NGINX PROXY MANAGER TUTORIAL RASPBERRY PI 4 INSTALLATION - EPISODE 6

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] [Music] hello everyone and welcome to episode 6 of our raspberry pi series and today we're going to be installing nginx proxy manager on our raspberry pi nginx proxy manager is a must-have for any server administrator who would like to safely open up a port a service or application to the internet what nginx proxy manager does is act as a reverse proxy allowing the management of incoming connections to be redirected to the correct device and service this is all done internally and the outside visitor will be unaware that this process has taken place it adds a layer of security for your devices that are hosting the service or application as it does not directly expose the device to the internet it also means that you can limit the ports you open on your gateway router if you were not using a reverse proxy then you will need to open a port for each service application you use using nginx proxy manager means you only need to open two ports and that's 80 and 443 and the proxy manager will take care of the rest another amazing feature of nginx proxyman is the ability to create let's encrypt ssl tls certificates creating an encrypted connection between your outside visitors browser and your internal service or application this allows for the safe communication of sensitive data so we have our domain name and a port number which will indicate the port number that this application at the resting server would need so if next cloud was on a certain port then we'd need to add that at the end of the domain name so how this domain name knows where this router is is because it will be set in the registrar of the domain name so wherever you bought your domain name from you can add a a record on there for that ip address now if you have a static ip address you can set that for the domain name so this when you put this domain name in it will know that you're talking about this ip address of your router so you put in the domain name plus the port and then forwards it down through dns to your router your router will then have port forwarding on the router so it will say that if an incoming connections come into port 80 it would forward it to let's say wordpress and if there had a domain plus port 443 on the end it would come in through the secure four for because 443 is ssl tls it will come in three four four free it'll be redirected from the router through to next cloud so what that means is if you were going to add more docker containers with different applications and you wanted them to be accessible from the outside you would have to have a unique port for each application which means it is leaving your router very insecure you know the more the more ports you have open the less secure your device is going to be to stop potential attackers from attacking your network so what you want to do is limit the amount of ports that you have open on your router just to keep your devices safe so what we can do to do that okay so instead i know i've talked about 18443 now if we had an xcloud server okay and we afford the 80 and 443 to next cloud how would we get through to wordpress we'd have to open up an additional port set a custom port on that um router and then forward that custom port to your raspberry pi so your your router will know where your wordpress install is and it would forward that port so you'd put in your domain so let's say your domain and then we'll say port i don't know 669 for instance forward that down 669 where is that it will point that port to your wordpress instance okay so that's a bit overcomplicated so with a proxy manager what we're going to do we will install nginx proxy manager so what we will do then is once we put in our domain name we don't actually have to have a port number because anything that comes in on that domain we can set in our dns so you could even use subdomains uh to help separate your services so we could have next cloud dot domain and then um we could put that in so nextcloud.domain then it will go across to we have an a record that's with our registrar telling us that it's the ip address of the router so it would come through and then on our router we would have two ports open only which is port 80 and port 443 so port 80 is for http traffic and 443 is for https traffic so that will then be forwarded down to engine proxy manager then within engine proxy manager okay you'd have an entry for that with a let's encrypt a certificate installed on there too um and in nginx it will say so if you're looking for nextcloud.domain it would come down into nginx say we're looking for nextcloud.domain um and it will say well i know where that is it's on x it's on this port here and it would forward on that connection to your next cloud because it's inside of a container you can you can have that on whatever ports you want you can set that within the container and same with wordpress you could put in wordpress.domain it would come in you'd have an a record that sends it down to the router the route will then pass that down to engine proxy manager engine proxy manager will then forward that onto wordpress.domain and then it will serve and it'll go back the opposite way it will serve it to the visitor and that's how it works okay so what we're going to do now is we're going to load up firefox and as you can see we're on the nginx proxy manager website now if you scroll down the page it gives you a docker compose yaml file that you can copy and paste and you can use that to install both the maria database and the proxy manager now there's a few problems with this what the first problem is it's version free so we can't use that on portena to install anything so we're going to have to actually manually create the docker by using the terminal which is not a problem which we can do the second problem that we actually have with the raspberry pi is it's an armed device so the cpu is not built to work with this package which creates the database so we need to replace this with a database that works with the raspberry pi so there is one from yoba systems called uber systems alpine maria database so we're going to use this it's basically just going to be a drop-in replacement so we can still take this whole file and use it if you go to our website there's a link in the description to the blog post regarding this and if you go to that link you'll find all the commands that we're going to use today so i suggest you go there so you can copy and paste them in i have it in a sublime text file as you can see here i've replaced the maria database with the yoba systems database which should work as i've said in previous videos i'm using an ssd on my raspberry pi so i'm happy for these to install in the default location if you guys are using an sd card you may want to change these locations to your sd card so the storage locations when i had an sd card i used to have a folder called app data and then within that app data folder i would have the application name as the folder and i'd have all the data stored in there so basically nick's cloud or the next cloud data would be within an xl folder so if you are in that situation where you need to install this to an external drive what you can do is anything before this colon is your file and folder location so you've got to change that to your external drive whichever one you're using as i said i've got an ssd drive i'm going to keep it the same another thing you want to change with this file is everywhere that you see npm you need to change these npm values to something unique and obviously have a strong password um with a database you should never use sort of um you know special characters just try and keep it as you know capitals and small case and numbers and mix it up and the reason why i say that's because sometimes using you know some some characters it can cause wacky things to happen within a database so i would never recommend to do that um so anyway moving on for layman's terms keeping it simple i'm gonna keep the default npm values so i'm just going to copy and paste this straight into a file that we're going to create now so we're going to do now is we're going to go across to our party application and we're going to remotely access our raspberry pi so you put your pi's ip in there and your pi support and you click open then put your pi username in and your password okay let me clear this out so what we're going to do now is we're going to create a folder called nginx so make directory nginx and then we're going to go into that folder by using cd which is current directory so we're going to clear this out now we've got an empty folder okay we're going to create two files in here the first one is going to be a config.json file so we're going to go to nano and then we're going to config dot json and then what we're going to do is because i've used all the default values again you can find all this information on my website so on the actual blog post for this website we'll have all of our commands for today so i'll put that in there again change all the mp m values to your unique values for safety and security so we're going to exit this by pressing control x then y to save and then enter and if you press upper arrow you can go back into the file and make sure that that's been written so you can control x to exit the next file we're going to create is a docker compose file so we're going to go nano and then we're going to go docker attack compose and this is a yaml files that's dot yml and then enter on there and then we're going to go to our sublime text and i'll just stipulate again i'm i'm using default values because i'm going to remove this afterwards this is just to show you guys nice and simply how to install it so i'm going to copy and paste that into my yaml file keeping everything the same and i'm going to press ctrl x to write it y to say yes to save and enter to exit so now what i'm going to do is one final command and this will deploy the container for us and get it running so once we've run this it's going to take a little while to go through um but once it's complete we should have two new dockers installed and in fact what we're going to do now is go sudo docker ps put in my password now as you can see we have one container in there now which is our pertainer container so you can see it right there that's just one container that's in there so once this process is finished we should see three in there so i've now cleared that out and i'm gonna run one final command which is sudo space docker tack compose space up space tack d to deploy it if you guys are enjoying our content if you can give us a like and a subscribe that would be great if you click the notification bell you'll be notified of any new content that we put up okay so now that's finished what we're going to do we're going to run that docker ps command again to list out our dockers and as you can see now we have three dockers installed so we're going to go to our browser so we're going to open up a new tab and we're going to go 192.168. and as you can see it's there portena which is on port 9000 and as you can see we have free running containers so if we if yours says unhealthy just restart it so we're going to be looking at this database to make sure everything went through okay so basically what we're going to be looking at now is port 81 and there you go we have our engine x proxy manager and the default values we're going to log in with is admin at example dot com and the password is change me and then click sign in and you'll be asked to add your admin name your nickname and your email address and then you're asked to change your password so this one will be change me and then put in your new password and then repeat it and there you have it we now have nginx proxy manager installed and ready to go so what we're going to do now is we're going to go back to our diagram and we're going to look at this again what we've managed to do is we've installed nginx proxy manager on our raspberry pi in a container so this is now sitting here ready for communications to come down from our router now everyone's route is different your router won't be the same as mine you know there's so many on the market so there's a different way of forwarding these two ports these two ports need forwarding now to engine x so the next step we've got to do now is we need to get into our router and we need to open up port 80 and 443 and we need to port forward it to our raspberry pi so what you need to do is go port forwarding and then you'd need to put the name of your router in so for instance an asus router um let's say an ac68u and then port forwarding on a root asus router and it can show you how to do it so what you would do is you would go to one you'd go to your virtual server port forwarding you would enable it by clicking yes so what you would do is you would create two entries down here in port forwarding the first entry would be for port 80 so you'd put service name and then under service name you would put engine x proxy manager and then http source target you'd leave blank port range would be 80 then you'd have your local ip in here so that would be your address of your raspberry pi which in my case would be 192.168.2.5 and then the local port would be 80 and the protocol would be tcp and then i'd click the plus sign to add it then i'll go through it again and i would add another service name and i'd set that service name as nginx proxy manager and then it'll be https sourcetarget would be ignored port range would be 443 local ip would be the ip address of my raspberry pi the local port would be 443 and then the protocol would be tcp again and i'll press plus again on that and then apply for both of them ports to be forwarded so what would happen now is when any request comes in for port 80 or 443 it will be passed through to the router the router would say yes i've been told to pass on any ports from 80 or 443 to the raspberry pi so the request will come straight through be passed down to nginx and then from there if at the moment there's no entries in there so it would just literally show nothing it would have probably an nginx proxy manager page saying nothing else your nginx proxy manager is now ready to accept connections from the outside and forward them to the service that's required so to test the nginx proxy manager is working via the internet what you can do is if you come onto a fresh page on firefox or if you're using chrome just have a look and search for your ip address so put what is myipaddress.com it will tell you your public-facing ip address now that's different to what your ip address is for your router which will have a local address which will be like 192 168 etc your public address will be checked will be different so what you need to do is put your find out what your public address is i'm not going to show you mine for security reasons but you can put in your ip address and then put colon and then port 80 to make sure that it works so this is what we're going to do now pretend that this is my public address even though it's not it's we we know that this address is my internal address and then if you click on port 80 so you'd have your public address colon and then port 80 and then you should see this page if you see this page and everything is set up correctly and we are ready to go in episode 7 we're going to be continuing to configure our nginx proxy manager and we're going to install a dynamic dns service on our raspberry pi so that if our ip address changes it's going to keep updating the domain name so that people can still get access to our services so that's what we're going to do in episode seven so i hope you enjoyed today's show and we'll see you in the next one you

Info

Channel: addicted2tech

Views: 18,912

Rating: undefined out of 5

Keywords: nginx, nginx proxy manager, reverse proxy, nginx proxy manager tutorial, raspberry pi 4, raspberry pi, raspberrypi, raspberrypi4, raspberry pi security, raspberry pi networking, putty, putty on windows 10, putty on windows, ssh security, secure shell ssh, addictedtotechuk, addictedtotech, addicted2tech, addicted to tech, addicted 2 tech, docker, pi, linux, what is nginx, nginx tutorial, nginx reverse proxy

Id: UoABJxIeq3A

Channel Id: undefined

Length: 17min 21sec (1041 seconds)

Published: Sun Jan 24 2021