Jump to content

Nginx Proxy Manager, Pi-hole w/ unbound with my own domain


Recommended Posts

Posted

I just overhauled my system and am very happy with the results. The only hick-up is access to emby server from the web with ssl.  My new system has one Pi running Dietpi/Pi-hole w/ unbound and Nginx Proxy Manager. I run Emby on it's own pi and have a third pi for my sonarr/radarr/readarr etc. So unbound allows me to open zero ports to the web. Pi-hole provides my dns in house so all my services have there own dns addresses and Nginx proxy manager points those urls to the correct ports.

I then purchased my own domain and pointed to my external IP. All works as it resolves to my external IP. I then made a cname record of emby.mydomain.com which also resolves to my external ip. If I use emby.mydomain.com within my network it pulls up my emby server with ssl. Outside the local network, nothing. (I did try forwarding my emby external ssl port on my router just in case and still no go.)

I am not sure what to try next?

Posted

Did you enter the domain name in network settings of emby and tick allow remote connection as well as set the public port to 443?

I presume you have port forward for port 443 on your router going to the pi running NGINX Proxy Manager which is then upstreaming it to the emby pi. 

 

Posted

Yes.

Local network: 192.168.0.2/24

Local IP: 192.168.2.3

Local Port: 8096

Local Https port: 2096

Allow remote connections: check

Remote Ip address list: blank

Remote Ip address filter mode: whitelist

Public http port: 8096

Public Https port: 443

External domain: emby.mydomain.com

Custom SSl cert path: Set to my custom cert location

Secure connection mode: Handled by reverse proxy

Enable automatic port mapping: checked

Cname pointing to: emby.mydomain.com

Reverse Proxy: Sends emby.mydomain.com to 192.168.2.3:2096

(Thanks for the help!)

Posted
Quote

Reverse Proxy: Sends emby.mydomain.com to 192.168.2.3:2096

Sounds like it needs to be 8096.

Posted (edited)
31 minutes ago, jonyskids said:

Yes.

Local network: 192.168.0.2/24

Local IP: 192.168.2.3

Local Port: 8096

Local Https port: 2096

Allow remote connections: check

Remote Ip address list: blank

Remote Ip address filter mode: whitelist

Public http port: 8096

Public Https port: 443

External domain: emby.mydomain.com

Custom SSl cert path: Set to my custom cert location

Secure connection mode: Handled by reverse proxy

Enable automatic port mapping: checked

Cname pointing to: emby.mydomain.com

Reverse Proxy: Sends emby.mydomain.com to 192.168.2.3:2096

(Thanks for the help!)

Aww okay

 

Just wondering, you are using nginx proxy manager as your proxy,  as that can get the ssl certs, would you not be better off letting that do the ssl and thats when you select Handles by Reverse Proxy.

As reading what you have stated above, you are forwarding your domain via nginx which is passing it through to your local https port, yet you have installed your own certs there but also telling Emby to let the reverse proxy handle the secure certs

You could try setting handled by reverse proxy to one of the other settings i.e preffered but not required

 

OR

If you set NPM to forward to  Emby as below then that setting handled by reverse proxy makes more sense

I.e -

Port Forward on router to NPM Port 443

this forwards emby.mydomain.com to the Emby PI port 8096 (remote) Set emby Public ports to 8096 http and 443 https

Remove the custom cert location and leave handled by reverse proxy.

Local devices can just connect via the http local port, or set up a pihole or adguard docker on the first pi and have it handle dns, that way you can set local dns records for emby.mydomain.com to forward to NPM without leaving your network

NPM offers no advice but here is what swag reverse proxy states in their emby config for proxy ssl emby

## Version 2021/05/18
# make sure that your dns has a cname set for emby and that your emby container is not using a base url
# if emby is running in bridge mode and the container is named "emby", the below config should work as is
# if not, replace the line "set $upstream_app emby;" with "set $upstream_app <containername>;"
# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of emby
# in emby settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url,
# and set the "Secure connection mode" to "Handled by reverse proxy"

 

Edited by CassTG
Posted

Oops first off I notice that I put 192.168.0.2./24 it is actually 192.168.2.0/24  (The dyslexics out there will understand my pain.) 

I am using Reverse Proxy to resolve my local services within my lan to local dns. ie service.mydomain.lan.

I tried your suggestions with little success. Just for practicality I thought maybe I should go to baseline.

Local network: 192.168.2.0/24
Local IP: 192.168.2.3
Local Port: 8096
Local Https port: 2096
Allow remote connections: check
Remote Ip address list: blank
Remote Ip address filter mode: whitelist
Public http port: 80
Public Https port: 443
External domain: emby.mydomain.com
Custom SSl cert path: blank
Secure connection mode: disabled
Enable automatic port mapping: checked
Cname pointing to: emby.mydomain.com
Reverse Proxy: Sends emby.mydomain.com to 192.168.2.3:8096 (http, Nginx created ssl cert, forced ssl)

I was making the mistake in Nginx Proxy Manager of assuming I needed to point to https 192.168.2.3:2096 with a Nginx created ssl cert & forced ssl. If I think to hard about it it is still a bit confusing but it works now and I know the path to make it work.  I appreciate the help.

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...