How to Setup and Configure a Reverse Proxy on unRAID with LetsEncrypt & NGINX

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi there guys so this video is a tutorial about how to set up a reverse proxy on an unread server so just what is a reverse proxy well a reverse proxy is something that sits behind your firewall yet it's accessible from the internet what it does is it redirects requests made to it to the appropriate server or in the use case we're doing in this video for unread the appropriate doctor container running on the server and the reverse proxy gives us an additional layer of abstraction by protecting the things behind the proxy therefore giving an additional layer of defense against a malicious attack now in my personal opinion using OpenVPN is the most secure way to access things on your network but a reverse proxy is definitely a close second and also an open VPN connection isn't always the right tool for the job one example being accessing your next cloud server from the internet this use case is where reverse proxy really shines so this video will show you how to set up and use a reverse proxy so if that's something you'd like to do then let's get started [Music] [Music] okay so before we start we're gonna have to do a bit of planning and think of how this is going to work right so this diagram represents our reverse proxy on the far right hand side that cloud thingy that's meant to represent the internet in the middle of a Steve the thing with the two aerials that's our firewall modem router to the left of that that represents our reverse proxy then on the far left that's our unread server where all our aqua containers are running to be able to access our unread server over the Internet through the reverse proxy we'll need to be able to track what our internet ISP assigned IP address is because most of us probably won't have a static IP address for our one IP so we'll need to use a DNS tracker service such as duct DNS now I have a video about this which you can watch here so after we set something up to track our DNS how do we use that well let's imagine that I've set up the duct DNS tracker to be space invader server DNS talk and the duct DNS not all part here that's the domain name but the part before the space invader server dot part that's the subdomain that was created when I set it up in duck DNS and so the subdomain space invader server duck DNS that points through to the IP address of my Wan which is two one two nine 2.11 4.18 so now that means that we've got a subdomain that points across to the one IP address that our servers on and we want to connect to our proxy using HTTPS so of course we're going to need a valid SSL certificate and because we've got this subdomain that points to our server we can use let's encrypt which is running inside our proxy and use that to create a valid certificate for the subdomain space invader server duck dear Nestor org and the good thing is is we don't have to have control over the full domain so obviously I'm not going to have any control over the duck DNS talk apart but let's encrypt we'll create a certificate because it will validate itself they're going out to the Internet and seeing if it can connect back using that subdomain space invader server duk-goo Nesterov and if it can validate itself it will then create a certificate so because of this validation process is really important that before we try and create any certificates that we forwarded to correct ports in our firewall router so this validation can actually take place because if it can't get through then the validation can't complete so it's important before starting this project we do all of our port forwarding and our route at first okay so our reverse proxy can connect two things in two different ways it can connect using just the sub domain such as space invader server duck to nest log and that can connect through to one thing and then to connect through to another thing we need another sub domain so maybe space invader next clouds up to your nest org and that would connect through to that but there's another way as well we can use a subfolder so we could have space invader server duck DNS da org then forward slash sonar and that would connect through to so now and then we could have another space invader server duck do nest org forward slash next cloud and that would connect to next ground but for next cloud it is advised that you use a subdomain as it's better security so obviously using a lot of subdomains with something like duck DNS while so it's possible it's going to be pretty inconvenient because each subdomain is going to have to be updated with your one IP address even though it's going to be the same for each so the best thing to do is to use your own domain name now domains nowadays are really cheap you can get them for say six pounds or about ten dollars so it's well worth spending that money and then once you've got your own domain you can create multiple subdomains of that so you could create so now adopt my domain you could have radar dot my domain you could have next cloud dot my domain you can have as many as you want all you'd have to do for these records is create what's called a cname which should point to the dynamic IP tracker so all of the subdomains would point to space invader server duck dear nester org and so that's the only thing that needs to have its IP address updated using the duck DNS client so it is better to buy a domain name but it isn't essential so hopefully that gives you a basic idea of what we're doing and how we're going to set it up I think knowing the basics really helps setting it up and it makes it a lot easier so first let's look at planning our proxy and setting up our DNS when we don't have our own domain name so if we're not using our own domain name then we're going to be using the domain name of our dynamic DNS service and in this example DNS org so what we set up at duckpin esta org has to point to our ISP 1 which in turn points to our server so the first subdomain had set up at duck DNS would be space invader server docked up dear Nestor org so we could just leave to that and we can access one service from that domain and then other services coming off that with a sub folder for example forward slash next cloud and forward slash sonar however in my opinion is much better to use a separate subdomain for each service and so for next cloud something like Space Invader next cloudiness org and for sonar Space Invader sonar DNS door so if you're not using your own domain name then just think how many sub domains are going to need and then set them up accordingly so I'm going to set up these three now so those 3 domains are set up and it looks like we can have actually up to 5 different domains with one account so if you're going to have more than that then you'd have to set up more than one account so now all of these subdomains are pointing through to my current IP address but to keep them always pointing at the correct IP address you're going to have to set them up in our duct DNS client now I've shown how to set up a block DNS client on one rate before but all you'd have to do different to that video is to put in the multiple subdomains separated by a comma like you can see here so now let's look at how it plan things if we do have our own domain name using the domain name reverse proxy dot me so I'll quickly register that domain now so with our domain we're still going to use D&S to track her IP but we only need one incidence of it and so I'm going to use space invader server duck do Nestor awk but then just as before I want to have three sub domains so I'm going to use server dot reverse proxy dot me next cloud dot reverse proxy me and sonar dot reverse proxy dot me and for each of these sub domains we're going to create a cname that points to space invader server duck DNS na all which in turn points to our one IP so always the subdomains are going to have our server one IP address so let's create the see names now so once you've bought your domain name most registrar's will have somewhere where you can adjust the DNS so find that place for your registrar and click on edit DNS so this is what my DNS zone editor looks like now you must may well be different but the principle be exactly the same here I can actually filter the different records if I click on to see name I can see the existing see names that are already set up for this domain you see I've got mail dot and www.renttoowncenter.com earlier and click add record ok so now i'll quickly put in the other two subdomains okay so now I've got the three subdomains all pointing across to space invader server Duck dinosaur okay so you've planned out our proxy both with our own domain name and without so now it's time to move on to forging the correct ports on our firewall and we're going to need to open up - pause port 80 and port 443 however we're not going to forward those ports as is we're going to redirect them to another port that's because underage uses both port 80 and port 443 for its own purposes so what I'm going to do is I can afford my port 80 to port 180 I'm going to afford my port 4 4 3 2 1 4 4 3 so how to port forward will vary depending on what make and model number of rooty you have so if you're not sure how to port forward with your router just do a google search for the model number and also port forwarding and I'm sure you'll find some info that will be helpful now I use pfsense myself so I'm going to show the port forwarding on that so I'm going to head across to the port forwarding section and I'm going to add HTTP which is port 80 and forward it to the IP address of my own raid server and I'm going to forward it to the custom port 180 I'm going to give the new with description and if you're using pfsense and I recommend just enabling map reflection it's unlikely that your finest option on any other route are so just don't bother about it if you can't see it and then basically go through it's actually the same process except for HTTP for port 4 4 3 let's make sure you forward it across to the destination port which is 143 ok so when you've done your port forwarding let's move on to the next step now this step is important so please don't skip it we need to make a user-defined bridge rather than using the unread default bridge and that's because using a user-defined bridge gives us automatic DNS resolution between containers ok so the first thing we need to do is go over to the settings and then go to our docker settings how many to temporarily disable the docker service so put this on - no and click apply now we need to change from basic view to advanced view here and here where it says preserve user-defined networks we need to select that on - yes click apply and now we can re-enable the docker service and apply again and done so next we want to open the terminal window in ton raid now click on to the terminal icon at the top and now we need to type docker Network create space and now we need to name our network I'm going to call it proxy net and press Enter so now we've created a new docking network called proxy note so I'm going to close this now and so now finally at last we're ready to install the let's encrypt docker container okay so let's head across to the apps tab and let's do a search for let's encrypt and click on to the green button to install the container and if you scroll down before we fill out anything here what we're going to do is we're going to change the network type and we're going to change the network type to the custom docker network that we created earlier and I named mine proxy net now we don't need to fill out anything here at all we can leave that as it is now here we come to the port numbers so the container port is port 80 and port 443 but earlier on my firewall I translated port 80 to port 180 and port 443 to port 1 443 so I'm gonna put in those numbers here ok so here we need to pop in our email address and here under domain name we need to put the domain name that we're using now if you have your own domain name then you put that in here if you're using duck DNS you just put in duck DNS talk then underneath where it says subdomains you can remove the www and I'm going to put in the subdomain so I created at duck DNS door which is space invader server then put a comma and then the next sub domain which was space invader next cloud and the last one I did was Space Invader sonar and here where it says only sub domains we want to change that to true because they're the only ones let's encrypt to try and make certificates for the sub domains because obviously this the main being duck doing that's not all they don't have any control over that I only have control over the sub domains here so change this from false to true then scroll down we leave everything else as it is the validation is HTTP and then click on apply and it'll pull down the container and then click on done now let's go across to our docker tab here and we can see the let's encrypt container here and what I'm going to do is I'm going to click on to the log here and if we look through the log here we can see that let's encrypt perform some tests on these subdomains here and then it waited for verification there are no errors at all and at the bottom you can see it says server ready so we know everything's good so now I'm going to disable the port forwarding on my router and show you the log file that would be generated when let's encrypt can't get through properly so you can see here there's no server ready at the bottom but we can see that the authorization has failed that's the yellow part at the top and actually tells us that it's a likely firewall problem which it is so the log files are useful to see what's going on that's why it's important after first creating the container to look at your NOC files straight away just to check that everything's fine before moving on to the next stage and hopefully you'll see at the bottom server ready if not then you're going to have to go back through all of your settings your DNS and everything like that and check that everything's fine ok so when I just set up the container I showed putting in the settings to create certificates for the duck DNS subdomains so if you're using your own domain it's just the same but using your domain details and the subdomains that you created see names for earlier so let's quickly look at that too ok so everything's the same at the top the network type is set to custom and the ports are mapped as they were before so the thing that's different is the domain name I'm going to put in my domain name here which is reverse proxy dummy and for the subdomains I'm going to put in three subdomains I created C names for earlier and that server comma next cloud on the SONA then again this before only subdomains we want that set to true and that's it so let's go down to the bottom of the page and click on to apply and then click done so then just as before let's check our log file to check that the certificates were created correctly and it says server ready so everything's good so now let's move on to the next stage right now for all of the containers that you want to use with your proxy we're going to have to change the docker network that they're on we're also going to have to change them to our custom network and the two that I'm using in this tutorial are next cloud and sonar as these are the two containers which I want to access through the let's encrypt reverse proxy so it's going to edit and are going to change the network type on this container to match the one on the let's encrypt container so again I'm going to change this to custom and to my proxy net network and click apply then done and the same for sonar and again apply done now don't worry although we've actually changed the network that the docker container runs on we can still access it through the normal IP address so if I stew click on web UI I can still access it through 10 10 20 dot 199 so for our Sun Raiders from the user perspective everything's exactly the same ok so now we should have all of our containers which you want to access through the proxy onto the custom docker Network now let's go on to the next stage okay so we're almost done now we're just going to have to edit some files inside the configuration folder of let's encrypt which is mapped across to our app data as you can see here and so the file we need to edit is an app data let's encrypt nginx and then inside the proxy configure now the Linux server guys have done all the hard work for us by creating these configuration files so I'm going to edit the sonar configuration file here and I'm going to choose the sono subdomain one as I'm using a sub-domain now make sure you open it with a proper text editor I'm using text mate on OSX if you're using Windows and I suggest using the text editor notepad plus plus now the light I want to point out here is the one that starts with server underscore name this one here this line sets the name of the subdomain which is connecting to this container so the line here reads server underscore name space sonar dot asterisks which is a wild-card so what this basically means is any subdomain starting with sonar dots is going to be passed through to this particular container so my sub domain is sonar dot reverse proxy dot me so this line is going to be fine for that subdomain if I didn't have my own domain name the chances of me being able to have sonar dot for my subdomain is very slim when I set up my duck DNS subdomains I had to use space invader so now duck DNS dot org so if I was using that subdomain I'd have to change this line to be server underscore name space base invader sonar door Asterix semicolon so depending on what your subdomain is called you may possibly have to change this line but for me because my subdomain was sonar dot I didn't have to change this and normally there shouldn't be anything else you need to change in this file unless you're not using a Linux server container so all of these configuration files have configured to work with other Linux server docker containers but if you see here I'm not using the linux server sonar docker container I'm using the bin hex one so there's just one thing I need to change here I just need to change this line here where it says set upstream underscore sonar space sonar so this is the name of the container here but because mine here is called bin hex - sonar I'm gonna have to adjust it to that so it's just set on the name of the container - this variable here so now I'm going to save this file but I'm going to change the name slightly I'm going to take off the dot sample at the end just so it stops conf and are going to click Save and now I can close this now what I could have done instead of actually editing the name inside of the configuration file I could have just edited the name of the container and change this to being sonar but personally I don't really want to change the name of my containers I'd rather change things inside the configuration file and of course if we're using a Linux server container then you don't have to change anything at all ok so now that's done I can restart the let's encrypt container and I go to open a new tab and go to HTTP colon forward slash forward slash sonar dot reverse proxy me and here we are in my sonar here and everything is working fine now one thing to notice here you can see I've come straight into this container so if you're going to use a reverse proxy and you're going into containers you're going to need to set up a password so I'm going to put the one in for me here and the password base invader one save and close so now and they're going to restart the container I'm going to open the tab again and log back in and out asking me for my password and I'm back in okay so let's close so now now let's set up next cloud now the next cloud slightly different there's one extra step we have to do we have to edit a configuration file in next cloud itself so again let's go to our app data now go to next cloud now go to www.nasa.gov/station we need to do is add a line under this one here which looks like this one space equals greater than space and then in quotations you need to put your subdomain a - next cloud dot reverse proxy me then close the quotations and a comma now next we have to change this line here that starts with overwrite CLI and we need to change here we need to take out the IP address here and the port number and again we need to paste in our sub domain so it should now read HTTP colon forward slash forward slash and your sub domain in quotes followed by comma okay so there's another line we need to add here that's in quotes overwrite host space equals greater than space and then in quotes again our sub domain and then finally one last line which reads in quotes override protocol space equals greater than space than in quotes HTTP and a colon what this does is force next cloud to only use HTTP okay so that's what we need to do so you just need to change those things in your next cloud configuration and now we can save this overwriting the other file so next we want to go back to our app data and then go to the let's encrypt folder into nginx back into proxy configs then we want to go to the next cloud subdomain configuration file and we can either rename it so it isn't harmful I'm gonna open mine everything in here is correct for me my server name is correct here because my sub domain is next cloud dot so I'm just gonna save this but removing the dots on halt okay so that's everything done so now we need to restart let's encrypt and also we need to restart next cloud now if I go and open new tab and if I go to HTTPS forward slash forward slash next cloud reverse proxy dot me and Here I am at my next cloud login and here we have next cloud working absolutely fine so let's close that now so that's our reverse proxy all set up and working to access other containers through the proxy it's just the same now personally I prefer using subdomains to access things on the props but as I mentioned at the beginning of the video we can also use subfolders so let's quickly set up radar to be accessed through a subfolder so let's go back to our app data and then let's encrypt into the nginx folder and back to the proxy configs now this time I'm going to choose the radar sub folder here and I'm going to edit that so let's look at the configuration and we can see here where it says location then space forward slash radar that's the actual sub folder and again because I'm using a bin hex container and not a Linux server one I'm going to have to change the name of the container here so I'm just changing it to bin hex - radar so now let's save this file but taking off the dot samples before now we can close this and we're going to have to make a few changes to radar so let's edit the configuration and again we need to change the network to our custom one and click apply done and also we need to make a change inside of the radar configuration on the web UI so let's go to settings and then general then here where it says URL base we need to put in the sub folder there so forward slash radar so now let's click Save and let's restart radar and restart let's encrypt now let's open a new tab and see if we can connect so we need to put in a subdomain and then forward slash radar now this subdomain it can't be used for anything else like if you're using subdomains and subfolders together now I also set up a sub domain server dot reverse proxy dot me so I'm going to type in that and there forward slash radar and see if we can connect okay great so I'm connected to radar and it seems to be working fine so now I'm going to close this and then wrap up this video so ok here we are at the end of the video now just one thing to note you may try and test your reverse proxy after setting it up and find that it doesn't seem to work this can be because your router doesn't support that reflection now not many consumer readers do so to get around this all you have to do is just connect your PC using a VPN and then you can test the proxy from an IP that isn't your own one IP address so anyway the next part of this video we're going to be setting up the docker container called him now I think that's how you pronounce it it's a really nice container that you can actually use as the homepage for your browser allowing you to access all of your containers etc I will be looking at it using it with the reverse proxy and without anyway that's next time and for now it's time for me to go now I really hope that you found this video useful and if you did then please please hit that like button and subscribe to the channel if you haven't already and so all of my patrons and supporters out there a huge huge thank you to you guys who make these videos possible so anyway guys whatever you're up to for the rest of the day I hope it's good and I'll catch you all next time
Info
Channel: Spaceinvader One
Views: 296,983
Rating: undefined out of 5
Keywords: reverse proxy, reverse proxy unraid, letsencrypt, nginx, letsencrypt docker, letsencrypt docker nginx, reverse proxy tutorial, how to setup let's encrypt, how to setup nextcloud with reverse proxy, nextcloud https certificate, How to Setup and Configure a Reverse Proxy on unRAID, How to Setup and Configure a Reverse Proxy on unRAID with LetsEncrypt & NGINX, unraid, unraid docker, unraid docker containers, linux, home server, owncloud, nextcloud, lime technology, spaceinvaderone
Id: I0lhZc25Sro
Channel Id: undefined
Length: 28min 19sec (1699 seconds)
Published: Sun Aug 05 2018
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.