Any guide on reverse proxy with nginx?

[ZodiacUHD]

Hello everyone, i've been struggling the past couple of days: i'd like to setup up reverse proxying in order to get something like this:
-freenas.com/sickrage
-freenas.com/transmission
-freenas.com/plexrequests

My knowledge is quite basic and i'm one of those guys who needs a very very very simple guide in order to achieve something... If any of you could help me in this, i'd be very grateful. Of course i'd need to set up an HTTPS connection ( so a guide that involves creating certificates as well would be perfect). Thank you very much.

Cheers

 

[Jailer]

Are they all in one jail or separate jails? Do you own a domain to obtain a SSL certificate?

 

[ZodiacUHD]

Are they all in one jail or separate jails? Do you own a domain to obtain a SSL certificate?

All separate jails, i don't mind getting my hands on a "paid" domain if it makes the certificate process easier (i wanted to do that anyway). For now i'm using a free one.

 

[hwong]

just google it..

https://www.nginx.com/resources/admin-guide/reverse-proxy/

https://www.digicert.com/ssl-certificate-installation-nginx.htm

https://www.digicert.com/csr-creation.htm - you need that before obtain a SSL certificate - generate a CSR.

*bonus*
https://www.ssllabs.com/ssltest/ - to test your website with SSL certificate make sure it secure.

 

[ZodiacUHD]

just google it..

https://www.nginx.com/resources/admin-guide/reverse-proxy/

https://www.digicert.com/ssl-certificate-installation-nginx.htm

https://www.digicert.com/csr-creation.htm - you need that before obtain a SSL certificate - generate a CSR.

*bonus*
https://www.ssllabs.com/ssltest/ - to test your website with SSL certificate make sure it secure.

Thanks, i've already seen the links you posted. I was looking for a guide that i might have missed, specifically for FreeNas.

I'll keep studying those guides anyway.

 

[hwong]

want to start with /usr/local/etc/nginx/nginx.conf - but that also run the GUI so be careful.

 

[Jailer]

want to start with /usr/local/etc/nginx/nginx.conf - but that also run the GUI so be careful.

Do NOT do this. Whatever you do don't go messing around with the core file system. Anything you want and need to do needs to be done in a jail.

i don't mind getting my hands on a "paid" domain if it makes the certificate process easier

Well you can't get a real one without a domain. The only way you can run a cert without one is to run a self signed certificate and I wouldn't do that on the open internet.

What specifically are you having trouble with?

 

[hwong]

could pickup a free ssl certificate from https://letsencrypt.org/

@Jailer - thanks for the heads up.

 

[ZodiacUHD]

Do NOT do this. Whatever you do don't go messing around with the core file system. Anything you want and need to do needs to be done in a jail.


Well you can't get a real one without a domain. The only way you can run a cert without one is to run a self signed certificate and I wouldn't do that on the open internet.

What specifically are you having trouble with?

Thank you very much for the reply, I would have never ever done anything to the core files...

Well, do you have any suggestion on where get my hands on a domain+certificate? (If you tried a couple already, you might have some hint).

I found a couple of guides on how to get started (like this one: https://github.com/koenoe/freenas-proxy/blob/master/README.md)

There is a step where he talks about getting the certs from TransIP. Would that work with any company renting domains?

And since we're on the topic, why wouldn't you use a self signed one?

 

[Jailer]

could pickup a free ssl certificate from https://letsencrypt.org/

You have to own a domain first.

Well, do you have any suggestion on where get my hands on a domain+certificate?

I purchased mine from Namecheap. Just do some research on registrars and pick one. Alternately you could use one of the free subdomains offered by places such as Namecheap and freedns.afraid.org to get things set up and figured out. Might actually be a better way to get your feet wet if you've never done anything like this before. But again you won't be able to get a SSL certificate unless you own the domain.

I found a couple of guides on how to get started (like this one: https://github.com/koenoe/freenas-proxy/blob/master/README.md)

That's not really much of a guide. It's just steps to set up a jail with nginx and get his config. But in his config are the relevent parts to do what you need.

Code:

	location /sabnzbd {
	 proxy_pass http://192.168.192.200:8080;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real-IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 }
	 location /sonarr {
	 proxy_pass http://192.168.192.202:8989;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real-IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 }
	 location /couchpotato {
	 proxy_pass http://192.168.192.201:5050;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real-IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 }
	 location /headphones {
	 proxy_pass http://192.168.192.203:8181;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real-IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 }

That's how you proxy to each jail from a single jail. Of course you would have to adapt this to your configuration but you'll have to figure what that is on your own.

The questions you are asking makes it sound like you have no idea what you are doing. I don't say that to be rude, I would just highly suggest you do some research and educate yourself some more before you open up a server to the internet.

 

[ZodiacUHD]

You have to own a domain first.

I purchased mine from Namecheap. Just do some research on registrars and pick one. Alternately you could use one of the free subdomains offered by places such as Namecheap and freedns.afraid.org to get things set up and figured out. Might actually be a better way to get your feet wet if you've never done anything like this before. But again you won't be able to get a SSL certificate unless you own the domain.


That's not really much of a guide. It's just steps to set up a jail with nginx and get his config. But in his config are the relevent parts to do what you need.

Code:

	location /sabnzbd {
	 proxy_pass http://192.168.192.200:8080;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real-IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 }
	 location /sonarr {
	 proxy_pass http://192.168.192.202:8989;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real-IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 }
	 location /couchpotato {
	 proxy_pass http://192.168.192.201:5050;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real-IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 }
	 location /headphones {
	 proxy_pass http://192.168.192.203:8181;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real-IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 }

That's how you proxy to each jail from a single jail. Of course you would have to adapt this to your configuration but you'll have to figure what that is on your own.

The questions you are asking makes it sound like you have no idea what you are doing. I don't say that to be rude, I would just highly suggest you do some research and educate yourself some more before you open up a server to the internet.

Thanks! And by the way, you don't sound rude at all. I'm sure i know how to adapt the guide: i have basic knowledge and with some help i think i can do it. My main question mark was on the certificate part since i've never done anything beside port forwarding sickrage or NextCloud (the latest with Https using certbot).

 

[Jailer]

If you've already done cerbot for your nextcloud installation then the process is the same for your proxy. Install certbot in your proxy jail and set your default server block up with the certificate information. Your proxy will handle the SSL termination Point your port forward to the proxy jail and let the proxy handle the traffic from there as outlined in that article you referenced.

 

[ZodiacUHD]

If you've already done cerbot for your nextcloud installation then the process is the same for your proxy. Install certbot in your proxy jail and set your default server block up with the certificate information. Your proxy will handle the SSL termination Point your port forward to the proxy jail and let the proxy handle the traffic from there as outlined in that article you referenced.

Thanks again. For now i'm gonna keep using the the port forward method until i'm sure of what i'm doing. When i'll know more about nginx i'll give it a try. There are too many things i need to learn... I was thinking about starting with the nginx documentation, do you have any suggestions about the material i could study to make my journey through reverse proxying more "enjoyable"?

 

[pirateghost]

Thanks again. For now i'm gonna keep using the the port forward method until i'm sure of what i'm doing. When i'll know more about nginx i'll give it a try. There are too many things i need to learn... I was thinking about starting with the nginx documentation, do you have any suggestions about the material i could study to make my journey through reverse proxying more "enjoyable"?

Digital Ocean has a lot of really good tutorials.

 

[Jailer]

Digital Ocean has a lot of really good tutorials.

Exactly what I would have posted. You'll find a lot of tutorials are geared towards Linux and setting up a proxy for an Apache back end but the configurations are pretty similar.

Just start reading and you'll figure it out. That's what I did.

 

[ZodiacUHD]

Okay guys, i was able to get the reverse proxy to work (kinda).
Let's go with order:
1) The jail is up and running using HTTPS (A+ on SSLLABS)
2) Transmission is succesfully being reverse_proxied
3) Sickrage and Couchpotato aren't.

I pretty much left the nginx.conf as default, i added "include proxy.conf".

Inside of proxy.conf i put this

Code:

	location /transmission {
	proxy_pass http://192.168.1.2:9091;
	proxy_redirect off;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
	location /couchpotato {
	proxy_pass http://192.168.1.5:5050;
	proxy_redirect off;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
	location /nextcloud {
	proxy_pass http://192.168.192.99:80;
	proxy_redirect off;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}

Transmission is working fine but on sickrage for example, i'm getting a 404 not found and it looks i'm being redirected to another url which is https://mydomain.ddns.net/login/?next=/sickrage
after tipying https://mydomain.ddns.net/sickrage.

Any idea why?

 

[ZodiacUHD]

Fixed it, i had to set the webroot inside of sickrage.