CHBMB Posted March 22, 2015 Share Posted March 22, 2015 A couple of people recently have been trying to get this working and as an Apache noob myself I understand their pain. I managed it using smdion's excellent tutorial here I use CaptInsano's ddclient docker container and I use a modified version of smdion's apache reverse proxy, (I needed to add some modules to run my ebook website) but smdion's original works brilliantly for all my other config needs. I have been meaning to post this for a while so have a example proxy config that works for me, currently I have my own domain from namecheap.com and added SSL using smdion's guide. I redirect all http traffic to https for security reasons and this is the config I use. I'm in the process of sorting out a tutorial to demonstrate how to get an e-book library up and running, so not all this stuff is relevant. So pick out the bits you need or are relevant to you. <VirtualHost *:80> ServerName www.example.com ServerAdmin webmaster@localhost DocumentRoot /var/www ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined ##Redirect All To https - Uncomment below lines if necessary## #<Location /> #Order deny,allow #Deny from all #</Location> #RewriteEngine On #RewriteRule ^/?(.*) https://www.example.com/$1 [R=301,L] ##COPS## <Directory "/var/www/cops/"> AllowOverride None Order allow,deny Allow from all </Directory> ##NZBGet## <Location /nzbget> ProxyPass http://UNRAID-IP:6789/nzbget ProxyPassReverse http://UNRAID-IP:6789/nzbget Order deny,allow Deny from all Allow from all </Location> ##Sonarr## <Location /sonarr> ProxyPass http://UNRAID-IP:8989/sonarr ProxyPassReverse http://UNRAID-IP:8989/sonarr Order deny,allow Deny from all Allow from all </Location> ##Couchpotato## <Location /couch> ProxyPass http://UNRAID-IP:5050/couch ProxyPassReverse http://UNRAID-IP:5050/couch Order deny,allow Deny from all Allow from all </Location> ##Deluge## <Location /deluge> RequestHeader append X-Deluge-Base "/deluge/" ProxyPass http://UNRAID-IP:8112 ProxyPassReverse http://UNRAID-IP:8112 Order deny,allow Deny from all Allow from all </Location> </VirtualHost> <VirtualHost *:443> ServerName www.example.com ServerAdmin webmaster@localhost DocumentRoot /var/www ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLProtocol All -SSLv2 -SSLv3 SSLCipherSuite AES128+EECDH:AES128+EDH SSLCertificateFile /config/ssl.crt SSLCertificateKeyFile /config/decryptedssl.key SSLCertificateChainFile /config/sub.class1.server.ca.pem ##COPS## <Directory "/var/www/cops/"> AuthType Basic AuthName "COPS" AuthUserFile /config/.htpasswd Require valid-user AllowOverride None Order allow,deny Allow from all </Directory> ##NZBget## <Location /nzbget> ProxyPass http://UNRAID-IP:6789/nzbget ProxyPassReverse http://UNRAID-IP:6789/nzbget AuthUserFile /config/.htpasswd AuthType Basic AuthName "NZBGet" Require valid-user </Location> ##Sonarr## <Location /sonarr> ProxyPass http://UNRAID-IP:8989/sonarr ProxyPassReverse http://UNRAID-IP:8989/sonarr AuthUserFile /config/.htpasswd AuthType Basic AuthName "Sonarr" Require valid-user </Location> ##Couchpotato## <Location /couch> ProxyPass http://UNRAID-IP:5050/couch ProxyPassReverse http://UNRAID-IP:5050/couch AuthUserFile /config/.htpasswd AuthType Basic AuthName "CouchPotato" Require valid-user </Location> ##Deluge## <Location /deluge> RequestHeader append X-Deluge-Base "/deluge/" ProxyPass http://UNRAID-IP:8112 ProxyPassReverse http://UNRAID-IP:8112 AuthUserFile /config/.htpasswd AuthType Basic AuthName "Deluge" Require valid-user </Location> ##Guacamole## <Location /guacamole> ProxyPass http://192.168.1.1:8082/guacamole max=20 flushpackets=on ProxyPassReverse http://192.168.1.1:8082/guacamole AuthUserFile /config/.htpasswd AuthType Basic AuthName "Guacamole" Require valid-user </Location> </VirtualHost> My docker config currently looks like this Hope this helps and it'd be cool if others posted their configs to form a sort of reference guide for those of us who are new to this sort of thing. Others I've experimented with but not quite got working yet are Wallabag and Owncloud. Quote Link to comment
somail Posted March 22, 2015 Share Posted March 22, 2015 CHBMB - This is a good start. Eventually you may want to update your OP with some background on what the actual values in your config file do. One questions which is asked a lot is what "/web" is used for. For anyone wondering its just a folder to hold any web pages you wish to point/redirect to using the apache server. This folder can be placed in your cache drive and by default will be empty. Quote Link to comment
isvein Posted February 28, 2016 Share Posted February 28, 2016 How to setup reverse proxy? The guide that is mentioned is not online anymore it seems. Quote Link to comment
CHBMB Posted February 28, 2016 Author Share Posted February 28, 2016 How to setup reverse proxy? The guide that is mentioned is not online anymore it seems. https://www.linuxserver.io/index.php/overview-reverse-proxy-with-docker/ Quote Link to comment
isvein Posted February 29, 2016 Share Posted February 29, 2016 Tried now, but I cant get it to work Possible to get an example on how an working /site-confs/default.conf looks? thank you Quote Link to comment
CHBMB Posted February 29, 2016 Author Share Posted February 29, 2016 Post what you've got so far.. Quote Link to comment
isvein Posted February 29, 2016 Share Posted February 29, 2016 <VirtualHost *:443> ServerName gumi.domain.com SSLEngine on SSLCertificateFile "/config/keys/cert.crt" SSLCertificateKeyFile "/config/keys/cert.key" DocumentRoot /config/www/ <Directory "/config/www/"> Options Indexes FollowSymLinks MultiViews AllowOverride all Order allow,deny Allow from all </Directory> <Location /audio> ProxyPass http://192.168.0.7:8080 ProxyPassReverse http://192.168.0.7:8080 </Location> </VirtualHost> Quote Link to comment
CHBMB Posted February 29, 2016 Author Share Posted February 29, 2016 What's in your Apache logs? Both the docker one in the Unraid webui and the ones located in your appdata folder? Here's mine for reference... <VirtualHost *:80> ServerName server.com ServerAlias server.com DocumentRoot /config/www/ Redirect permanent / https://server.com/ </VirtualHost> <VirtualHost *:443> ServerName server.com ServerAdmin webmaster@localhost DocumentRoot /config/www/ SSLCertificateFile /config/keys/2_server.com.crt SSLCertificateKeyFile /config/keys/ssldecrypted.key SSLCertificateChainFile /config/keys/sub.class1.server.ca.pem Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" SSLEngine on SSLProxyEngine On RewriteEngine On ProxyPreserveHost Off SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS SSLHonorCipherOrder on <Directory "/config/www/"> Options Indexes FollowSymLinks MultiViews AllowOverride all Order allow,deny Allow from all </Directory> </VirtualHost> Quote Link to comment
isvein Posted February 29, 2016 Share Posted February 29, 2016 I tried now with an clean install of apache and the excample with transmission and it worked. But not working for an app running on another server, an Synology NAS. The site loads but the page gets blank. The same issue as described at the top here https://forum.synology.com/enu/viewtopic.php?f=34&t=19562&sid=1ace3282a017932786cf8e8a68db24c3&start=15 Quote Link to comment
CHBMB Posted February 29, 2016 Author Share Posted February 29, 2016 I tried now with an clean install of apache and the excample with transmission and it worked. But not working for an app running on another server, an Synology NAS. The site loads but the page gets blank. The same issue as described at the top here https://forum.synology.com/enu/viewtopic.php?f=34&t=19562&sid=1ace3282a017932786cf8e8a68db24c3&start=15 That gives us no information that enables us to help you I'm afraid. Quote Link to comment
isvein Posted February 29, 2016 Share Posted February 29, 2016 Well, I looked into it, and it looks like accessing Synology apps from behind an reverse proxy is an pain to get it to work, it works fine now with apps/dockers running on Unraid. I guess I need to look more into it from the Synology side. Quote Link to comment
ninthwalker Posted March 1, 2016 Share Posted March 1, 2016 Others I've experimented with but not quite got working yet are Wallabag and Owncloud. I run a separate Apache web server, however I use it for my reverse proxy as well. Including pointing to an Owncloud docker. I use subdomain's instead of <Location>, so maybe that is why my proxy works, but figured I'd paste my config for the Owncloud docker below: <VirtualHost *:443> ServerName my.website.com SSLProxyEngine on SSLCertificateFile /etc/letsencrypt/live/website.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/website.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/website.com/chain.pem ProxyPreserveHost on ProxyPass / https://10.100.1.24:8000/ ProxyPassReverse / https://10.100.1.24:8000/ </VirtualHost> Quote Link to comment
isvein Posted March 1, 2016 Share Posted March 1, 2016 ninthwalker: I got it to work using that method too And I got another app on the synology to work by creating another virtual host in the apache config. It wont work right with <location> for some reason. But this means that to get this to work correct I need an wildcard SSL sertification since each app/service needs to be on different subdomains.......was hoping I would not need one since they are expensive. Quote Link to comment
CHBMB Posted March 1, 2016 Author Share Posted March 1, 2016 ninthwalker: I got it to work using that method too And I got another app on the synology to work by creating another virtual host in the apache config. It wont work right with <location> for some reason. But this means that to get this to work correct I need an wildcard SSL sertification since each app/service needs to be on different subdomains.......was hoping I would not need one since they are expensive. StartSSL is free.... Quote Link to comment
twok Posted March 1, 2016 Share Posted March 1, 2016 hey there... this is mine. without ssl currently since I'm just testing and playing around and not running live 24/7. <VirtualHost *:80> DocumentRoot /config/www/ ServerName domain.com ProxyPass / http://10.0.0.24:13160/ ProxyPassReverse / http://10.0.0.24:13160/ </VirtualHost> <VirtualHost *:80> ServerName admin.domain.com ProxyPass / http://10.0.0.24:66/ ProxyPassReverse / http://10.0.0.24:66/ </VirtualHost> <VirtualHost *:80> ServerName confluence.domain.com ProxyPass / http://10.0.0.24:13161/ ProxyPassReverse / http://10.0.0.24:13161/ </VirtualHost> <VirtualHost *:80> ServerName jira.domain.com ProxyPass / http://10.0.0.24:13162/ ProxyPassReverse / http://10.0.0.24:13162/ </VirtualHost> <VirtualHost *:80> ServerName cloud.domain.com ProxyPass / http://10.0.0.24:13163/ ProxyPassReverse / http://10.0.0.24:13163/ </VirtualHost> <VirtualHost *:80> ServerName guacamole.domain.com ProxyPass / http://10.0.0.24:13165/ ProxyPassReverse / http://10.0.0.24:13165/ </VirtualHost> <VirtualHost *:80> ServerName putty.domain.com ProxyPass / http://10.0.0.24:22/ ProxyPassReverse / http://10.0.0.24:22/ </VirtualHost> <VirtualHost *:80> ServerName imap.domain.com ProxyPass / http://10.0.0.24:143/ ProxyPassReverse / http://10.0.0.24:143/ </VirtualHost> <VirtualHost *:80> ServerName smtp.domain.com ProxyPass / http://10.0.0.24:25/ ProxyPassReverse / http://10.0.0.24:25/ </VirtualHost> <VirtualHost *:80> ServerName ts3.domain.com ProxyPass / http://10.0.0.24:9987/ ProxyPassReverse / http://10.0.0.24:9987/ </VirtualHost> Quote Link to comment
isvein Posted March 1, 2016 Share Posted March 1, 2016 twok: yes that is how I did it CHBMB: true, I have used them for the past year, just fount out a few days ago that they have changed their website (it no more looks like something from the 90s) and that you can have 5 subdomains on 1free SSL, so I guess that works enough for me. Wildcard SSL is not free (starts at 60USD/year) Quote Link to comment
ninthwalker Posted March 1, 2016 Share Posted March 1, 2016 twok: yes that is how I did it CHBMB: true, I have used them for the past year, just fount out a few days ago that they have changed their website (it no more looks like something from the 90s) and that you can have 5 subdomains on 1free SSL, so I guess that works enough for me. Wildcard SSL is not free (starts at 60USD/year) You should check out LetsEncrypt. Free SSL's that autoupdate for however many sub/domains you want. A lot of people are switching to them including big public sites too. Someone even made a docker that includes it as well. - NinthWalker Quote Link to comment
twok Posted March 1, 2016 Share Posted March 1, 2016 there is already an Apache docker template with LetsEncrypt included somewhere and I'm thinking to try out Nginx with LetsEncrypt but I haven't found any time for it. I'm working to get a docker mail server running since I always enrage in VMs and mess them up.... I recommend to checkout those from linuxserver.io that stuff and the guides / forum there did really help me out. (i'm still a total noobie with all that linux stuff) cheers, Matt Quote Link to comment
talmania Posted April 12, 2016 Share Posted April 12, 2016 Wasn't sure of where to post these questions but as they revolve around basic apache docker reverse proxy questions I figured here would be as good as in the linuxserver.io owncloud thread. Goal: My goal is to get owncloud published externally with SSL. Current status: I've got owncloud working externally and Apache docker working as well (at least I can hit the http/https default links that show it's running) Configuration: Apache is using 80/443 on the docker and 8008 and 4433 on the host (unraid duh). Status: I've done nothing so far other than learn how to SSH into the docker itself from within unraid. I'm mostly comfortable with VI but my Linux knowledge is extremely basic. I've followed the page here: https://www.linuxserver.io/index.php/overview-reverse-proxy-with-docker/ And specifically when I get to the part about modifying the default.conf file in Apache here: https://www.linuxserver.io/index.php/overview-reverse-proxy-with-docker/installation-of-apacheweb-docker/ I'm making the assumption that the "location" sets can be simply appended to the end of the default.conf file or do they need to reside within the framework sections for VirtualHost for the Non-SSL vs SSL pages? Thanks for the help! Edit: I'm an absolute idiot--yes they reside within the virtualhost framework. Good grief.... Quote Link to comment
bnevets27 Posted April 27, 2016 Share Posted April 27, 2016 Does anyone have an example of a config that gets 100% on ssllabs? I know that its probably unnecessary to get 100% but if someone has a working config that does get over an A rating I would appreciate it. Quote Link to comment
redalert11 Posted September 9, 2016 Share Posted September 9, 2016 check out my working nginx-lets encrypt config. i finally got most of my stuff working and even got the unraid web gui is passed through. https://lime-technology.com/forum/index.php?topic=51720.0 Quote Link to comment
methanoid Posted April 4, 2017 Share Posted April 4, 2017 What about proxying the unraid web interface itself? I had to move it from port 80 to allow Apache that... but I'd like to access it from outside my network. My strong preference is for a domain.com/site address rather than a subdomain.domain.com style address Hence something LIKE (this does NOT work though!!) <Location /unraid/> ProxyPass http://192.168.0.7:xx/ ProxyPassReverse http://192.168.0.7:xx/ </Location> Any ideas? Quote Link to comment
CHBMB Posted April 4, 2017 Author Share Posted April 4, 2017 Not a good idea and has been discussed in the past. If you want access to Unraid from WAN then a VPN is the only way to go. Quote Link to comment
methanoid Posted April 4, 2017 Share Posted April 4, 2017 1 minute ago, CHBMB said: Not a good idea and has been discussed in the past. If you want access to Unraid from WAN then a VPN is the only way to go. Presumably security worries? I assume Teamviewer into my local VM and then load up the unRAID web interface that way works fine? Quote Link to comment
CHBMB Posted April 4, 2017 Author Share Posted April 4, 2017 Yeah TV into VM is another way, not quite as direct and you need to "trust" teamviewer, but better than proxying the webui. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.