Has anyone gotten the new Reverse Proxy to work?

Moderator: Lillian.W@AST

ilike2burnthing
Posts: 379
youtube meble na wymiar Warszawa
Joined: Thu Apr 09, 2020 8:01 pm

Has anyone gotten the new Reverse Proxy to work?

Post by ilike2burnthing »

It was added with 3.5.2.RAG2 - Services > Reverse Proxy

No matter what way I try to set it up, I can't get it to work. Am I just doing it wrong?

I'm just trying to add something like http://[ID].myasustor.com/jackett

There's no documentation for it, which doesn't help.
User avatar
Nazar78
Posts: 2002
Joined: Wed Jul 17, 2019 10:21 pm
Location: Singapore
Contact:

Re: Has anyone gotten the new Reverse Proxy to work?

Post by Nazar78 »

I just quickly tried (had my original nginx reverse proxy using ports 80/443) with radarr and it works.

ADM proxy set as http://[ID].myasustor.com:82 -> http://[nas-ip]:17878 then open my router port 80 to the nas port 82. So http://[ID].myasustor.com gave me radarr UI.

Take note though the path will translate differently to certain backend apps. So in this case you either remove the path /jackett in the frontend or add it as base path in the backend app settings if supported.
AS5304T - 16GB DDR4 - ADM-OS modded on 2GB RAM
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps

When posting, consider checking the box "Notify me when a reply is posted" to get faster response
ilike2burnthing
Posts: 379
Joined: Thu Apr 09, 2020 8:01 pm

Re: Has anyone gotten the new Reverse Proxy to work?

Post by ilike2burnthing »

No luck in replacing the ports with names, but at least I got SSL working for all my containers.

Ended up I was making things much more complicated for myself by enabling SSL in each of their settings, adding ports in ADM and Portainer, and overriding the base paths.

All I needed to do was port forward on my router and add the reverse proxies.

Tautulli has an option to Respect the X-Forwarded-Proto header that needed to be turned on, and Jackett plays nicer if you use its internal base path override.
Last edited by ilike2burnthing on Sun Nov 08, 2020 2:45 am, edited 1 time in total.
Darkmagister
Posts: 48
Joined: Sat Oct 27, 2018 4:36 pm

Re: Has anyone gotten the new Reverse Proxy to work?

Post by Darkmagister »

i'm trying to doing the same thing but with no luck,

i have few container and service on my nas (radarr, sonarr, lidarr, jackett, nextcloud), and i have my own domain as the default domain with a let's encrypt cert,
so i have created:

what i want to achieve:

https://my.domain.it:443/radarr --> http://192.168.1.20:7878 (192.168.1.20 is the nas LAN ip)
https://my.domain.it:443/sonarr--> http://192.168.1.20:8989
and so on ...

but i already have my modem port open 443 to the nas, but if i use the 443 port i would be redirected to 8001 the ssl ADM portal login, if i user another port (444 for example) i get error 403 nginx

i don't understand how i have to configure this.

anyone can please help me out !!!
AS6404T
User avatar
Nazar78
Posts: 2002
Joined: Wed Jul 17, 2019 10:21 pm
Location: Singapore
Contact:

Re: Has anyone gotten the new Reverse Proxy to work?

Post by Nazar78 »

Darkmagister wrote:i'm trying to doing the same thing but with no luck,

i have few container and service on my nas (radarr, sonarr, lidarr, jackett, nextcloud), and i have my own domain as the default domain with a let's encrypt cert,
so i have created:

what i want to achieve:

https://my.domain.it:443/radarr --> http://192.168.1.20:7878 (192.168.1.20 is the nas LAN ip)
https://my.domain.it:443/sonarr--> http://192.168.1.20:8989
and so on ...

but i already have my modem port open 443 to the nas, but if i use the 443 port i would be redirected to 8001 the ssl ADM portal login, if i user another port (444 for example) i get error 403 nginx

i don't understand how i have to configure this.

anyone can please help me out !!!
These reverse proxy are similar to virtual hosts concept if you prefer manipulating domains or if otherwise, IPs and ports.

Also you can't use port 80 or 443 as they are reserved for the web service, it's unintuitive I know but Asustor chose as it is. So pick a port something one higher (easy to remember) like 81 and 444 or 1080 and 1443, then forward your router ports 80 and 443 to these e.g. router:80/443 -> nas:81/444.

So below is what you want to set in the ADM reverse proxy page, take note those in bold:

https://my.domain.it:1443/radarr --> http://192.168.1.20:7878 (192.168.1.20 is the nas LAN ip)
https://my.domain.it:1443/sonarr--> http://192.168.1.20:8989
Finally forward port 443 on your router to your NAS 192.168.1.20:1443 then you access them via https://my.domain.it/radarr and https://my.domain.it/sonarr.

Edited: Also are you sure that's the sonarr and radarr ports forwarded by docker proxy? IIRC if you install from Asustor app store it will add prefix 1 to it i.e. 17878 and 19898. Unless of course you installed them manually by pull/create or use host network instead of bridge.
AS5304T - 16GB DDR4 - ADM-OS modded on 2GB RAM
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps

When posting, consider checking the box "Notify me when a reply is posted" to get faster response
ilike2burnthing
Posts: 379
Joined: Thu Apr 09, 2020 8:01 pm

Re: Has anyone gotten the new Reverse Proxy to work?

Post by ilike2burnthing »

Just to add to Nazar78's reply, if you have installed the Sonarr and Radarr beta v3 from App Central, they use 37878 and 38989 instead.
Darkmagister
Posts: 48
Joined: Sat Oct 27, 2018 4:36 pm

Re: Has anyone gotten the new Reverse Proxy to work?

Post by Darkmagister »

ok, the issue seems only with the trio radarr sonarr and lidarr, because i've done something similar for portainer:
my.domain.it:446/port -> 192.168.1.20:9000 and this is working ok

the other app not, i have installed radarr sonarr and lidarr by myself via portainer, i have 7878 port for radarr and so on, did i have to change something in the radarr/sonarr/lidarr config ? maybe the url or path ??
AS6404T
User avatar
Nazar78
Posts: 2002
Joined: Wed Jul 17, 2019 10:21 pm
Location: Singapore
Contact:

Re: Has anyone gotten the new Reverse Proxy to work?

Post by Nazar78 »

Are you using top level domain? Or you don't have control over the subdomains? If so and if you want to maintain using only SSL port 443 on the front-end, you'll need to specify paths for both reverse proxy and probably the apps itself in its settings to segregate them (some apps send request to root path '/path/foo.bar' instead of relative path 'path/foo.bar' so it needs to be set in the apps) i.e. my-domain.it:446/portainer -> 192.168.1.20:9000 and my-domain.it:446/radarr -> 192.168.1.20:7878

For myself I'm using subdomains from my wildcard SSL certs i.e. https://radarr.mydomain.com so I don't have to specify the paths.
AS5304T - 16GB DDR4 - ADM-OS modded on 2GB RAM
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps

When posting, consider checking the box "Notify me when a reply is posted" to get faster response
Darkmagister
Posts: 48
Joined: Sat Oct 27, 2018 4:36 pm

Re: Has anyone gotten the new Reverse Proxy to work?

Post by Darkmagister »

i would like to do that, but i have full controll on domain and subdomain, but i have the cert with let'sencrypt create in the adm, but i can not specify a *.domain.it in the creation :(
AS6404T
User avatar
Nazar78
Posts: 2002
Joined: Wed Jul 17, 2019 10:21 pm
Location: Singapore
Contact:

Re: Has anyone gotten the new Reverse Proxy to work?

Post by Nazar78 »

Darkmagister wrote:i would like to do that, but i have full controll on domain and subdomain, but i have the cert with let'sencrypt create in the adm, but i can not specify a *.domain.it in the creation :(
The ADM letsencrypt doesn't support wildcard that's why I did not use it. Because this wildcard process needs to modify your domain txt records so you need something like acme.sh with its API and not all providers has the supported API IIRC. I have this running in chroot.

Even so, you still can add the subdomains from the top level domain you own one by one into the ADM letsencrypt but you'll need to first prepare the acme challenge for each subdomain and the difficult part is to figure out how to automate this during renewal. It'll still work but longer process.
AS5304T - 16GB DDR4 - ADM-OS modded on 2GB RAM
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps

When posting, consider checking the box "Notify me when a reply is posted" to get faster response
Post Reply

Return to “ADM general”