The Complete UnRAID reverse proxy, Duck DNS (dynamic dns) and letsencrypt guide

UPDATED FOR UNRAID 6.4

Here you will find a guide on installing letsencrypt and duckdns docker containers on UnRAID. You will be guided on creating a account with the dynamic dns service known as duckdns aswell as shown how to use letsencrypt and reverse proxy your internal applications such as plex, deluge, sonarr, couchpotato etc. they will even be accesible via HTTPS securely.


This is a companion discussion topic for the original entry at https://cyanlabs.net/tutorials/the-complete-unraid-reverse-proxy-duck-dns-dynamic-dns-and-letsencrypt-guide/

Is there anyone that can help me? I am about to give up

What kind of issue are you having? I'm on vacation till next week, but I can try and help you

I got letsencrypt to work, because when I go to my url, I get the secured page that says "welcome to our site". I'm trying to get the docker VNCWebBrowser to go through Letsencrypt. I guess I need help doing the config file.

First off I wouldn't expose vnc to the internet unless you have some extra security measures in place like fail2ban, which is only half baked.

But you'll need to edit the nginx file in the let's encrypt appdata folder. It should be to the effect of what you see in the services section of the blog post. Let me know if that make sense

Are you still having issues on this? If you haven't already, you'll edit the default file in /letsencrypt/nginx/site-confs/

you'll want to add something like this under the main server block:

# main server block
server {
....
location /vncviewer{ # this is the url you use to connect vnc
proxy_pass https://<host_local_ip>:6901/vnc.html #This is the URL you use if you were connecting locally
}

Spacing is important, so make sure it's correct or nginx starts breaking.
restart lets encrypt and with some luck, you should be good to go.

LMK if there's anything else

I am having issues with renewing my cert with letsencrypt. I am receiving an error in the logs that states that it can't bind to port 80. I have tried to change to DNS validation, but I am not sure of what DNS plugin to use for this. Any help would be appreciated.

Has anyone gotten this to work with Bitwarden?

Thanks for taking the time to write this it helped me make headway. One last (hopefully) hurdle to get over. I followed the tutorial (I think), I can get a connection to the duck dns subdomain but my files don’t show up and I’m not actually in next cloud. I get “welcome to our server” message. Any help would be greatly appreciated. I’m a newb at unraid and anything Linux based. Thanks.

Can this work on other port then 80. ISP modem/router does not allow me to do this. When I use the duckdns url I made I get to the login page for my modem...

You could try DNS verification as seen here from spaceinvader
I believe this would reqire you to own a domain name, which isn't too expensive anyways. I use google as my domain registrar. There are other ones as well that are cheap.

I have letsencrypt working and validating. Yes, I have a domain registrar and have the nameserver from Cloudfare in there. It still shows me the modem login page (with ssl errors that is).

Are you testing this internally or externally? If internally I suspect your router/firewall isn't allowing you to hairpin NAT or NAT Loopback. I guess another question would be is your modem/router the same?

NAT loopback is enabled. All other 'services' using different ports are forwarded just fine. I'm in contact now with my ISP to have them set their modem in bridge mode. It's a Comtrend Nexuslink 3120.

Configuring Nginx as a reverse proxy. In what way do i open/access appdata folder and replace Said File?
I cant figure this step out.... Can anyone explain in more detail what to do here? Would be much appriciated!

I have been struggling with this way too long! I'm afraid my wife will throw out My pc if spend more time on this :p

You have to ssh or use the terminal window in unraid. Sorry, can't remember the full path as I'm not at a keyboard.

If you look up spaceinvader in YouTube there's lots of good example on how to manage you unraid box

You said to copy the token, but never where to actually put it and i do not see anything in the image?

I don't use duckdns, but somewhere in your account there is a token you have to get and paste into the duckdns container

i have found that and added to the duckDNS container. am i suppose to add this to the letsencrypt container and set the network the same as my vpn container network?

Hi Guys,

I Just install everthing on my unraid server and everthing is runnen smooth. The only thing that is not working propetly is NGINX redirection.
I setup a couple dockers end when I type https://name.domain.com my docker is secure end running nice but when I type http://name.domain.com there is no redirection end my site won't display.

I have tried to things:

Putting the code bellow in the \appdata\letsencrypt\nginx\proxy-confs\openvpn.subdomain.conf

server {
listen 80;
# listen [::]:80;
server_name openvpn.*;
# enforce https
return 301 https://$server_name:443$request_uri;
}

and I also tried to remove the # before the created text
in the following folder \appdata\letsencrypt\nginx\site-confs\default

# listening on port 80 disabled by default, remove the "#" signs to enable
# redirect all traffic to https
#server {
#listen 80;
#listen [::]:80;
#server_name _;
#return 301 https://$host$request_uri;
#}

So is there someone that can help me out?