How to setup reverse proxy without letsencrypt

piramiday · 8 July 2020 20:03

I’m trying to understand how to implement a basic reverse proxy configuration while using:

linuxserver/docker-sonarr, as an example of a service container,
linuxserver/docker-nginx, as an outward facing container,
linuxserver/reverse-proxy-confs, as a template for the subfolder config for sonarr.

I cannot get it to work.
at present, I have something like this docker-compose:

---
version: "2.1"
services:

  sonarr:
    image: linuxserver/sonarr
    container_name: sonarr
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=UTC
      - UMASK_SET=022
    networks:
      - virtuallan
    volumes:
      - /home/test/docker/sonarr:/config
      - /home/test/docker/data:/data
    ports:
      - 8989:8989
    restart: unless-stopped

  nginx:
    image: linuxserver/nginx
    container_name: nginx
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=UTC
    volumes:
      - /home/test/docker/nginx:/config
    networks:
      - virtuallan
    ports:
      - 80:80
      - 443:443
    restart: unless-stopped

networks:
   virtuallan:
     driver: bridge

I have copied sonarr.subfolder.conf.sample into

/home/test/docker/nginx/nginx/proxy-confs/sonarr.subfolder.conf

but wherever I put the line:

include /config/nginx/proxy-confs/*.subfolder.conf;

I cannot get it to work.
I guess this is because I am not using letsencrypt, but rather nginx?
any suggestions? thanks.

driz · 8 July 2020 20:05

this isn’t nginx support here, but you likely didnt configure your nginx correctly. Take a look at the default site-conf in our letsencrypt container and compare it to what you have in your nginx container. You can’t just blindly take partial configs from thing1 and expect it to work with thing2 without effort

piramiday · 8 July 2020 20:12

it depends how LSIO is packaging configuration files with Docker, though.

I did some tests with a full-fledged NGINX server running on a VM and it was working fine.
I’m confused by what I’m supposed to be doing now.
I think I’m right when I believe that the linuxserver/reverse-proxy-confs are designed to work with letsencrypt, but I’m not really sure.

on this: should I be using letsencrypt instead of nginx?
I am currently experimenting with a virtual machine and I was under the impression that for letsencrypt to work you really have to have your public facing server with DNS (or dynamic DNS) records…

driz · 8 July 2020 21:00

If you want to reverse proxy, i would use our reverse proxy which is linuxserver/letsencrypt

you are correct that the reverse-proxy-confs are for letsencyrpt. It says in the description of that repo
These confs are pulled into our letsencrypt image: https://github.com/linuxserver/docker-letsencrypt

can you make the confs work in vanilla nginx? of course, just needs some changed to the default site config.

piramiday · 8 July 2020 21:07

am I able to test the configuration with letsencrypt from within a VM?
I don’t have a DNS record right now.

I thought that since letsencrypt is basically nginx with the addition of certbot and fail2ban, the configs would have been similar if not identical. my mistake, then?

driz · 8 July 2020 21:33

the nginx container is vanilla nginx; the letsencrypt container is built as a reverse proxy.

you will need to get a domain, duckdns can give you something like piramiday.duckdns.org so you can test. You can also do as i suggested and compare the default site config between our reverse proxy and the nginx container and make it work without the certbot component.

piramiday · 8 July 2020 21:44

sorry to reiterate, my question was: can I go through the letsencrypt process without a DNS record?
I don’t understand if I can, and then whatever process of connection between the host (the VM) and the external domain (whether proper or dynamic) will just fail, or if I cannot in that the container will crash and burn.

I will keep trying with my default toy model.
I have seen that basic configurations like https://github.com/linuxserver/reverse-proxy-confs/blob/master/sonarr.subfolder.conf.sample seem to be working if I comment out the line that the LSIO nginx container does not have, that is, proxy.conf.
qbittorrent does not seem to be working with the same trick, though.

do you have some docs to link regarding the differences between the default configurations of nginx and letsencrypt, and I mean the LSIO-specific configurations that go on in letsencrypt?
thanks!

driz · 8 July 2020 21:49

you need a domain and a dns record, i specifically answered you and gave a suggestion of how to easily and freely do it.

nginx in the letsencrypt container will not start at all unless certbot successfully procures a certificate.

piramiday · 8 July 2020 21:53

okay, so it’s really a “strong” need. got it, thanks for clarifying.

I think I’m heading in the right direction, because I’ve been playing around and some things seem to be working, while some don’t.

do you have an idea of what should be changed from those “subdirs” config setups? I mean, to accomodate it from letsencrypt to a vanilla nginx?
thanks for the help.

piramiday · 9 July 2020 21:28

I have been successful in exploiting several containers in a docker-compose stacked on top of linuxserver/docker-letsencrypt.

I have used DuckDNS on a non-default port, and it works great!

I had to, of course, open the port in the firewall on my host and port forward the port from the host to the guest in VirtualBox.
now my guest is running docker with the LSIO stack.

so I guess the simplest solution is indeed to use letsencrypt rather than nginx!
a server is not needed – just an open port, like the dynamic forwarding that most VPN providers offer.

system · 14 July 2020 21:28

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.