Need help with setting up NGINX part in the LetsEncrypt container - for local network only

Hi,

I would really appreciate some help as Im noob in this and stuck on last setup of this system.
I have a synology NAS running docker. In there I have loaded container nextcloud and letsencrypt from linuxserver.
Nextcloud is up and running. Letsencrypt is done as well, it verifies and everything checks out there.
I just need to set up nginx to complete it. Im planning to run this locally so not exposing anything on WAN. Im gonna VPN inside my network if I need anything. In docker all containers are shared by a bridge so they should be able to reach eachother.

So its just setting up the nginx and pointing the subdomains to different services.
I have messed around with the templates in the proxy-conf folder, however the explanations are not that noobfriendly and I dont really know what to edit. Ive tried some different things but nothing works.
This is how a template looks like for nextcloud that Im trying to setup:

server {
listen 443 ssl;
listen [::]:443 ssl;
server_name nextcloud.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_nextcloud nextcloud;
proxy_max_temp_file_size 2048m;
proxy_pass upstreamlink(edited cus cant post links as new user):443;
}
}

Here is the nextcloud config.php template:

$CONFIG = array (
‘memcache.local’ => ‘\OC\Memcache\APCu’,
‘datadirectory’ => ‘/data’,
‘instanceid’ => ‘ocvnqpmbw1xc’,
‘passwordsalt’ => ‘xmTzEfr0JsudRQCUH3SfC2Wkw2g’,
‘secret’ => ‘jzt9gotkOa1fiHIllqkcMCOozu78bV8UPgxPrXGX6O’,
‘trusted_domains’ =>
array (
0 => ‘192.168.1.12:x’,
),
‘dbtype’ => ‘mysql’,
‘version’ => ‘16.0.3.0’,
‘overwrite.cli.url’ => ‘edited cus cant post links as new user)192.168.1.12:x’,
‘dbname’ => ‘MariaDatabase’,
‘dbhost’ => ‘192.168.1.12:x’,
‘dbport’ => ‘’,
‘dbtableprefix’ => ‘oc_’,
‘mysql.utf8mb4’ => true,
‘dbuser’ => ‘MariaDB’,
‘dbpassword’ => ‘PASS’,
‘installed’ => true,
);

So what do I change here? My nextcloud container is set to custom port 9000 and letsencrypt on 9001 in docker settings. Oh and also I have edited a dnsmasq file on my pi-hole to point to my NAS with the containers. However it cant seem to point to a specific port, only directly to my NAS. And there since my letsencrypt container is running on a customport (cant use 443/80 - says they are not availible), when I go to mysubdomain.com in browser - Im pointed to the synology loginpage. That would be good to change somehow also I suppose… So I dont need to type like mysubdomain.com:PORTS each time…

I have also tried some changes in the nextcloud php file according to the guide… But yeah not getting it right at all…

Thank you all for any help… Been at this problem for 3 days… Wrote on reddit and the irc but not gotten the help I need…

Follow this guide here: https://blog.linuxserver.io/2019/04/25/letsencrypt-nginx-starter-guide/#nextcloudsubdomainreverseproxyexample

That guide is more confusing then helping to be honest… Yes theres some answers to some of the commands but Im still not understanding some basics thats not explained in the guide…
About ports to use. WHat port point to what etc…
Like for example if I can not have the lets encrypt port 443 because synology is reserving it for something else, I choose a custom ,port for example 9001. How can I get mydomain.com to point to this custom port so Im not just redirected to the synology NAS login page at default?
Then this port 9001, is it this I should put everywhere where it says “listen 443” etc…?

For ports, try this one: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/

Ok thanks I will look at it.
But please can you tell me what differences I need to think of since Im not gonna open ports and just run this on my local LAN (using dns verification which is already verified and complete)…
Because all the guides and stuff I have read are all about using it from the internet and using the default 443 port on the container. In my case I cannot use port 443 - I mean the docker port is set to 443 but I have put a custom port on it… I dont know how to describe this but in docker you know you can set a custom port… So where in the guides/configs do I use 443 and where do I use my custom port?

This article only covers the certificate validation process with letsencryot, which I have done and its been successfull.
Please I really need help with this part of configuring the nginx correct for my local network. If you intend to help please read my above replies and the initial post I made to understand my situation.
Thank you…

I’ll be honest, I’ve read through this and I’m not 100% sure what you’re trying to achieve but I’m hoping this article I know of helps: https://selfhostedhome.com/reverse-proxy-with-https-without-opening-ports/

Hi,
Thanks for answering. This is the guide I followed when I set this up initially.
Ive done every part except for the last one which is modifying the configs for nginx.
What differs in my case is that I dont use 443 for letsencrypt as this port couldnt be used. So I set it up like 9001:443 in docker - so custom port 9001.
The config examples in the guide are really poor and doesnt tell me what else I need to config and change if I dont use 443. Its very vauge in describing the changes that needs to be done in general fore these configs.

Unfortunately then you’re at the mercy of your Synology NAS, you’ll either need to move it to it to a host which has these ports free so you can use 80/443 or find how to free up those ports on Synology.

Unfortunately no one within the team owns a Synology hardware so we can’t test. Though I know from my experience with QNAP hardware you can define the ports for their GUI do I’d be surprised if it wasn’t the same.

  • 80: Runs Synology-controlled Nginx to redirect HTTP users to :5000 <-- Why you cant use that port
  • 443: Same Nginx to redirect HTTPS users to :5001 <-- Why you cant use that port
  • 5000: Main Synology DSM UI on HTTP
  • 5001: Main Synology DSM UI on HTTPS

You will need to manually edit the nginx config on DSM. There may be some guides out there regarding this. Good luck!
I would reccomend getting a separate server to do all this and let you Synolgy just serve your files.

Hi,
Thanks finally answers that helps me.
So ok, Its obvious setting this up in a docker container is trouble. So I better set this up on a dedicated VM. I have the possibility to do his as I run a server with esxi. So I can load up any kind of VM.
Any advice to:
Which type of VM I should run for this to work well? I guess I run docker and Docker compose on it then? So some type of linux distro right? Im a big fan of privacy and I heard bad things about ubuntu in this regard so any other advice for this to work?
Also since Im only gonna run this docker for letsencrypt/nginx then it can be pretty lightweight.
Any guides to set this up would be appreciated… I mean setting up the docker would be easy and I have these guides. But how to map the ports to a different server might be a bit harder, specially since it will be on a esxi VM. Im not an expert on esxi…