unraid

Reverse Proxy Setup On Unraid - Using Nginx Proxy Manager and DuckDNS

A guide on setting up Nginx Proxy Manager and DuckDNS on your Unraid server

Admin

4 min read
Reverse Proxy Setup On Unraid - Using Nginx Proxy Manager and DuckDNS

Using a reverse proxy allows your internal applications to be accessible from any network. This allows you to use your Docker containers wherever you are, or you can share a service like Overseer or Petio to your friends and family.

This guide is written for Unraid, and it assumes you have a custom domain.

DuckDNS

The first step is to create a DuckDNS account. You can do this by signing in with one of the options at the top of the website.

When your account is created, you will see your DuckDNS token, along with other information about your account. You can now create a DuckDNS subdomain by typing into the text box just to the left of add domain. Don't worry too much about what to type - it won't be visible to your friends/family when they go to your site, because you will be using a custom domain. Once it is created, your current IP should show up beside the domain name like this:

To keep things running smoothly, install the DuckDNS container. This will update DuckDNS with your current IP address every 5 minutes, so if/when your ISP assigns you a new IP address your website will still be accessible.

Look for linuxserver's DuckDNS container via Unraid's Community Applications. To set it up, all you need to do is add in the subdomain you created, along with your DuckDNS token (found in the top box of the DuckDNS site) and hit Apply.

Nginx Proxy Manager (NPM)

A lot of people will point to SWAG by Linuxserver when setting up a reverse proxy, but I love NPM because it has a UI. SWAG is a great option, but I just haven't bothered to learn it when NPM can do everything I need it to.

Go back to Unraid's Community Applications, search for nginxproxymanager, and start the install. You can choose any WebUI Port that you'd like, but you need to change the next two options (HTTP Port and HTTPS Port). The default values are 80 and 443, but you need to change them to something different - I've used 380 and 3443. Make sure you note down the ports you've selected because you'll need them to set up port forwarding in your router in the next step.

Router Port Forwarding

Every router is different and your setup probably won't look like mine, so if you are unsure on how to port forward in your router, you can use something like portforward.com. When setting up the port forwarding rules, you only need to set them up for the TCP protocol. My setup looks like this:

This routes any incoming HTTP(S) traffic from 80 or 443 to 380 or 3443, with NPM listening for traffic on the latter.

Configuring Your Custom Domain

Log into whatever registrar you used to buy your domain, and go to the settings for that domain - there should be a setting talking about DNS. If you're using Namecheap like me, you can just look at my example below. You need to add a new CNAME Record, have Host set as the subdomain you want to use, and Target as your DuckDNS subdomain. In this example, I will be creating a rule to access test.ghosttech.ca.

Save your changes, and then do this for each subdomain you would like to use in NPM, using a different Host but the same Target each time.

I've found that the next step in this guide doesn't work for ~5 minutes after I've created a new CNAME Record but your mileage may vary.

Back To Nginx Proxy Manager (NPM)

Open up the NPM container, and log in with the default credentials, admin@example.com and changeme. You will then be prompted to modify the details for the administrator account, so this is where you can put in your own name, email, etc. After changing those, you will be prompted to set up a new password. When complete just click Save and you're done the account creation.

⚠️
Before you create a rule for a subdomain in NPM, be 100% sure that what you are exposing to the internet is password protected. You can do this in the "arr" programs by going to Settings > General > Security.

Click where it says 0 Proxy Hosts and then Add Proxy Host. On the first tab, you'll have quite a few options, here is what you need to know:

  • Domain Names: Enter the subdomain you've just created (the CNAME Record)
  • Scheme: Leave this as http unless you've set up your container with https
  • Forward Hostname/IP: The internal IP address of your Unraid server
  • Forward Port: The port of the container in Unraid for this subdomain
  • For the three other options, I only enable Block Common Exploits

Next, click on the SSL tab and under SSL Certificate, select Request a new SSL Certificate. You should always enable Force SSL, but I also enable HTTP/2 Support along with HSTS Enabled. You should then enter the email address you want to register the certificate to, agree to the terms and click Save.

If everything worked as expected, you should now have a functioning subdomain.