\default after to add Plexrequests (https://forums.plex.tv/discussion/151899/plex-movie-requests/p1)
I added this after the radarr entry:
location /requests {
include /config/nginx/proxy.conf;
proxy_pass http://192.168.1.224:3000;
}
The result is a blank page, but the tab title changes to “Plex Requests”
going to http://192.168.1.224:3000 directly takes me to the Plex Requests page and it is operable.
The docker has a setting: Setting URL_BASE variable to /requests will enable reverse proxy of this container
substitute requests for another name if you wish
But when I tried setting that key 3 to /requests, going to https://subdomain.duckdns.org/requests it then took me to the unRAID main page…
Setting this back to “0” (default value), it returns to blank page mentioned above. Let me know if I can shoot you the link via email to my server’s /requests page if that would help.
This worked:
location /plexrequests {
proxy_pass http://192.168.1.224:3000/plexrequests;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
AND setting the URL_BASE variable in the docker to /plexrequests
The above broke /netdata…
hi,
sorry late reply your comment was blocked by my spam filters, give me a email [email protected] with more private details in and i can take a look if needed.
Thanks.
NEXTCLOUD adds the file path /nextcloud/index.php/apps/files/?dir=/&fileid=7
How can it be made clean like the default install?
i haven’t noticed or cared about this so am unsure. i assumed it was always like this
just wanted to say that this was a great writeup and really easy for me to follow. I currently have plex and deluge exposed and it works great. Thanks again!
Thanks, sorry late reply
This is a fantastic write up! thanks for taking the time to do this. I do have a question as I can’t seem to get my services that do not run in a sub-directory or have a base-url change option to work correctly. Is this where you setup a separate sub-domain? If so, how do you put that in the conf file?
Yes this would be when you use a subdomain,
you need to configure duckdns etc and then add another server block in the default file with the sub domain etc, copy the existing and tweak to be how you need it.
has anyone tried Unifi?
first of all, thanks a lot for such a great guide, I have successfully set up duckdns and letsencrypt on my unraid. I want to set up lychee (photo manger), but I am struggling a bit here. Can you guide me through this. I have found this; https://gist.github.com/ottonet/3e488ff995193f02fa2d, but when I have inserted this code into “default” file, nginx stops working?
no sorry, i haven’t got the time to guide individual people through things not related to this guide.
whats the IP and port you access it on, i will try and offer a little help.
Thanks for letting me know. The local IP is 192.168.1.8 and the port is 3997. Outside port is 80 and 443 for ssl
Hi, sorry i’m not sure why it wouldn’t be working, please raise the issue with the developers of the software.
How do I reset the username/password for htpcmanager?
Hi, i wouldn’t know sorry, this is not related to this guide, i would suggest contacting htpc manager devs.
Hi, I have set this up for 1 service that runs on unRAID and the rest run on their own boxes. So I thought I’d tackle the service that runs on the same box first. This is Ombi. I have set the config as follows:
location /ombi {
include /config/nginx/proxy.conf;
proxy_pass http://192.168.1.5:3579/ombi;
}
And set the base URL on Ombi to /ombi and when I access my domain /ombi I get:
404 Not Found
nginx
Any ideas? It also redirects me to port 444 rather than the 443 I forwarded? My routers remote management runs on 444 so this is strange…
I additionally don’t get the “Welcome to our server” page when accessing it locally, it tries to take me to the /htpc page from your config
i can only suggest checking your setup, especially port forwarding and the ports in unraid.
Hi there, great guide, followed it and I’m able to access all my services externally.. Apart from via HTTPS.. I can get to 192.168.1.5:443 (My unRAID server IP) fine internally but if I go to https://domain.duckdns.org/plex nothing happens, or for any other resource via HTTPS.. I have done a port check and I can see that 443 is indeed open on my router but something just isn’t working.. Any ideas?
you need to make sure you are forwarding port 443 to the same port that your unraid docker host port is, it’s easiest to keep it all at 443 > 443 in router and 443 > 443 in docker. but it doesn’t need to be this
Hi!
I just wanted to say thank you – I managed to get all but netdata and nextcloud working. Regarding nextcloud first I need to get that working on its own so I won’t ask about that, but regarding netdata, I get a 404 Not Found error.
I checked the logs for nginx and I can’t find anything about it (I was able to see other errors there which helped me to get deluge up and running), the logs for netdata are daunting but I still can’t find anything about nginx, I think. I have both the upstream info and the location block copy pasta from your pastebin, just with the proper IP. Anything else I can try for troubleshooting?
Also, you wouldn’t happen to know how to create a location block for COPS (Calibre OPDS), right? I mean, have to ask 🙂
Thanks!
try it with /netdata/ (notice the trailing slash) for some reason it doesn’t work without that, there is a workaround but i can’t find it at the minute.
you can try the same sort of location block for COPS i don’t know what that is but if you explain how you access it, ip, port and path then i might be able to help.also does it have a “base path” or “root” option at all?
The trailing slash did it. I must have not read the instructions properly.
COPS is a small content server for Calibre. Here’s more information about it: http://blog.slucas.fr/en/oss/calibre-opds-php-server
Inside my network, I use http://[IP]:8787 when I’m inside my network. It does not seem to have a “base path” or “root” option.
Thank you so much for trying to look into it.
Sorry for the delay, i do this as a hobby and have been having server notification issues.
your best bet will probably be to host it under a seperate subdomain, i can’t give the info on how to do that but there are many guides on the internet for this 🙂
No worries! Thank you so much for your help 🙂
Hello and thank you for the guide! I just wanted to leave a small note in case anyone has the same issue I did. I followed your guide to install nextcloud. However, Let’s encrypt was throwing an ‘entity request was too large error’. After hours of digging, I found the proxy.conf file had client_max_body_size 10m; Change this to 0; resolved the large file issue. Hope this helps someone!
Hello,
i got everthing to work but now i want to acess a website insteat of
location = / { include /config/nginx/proxy.conf;
proxy_pass http://ipadress:8085/htpc
can you tell me an example how i can host a example.html file instead?
Thanks and Regards
ps: also thanks for the information that the slash after Netdata/ is essentail
unfortunately this is outside of the scope of this tutorial, there are many guides on how to do this.
I am having trouble getting past the Letsencrypt setup portion. Ports are forwarded. Locally I can not get the Welcome page.
you may be unable to access it internally, depends on a feature of your router called “NAT Reflection/NAT Loopback/NAT Hairpinning” try externally
I can only get deluge and plex to work allso i get this when i go to sonarr https://gyazo.com/fb77027dc207d3bc18a53d537fa77f6c radarr: https://gyazo.com/96a4629107ec12d3bc6f0b50932dbf97 and nextcloud: https://gyazo.com/cf14e5d6e12b0ac6dffa8cfdf58e9e25 pls help
you also haven’t set the base paths / web roots as explained in the guide.
when i do everything in the “FIXING NEXTCLOUD” the gui works but i get: This directory is unavailable, please check the logs or contact the administrator.
How do i fix that? i cant add anyfiles or anything when its like this
It’s best to just run nextcloud on a subdomain.
when i tried to upload a file to it with my phone it did give me a notification that said: upload failed Server in maintenance mode.
how do i turn it off?
I am not sure if I have a configuration problem but when I try to go to any of the programs with https://YOURDOMAIN.duckdns.org/ombi it goes to my root server for unRAID. I do have my own domain just didn’t want to publish it.
Could it be the NGINX is built into unRAID?
You haven’t correctly forwarded your port 443 to the docker container on your unraid server, which should be 444 so in your router you need to forward 443 to 444
This tutorial was a life saver! the only issue I had was port forwarding since my ISP’s router is a pain to configure.
Glad to hear it 🙂
I do have a question, everything is working perfectly both internal and external except NZB Hydra. It works externally just fine but in order for the internal web management page to load I have to remember to manually add /nzbhydra to the my unraid (localhost:5075/nzbhydra/). Both Sonarr and Radarr add this automatically is there a way to do the same with NZB Hydra?
not easily, you could just access it via the external url if your router supports nat loopback
This is a great tutorial however I am trying to add Home Assistant to this and was having some trouble it working. When I try to login I get an error:
Home Assistant had trouble connecting to the server.
Any ideas?
i wouldn’t know sorry, i feel like someone else asked this before so maybe check the comments as they may have posted a solution
Did everything you said but I can’t access the webui and see this message in the logs. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container. Please help thanks
Your port forwarding is wrong either router or the docker container.
I followed all steps for Nextcloud and get a 404 not found error, I do have a question though. Do we set up LetsEncrypt and Nextcloud as host or bridge? Currently they are both set to bridge and have “internal IP’s” assigned by Unraid. For the edits on the default files do we use the internal unique IP or the one that we bridge to? Also I noticed Nextcloud is set to port 444 which is being used by LetsEncrypt and won’t allow both containers to launch. Is there a reason this is the case? Any help would be greatly appreciated. Thanks!
Please set nextcloud to 445 and use port 445 in the default file aswell.
I’ve been trying to get letsencrypt to work with the Syncthing Web GUI, but not having much luck. I get some of the interface, but its only the text. Am I missing something?
No idea sorry.
I followed the guide but for some reason I get the web traffic to redirect properly. For example, I set the base URL in Sonarr, restarted it, and then tried to access the webpage, but it just goes to the default nginx web page “Welcome to our Server”. Any idea what could be causing this issue?
thanks for the help
You need to go to domain.com/sonarr for sonarr, i use organizr as a homepage which i access at domain.com
Quick question. I followed this guide and got it working with /htpc and /plexpy, but how do i point it at a service that doesnt let you set that webdir, such as calibre web? Also, when i go to my services, it says my connection is not secure, did i do something wrong with my certificate?
basically you can’t, you will need a seperate subdomain. if you access it with the internet ip instead of domain name you will get security error.
Do you have any idea how I might be able to set this up for Grafana?
Hey, looking to set this up and im at the point of port forwarding which i havent done before. I have a virgin superhub 3.0. I’ve already set duckdns up and im at the end of setting up letsencrypt but could use some advice on the way to forward the ports correctly. My Unraid IP is 192.168.0.100
i can’t advise how you can portforward sorry.
NOOB QUESTION:
I have installed the docker app using the community apps plugin, and the nginx service doesn’t even start. I cannot even get to the default index.html web page. However, when I install the linuxserver nginx docker, it works perfectly. I am following this guide exactly how it states. Yes, I own my domain name, and I have the ports forwarded correctly. I mean, I am not able to put the IP into the URL bar and get the default web page.
I figured it out. In ./nginx/site-confs/default, I had to uncomment the the server block that listens on port 80 with the redirect to 443. Disregard, please. I will figure the rest out.
or you can just https instead of http when going to the domain
I’ve been having trouble with nextcloud so I’m using Owncloud instead. But can’t get it to work with letsencrypt. The local ip works fine. I setup the config.php and default file. When I try to access the page, Owncloud says:
“File not found
The specified document has not been found on the server.
You can click here to return to ownCloud.”
Hi,
For some reason I cannot get letsencrypt working and am pulling my hair out.I believe to have followed all the instructions as stated but cannot even access the “welcome page” from local ip.
These GET requests:
http://[local-ip]:81
https://[local-ip]
This site can’t be reached
to top it off – I get errors trying to certify the domain
Here’s my error
http-01 challenge for REDACTED.duckdns.org
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. REDACTED.duckdns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://REDACTED.duckdns.org/.well-known/acme-challenge/JoU9jqKirGOhPQdwI1FscyiKbcGrHsGpZ8lHBAu7iXk: ”
404 Not Found
404 Not Found
”
Any help will be appreciated.
seems like you aren’t forwarding ports correctly somewhere, note that letsencrypt docker uses port 80 now instead of 443 to verify.
can’t for the life of me get this to work. Has anyone made a video on this specifically for unraid? Most other video’s after attempting the instructions here are for non-unpaid setups, so I’m lost finding file paths etc if they aren’t in the /appdata/letsencrypt unraid location.
Just followed your guide and got things working but I can reach my sites via http and https. http requests don’t get redirected to https automatically?
You said “can” so i’m not sure if you are saying you can access it via https and http or or only 1 or neither. please clarify.
Hi, thank you for this guide. It’s really helpful, but I have a question if you could help. I’m able to access sonarr/radarr/deluge/Plex via http (https://YOURSUBDOMAIN.ddns.net/sonarr etc). But https is not working , nothing loads. No errors in my letsencrypt log either
Hi Fma965. First of all, great guide! I got all my sites working, except nextcloud. When i set the ‘# Path to the root of you installation’ in the nextcloud nginx folder to config/www i get an error when navigating to the https site:
Internal Server Error
The server encountered an internal error and was unable to complete your request.
Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report.
More details can be found in the webserver log.
When i read my nextcloud logs, i get 2 error lines:
Line 1:
PHP Fatal error: Uncaught Error: Call to a member function getLogger() on null in /config/www/nextcloud/lib/public/Util.php:158
Line 2:
#0 /config/www/nextcloud/cron.php(160): OCP\Util::writeLog(‘cron’, ‘syntax error, u…’, 4)
Can i maybe sent you my config files to have a quick look?
Thanks in advance!
unfortunately i don’t recommend using nextcloud on the same domain now, it’s easier to just move it to a subdomain
This guide is fantastic and I have everything setup with the exception of Jackett.
I have
location /jackett {
include /config/nginx/proxy.conf;
proxy_pass http://10.202.254.229:8088/jackett;
and in Jackett
Admin password:
••••••••••
Base Path Override:
/jackett
Server port:
9117
Manual download blackhole directory:
c:\torrents\
Proxy type:
Proxy url:
Blank to disable
Proxy port:
Proxy username:
Proxy password:
External access:
Disable auto update:
Update to pre-release:
Enhanced logging:
OMDB API key:
OMDB API Url:
Blank for default
Any pointer
unfortunately i don’t use jackett anymore so am unsure.
Thanks for the write-up!
I followed the directions and have Nextcloud up an accesible from the network; but I now no longer can access Nextcloud locally. In other words, if I put in the Nextcloud docker IP and port number (192.168.1.2:444) that I had been using previously I know get a “404 error”. Any thoughts?
Correction: I meant I can access Nextcloud via the internet
you would usually only access it from the domain name as otherwise you can get SSL errors etc, most routers do a loopback function that allows it to work when on the same IP as the domain is.http://www.nycnetworkers.com/real-world/nat-reflectionnat-loopbacknat-hairpinning/
Otherwise just got to IP:444/nextcloud
Thanks for the response, I got it all setup and working now. Really appreciate the guide
So I’ve gotten Radarr, Sonarr, and Lidarr all set up. I’ve also added in my own for sabNZBD but I can’t get the default plex or deluge options to work. I’m using both Binhex-Plexpass and binhex-deluge vpn at the default ports (32400 and 8112 respectively) Any ideas on what I need to add/edit in the config to get them to show up?
Also, if I had my own hosted domain could I use that over duckdns or is it just not worth the hassle?
Please, anyone has a working solution to OAuth2 as securized Letsencrypt?
I can’t get a solution and basic authentication doesn’t seem to work for me.
I don’t want to be exposed to an outside attack.
I was landing on the “Welcome to our server” page and the redirects using (/plex and others) didn’t work.
The solution was deleting the old config, which I renamed to default.orig.
>>letsencrpt/config/nginx/site-confs/default.orig
There should only be placed 1 file, the “default”-file.
AND
first I thought I have to change something in the following lines (like changing ports to 444 and 81):
server {
listen 443 ssl default_server;
listen 80 default_server;
root /config/www;
index index.html index.htm index.php;
server_name _;
But just leave it as it is.
maybe someone has the same issue and this helps
Cool. 🙂
I got this to work with Radarr but for the life of me, I can’t get it to work with Airsonic. I keep getting the 502 Bad Gateway error. I’m using the inuxserver container, which has the CONTEXT_PATH set so I know that’s not the issue.
I added this to the default:
location /airsonic {
include /config/nginx/proxy.conf;
proxy_pass https://mylocalip:4040;
I also tried with: proxy_pass https://mylocalip:4040/airsonic;
Thoughts?
I did the setup using 192.168.122.115:81 and 444 but
1) If I try to hit that address in my browser it times out.
2) The LetsEncrypt docker log says “unable to connect to port 80”
3) If I manually go to 192.168.122.115:80 I get the main Unraid web page.
I did manage to get DuckDNS working thanks to your other video. I can now go ping C2Db.DuckDNS.Org and get a valid ping with my dynamic address.
Millones de Gracias for that part!
John W. Colby
Hi, I am stuck where I try to open nginx webpage using my http port 180 or https port 1443 on my unraid ip (10.10.0.196). I double checked my port forwarding on pfsense but still can’t get the page saying “The website is currently being setup under this address.” (similar to your picture above in step 4. Any suggestions on how to get past this. I have configured google domain names as CNAME for each services (sonarr, radarr, etc).
Quick question, is it ok to use DDNS provided by google in the CNAME configure area or do I have to use duckdns.org?
Thanks
Rashmi, can you got those ports locally? I’d do a tcpdump on pfsense and unraid.
Not sure if there is a docket for Google ddns, but my firewall supports Google’s ddns, so that’s how my ip gets updated
So the weird thing is pinging 10.10.0.196:1443 works but not 180, but when I try to put it into the webpage url its shows that page saying “The website is currently being setup under this address.” (similar to your picture above in step 4). Do you have any screen shots of pfsense nat/rules that need to be setup for this?
I don’t have a of sense, but I’m sure there are plenty of examples. You should be good to go if your getting three same error message
how i can redirect the subdomain to any service? without /service i see
server {
listen 443 ssl default_server;
listen 80 default_server;
root /config/www;
index index.html index.htm index.php;
This redirect to index but i dont know how redirect to any service with proxy.
Thanks.
I am unable to reach my duckdns doamin. I have set up everything like it is said but it just says it cant be reached.
Where it says, “‘trusted_proxies’ => [‘UNRAIDIP’],do I use my LetsEncrypt docker container IP or Nextcloud Docker container IP? Also, should I be using port numbers when entering in my IP address?
sorry late reply, needs to be the unraid host IP
Thank you!
i cant get this to work and i think i either messed up the router ports or the service config. can someone discord me? mine is
Your discord hasn’t come through, hit me up fma965#2743
hey Fma can I contact you on discord ? or mine is amadnei#6448
whenever I try to port foward it close my internet
ill be home in 3 hours
btw your discord didnt work
mine is Oci#3796
Is there anyone that can help me? I am about to give up
What kind of issue are you having? I’m on vacation till next week, but I can try and help you
I got letsencrypt to work, because when I go to my url, I get the secured page that says “welcome to our site”. I’m trying to get the docker VNCWebBrowser to go through Letsencrypt. I guess I need help doing the config file.
First off I wouldn’t expose vnc to the internet unless you have some extra security measures in place like fail2ban, which is only half baked.
But you’ll need to edit the nginx file in the let’s encrypt appdata folder. It should be to the effect of what you see in the services section of the blog post. Let me know if that make sense
Are you still having issues on this? If you haven’t already, you’ll edit the default file in /letsencrypt/nginx/site-confs/
you’ll want to add something like this under the main server block:
# main server block
server {
….
location /vncviewer{ # this is the url you use to connect vnc
proxy_pass https://:6901/vnc.html #This is the URL you use if you were connecting locally
}
Spacing is important, so make sure it’s correct or nginx starts breaking.
restart lets encrypt and with some luck, you should be good to go.
LMK if there’s anything else
I am having issues with renewing my cert with letsencrypt. I am receiving an error in the logs that states that it can’t bind to port 80. I have tried to change to DNS validation, but I am not sure of what DNS plugin to use for this. Any help would be appreciated.
Has anyone gotten this to work with Bitwarden?