[HOW TO] install Nginx Reverse Proxy in CS with Let's Encrypt Certificate

Post Reply
User avatar
oyvindo
Experience counts
Posts: 1399
Joined: Tue May 19, 2009 2:08 am
Location: Norway, Oslo

[HOW TO] install Nginx Reverse Proxy in CS with Let's Encrypt Certificate

Post by oyvindo »

[How To] install Nginx Reverse Proxy in CS with Let's Encrypt Certificate
Updated : 17.07.2020

Nginx is a ‘light-weight’, easy to use Web server compared to the versatility and complexity of Apache. Still, installing, set up and configuration of Nginx can also be a hazzle unless you are an expert.
There might be several reasons why you’d like to have Web server running on your NAS, and there are many to choose from. My reason is because I have a number of web based services running on several different servers in my LAN, and I want to be able to access them remotely over the internet. The easiest way to do that is of course to open up a bunch of ports in your firewall and expose yourself to the world. If you do that, it probably won’t take long before you’re hacked. There are several much better and safer approaches to solve this. One is the set up a Reverse Proxy Server as a gateway between your LAN and the internet.
Take my advice; Never open any ports in your firewall (internet router) unless you absolutely must, and make sure uPnP is turned off in your router – ALWAYS!
Whenever you do decide you really need to open up an expose something onto the internet, consider using a VPN Tunnel. Doing so is surely the safest way to get access to your LAN from outside. But sometime, even a VPN isn’t always practical and useful. Restrictions may prevent you from being allowed to install VPN clients on certain computers, such as the one you use at work, or from a public hot spot, or perhaps from friends or family members.
Using a Reverse Proxy can be a second-best choice. A reverse Proxy serve as a Gateway or a Proxy Host as the incoming endpoint for a web service that you want to forward internally to one or more hosting servers. That way, it becomes impossible for a visitor to see where the traffic is actually sent. All that is visible from the outside is the Proxy URL. When coupled with an SSL certificate (which in most cases is mandatory) and two-factor authentication (2FA) at the real endpoint, the result is pretty safe, extremely flexible and light-weight.
Most (if not all) Web servers like Apache, Nginx and Traefik can serve as Reverse Proxies. Installation, set-up and configuration can be complex though. A guy name Jamie Curnow has written a very nice web based Graphical User Interface (GUI) that really takes the hurdle out of installing and configuring Nginx, both natively as well as in a docker container. You can read more about it here: https://jc21.com/2018/02/nginx-proxy-manager.html

My choice is to install Nginx in Container Station (CS) on my QNAP using the jlesage/nginx-proxy-manager image pulled from Docker HUB. During installation in CS you must make some adaptions.
First consider whether you want the container to autostart each time you reboot your NAS.

Image

Next, click on ‘Advanced Settings’ and fill in the following fields:

Image

These two fields are not mandatory. If you do not need a locale for your country, then you can skip the LANG variable. Of course, you must insert the right locale for your country. The same goes for TimeZone (TZ). The default setting is UTC time. You only need to change this if your local time is different, i.e. ‘Asia/Singapore’

Image

The above is perhaps the only “difficult” and most critical part of the installation. First of all, make sure your Network mode is set to ‘Network Address Translation’ (NAT). This will completely isolate Nginx from the NAS on which it is running, thereby further prevent a malicious attacker to slip into your NAS.
The first column (Host) is the port numbers you use to communicate with Nginx from the outside. You can freely choose any ports as long as they are not in use elsewhere. The second and third columns (Container, Protocol) should not be changed.
The first row is the port used to pass encrypted SSL (https) traffic to Nginx.
The second row is the port used to pass non-encrypted (http) traffic to Nginx.
The third row is the port used to access the Proxy-manager GUI
For the above mapping to work correctly, you must forward at least the two TCP ports in your firewall (internet router) also. That mapping will then be:

Image

There is no need to forward a separate port to access the Proxy Management GUI (8181) as you would normally not need to access this externally. If you do, it’s better to assign a Proxy Host just as any other service (more about that later).
Remember to specify the correct local IP address of your NAS where Nginx is hosted for both ports forwarded. How this is done differs greatly between different internet routers (firewalls), so I cannot tell you exactly how to do it in your case as I have no knowledge of what brand router you have installed.
The only other complicated issue in this project, is to acquire a real domain name. You need to have a proper domain name registered with your local Domain Name Server (DNS) so that external access to your internal servers can pass through the Revers Proxy using names like http://service_name.mydomain.com
This implies that you own the domain ‘mydomain.com’ and that this domain is linked to your physical WAN IP. You can use a service called DynDNS to obtain this for free, or you can buy your own domain from most reputable Internet Service Providers (ISP’s). You could also use the myQNAPCloud service and the CloudLink address which is free for all QNAP NAS customers. But be aware that this service is known to be unstable.
Last, but not least – you should establish a Shared Folder link

Image

To make this work, first create a folder somewhere on your NAS, i.e. in the Public folder or the Web folder, using File Station. In the example above I have created a folder named ‘nginx ’ in my Web folder. When you browse the folder hierarchy tree to find this during container creation, you’ll see the resulting mapping becomes ‘share/Web/nginx ’. When this is mapped to ‘/config ’ all settings and custom config files are stored outside the container and they will survive a container crash or reinstallation.
Now click CREATE and you will be presented with a summary of all settings (those made by you, and those predefined for the Nginx container), and the container will be created and started.
If the container fails to start (immediate stop), check the output in the console window as well as the error log created in the /config folder (Shared folder). It should start only on its own basic configuration.

If it runs successfully, then it’s time to do the final configuration. Launch the Proxy Manager GUI by typing the following into your browser: [NAS-IP]:35081 (or whatever port number you use). This should take you to the opening page of the Reverse Proxy Manager where you will be asked to log on using the following credentials:

Username: admin@example.com
Password: changeme

After successful logon and change of credentials, you should arrive on the main dashboard:

Image

The next step is to generate an SSL certificate assuming your wish to limit inbound traffic to be encrypted only (https). Theoretically, you could allow unencrypted (http) traffic as well but be aware that the current browser updates may restrict this. Especially Google Chrome is known to block non-SSL traffic while Microsoft Edge still allows it. My advice is that you restrict all traffic to be encrypted only (https).
In order to generate certificates, you must have a valid domain name set up and configured to point to your WAN-IP, and port 80 on your WAN router must be configured with correct port forwarding to the Nginx server as described earlier in this guide. This is because Let’s Encrypt use this channel to verify that you are in fact the rightful owner of this server.
You should verify this connection by visiting your domain from the internet, i.e. service.mydomain.com

If it works, you should get this result:

Image

If it fails, you may have fallen into the classic browser trap; Try refreshing your browser by typing <crtl>F5. If that too doesn’t work, then try another browser. As your last resort, clear your browsers cache. For Chrome, click <crtl><shift>Del and then choose the Advanced tab and make sure you tick the Site Settings box. Remember that every time you make a protocol, routing or certificate change as you experiment to find a working solution, you may have to clear the browser cache each time. If not, Chrome will remember your most resent setting and you’ll be stuck in a loophole.
Well, if clearing the cache doesn’t work either, then you have a more fundamental issue that needs to be resolved.
But if you did see the Nginx welcome page, then return your attention to the Admin panel and click on the ‘SSL Certificate ’ tab to begin generating your free Let’s Encrypt certificates. Choose ‘Add SSL Certificate ‘ and then click on ‘Let’s Encrypt ‘. Just for the record, you can use certificates from any commercial provider, but this is beyond the scope of this guide.

Image

Next, you need to fill in the necessary information to enable the admin manager to contact Let’s Encrypt and generate the certificates:

Image

This box contains only two important fields: The name of your domain and your email address. Finally you have to agree to Let’s Encrypt terms of service, and then click ‘Save ‘
Generating the certificate takes a while so just be patient. When it’s done, you’ll see the certificate registered in the dashboard.

Image

Now, it’s ready to be put to good use. If you’re interested, you’ll find the certificate itself stored in this folder:
/config/letsencrypt/live/npm-X/ where ‘X’ represent the number of times you’ve generated a new certificate – starting at ‘1’.
And there’s a README file that explains all the other files and the purpose of each one. But to complete this project, you’ll never have to worry about the certificate ever again. Proxy manager will even automatically update all certificates when they expire after 90 days, assuming that it is alive and running 24/7, and that your firewall/router’s incoming port 80 points to 35080 at all times.
The last step is to bind everything together, and make it work.
Return to the admin page and click on the ‘Hosts‘ tab followed by ‘Proxy hosts ‘. Then fill out the following;

Image

In the above example, Domain Name is the name of your domain as you would type as a URL in your browser in order to access the “service” from internet. The Scheme should be http to allow regular http requests to be used. The Nginx Proxy will automatically redirect this to port 443 as an https request just as if you had typed https://service.mydomain.com
This in turn will invoke the SSL certificate and the communication is encrypted and “safe”. For this to work, of course your firewall/router’s 443 port must be properly routed to the Proxy Servers 35433 port (or whatever port number you chose during installation).
The IP field is the address of the internal service, normally the machine IP in your LAN where the target service is hosted (running), as well as the port number through which the service is exposed on you LAN. If your servers are configured using DHCP you might be better off using its NetBIOS name instead of its IP address as this may change.
The objective here is that you should arrive at the exact same place whether you use http://192.168.101.15:9010 from a client PC on your LAN, or if you use http://service.mydomain.com from any internet connected PC anywhere in the world.
Remember to activate Websocket Support if your ‘service’ requires web socket protocol
Now the only thing remaining is to bind the certificate to it all. Before you click ‘Save‘, go to the SSL tab and click in the empty SSL Certificate field where it says ‘None ‘ and a pull down of your options is presented. You should see your own newly created certificate as a valid selection.

Image

Remember to activate ‘Force SSL’ unless your setup is designed to allow non encrypted traffic through (which is very unlikely and pointless). Finally, wrap it all up by clicking ‘Save ‘
From there on, it should work. Try it by typing http://service.mydomain.com in your favorite browser (or whatever your actual domain name is, and your subdomain is called).
You can expose as many internal services as you like by simply repeating the whole process, once for each service.

EPILOG:
I haven’t been able to figure out how to use alias names when creating Let’s Encrypt certificates using Jamie’s Proxy Manager. Maybe you can tell me?
Also, I haven’t successfully been able to verify that the renew procedure actually works – neither automatically nor manually. Maybe you can share your experience?

[Edit] 25.march 2021 - I have renewed my certificates manually several times using Nginx, with varying degree of success. My experience is that it takes time - sometimes several minutes. Often it fails, and you just have to retry. I've even experienceed that the process is completed successfully but without the 'success' notification. Check the folder location where your certificates are stored to see if a new folder has been created. If it has, then you're probably OK.
Last edited by oyvindo on Thu Mar 25, 2021 10:15 pm, edited 1 time in total.
ImageImageImage
User avatar
OneCD
Guru
Posts: 12010
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: [How To] install Nginx Reverse Proxy in CS with Let's Encrypt Certificate

Post by OneCD »

Nicely done @oyvindo! A great how-to. :D

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage
User avatar
oyvindo
Experience counts
Posts: 1399
Joined: Tue May 19, 2009 2:08 am
Location: Norway, Oslo

Re: [How To] install Nginx Reverse Proxy in CS with Let's Encrypt Certificate

Post by oyvindo »

Thank you @OneCD
Your feedback is highly appreciated. :)
ImageImageImage
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: [How To] install Nginx Reverse Proxy in CS with Let's Encrypt Certificate

Post by Moogle Stiltzkin »

i'll ask vortax to pin this. gj

although maybe some elaboration how docker can increase security? if any?


also found this guide here

How to setup a Reverse Proxy using Nginx
https://www.reddit.com/r/qnap/comments/ ... s_using_a/

vortax explains in further detail about some of the implications
Ok. we are going to use a Virtual Machine running Ubuntu Server to run Nginx.
AGAIN??? WHAT THE $·%·$%·$% MAN. ** USE DOCKER!!!!!!!
Chill, dude. There is a reason. I have tried to set Nginx in docker for days. I got it working easily, but it has a big BIG problem: Nginx on a container CANNOT ROUTE TO OTHER CONTAINERS in the same host. So, you can set it, and it will work, but it will refuse to route the connections to other containers running in the same host, effectively dismissing the usefulness of it.

Sources:

https://www.reddit.com/r/nginx/comments ... s/f81i3we/

https://forums.docker.com/t/how-to-reac ... at/21083/4

https://docs.docker.com/v17.09/engine/u ... ckerlinks/

It basically forces you to create a sub-network to which every container must be linked, so they can “talk” to each other. That is a major pain in the **, and something that I don’t know how to do/don’t care to learn, and much less when there is a simpler alternative: Using a Virtual Machine, which works perfectly fine.

If anyone in this community has managed a nginx container to work with other containers, the rest of the community would be very grateful if that user spends a little time creating another step-by-step guide :)

Are wee cool? Great. Let’s go.
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
User avatar
oyvindo
Experience counts
Posts: 1399
Joined: Tue May 19, 2009 2:08 am
Location: Norway, Oslo

Re: [How To] install Nginx Reverse Proxy in CS with Let's Encrypt Certificate

Post by oyvindo »

When I wrote my guide, you can rest assured that I had tested the final result. And it works just perfect. I am using my Nginx to route incoming calls to several other containerized apps. No problems at all!

Sent from my SM-G935F using Tapatalk


ImageImageImage
vmsman
Starting out
Posts: 38
Joined: Thu Jan 19, 2017 7:08 am

Re: [How To] install Nginx Reverse Proxy in CS with Let's Encrypt Certificate

Post by vmsman »

I keep getting Internal error when trying to authorize the SSL certs. I used your exact settings in the example. Here is the Docker console errors:

7/27/2020] [2:18:45 AM] [SSL ] › ✖ error Certificate is not valid (Command failed: openssl x509 -in /etc/letsencrypt/live/npm-7/f
ullchain.pem -subject -noout
Can't open /etc/letsencrypt/live/npm-7/fullchain.pem for reading, No such file or directory
139930291731304:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/etc/letsencrypt/live/npm-7/fu
llchain.pem','r')
139930291731304:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
unable to load certificate
)
[7/27/2020] [2:18:45 AM] [SSL ] › ✖ error Certificate is not valid (Command failed: openssl x509 -in /etc/letsencrypt/live/npm-8/f
ullchain.pem -subject -noout
Can't open /etc/letsencrypt/live/npm-8/fullchain.pem for reading, No such file or directory
140393512369000:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/etc/letsencrypt/live/npm-8/fu
llchain.pem','r')
140393512369000:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
unable to load certificate
vmsman
Starting out
Posts: 38
Joined: Thu Jan 19, 2017 7:08 am

Re: [How To] install Nginx Reverse Proxy in CS with Let's Encrypt Certificate

Post by vmsman »

Attached is the structure of my non-Volatile storage for Nginx-Proxy-Manager.
Non-Volatile NginX Store.png
You do not have the required permissions to view the files attached to this post.
User avatar
oyvindo
Experience counts
Posts: 1399
Joined: Tue May 19, 2009 2:08 am
Location: Norway, Oslo

Re: [How To] install Nginx Reverse Proxy in CS with Let's Encrypt Certificate

Post by oyvindo »

Did you check the actual content of your /letsencrypt/live folder? Check the content of the fullchain.pem file with a text editor. Then make a copy of the file to your local windows PC and rename it to fullchain.crt and doubleclick on it. Windows will then verify the authenticity of the certificate for you.
Also I see that you named your folder NginX-Data. Be aware that linux distinguishes between case in file and folder names. Also, I'm not so sure it's a good idea to use dash in file and folder names. If you have to use a delimiter, use underscore instead.
The error messages you get, are they presented in the Proxy Manager GUI, or do you just get the "internal error" message when trying to generate a certificate? If so, you shouldn't be getting a valid fullchain.pem at all. Since the error message says folder "npm-7" indicating you've tried already 7 times to generate the same certificate (?). Be aware that letsencrypt has limits as to how many times you may try and fail before timeout. Then you have to wait before making another attempt. (read their rules).
Try to clean up your npm folder structure and start fresh. Also, jump into your container and verify that the /config folder inside the container actually points to your /Web/NginX-Data folder.
Last but not least, your router port 80 (and 443) must point correctly to your ProxyManager instance. If not, validation will fail. Make sure the local web service is not running on the same NAs as your ProxyManager.
ImageImageImage
vmsman
Starting out
Posts: 38
Joined: Thu Jan 19, 2017 7:08 am

Re: [How To] install Nginx Reverse Proxy in CS with Let's Encrypt Certificate

Post by vmsman »

The procedure above is to create a Docker container which is Linux and not Windows. My desktop OS is Linux too, not that that matters. When I try to create a certificate, I get:

[7/27/2020] [6:11:48 PM] [Nginx ] › ℹ info Reloading Nginx
[7/27/2020] [6:11:48 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #1: vmsman.scottibyte.com
[7/27/2020] [6:11:53 PM] [Nginx ] › ℹ info Reloading Nginx
[7/27/2020] [6:11:53 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.i
ni" --cert-name "npm-1" --agree-tos --email "vmsman@scottibyte.com" --preferred-challenges "dns,http" --webroot --domains "vmsman.scottibyte
.com"
Saving debug log to /config/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for vmsman.scottibyte.com
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. vmsman.scottibyte.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient aut
orization :: Invalid response from http://vmsman.scottibyte.com/.well-know ... -BvZppHuxU [2601
:2c4:8101:e1:216:3eff:fe3c:beb3]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Fo
und</h1></center>\r\n<hr><center>"

I have a certificate for this name on the actual LXC server instance. It's just that NGinX Proxy Manager won't talk to it. If I bypass NginX proxy Manager by creating port forward rules to the LXC instance directly, it works. The whole point of using this NginX Proxy Manager was so that I could have multiple IPv4 apps behind my NAT on my one ISP IPv4 address. Initially, I tried to do this with plain vanilla NginX and after three weeks of reading and trying things, everything resulted in failure. I have several apps directly server via IPv6 and they work perfectly with SSL. The reason is that IPv6 apps can be directly hosted with a simple firewall rule and no proxy. I really want to get this working but errors like the one above give me no clue as to what I need to fix. I have determined that the nginx data folder that the Docker instance writes to is working and writing data to that location. My IPv4 port forward rules work for port 80 and port 443 as long as they go directly to ONE target IPv4 server. When I change the port forward rules as clearly defined above, I get the errors you see here in container station and remove users see the login page of my router and not the app. I have no UPNP turned on anywhere and only a single rule on the WAN for 80 and 443.
User avatar
oyvindo
Experience counts
Posts: 1399
Joined: Tue May 19, 2009 2:08 am
Location: Norway, Oslo

Re: [How To] install Nginx Reverse Proxy in CS with Let's Encrypt Certificate

Post by oyvindo »

Well, perhaps without any direct relevance - you should definitely disable uPNP in your router. It is a dangerous setting with regards to exposure and vulnerabilities.
It looks to be as if LetsEncrypt fails to challenge your domain in order to establish authentication.
I tried to browse to vmsman.scottibyte.com but (of course) it failed. I couldn't ping it either. I trust you did this test successfully prior to attempting to generate the certificate?
ImageImageImage
vmsman
Starting out
Posts: 38
Joined: Thu Jan 19, 2017 7:08 am

Re: [How To] install Nginx Reverse Proxy in CS with Let's Encrypt Certificate

Post by vmsman »

I have had UPNP disabled since day one. UPNP will arbitrarily open router holes in a sort of undocumented way. I mention UPNP because it would be one of my first thoughts. I have 40 years of systems network and systems architecture experience. This NGinX Proxy Manager is exactly what I need for the job. Something is going on to produce the errors above and I am unsure where the problem is. I have run this code in a VM, in a Docker container bridged and most recently I followed this blog which installs NginX Proxy Manager in Docker with the Docker NAT virtual switch in QNAP. I have both a TS-1277 and a TS-877 that I have tried this on. In addition, I tried installing this on a standalone Raspberry Pi just to eliminate any odd QNAP virtual switch issues. In all cases, I pretty much got the Failed authorization procedure. vmsman.scottibyte.com (http-01): urn:ietf:params:acme:error:unauthorized errors. Both nodes that I am trying to proxy work great with SSL through the Firewall with direct rules. My reason for NginX Proxy Manager is that I have two servers that want ports 80 and 443 in IPv4. I have all but settled offering my services all through IPv6 since that negates the need for a proxy. The problem is that the vast majority of the public users can't get to IPv6 only services because sadly most of the world is still doing IPv4 only. My network is IPv4 and IPv6 both and I have the goal of offering the Ipv4 services through NGinX Proxy Manager if only I could figure out these errors. Interestingly my certificate renewal works great via IPv6 and I have no "unauthorized errors" on the same servers. I do hate IPv4 despite having done it for 40 years. Give me a break, IPv6 has been around 20 years and it has yet to have widespread adoption. Go figure.
User avatar
oyvindo
Experience counts
Posts: 1399
Joined: Tue May 19, 2009 2:08 am
Location: Norway, Oslo

Re: [How To] install Nginx Reverse Proxy in CS with Let's Encrypt Certificate

Post by oyvindo »

Look, I'm trying to be of help here. I have no desire do turn this thread into a discussion about v6 versus v4.
And you do not need to explain why you wish to use Proxy Manager. I belive you - whatever you say.
I asked you a question: Did you manage to successfully browse to vmsman.scottibyte.com and get the Nginx opening page, prior to generating the certificate?
ImageImageImage
vmsman
Starting out
Posts: 38
Joined: Thu Jan 19, 2017 7:08 am

Re: [How To] install Nginx Reverse Proxy in CS with Let's Encrypt Certificate

Post by vmsman »

I never know the level of person to whom I am speaking. Didn't mean to offend. No, do not get the Nginx Page. I get my router login page. Are you using jlesage/nginx-proxy-manager in container station?
vmsman
Starting out
Posts: 38
Joined: Thu Jan 19, 2017 7:08 am

Re: [How To] install Nginx Reverse Proxy in CS with Let's Encrypt Certificate

Post by vmsman »

I deleted the container again and the supporting data on the file share in file station. When I go to add it again, in the advanced settings the environment variable area is empty as is the Network NAT area where it lists ports. Ideas?
User avatar
oyvindo
Experience counts
Posts: 1399
Joined: Tue May 19, 2009 2:08 am
Location: Norway, Oslo

Re: [How To] install Nginx Reverse Proxy in CS with Let's Encrypt Certificate

Post by oyvindo »

If you do not get the Nginx opening page, there is no point in moving onwards trying to generate the certificate. LetsEncrypt cannot get to your server if you cannot. You have to work that one out first.
Please post images of your settings in the advanced section during installation of your container (jlesage/nginx-proxy-manager)
ImageImageImage
Post Reply

Return to “Container Station”