The Complete UnRAID reverse proxy, Duck DNS (dynamic dns) and letsencrypt guide

Be Social

YouTube
GitHub

209 Comments. Leave new

  • Thanks for this tutorial!
    One question, when navigating to Sonarr remotely I only receive a webpage containing the text “Sonar Verr.” With nothing else. I’m wondering if you’ve run into this.

    Thanks!

    Reply
  • very help, long time user of unraid, followed your steps and when i try https://XXX.duckdns.org/sonarr i get a NGIX Bad Gatewat error 502. Install went as descibed.

    Reply
  • Dont forget to clear your browser cache if you have gotten errors and have corrected settings!

    Reply
  • Hi, Are you able to go through with me if you have 10 mins on team viewer, struggling a lot with the installation. Cheers

    Reply
  • If I have my own domain name (instead of using duckdns), does this process still work or are there additional steps that need to be taken?

    Reply
  • Thanks so much for this tutorial, it has helped get me set up for remote access to my network. I do have to admit I’m not quite sure what everything that I did in this tutorial has actually done. This became quite apparent when I tried to set up two servers on my network running the same two dockers.

    I have two dockers running the same app on two different unraid boxes. I have the ports set to 192.x.x.0:xxx0 and 192.x.x.1:xxx1 but I’m not sure how to set up the ‘default’ file to point to each one separately. At first I thought I could just change the name after the ‘location/xxx’ but quickly found out that broke everything. The app I’m trying to point to is Sabnzbd which doesn’t seem to let you set the base url.

    I can successfully get to one of the SAB instances, but not the other. What am I missing?

    Reply
    • if you can’t change the basepath i don’t think you will be able to without a seperate domain / sub domain

      for radarr/sonarr its like this

      Instance 1

      location /radarr {
      include /config/nginx/proxy.conf;
      proxy_pass http://192.168.1.3:7878/radarr;
      }

      Base path set to /radarr

      Instance 2

      location /radarr2 {
      include /config/nginx/proxy.conf;
      proxy_pass http://192.168.1.4:7878/radarr2;
      }

      Base path set to /radarr2

      Hope this helps.

      Reply
  • Hi All, for some reason i have been having issues with getting notifications of stuff on my website, comments, forum posts etc… due to this i haven’t been able to reply to you as i haven’t actively been checking it.

    i am working on fixing these issues so i can provide a quicker response time.

    Reply
  • UPDATE: i have fixed the email notification issue so will reply quicker to comments/replies now.

    Sorry for the inconvenience.

    Reply
  • Antonio Battista
    27th February 2017 3:54 pm

    How would you get Zoneminder working with this?

    Reply
  • Well, I followed your directions, but i seem to be running into errors trying to get the letsencrypt docker started. No confirmation in logs. Instead im getting that my port “entered disabled state”, “left promiscuous mode” and ultimately “Deleting interface #13 docker0”

    Reply
    • oh boy, Im a total idiot. Capitalized the ‘T’ in ‘true’. Removed the docker, reinstalled, totally working…soooo to all you out there, dont do that! And thank you very much for putting this tutorial together. Ill try to actually follow the rest of the directions!

      Reply
  • i get a bad gateway for nextcloud only. i refreshed the cache and still the same issue.

    Reply
    • it seems you are missing something then, make sure to change the config file for nextcloud as shown in the tutorial, also make sure to restart both dockers.

      Reply
      • i went through everything again, and it all seems to be what you have. i’m at a loss since it’s only nextcloud

        Reply
        • send me [email protected] the contents of these, feel free to remove passwords or private data.
          \\UnRAIDIP\appdata\nextcloud\nginx\site-confs\default
          \\UnRAIDIP\appdata\nextcloud\config\www\nextcloud\config
          \\UnRAIDIP\appdata\letsencrypt\nginx\site-confs\default

          Reply
  • Trying to figure out how to change the baseurl of Pydio and Guacamole to get this working. Also I am trying to get Muximux setup as well, it appears as though it is going to be similar to Nextcloud by changing roots. Any thoughts?

    Reply
    • hi, not without more information, if you want muximux at / then its easy, i use organizr the same way. the others i have no idea on.

      Reply
  • Before you do all of this, you have to install NGINX – yes? How do you do that bit? Do you use another port besides 80 on this too? Thanks!

    Reply
  • Thanks for the guide. Are you able to advise on how to password protect the nginx webserver? I’d prefer to do that so I don’t need to password protect each application.

    Reply
    • Hi,

      “If you’d like to password protect your sites, you can use htpasswd. Run the following command on your host to generate the htpasswd file docker exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd
      https://github.com/linuxserver/docker-letsencrypt

      and then add the following

      auth_basic "Restricted";
      auth_basic_user_file /config/nginx/.htpasswd;

      Reply
      • Just got this going! Thanks for putting it all togther. Can you elaborate on where to put the auth_basic paramaters? Is it in the nginx/site-confs/default file? Thanks!

        Reply
        • auth parameters will go in any location block in the default config file, you can add it to each location block or you can add it to some, you can also put it in a seperate file then include it.

          Reply
      • Also, am I putting this on every internet facing applications (ie nextcloud, couch potato, etc..)?

        Reply
  • hi when i visit this url http://xxxx.duckdns.org/sonarr it says 404 and the url changed to http://xxxx.duckdns.org/login?returnUrl=/sonarr do you know how i fix this?

    Reply
    • Hi, Have you set the path on sonarr? in settings…

      Reply
      • restart your sonarr docker afterwards

        Reply
        • hi that dit work thank you so much, but somehow I can’t get this to work for plexpy (did the same thing after I restart it I keep getting a blank screen and nothing interesting happens in the log), couch potato (can’t find the setting) and htpc just keeps giving me the error ( anerror has occured on a blank page) i’am a bit of a noob in unraid territory and I would love to get some more help 🙂

          Reply
          • location /plexpy {
            proxy_bind $server_addr;
            proxy_pass http://[IP]:8181;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $server_name;
            proxy_set_header X-Real-IP $remote_addr;
            }

  • can you please advise in how to integrate emby with this setup?

    Reply
    • i used to use emby but due to the xbox one app not being free moved to plex.

      try
      location /emby {
      include /config/nginx/proxy.conf;
      proxy_pass http://[IP]:8096;
      }

      make sure to reload the letsencrypt docker after saving the changes

      Reply
  • I was wondering how this process would differ if I have a dynamic dns through dyn as opposed to duckdns?

    Reply
    • I also own a domain that I am currently pointing the ddns to.

      Reply
      • Install the DDclient docker: https://github.com/macexx/ddclient

        Connect to \appdata\ddclient and use this as your ddclient.conf (edit the items inside ):

        ## ddclient configuration file
        daemon=600
        # check every 600 seconds
        syslog=yes
        # log update msgs to syslog
        mail-failure= # Mail failed updates to user
        pid=/var/run/ddclient.pid
        # record PID in file.
        ## Detect IP with our CheckIP server
        use=web, web=checkip.dyndns.com/, web-skip=’IP Address’
        ## DynDNS username and password here
        login=
        password=
        ## Default options
        protocol=dyndns2
        server=members.dyndns.org
        ## Dynamic DNS hosts

        In the LETSENCRYPT settings make sure to put your DOMAIN and the SUBDOMAIN, you’re using.

        Reply
        • My tags didnt transfer properly to my post.

          Make sure to add your email after “mail-failure=”, your username for dyn after “login=” and password after “password=”

          Under the ## Dynamic DNS hosts section, you need to add your DYN URL; i.e. test-server.dynalias.org

          Reply
  • Use this link when signed in to dyn.com to create your own: https://account.dyn.com/tools/clientconfig.html

    Reply
  • I have followed your tutorial closely but i could not get to the nginx default webpage. Set port 80 to 81, and leave the default port 443. The container log has nothing relevant.

    Reply
    • Hi, sorry for the late reply, i’ve been out of the country on holiday without access to a computer.

      have you forwarded the router ports, i need more information, i need your config files, or docker settings or something more than “container log has nothing relevant”

      Reply
  • Hey

    What should i do if i have my own domain and a public static ip

    Should i just make a single A record pointing to my public static ip

    Reply
    • skip all the duckdns stuff and just add your static ip to the A record of your domain.

      Reply
      • Frederik Christiansen
        31st May 2017 1:16 pm

        Thanks 🙂

        if I’m not using some of the services in the template I would just delete them right?

        When I’m not using Netdata I can just remove the following text from the header?:
        upstream backend {
        server 192.168.1.3:19999;
        keepalive 64;
        }

        Thanks for the guide 🙂

        Reply
        • Frederik Christiansen
          31st May 2017 1:17 pm

          Could I also delete this, when not using netdata?

          location ~ /netdata/(?.*) {
          proxy_set_header X-Forwarded-Host $host;
          proxy_set_header X-Forwarded-Server $host;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_pass http://backend/$ndpath$is_args$args;
          proxy_http_version 1.1;
          proxy_pass_request_headers on;
          proxy_set_header Connection “keep-alive”;
          proxy_store off;

          Reply
          • If you’re not using any of the services then you can delete the section without issue, although you might prefer to comment it (should you need it in the future) by adding a # at the start of each line.

          • Frederik Christiansen
            31st May 2017 3:01 pm

            Thanks 🙂 I’m also trying to add SABNZBD.

            Under NGinx they want

            https://sabnzbd.org/wiki/extra/howto-apache

            location /sabnzbd {
            include /etc/nginx/conf.d/proxy.conf;
            proxy_pass http://localhost:8080/sabnzbd;
            }

            They also want to add

            upstream SABnzbd {
            server localhost:8080;
            keepalive 512;
            }

            What does that do? Is it necessary?

            Thanks in advance 🙂

          • if that what they want then add it all, i haven’t took the time to understand what the “upstream” stuff does yet.

          • Benjamin Hodges
            7th October 2017 4:38 am

            Frederik Christiansen: did you ever figure out where you need to put upstream, or if it is even needed? My docker is yelling at me that it shouldn’t be in the default file.

            nginx: [emerg] “upstream” directive is not allowed here in /config/nginx/site-confs/default:47

          • it needs to be at the complete top of the file, as shown in my example.

  • Frederik Christiansen
    1st June 2017 1:45 pm

    As a sidenote. I was recommended to add the following to my default file

    server {
    listen 80 default_server
    listen [::]:80 default_server
    server_name _;
    return 301 https://$server_name$request_uri;

    }

    server {
    listen 443 ssl default_server;
    root /config/www;
    index index.html index.htm index.php;

    server_name _;

    After this comes the certificates and location tags.

    This forces a SSL connection

    I thought it would be relevant to know

    Reply
  • Hi, I followed your guide and got next cloud accessible from the outside world everything works except the part where in upload files to the server. it keeps giving me this error: Not enough free space, you are uploading xx MB but only 0 B is left you (even when I have 13tb free). it worked before I attempted to install lets encrypt. could you please help me?

    Reply
    • Hi,

      No idea on this one sorry, mine definitely works fine, i would check all your permissions and settings and config files for both nginx and nextcloud.

      Reply
      • I’m having this exact issue right now. Did you ever work out a fix?

        Reply
        • I just corrected the same issue for myself Thanks to a comment on a similar post on reddit. Make sure you have “location ^~/nextcloud {” for the nextcloud location in the letsencrypt-nginx/site-confs default file.

          Reply
  • Frederik Christiansen
    1st June 2017 9:40 pm

    Have anyone succed in making plex work without forwarding port 32400

    Reply
    • Yes mine works fine, i’ve set it up for multiple people now, please follow the steps in the guide.

      Reply
      • Frederik Christiansen
        2nd June 2017 8:52 am

        I have followed the exact steps in the guide both changed the default file and the plex setting, it works when I have forwarded port 32400, if I dont then it won’t work

        Reply
  • Great writeup so far! Been able to get Sonarr to work. Nextcloud is another story. Getting ‘400 Bad Request’ when I go to https://[SUBSITE].duckdns.org/nextcloud

    Says “The plain HTTP request was sent to HTTPS port”.

    Followed everything exactly. I have my Nextcloud mapped to another port, but other than that I can’t figure out what’s wrong. Works just fine at https://[UNRAID-IP]:[CUSTOM-PORT].

    Reply
    • Hi,

      make sure you have the nextcloud entry in your default file set to https like so

      proxy_pass https://[IP]:444/nextcloud;

      all the others are http but this one is https.

      also make sure you did the edit to the nextcloud config file and nginx config file

      Reply
      • Hey, thanks! Changing it to HTTPS worked! However, new problem. It’s SUPER slow via URL, but speedy via external IP. See screenshots.

        http://imgur.com/a/eyc1H

        Reply
        • Hmm, i’m not sure on why you’re having speed issues, are you comparing it with the external ip or internal ip? could be DNS resolution issues or your router may be clever enough to route the external IP internally avoiding the internet but not so much for the domain name.

          Reply
  • Should I be seeing something at https://.duckdns.org/services — for me, Chrome refuses to connect.

    Reply
    • Sorry, the formatting on the site doesn’t let me type it correctly. Basically, when I substitute my subdomain at domain dot duckdns dot org forward-slash services, I get an error within my browser.

      Reply
  • Hi,

    I was able to get nextcloud together with LetsEncrypt running.
    Each docker for LetsEncrypt and also NextCloud are running on a seperate (virtual) IP.

    But I am struggeling with another problem, maybe someone can help me?

    I have a domain “my-domain.at”. I am already using “nextcloud.my-domain.at” for nextcloud.

    Next I wanted to work on some Webprojects like wordpress, joomla and other PHP Tools.

    First I wanted to do it via Apache, as I know apache from my native Server. So I installed apache on a docker with a dedicated (virtual) IP.
    But somehow I was not able to get the forwarding from LetsEncrypt to Apache working. Somehow I always ended with “ERR_TO_MANY_REDIRECTS” in the browser.

    Then I thought I could do it with LetsEncrypt as it also has a Webserver with PHP Support, isn’t it?

    So I tried several “site-conf” examples, but somehow I never got it working correctly.

    What would be an example for wordpress to get it working?

    Asuming the domain “wordpress.my-domain.com” and the site is located under “/var/www/wordpress”?

    Br,
    Johannes

    Reply
    • Hi,

      unfortunately this is not related to this tutorial so the best i can do is give you an example, i won’t be able to further exist regarding this though.

      you can try something like this

      SSL (HTTPS)
      server {
      listen 443 ssl default_server;
      root /config/www/wordpress;
      index index.html index.htm index.php;
      server_name wordpress.cyanlabs.net;
      ssl_certificate /config/keys/letsencrypt/fullchain.pem;
      ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
      ssl_dhparam /config/nginx/dhparams.pem;
      ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
      ssl_prefer_server_ciphers on;
      client_max_body_size 0;

      location / {
      try_files $uri $uri/ /index.html /index.php?$args =404;
      }

      location ~ \.php$ {
      fastcgi_split_path_info ^(.+\.php)(/.+)$;
      fastcgi_pass 127.0.0.1:9000;
      fastcgi_index index.php;
      include /etc/nginx/fastcgi_params;
      }
      }

      or

      Non-SSL (HTTP)
      server {
      listen 80 default_server;
      root /config/www/wordpress;
      index index.html index.htm index.php;
      server_name wordpress.cyanlabs.net;
      client_max_body_size 0;

      location / {
      try_files $uri $uri/ /index.html /index.php?$args =404;
      }

      location ~ \.php$ {
      fastcgi_split_path_info ^(.+\.php)(/.+)$;
      fastcgi_pass 127.0.0.1:9000;
      fastcgi_index index.php;
      include /etc/nginx/fastcgi_params;
      }
      }

      Reply
  • Chazz Blackwell
    20th June 2017 6:10 pm

    Is there any way to get this tow work with the unraid webgui? I tried but the page loaded a bunch of text and no graphical elements.

    Reply
    • the best way is to just setup a subdomain like unraid.xxx.xxx and set up a new server block just for unraid.

      Reply
    • You could always just setup OpenVPN on your unraid server with DuckDNS or whatever service you use for dynamic IP address. Just make a note that most schools and businesses block DuckDNS.

      Reply
  • Hello, thank you for this tutorial but im stuck with the lets encrpt certificate…. i made a post at https://forums.lime-technology.com/topic/51808-support-linuxserverio-letsencrypt-nginx/?page=25#comment-572672 but nobody is answering. Could it be that there is an update that this guide wont work anymore?

    Regards
    Bengele

    Reply
    • It seems like you are using subdomains on duckdns but as far as i know you can’t do that. try 1 domain and use /service e.g /plex etc.

      Reply
  • Thanks for this awesome write-up! It’s super helpful. I was able to get everything setup correctly (I think…I know Deluge is accessible via my domain/downloads), however I’m having trouble with both radarr and sonarr. When I go to domain/radarr or domain/sonarr the page loads but only says Radarr Ver. or Sonarr Ver. (respectively). Any idea how to fix this?

    Reply
    • you need to set the path on sonarr/radarr’s settings

      Settings > General > URL Path = /sonarr or /radarr

      Then restart sonarr and radarr.

      Reply
  • I’m having real trouble getting letsencrypt to work.

    I’m not sure where I’m going wrong, the relevant error from the logs seems to be:

    [code]Failed authorization procedure. towerlocal.duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout[/code]

    Reply
  • Jamie Brown
    1st July 2017 9:49 am

    Hi there, thanks for the guide, I’m currently running No-IP on my pfSense router so I didn’t use the DuckDNS container and went straight into the setup at the LetsEncrypt section. I put the details in for my No-IP DynDNS setup and then completed the install of the LetsEncrypt container, however, I cannot access the “Welcome to the server” page locally. For me I use 192.168.1.5 for my unRAID setup so when I go to http://192.168.1.5:81, it cannot find a page, in Chrome I get “This site can’t be reached”

    Any ideas?
    Thanks

    Reply
    • you need to view the logs of the letsencrypt container.

      Reply
      • Jamie Brown
        1st July 2017 5:34 pm

        This is what it’s showing:
        Failed authorization procedure. *my domain**.duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout

        Reply
        • Jamie Brown
          1st July 2017 5:39 pm

          Though looking further at the log I think this info may be more pertinent:
          certbot: error: argument –cert-path: No such file or directory
          Maybe that is stopping it from starting up?

          Reply
        • You are missing some of the steps here then, you need to forward port 443 to your internal IP (i assume since you have pfsense i don’t need to explain this) so whenever the letsencrypt bot goes to https://XXX.duckdns.org:443 it will authenticate

          You said before you weren’t using duckdns but you are saying your log is using it, can you clarify this as if your log is saying that then you have done something wrong (outside of this guide)

          Reply
          • Jamie Brown
            1st July 2017 6:46 pm

            Yeh I don’t think I was helping myself there, I set up DuckDNS to test if it was just some issue with the pfSense DDNS. I’ve removed that and now set it up with the port redirect and my own DNS and it’s now started, though I still can’t get to 192.168.1.5:81 locally or remotely

  • Jamie Brown
    1st July 2017 7:06 pm

    OK it seems to have kinda started now but I can’t actually access anything remotely yet… I have Sonarr etc running on a VM on my server (separate to my unRAID server) so I edited that config file you supplied to that IP and the port I use and when I go with mydomain.ddns.net/sonarr it just spins…. Not sure what I’m doing wrong! I get nothing locally on 192.168.1.5 either on port 80 or 81 but I’m not sure if this is the issue or not , LetsEncypt shows no errors in the log now…

    Reply
  • Hello, great article that walks through everything I need to set things up. My main issue is that my unRAID server is behind my Asus Merlin router running OpenVPN client connecting to AirVPN service. The AirVPN has a port forwarding service as well as a static exit IP. They also provide a DDNS. So right now I have subdomain.airdns.org:PORT forwarded via IP tables script on my router to 443 port on my unRAID server. So remotely I can easily access my Nextcloud server. Using https://scan.nextcloud.com/ I get a A+ rating even though I have not setup Letsencrypt or any specific SLL. Not sure if this is done through their DDNS service.

    Anyway this makes it impossible for Letsencrypt docker to access that external link (https://subdomain.airdns.org:PORT) from behind the VPN. I guess I don’t even need to setup DuckDNS or Letsencrypt as my Nextcloud is behind a VPN and should be secure.

    My question then is how do I setup reverse proxy if not using the nginx in the Letsencrypt docker. I have already setup dnsmasq on my router: address=/airdns.org/192.168.1.5 #(unRIAD IP). Also the DDNS currently has a PORT associated with it and dnsmasq does not allow ports to be used. I am basically trying to access my Nextcloud server using the same address whether it is remote or internal. Is there a way to change the default port on unRAID so if I goto http://192.168.1.5 it will automatically redirect to https://192.68.1.5?

    Any help would be greatly appreciated!

    Reply
    • Hi,

      Don’t have much experience in this aspect, if you want to change unraid’s port you can edit the go file in the config folder of your flash drive (/boot/config/go) and change emhttp to emhttp -p XXXX (where XXXX is the port number)

      If you then add 80 and 443 as the actual ports 80 and 443 in the docker that should work for you.

      Hope this helps.

      Reply
      • Awesome thanks for the quick reply. I guess I could also try giving the nextcloud container a separate IP. Where would you edit the nginx for reverse proxy? In the Nextcloud app folder?

        Reply
  • You just need to edit the “default” file in the letsencrypt nginx folder

    Reply
  • this guide helped me a lot but i have one question.

    i have everything set to be on a subdomain ie: sabnzbd.DOMAIN.com, sonarr.DOMAIN.com
    how do i edit the deluge block to work as deluge.DOMAIN.com?

    i’m using the below but all i get is a blank screen with the webpage title Deluge: Web UI

    location /{
    include /config/nginx/proxy.conf;
    proxy_pass http://[IP]:8112/;
    proxy_set_header X-Deluge-Base “/downloads/”;
    }

    Reply
  • I really cannot get plexpy to work just cannot get anything to load anyone help me out the other comment in this section doesnt really help

    Reply
  • Daniel A Emery
    17th August 2017 10:33 pm

    Hey, everything worked flawlessly for plex/sonarr/radarr/netdata. Thank you!

    I tried modifying the site-confs\default after to add Plexrequests (https://forums.plex.tv/discussion/151899/plex-movie-requests/p1)
    I added this after the radarr entry:
    location /requests {
    include /config/nginx/proxy.conf;
    proxy_pass http://192.168.1.224:3000;
    }

    The result is a blank page, but the tab title changes to “Plex Requests”
    going to http://192.168.1.224:3000 directly takes me to the Plex Requests page and it is operable.

    The docker has a setting: Setting URL_BASE variable to /requests will enable reverse proxy of this container
    substitute requests for another name if you wish
    But when I tried setting that key 3 to /requests, going to https://subdomain.duckdns.org/requests it then took me to the unRAID main page…
    Setting this back to “0” (default value), it returns to blank page mentioned above. Let me know if I can shoot you the link via email to my server’s /requests page if that would help.

    Reply
  • NEXTCLOUD adds the file path /nextcloud/index.php/apps/files/?dir=/&fileid=7
    How can it be made clean like the default install?

    Reply
  • just wanted to say that this was a great writeup and really easy for me to follow. I currently have plex and deluge exposed and it works great. Thanks again!

    Reply
  • This is a fantastic write up! thanks for taking the time to do this. I do have a question as I can’t seem to get my services that do not run in a sub-directory or have a base-url change option to work correctly. Is this where you setup a separate sub-domain? If so, how do you put that in the conf file?

    Reply
    • Yes this would be when you use a subdomain,

      you need to configure duckdns etc and then add another server block in the default file with the sub domain etc, copy the existing and tweak to be how you need it.

      Reply
  • has anyone tried Unifi?

    Reply
  • first of all, thanks a lot for such a great guide, I have successfully set up duckdns and letsencrypt on my unraid. I want to set up lychee (photo manger), but I am struggling a bit here. Can you guide me through this. I have found this; https://gist.github.com/ottonet/3e488ff995193f02fa2d, but when I have inserted this code into “default” file, nginx stops working?

    Reply
  • Thanks for letting me know. The local IP is 192.168.1.8 and the port is 3997. Outside port is 80 and 443 for ssl

    Reply
  • How do I reset the username/password for htpcmanager?

    Reply
  • Hi, I have set this up for 1 service that runs on unRAID and the rest run on their own boxes. So I thought I’d tackle the service that runs on the same box first. This is Ombi. I have set the config as follows:

    location /ombi {
    include /config/nginx/proxy.conf;
    proxy_pass http://192.168.1.5:3579/ombi;
    }

    And set the base URL on Ombi to /ombi and when I access my domain /ombi I get:
    404 Not Found

    nginx

    Any ideas? It also redirects me to port 444 rather than the 443 I forwarded? My routers remote management runs on 444 so this is strange…

    I additionally don’t get the “Welcome to our server” page when accessing it locally, it tries to take me to the /htpc page from your config

    Reply
  • Hi there, great guide, followed it and I’m able to access all my services externally.. Apart from via HTTPS.. I can get to 192.168.1.5:443 (My unRAID server IP) fine internally but if I go to https://domain.duckdns.org/plex nothing happens, or for any other resource via HTTPS.. I have done a port check and I can see that 443 is indeed open on my router but something just isn’t working.. Any ideas?

    Reply
    • you need to make sure you are forwarding port 443 to the same port that your unraid docker host port is, it’s easiest to keep it all at 443 > 443 in router and 443 > 443 in docker. but it doesn’t need to be this

      Reply
  • Hi!

    I just wanted to say thank you – I managed to get all but netdata and nextcloud working. Regarding nextcloud first I need to get that working on its own so I won’t ask about that, but regarding netdata, I get a 404 Not Found error.

    I checked the logs for nginx and I can’t find anything about it (I was able to see other errors there which helped me to get deluge up and running), the logs for netdata are daunting but I still can’t find anything about nginx, I think. I have both the upstream info and the location block copy pasta from your pastebin, just with the proper IP. Anything else I can try for troubleshooting?

    Also, you wouldn’t happen to know how to create a location block for COPS (Calibre OPDS), right? I mean, have to ask 🙂

    Thanks!

    Reply
    • try it with /netdata/ (notice the trailing slash) for some reason it doesn’t work without that, there is a workaround but i can’t find it at the minute.

      you can try the same sort of location block for COPS i don’t know what that is but if you explain how you access it, ip, port and path then i might be able to help.also does it have a “base path” or “root” option at all?

      Reply
  • Hello and thank you for the guide! I just wanted to leave a small note in case anyone has the same issue I did. I followed your guide to install nextcloud. However, Let’s encrypt was throwing an ‘entity request was too large error’. After hours of digging, I found the proxy.conf file had client_max_body_size 10m; Change this to 0; resolved the large file issue. Hope this helps someone!

    Reply
  • Benjamin Gulden
    27th September 2017 1:10 am

    Hello,
    i got everthing to work but now i want to acess a website insteat of
    location = / { include /config/nginx/proxy.conf;
    proxy_pass http://ipadress:8085/htpc

    can you tell me an example how i can host a example.html file instead?

    Thanks and Regards

    ps: also thanks for the information that the slash after Netdata/ is essentail

    Reply
  • I am having trouble getting past the Letsencrypt setup portion. Ports are forwarded. Locally I can not get the Welcome page.

    Reply
    • you may be unable to access it internally, depends on a feature of your router called “NAT Reflection/NAT Loopback/NAT Hairpinning” try externally

      Reply
  • I can only get deluge and plex to work allso i get this when i go to sonarr https://gyazo.com/fb77027dc207d3bc18a53d537fa77f6c radarr: https://gyazo.com/96a4629107ec12d3bc6f0b50932dbf97 and nextcloud: https://gyazo.com/cf14e5d6e12b0ac6dffa8cfdf58e9e25 pls help

    Reply
  • when i do everything in the “FIXING NEXTCLOUD” the gui works but i get: This directory is unavailable, please check the logs or contact the administrator.
    How do i fix that? i cant add anyfiles or anything when its like this

    Reply
  • when i tried to upload a file to it with my phone it did give me a notification that said: upload failed Server in maintenance mode.
    how do i turn it off?

    Reply
  • I am not sure if I have a configuration problem but when I try to go to any of the programs with https://YOURDOMAIN.duckdns.org/ombi it goes to my root server for unRAID. I do have my own domain just didn’t want to publish it.

    Could it be the NGINX is built into unRAID?

    Reply
    • You haven’t correctly forwarded your port 443 to the docker container on your unraid server, which should be 444 so in your router you need to forward 443 to 444

      Reply
  • This tutorial was a life saver! the only issue I had was port forwarding since my ISP’s router is a pain to configure.

    Reply
  • I do have a question, everything is working perfectly both internal and external except NZB Hydra. It works externally just fine but in order for the internal web management page to load I have to remember to manually add /nzbhydra to the my unraid (localhost:5075/nzbhydra/). Both Sonarr and Radarr add this automatically is there a way to do the same with NZB Hydra?

    Reply
  • This is a great tutorial however I am trying to add Home Assistant to this and was having some trouble it working. When I try to login I get an error:

    Home Assistant had trouble connecting to the server.

    Any ideas?

    Reply
    • i wouldn’t know sorry, i feel like someone else asked this before so maybe check the comments as they may have posted a solution

      Reply
  • Did everything you said but I can’t access the webui and see this message in the logs. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container. Please help thanks

    Reply
  • Fernando Rojas
    30th March 2018 7:42 pm

    I followed all steps for Nextcloud and get a 404 not found error, I do have a question though. Do we set up LetsEncrypt and Nextcloud as host or bridge? Currently they are both set to bridge and have “internal IP’s” assigned by Unraid. For the edits on the default files do we use the internal unique IP or the one that we bridge to? Also I noticed Nextcloud is set to port 444 which is being used by LetsEncrypt and won’t allow both containers to launch. Is there a reason this is the case? Any help would be greatly appreciated. Thanks!

    Reply
  • I’ve been trying to get letsencrypt to work with the Syncthing Web GUI, but not having much luck. I get some of the interface, but its only the text. Am I missing something?

    Reply
  • I followed the guide but for some reason I get the web traffic to redirect properly. For example, I set the base URL in Sonarr, restarted it, and then tried to access the webpage, but it just goes to the default nginx web page “Welcome to our Server”. Any idea what could be causing this issue?

    thanks for the help

    Reply
    • You need to go to domain.com/sonarr for sonarr, i use organizr as a homepage which i access at domain.com

      Reply
  • Quick question. I followed this guide and got it working with /htpc and /plexpy, but how do i point it at a service that doesnt let you set that webdir, such as calibre web? Also, when i go to my services, it says my connection is not secure, did i do something wrong with my certificate?

    Reply
    • basically you can’t, you will need a seperate subdomain. if you access it with the internet ip instead of domain name you will get security error.

      Reply
  • Do you have any idea how I might be able to set this up for Grafana?

    Reply
  • Hey, looking to set this up and im at the point of port forwarding which i havent done before. I have a virgin superhub 3.0. I’ve already set duckdns up and im at the end of setting up letsencrypt but could use some advice on the way to forward the ports correctly. My Unraid IP is 192.168.0.100

    Reply
  • NOOB QUESTION:

    I have installed the docker app using the community apps plugin, and the nginx service doesn’t even start. I cannot even get to the default index.html web page. However, when I install the linuxserver nginx docker, it works perfectly. I am following this guide exactly how it states. Yes, I own my domain name, and I have the ports forwarded correctly. I mean, I am not able to put the IP into the URL bar and get the default web page.

    Reply
  • I’ve been having trouble with nextcloud so I’m using Owncloud instead. But can’t get it to work with letsencrypt. The local ip works fine. I setup the config.php and default file. When I try to access the page, Owncloud says:
    “File not found
    The specified document has not been found on the server.
    You can click here to return to ownCloud.”

    Reply
  • Hi,

    For some reason I cannot get letsencrypt working and am pulling my hair out.I believe to have followed all the instructions as stated but cannot even access the “welcome page” from local ip.

    These GET requests:
    http://[local-ip]:81
    https://[local-ip]

    This site can’t be reached

    to top it off – I get errors trying to certify the domain

    Here’s my error

    http-01 challenge for REDACTED.duckdns.org
    Waiting for verification…
    Cleaning up challenges
    Failed authorization procedure. REDACTED.duckdns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://REDACTED.duckdns.org/.well-known/acme-challenge/JoU9jqKirGOhPQdwI1FscyiKbcGrHsGpZ8lHBAu7iXk: ”

    404 Not Found

    404 Not Found

    Any help will be appreciated.

    Reply
    • seems like you aren’t forwarding ports correctly somewhere, note that letsencrypt docker uses port 80 now instead of 443 to verify.

      Reply
  • can’t for the life of me get this to work. Has anyone made a video on this specifically for unraid? Most other video’s after attempting the instructions here are for non-unpaid setups, so I’m lost finding file paths etc if they aren’t in the /appdata/letsencrypt unraid location.

    Reply
  • Just followed your guide and got things working but I can reach my sites via http and https. http requests don’t get redirected to https automatically?

    Reply
    • You said “can” so i’m not sure if you are saying you can access it via https and http or or only 1 or neither. please clarify.

      Reply
  • Hi, thank you for this guide. It’s really helpful, but I have a question if you could help. I’m able to access sonarr/radarr/deluge/Plex via http (https://YOURSUBDOMAIN.ddns.net/sonarr etc). But https is not working , nothing loads. No errors in my letsencrypt log either

    Reply
  • Rick van Oosterhout
    11th July 2018 9:32 pm

    Hi Fma965. First of all, great guide! I got all my sites working, except nextcloud. When i set the ‘# Path to the root of you installation’ in the nextcloud nginx folder to config/www i get an error when navigating to the https site:

    Internal Server Error

    The server encountered an internal error and was unable to complete your request.
    Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report.
    More details can be found in the webserver log.

    When i read my nextcloud logs, i get 2 error lines:

    Line 1:

    PHP Fatal error: Uncaught Error: Call to a member function getLogger() on null in /config/www/nextcloud/lib/public/Util.php:158

    Line 2:

    #0 /config/www/nextcloud/cron.php(160): OCP\Util::writeLog(‘cron’, ‘syntax error, u…’, 4)

    Can i maybe sent you my config files to have a quick look?

    Thanks in advance!

    Reply
    • unfortunately i don’t recommend using nextcloud on the same domain now, it’s easier to just move it to a subdomain

      Reply
  • This guide is fantastic and I have everything setup with the exception of Jackett.
    I have

    location /jackett {
    include /config/nginx/proxy.conf;
    proxy_pass http://10.202.254.229:8088/jackett;

    and in Jackett

    Admin password:
    ••••••••••

    Base Path Override:
    /jackett
    Server port:
    9117
    Manual download blackhole directory:
    c:\torrents\
    Proxy type:
    Proxy url:
    Blank to disable
    Proxy port:
    Proxy username:
    Proxy password:
    External access:
    Disable auto update:
    Update to pre-release:
    Enhanced logging:
    OMDB API key:
    OMDB API Url:
    Blank for default

    Any pointer

    Reply
  • Thanks for the write-up!

    I followed the directions and have Nextcloud up an accesible from the network; but I now no longer can access Nextcloud locally. In other words, if I put in the Nextcloud docker IP and port number (192.168.1.2:444) that I had been using previously I know get a “404 error”. Any thoughts?

    Reply
  • So I’ve gotten Radarr, Sonarr, and Lidarr all set up. I’ve also added in my own for sabNZBD but I can’t get the default plex or deluge options to work. I’m using both Binhex-Plexpass and binhex-deluge vpn at the default ports (32400 and 8112 respectively) Any ideas on what I need to add/edit in the config to get them to show up?

    Also, if I had my own hosted domain could I use that over duckdns or is it just not worth the hassle?

    Reply
  • Please, anyone has a working solution to OAuth2 as securized Letsencrypt?

    I can’t get a solution and basic authentication doesn’t seem to work for me.

    I don’t want to be exposed to an outside attack.

    Reply
  • I was landing on the “Welcome to our server” page and the redirects using (/plex and others) didn’t work.

    The solution was deleting the old config, which I renamed to default.orig.
    >>letsencrpt/config/nginx/site-confs/default.orig

    There should only be placed 1 file, the “default”-file.

    AND

    first I thought I have to change something in the following lines (like changing ports to 444 and 81):

    server {
    listen 443 ssl default_server;
    listen 80 default_server;
    root /config/www;
    index index.html index.htm index.php;

    server_name _;

    But just leave it as it is.

    maybe someone has the same issue and this helps

    Reply
  • Cool. 🙂

    I got this to work with Radarr but for the life of me, I can’t get it to work with Airsonic. I keep getting the 502 Bad Gateway error. I’m using the inuxserver container, which has the CONTEXT_PATH set so I know that’s not the issue.

    I added this to the default:

    location /airsonic {
    include /config/nginx/proxy.conf;
    proxy_pass https://mylocalip:4040;

    I also tried with: proxy_pass https://mylocalip:4040/airsonic;

    Thoughts?

    Reply
  • John W. Colby
    5th March 2019 7:09 pm

    I did the setup using 192.168.122.115:81 and 444 but
    1) If I try to hit that address in my browser it times out.
    2) The LetsEncrypt docker log says “unable to connect to port 80”
    3) If I manually go to 192.168.122.115:80 I get the main Unraid web page.

    I did manage to get DuckDNS working thanks to your other video. I can now go ping C2Db.DuckDNS.Org and get a valid ping with my dynamic address.

    Millones de Gracias for that part!
    John W. Colby

    Reply
  • Hi, I am stuck where I try to open nginx webpage using my http port 180 or https port 1443 on my unraid ip (10.10.0.196). I double checked my port forwarding on pfsense but still can’t get the page saying “The website is currently being setup under this address.” (similar to your picture above in step 4. Any suggestions on how to get past this. I have configured google domain names as CNAME for each services (sonarr, radarr, etc).

    Quick question, is it ok to use DDNS provided by google in the CNAME configure area or do I have to use duckdns.org?

    Thanks

    Reply
  • Rashmi, can you got those ports locally? I’d do a tcpdump on pfsense and unraid.

    Not sure if there is a docket for Google ddns, but my firewall supports Google’s ddns, so that’s how my ip gets updated

    Reply
    • So the weird thing is pinging 10.10.0.196:1443 works but not 180, but when I try to put it into the webpage url its shows that page saying “The website is currently being setup under this address.” (similar to your picture above in step 4). Do you have any screen shots of pfsense nat/rules that need to be setup for this?

      Reply
      • I don’t have a of sense, but I’m sure there are plenty of examples. You should be good to go if your getting three same error message

        Reply
  • how i can redirect the subdomain to any service? without /service i see
    server {
    listen 443 ssl default_server;
    listen 80 default_server;
    root /config/www;
    index index.html index.htm index.php;

    This redirect to index but i dont know how redirect to any service with proxy.

    Thanks.

    Reply
  • I am unable to reach my duckdns doamin. I have set up everything like it is said but it just says it cant be reached.

    Reply
  • Where it says, “‘trusted_proxies’ => [‘UNRAIDIP’],do I use my LetsEncrypt docker container IP or Nextcloud Docker container IP? Also, should I be using port numbers when entering in my IP address?

    Reply
  • Thank you!

    Reply
  • i cant get this to work and i think i either messed up the router ports or the service config. can someone discord me? mine is

    Reply
  • ill be home in 3 hours

    Reply
  • btw your discord didnt work

    Reply
  • mine is Oci#3796

    Reply

Leave a Reply

Menu