thanks for the update! quick question, after updating home assistant docker to use proxynet chrome cast device no longer can be auto discovered by the docker and even I manually configure the ip it doesn't seem to allow streaming anymore, any thoughts? I searched a bit it says something about requiring mdns, but I have a feeling that even if the proxynet is enabled for it, essentially the cast device and the docker are no longer on the same network so it can't work, is that right?
Wanted to post some issues I had (and there solutions) Once I first got everything setup I had the HTTP error 504. If I went to the nginx error log on swag (EG letsencrypt) I found the error "connect() failed (111: Connection refused) while connecting to upstream" To fix this I went to the UNRaid advanced docker settings and changed "Host access to custom networks" to ENABLED The second error I had (that you would need to let nextcloud run for about 5 minutes first) was that the nextcloud log said it could not connect to the database. I had to move mariadb to the proxynet network, then change the "\appdata extcloud\www extcloud\config\config.php" file on line 20 to the new DB server address, shown on the docker page on UNRaid. Hope this helps! It took me way too many hours to fix this.
For newbies, LetsEncrypt is now named SWAG but it's all the same and I used only this tutorial to set it all up, went perfect in SWAG. (Same app, they just changed the name) Thanks for all you do!!! Your videos have been EXTREMELY helpful! Greatly Appreciated
I'm currently in process of doing this now and I came across a thing you might want to mention at some point, maybe add it to the description? Using a CName record is only used as an alias for an already existing FQDN. If you are using a DNS provider that has support for a DDNS tracker natively, you would instead have to add new A records and keep them up to date with the tracker bot. Currently, I am using Cloudflare and my pfSense keeps my IP updated directly from Cloudflare without the need for duckDNS when using your own domain. I have this set up for connecting to my VPN since the IP likes to change every time I have to reboot my modem. Ill let you know how the rest goes when my new domain names DNS updates. :D
Hey SpaceInvader, do you have any idea how setup the Next cloud to work with Collabora container? Everything works, but Next cloud unable to connect to Collabora unfortunately. Here is the link as a reference lime-technology.com/forums/topic/57240-request-collabora-online/?tab=comments#comment-560603&searchlight=1
Table of Contents 0:08 - What is a reverse proxy? 1:34 - How does it work? 6:09 - Planning our proxy 10:00 - Port forwarding 11:36 - Setting up a user defined docker network 12:48 - Installing the letsencrypt docker container - DuckDNS 15:47 - Installing the letsencrypt docker container - Custom domain 16:53 - Attaching docker containers 18:05 - Configuring the reverse proxy 22:14 - Configure nextcloud to work with a proxy 25:06 - Reverse proxy with subfolders 27:06 - Troubleshooting
I can't believe how hard it was to find this comprehensive tutorial. The topic is incredibly complicated for a beginner and it took me ages to find this video. Thank you for explaining the topic so thoroughly! :)
I had to pause and comment. You are not only doing a tutorial/how to/do this but also teaching. It's really nice to get an understanding on what it is. It makes it easier to understand what Im doing and also why. Thank you Spaceinvader One!
Phew, that took me some time to get going. Had to translate a few steps as I have a static IP address at home so not using duckDNS. Anyone else in the same boat, I'm sure you already know, but you just use a A Record instead of a CNAME when configuring DNS on your domain providers config page.
Thanks for that... been at this for some time and I'm in the same boat... but still getting an error...Invalid host in redirect target "XX.X00.XX.XX". Only domain names are supported, not IP addresses. Ill get there.
Looks like I'll need to dive back in at a later time. I am setting up nextcloud and it was working perfectly locally but as soon as I changed the setting for remote access it fell apart. I am getting a 502 Bad Gateway Error but everything looks good from what I can tell. SSL cert has the right info and it shows secure but no dice. I am using the duckdns option. The nextcloud config seems to be in a different order now than at the time of the video but the info is mostly the same. Running PFSense. Thanks for the great videos! I am having a lot of fun and learning a lot! Edit: Woke up this morning sat down to look at it the config files again. Then all of the sudden "proxynet!' went through my head. I missed changing nextcloud to that network type. Working great now. Thanks again!
for me it's the exact opposite. if using br0 ist working (only localy), but as soon as i switch to proxynet nothing works. nextcloud isn't acassable at all. unraid dosnt have a ui button anymore and enetring it manualy gives an bad gateaway. The log of nextcloud gives me "AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.18.0.3. Set the 'ServerName' directive globally to suppress this message" with no ports mapped at all!. it's just empty. past two days i've browsed hundrets of threads and it's driving me crazy.
@@Tsumitsukiii what do your nginx logs look like? You may need to restart letsencrypt. I have a fairly basic knowledge of setting all this up but have had weird issues and errors if it needs restarting. Or if there are any missing subdomains in my letsencrypt container. For instance jitsi not running while I am trying to start nginx will keep all my other proxynet containers from working. With UI button missing I have had that happen when the container didn't update correctly and had to reinstall. You can keep your config file but may need to repush the container pull again. Hope some of this helps
@@BrondRando nginx (letsencrypt) works normaly and is ready except "nginx: [alert] detected a LuaJIT version which is not OpenResty's" have restarted evereythin countless times.Even the whole machine. The Minecraft players weher not happy about that!^^ i can access the ui while the dontainer is in the br0 network. and the ui button is there two. its only while on proxynet. Same with plex. i don't need it in the proxy for webaccess since the app can do it without this but it would be nice to have a dedicated url for plex. both plex and nextcloud dose not even start on proxynet. thanks for your help, anyway! i'll dig into this more tomorrow.
Thanks for all your videos - you do great work! One note for anyone setting sonarr subfolder - there are now two places where you need to set the new container name.
Bruh, you're a life saver. I'd have spent so much time trying to figure out how to do all this unRAID stuff on my own. Not only are these videos both easy to follow but you provide the information I need to go and do more reading on my own. Coming into this project blind was a real challange and everything I've wanted to set up has been a rabit hole of terminology and abbreviations and figuring out industry standards! It's been a lot of fun and for the moment this and your nextcloud video are the pieces of the puzzle I needed. Thank you again.
at the end of this video you talked about installing Heimdall. is there still plans on making a tutorial about this docker? Love your videos, best ones out there for unraid. thanks for all your work
You literally click install and pick an unused HTTP port and an unused HTTPS port. If you need a video to show how to click the mouse three times to Heimdall you shouldn't be using a computer, let alone commenting on a letsencrypt video.
In the Security and Warnings page in nextcloud I was getting the warning "The reverse proxy header configuration is incorrect, or you are accessing Nextcloud from a trusted proxy. If not, this is a security issue and can allow an attacker to spoof their IP address as visible to the Nextcloud" running 16.0.4. I found the fix. You also have to add the line 'trusted_proxies' => 'letsencrypt', in the config.php file. I put it under the overwriteprotocol line. Thanks Spaceinvader One could not cope without you.
Yes. "letsencrypt" IS now "swag" and followed this video along with no problems still. Minor differences but no problems getting port forwarding to docker containers. BUT I have yet to get forwarding to my ubuntu server VM running and nginx webserver for webmail apps working properly. Something with the rewrites just not working correctly... Thanks Spaceinvader One!
Thanks for the tutorial. Whoever is doing this after 1st Jan 2019 and can't get sonarr and radarr working, you should know this. When editing the confs in the appdata folders, for both radarr and sonarr you need to replace them twice!! Otherwise, it will just hang when you try to access them
I know it's not your thing but if you have have any tutorials on using it in straight docker, please share. I've actually moved from unraid to using proxmox with docker and portainer. I would have liked to use proxmox/docker/rancher but it kept giving me issues with setting up rancher,. Most likely mistakes on my part.
If you get this warring: "The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For more security, we recommend that you enable HSTS as explained in the safety instructions." go to => appdata extcloud ginx\site-confs than open "default" and add this line over the first "add_header" line: add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
Now Swag - This gives you a breakdown what everything in the settings are for: docs.linuxserver.io/images/docker-letsencrypt. I basically did the Domain Name: subdomain.duckdns.org, Subdomain(s): wildcard, Validation: duckdns, DuckDNS Token: the token you get from DuckDNS when you generate it. I was bashing my head against a brick wall until I found that document. Hope that helps anyone else who is stuck out there!
Your videos are ridiculously well done, informative and useful. I can't thank you enough. Looks like you're going to be my first Patreon donation subscription.
God you have the BEST videos, I love how well you explain everything you are doing! I've used your video's so much now over the years, always find myself coming back to them for something.
Love your videos! You are the main reason I am hooked on Unraid. Also why I am able to do so much with it. I always get excited when I get that notification that you uploaded a new video. Thanks for all of your time making these videos!
I solved a problem that I was not able to find through rigorous searching. I hope you find this helpful. Problem: nginx works externally but not internally. Configuration: Running nginx on unraid behind opnsense firewall. Opnsense is behind AT&T router and assigned a private IP on its WAN interface. (double NAT) Resolved by disabling "Block private networks" on WAN interface.
I’ve been struggling with this for months. I can wait to try again when I get home from work! Plus, next week’s video is gonna be AMAZING!! I’ve always wanted to setup something like that!
This never worked for me but it taught me a lot. I ended up ditching letsencrypt and using nginx proxy manager. However I still had to edit the config file. No matter what I did it didn't work. What I ended up having to do is - inside Nextcloud I had to download OCC Web app and adding a trusted domain there because the container console wouldn't work. I'm in!
Rather than making multiple subdomains in DuckDNS, you can use your own DuckDNS subdomain under the "Domain" (e.g. yoursubdomain.duckdns.org) instead of just duckdns.org then list all the subdomains you have (e.g. "nextcloud,organizr"). Thanks again for the great video Ed!
As always absolutely brilliant. Followed instructions to the letter and worked perfectly. Just one thing to note for people trying to setup Plex and Emby. Leave the docker configuration where it is for those and edit the NGINX proxy files referencing the actual IP address and Port of the Plex and Emby services. Instructions at the top of the file :)
Hi, I just thought I would note that i had an issue with 2 of my dockers (being binhex-emby and qbittorrent) that were getting 502 bad gateway errors. I narrowed it down to the docker names NOT being resolved into the correct IP addresses, even when all dockers were on the custom proxynet network. The solution was to simply not use the names of the dockers, and to type in the IP addresses directly into the _____.subdomain.conf files.
THANK YOU! Have spent days trying to get this working, scoured forums, ran clean installs multiple times yet could not fix the 502 Bad Gateway Error until I read your comment.
Spaceinvader One you are my hero. Using your videos I have set up all of my unraid server including LetsEncrypt. One note thought when editing my *.conf files I needed to change the container name in 2 places as there is set $upstream, one for location and another for the api. Keep up the good work.
So for everybody that also noticed that you can't reach your services when don't type infront of your subdomains I have this solution: You go to appdata>letsencrypt>nginx>site-configs ... you open the default file with the texteditor (the same you used for all the other .conf files). Copy this part from the "Default" config (not from this comment): #server { # listen 80; # server_name _; # return 301 $host$request_uri; #} then go to your individual docker .config (like spacinvader does in 24:20 ) In paste the line on top of or to be more precise in front of: server { listen 443 ssl; and delete the "# " from the section you copied -------------------------------------------------------------------------------- It should look something like this: # make sure that your dns has a cname set for nextcloud # edit your nextcloud container's /config/www/nextcloud/config/config.php file and change the server address info as described # at the end of the following article: blog.linuxserver.io/2017/05/10/installing-nextcloud-on-unraid-with-letsencrypt-reverse-proxy/ server { listen 80; server_name _; return 301 $host$request_uri; } server { listen 443 ssl; server_name nextcloud.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_nextcloud nextcloud; proxy_max_temp_file_size 2048m; proxy_pass $upstream_nextcloud:443; } } --------------------------------------------------------------------------------- (This will return 301 to the browser and tell it to use https) I hope this helped you guys. If not maybe SpaceInv. 1 will pick this up in his next video. If not and you still have trouble I can make a short clip that will explain this part. I also want to thank Spaceinvader One. I couldn't have set this up without your videos. Cheers
Thank you. Awesome video. I couldn't get Caddy working in Unraid docker as a reverse proxy. Regardless, I prefer Nginx, as its more mature and configuration options are well documented. So this episode of your video was just in time.
For those that are getting the error "Welcome to our Server. The website is ...." I figured out the fix (version 18.0.4). Leave the line ** 'overwrite.cli.url' => "IPADDRESS:PORTNUMBER', ** alone. After I changed it back to the original setting from my subdomain it started working again, even remotely. I don't know if this is due to a change between versions, but I spent about an hour or more trying to get it to work by changing different things and following other suggestions. Finally, I thought about changing it back to the IP address and it worked. You can still type your subdomain in your browser to access. Even if you type your IP address, it will automatically change it to your subdomain.
Awesome video once again. Will be setting this up in the next couple of days, just got to sort out not using a subdomain but a direct domain. Homework for me :) Keep it coming, love your instructional videos!
Stuck for months!! Realized that my router never did REAL port forwarding. It was just opening ports from a range - 'Start' to 'End'. Rather than forwarding WAN -> LAN ports. Changed the default port unRAID booted on. Opened 80 and 443 for the server and worked like a charm!
I changed the unraid ports so lets encrypt could use 80 and 443, because my router is the same. I'm failing the challenges in the log part of this video though. Any ideas?
this is a wonderful video. thank you for doing this- got me going in the right direction. I was able to setup SWAG(Previously LetsEncrypt on linuxserver.io) within portainer using duckdns as the ddns. There were some different settings from my router's firewall and portainer's gui looks a little different than unRAID but same concept.
Really great and informantive video! I ran into some problems with configuring the ports. I couldn't use the ones you where using (1443 and 180). After a few hours of troubleshooting my router, I figured it out that the ports where blocked by my ISPn. It works perfectly when I chose ports 81 and 446. So yeah, I thought I would tell you if someone else also encountered the same problem.
I solved the issue by choosing different ports. In the video he routes the port 443 to 1443 and port 80 to 180. Ports 1443 and 180 didn't work for me, so I tried port 443 to 446 and port 80 to 81 instead and that worked. I hope this solves the issue for you!
Was just simply restarting Letsencrypt container enough for those new port settings to work out? I'm having a similar issue and no success with anything yet.
Yes. As soon I didn't use ports that where blocked by my ISP and the ports where open in my router, a restart of the Letsenctrypt container was the only thing left that I had to do to for it to work.
Thanks. Tried a year to figure out how to setup my file server the best way. I did it just in a couple of hours with your vids. Dropbox is too expensive when its alot of data. Only one thing i didnt manage and that is indexing. Its just another level. For now i use windows indexing in the shared folders, but would be nice to find the files i need from the nextcloud app on my phone.
FYI if you came here with a bad gateway error - the issue is the new configs have two separate location groupings: [ location ~ (/radarr)?/api {, location / { ] You need to configure the [ set $upstream_radarr binhex-xxxxx; ] in both locations :)
Great tutorial as usual. Consider using nginxpm container instead... it simplifies everything and provides an outstanding GUI for setting up and managing everything.
wow, thank you very much! absolute great video! i needed to watch the krusader, sonarr and nextcloud tutorial while working through this one and everything worked out perfectly.tomorrow i am going to buy a good linux compendium to start learning. working for years with windows is melting my brains trying to understand this new os world. make me a bit angry not to understand most of this atm ;-)
Also I want to point out that, if your router is not supporting NAT reverse/loopback, you need to remove 'overwritehost' at 23:32 if you want to run nextcloud in the same network.
I just removed 'overwritehost' and now I can click on nextcloud webui in the docker tab and get to my nextcloud but it still shows my unraid IP in the address bar. And if I enter my suddomain into the url it goes directly to my router again.
Hello. I have followed this guide 5 times now and reach the same end result every time. When I connect to my sub-domain at duckdns, I receive the following page "Welcome to our server - The website is currently being setup under this address." LetsEcrypt and Nextcloud are both on Proxynet network, ports 80 => 180, 443 => 1443 have been forwarded correctly on the router and all edits to the config files have been made exactly as shown in the video. Any idea why the proxy is not forwarding correctly to the container? Also, Nextcloud is configured on port 444.
I had the same problem for like 8 hours, fixed mine modifying the file show in the minute 24:22, I changed: server_name nextcloud.*; for the word that equals my sub domain in duckdns, for example if my domain is: bigsease.duckdns.org, you should edit the file to: server_name bigsease.*;
@@ninnetyer when you modified this file and changed the filename like he did , did it change to a conf file or did it remain a sample file ending in a .conf name? Thanks
First off, thank you for all the awesome videos. I've been trying to set this exact scenario up for months and haven't been able to get it to work properly. After following your tutorial I'm still having an issue. Everything seems to be working perfectly over WAN and Nextcloud comes up as it should, but I can't access Nextcloud on LAN. It redirects to my routers login page (Edge Router). I've tried connecting through unraid gui, direct IP entry, and typing in the URL. I've confirmed all my settings and followed your tutorial to the T. Any help would be greatly appreciated, I have tried every tutorial I can find and none of them were as detailed nor got me as close as yours. Thanks again for the videos. EDIT: I got it to work! I was looking through my settings again and noticed that the edgerouter has a NAT Hairpin checkmark, all is well. Thanks so much for the awesome tutorials!
Hi there. I am also using an EdgeRouter and I can't get this to work. When starting letsencrypt I get the error generating certs like Ed showed in the video. I checked my port forwarding and have tried every way I can think of but nothing works. I'll give you an example of how it's set up which I think is correct: Original Port: 80 Protocol: TCP Forward-to Address: [unRAID IP] Forward-to Port: 180 and same for https 443/1443. Is this how you have your port forwarding set up on your EdgeRouter? If I am doing it right I fear that maybe my ISP is blocking those ports. Wonder if there's a way to get around that... Thanks for any insights.
As always, great video. I have a question for you on this. Do you think that this the better way to go than to setup reverse proxy from within pfSense, which I am assuming can be done? Just curious, since with a combo pfSense, unRaid, Dockers & VMs, there are a slew of ways to achieve the same goal and I like to keep myself organized. In my mind, pfSense is used for routing my traffic, so it would make sense that reverse proxies should also be controlled by pfSense, if that is an option. On the other hand, I'm sure doing it this way is much easier than configuring it in pfSense.
Followed this guide and everything is working well. But after consoling into the containers that are on the proxynet network I am still able to ping across to hostnames on my physical local LAN. Is there a way to make these exposed containers more isolated from my internal network?
Amazing video!!! Thanks so much, this was a lifesaver! I have tried to use the same setup (Reverse Proxy, LetsEncrypt w/ NGINX) with a WordPress site (business/portfolio) with the docker container from the community apps. But I haven't been able to get the proxy setup correct to access the website externally along with NextCloud and everything else. Could you please make a walkthrough video for WordPress & Reverse Proxy?
follow the same steps accept change the name(s) to ombi, and after that I got hung up because I didn't remove the sample from the .conf file name in letsencrypt
@@MattFL850 I have it on nextcloud, you need to configure in the nextcloud folder the domains 22:39 of the video and set up https scheme on NginxProxyManager on the ssl page force ssl and HSTS enabled to more security
@@MattFL850 You need to change the settings of nextcloud to allow the dns. Just watch the video again and follow each step one at a time. You might have forget something
It is worth noting that this may not be possible in some instances where the ISP blocks port 80 (like mine does). You'll want to check with your ISP to make sure port 80 is not blocked if you are certain every step is done correctly.
This may be the issue I'm having. I can't for the life of me figure out why it refuses to connect. Everything looks like it should work...Duck DNS looks right, port forwarding looks right, everything looks fine...yet it refuses to connect. Now, in the course of troubleshooting, I've hit the "rate limit" and HAVE TO WAIT A WEEK!! WTF!? SUPER fucking annoying.
Hi, I found every single of your videos very helpful, but I think this one got old and this method can't be followed anymore, at least I havent found the Let's Encrypt app and I'm doing this reverse proxy thing is with NginxProxyManager, but I have trouble setting everything up with a custom domain, duckdns and netxcloud. Maybe you can do a video of a similar configuration. Thanks in advance!
someone give this man a gold medal. Would you say its worth setting up the porxy for nexcloud or should i just use my openvpn to tunnel into my home network for access like i have been. I kinda like that the proxy will always work regrdless of my vpn being on or off.
LetsEncrypt docker container no longer exists. It has been renamed to 'swag' by the linuxserver guys due to a legal issue. See Spaceinvader One's new video on migrating from Letsencrypt to the New Swag Container. It's pretty straightforward to set it up, it's a drop in replacement. Just ensure that if you enter your subdomains correctly
Great Video - I got LetsEncrypt running in no time. You have got to be the best Unraid You-tuber there is. Question, Is it possible to use LetsEncrypt to forward traffic to other servers not hosted Unraid?
Hi Jamie. Yes that is possible you can forward to other things on the same subnet. For example replace the line "proxy_pass $upstream_nameofdocker:portnumber;" with "proxy_pass HOSTIP:portnumber;" HOSTIP being the IP address of the other server and portnumber the port the service is running on. Hope that helps :)
First, I want to thank you for your incredible tutorials. These have been so informative and helpful - I am truly blown away by the care you put into explaining these concepts. I seem to have everything working but in the Nextcloud settings I am seeing "The reverse proxy header configuration is incorrect, or you are accessing Nextcloud from a trusted proxy..." warning. Should I be concerned about this?
Hi Michael. Thankyou for your kind comments. i am glad that you like the videos. Please try adding this to your nextcloud config.php file 'trusted_proxies' => array ( 0 => 'letsencrypt', ), Hope this helps. :)
Great video. Thanks. One question though. I am able to access my domains from outside the network, but am unable to access them through the webui or local ip while on the network. Any suggestions?
does anyone know how the port forwarding might be accomplished on an Xfinity router? Their settings only allow forwarding a single port for a device, there is no port -> port forwarding, so it doesn't seem like 80 -> 180 or 443 -> 1443 is possible. Maybe port triggering can solve this? I haven't been able to make it work, though. I know the definite solution would be to run bridge mode with a 3rd party router but I'd like to avoid that if possible.
At 18:20 You begin to edit config files for the reverse proxy setup. Do you also need to do this for the subdomain setup as well replacing the reverse proxy with the duckdns subdomains?
I previously added SSL, HTTPS in unraid settings from one of your previous videos. Using this guide do i remove those settings/changes for this letsencrypt tutorial? Also, I previously set some things up with duckdns and dockers and they were working fine (previous router), now i have changed to a new pfsense box and want to use cloudflare with my own domain name, does duckdns still have a role to play? Sorry for basic questions, just trying to figure all this out. Big thanks, GREAT videos!! cheers
Sorry to comment on this old video but I was trying to setup a reverse proxy using swag and duckdns. Everything seems to be setup correctly but I'm getting 502 Bad Gateway from nginx. Any ideas?
For anyone wondering: the letsencrypt docker image on Unraid is now called "SWAG" More information can be found here: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-qnEuHKdf7N0.html
Love your work! To help you out there, people with ios trying to do back ups will run into an error 401 uploading videos. To fix this go to /mnt/user/appdata/letsencrypt/nginx/proxy.conf and edit these lines to upload large files. client_max_body_size 10g; client_body_buffer_size 700m;