[HOW-TO] QNAP Apache Reverse Proxy with SSL using Let's Encrypt (for apps like SickRage, Couchpotato, NZBGet, Sonarr)

Post your questions about Web Server usage and Apache + PHP + MySQL/SQLite web applications.
mannibis
Getting the hang of things
Posts: 87
Joined: Thu Jan 16, 2014 10:23 pm

[HOW-TO] QNAP Apache Reverse Proxy with SSL using Let's Encrypt (for apps like SickRage, Couchpotato, NZBGet, Sonarr)

Post by mannibis »

Hey fellow QNAP'ers,

I've perused countless guides here on the QNAP forums detailing how to set up reverse proxies for web apps like SickRage, Couchpotato, NZBGet, etc.. using QNAP's apache so that you could access the app via a directory root on your domain such as mycooldomain.com/sickrage. However, none of them could help me get this all working using HTTPS/SSL and specifically with a Let's Encrypt SSL cert/key, which is legit and free if you own a domain name.

This guide will show you how to get it done using QNAP's built-in Apache web server. You will need to know how to access your QNAP via SSH (bash shell) and how to use a text editor such as nano in order to create your own customized apache configuration file and save it to your QNAP web directory. You should also have git and python 2.7 installed, either via QNAP's App store or via Entware (opkg), as we will be using a really useful QNAP shell script from GitHub in order to automatically set up our free Let's Encrypt SSL certificate/key. In addition to those app dependencies, having some basic unix command-line skills will be very helpful so that you can navigate the innards of your QNAP using a terminal (Putty, etc) and performing some commands that I have outlined below. If you have no idea what I'm talking about by this point, then you are most likely not going to be able to follow this guide...Anyway, here we go:

  • Firstly, you will want to enable the Apache Web Server if you haven't already done so via your QNAP's Settings in Control Panel > Web Server, as shown below:


    Image


    I've set it up using port 80 as the default HTTP port and 443 as the default HTTPS port (which is standard and these are the ports my guide follows throughout). Make sure this is set up and enabled before you do anything else!
  • Now, you will want to set up your Let's Encrypt certificates using Yannik's qnap-letsencrypt shell script that is hosted on github here: https://github.com/Yannik/qnap-letsencrypt. There, you will find a step-by-step guide on how to install the Let's Encrypt certificate and keys onto your QNAP. You will need to have a valid domain name in order to do this, such as mycooldomain.com, otherwise, why are you trying to install a Let's Encrypt cert to begin with?... I ended up git cloning the "qnap-letsencrypt" folder into my web root directory "/share/Web", so you should probably do the same so you can easily find it later on down the road if you need to re-run the bash scripts.
  • If all of that went well, then you are half-way there! You have just installed Let's Encrypt SSL certificates and keys on your QNAP and the GitHub script should have configured the built-in QNAP Apache web server to work with the Let's Encrypt cert. All of this should have gone smoothly without any errors, otherwise you will have to go back and make sure the "qnap-letsencrypt" scripts work properly or the rest of the guide is useless!

    The next steps involve setting up a customized Apache configuration file and defining Virtual Servers in order to get the reverse proxies up and running for all your web apps. The great part about this is after you're done, you DO NOT need to enable HTTPS/SSL on any of your apps individually. Apache will handle the SSL and your apps are none the wiser. Everything will be defined and set up using one configuration file and any changes or additions you need to make (such as adding another app) will be done using this customized.conf file.
  • Open up nano or a text editor of you choice and paste the following into it:

    Code: Select all

    LoadModule proxy_module modules/mod_proxy.so
    LoadModule proxy_http_module modules/mod_proxy_http.so
    LoadModule ssl_module modules/mod_ssl.so

    <VirtualHost *:443>
    RequestHeader set X-Apache-Proxy "https"

    ServerName domain.com

    SSLEngine On
    SSLProxyEngine On

    SSLHonorCipherOrder on
    SSLCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:!MD5
    SSLProtocol All -SSLv2 -SSLv3

    SSLCertificateFile "/etc/stunnel/stunnel.pem"
    SSLCertificateChainFile "/etc/stunnel/uca.pem"

    ProxyPreserveHost On
    ProxyRequests Off
    ProxyVia Off

    <Location /sickchill>
    Order deny,allow
    ProxyPass http://127.0.0.1:8081/sickchill
    ProxyPassReverse http://127.0.0.1:8081/sickchill
    </Location>

    <Location /nzbget>
    Order deny,allow
    ProxyPass http://127.0.0.1:6789/nzbget
    ProxyPassReverse http://127.0.0.1:6789/nzbget
    </Location>

    <Proxy *>
    Order deny,allow
    Allow from all
    </Proxy>

    DocumentRoot "/share/Web"

    <Directory "/share/Web">
    Options FollowSymLinks MultiViews
    Order allow,deny
    Allow from all
    </Directory>
    </VirtualHost>

    <VirtualHost *:80>
    ServerName domain.com
    Redirect / https://domain.com/
    </VirtualHost>

    OK! So this is where the magic happens. You can save this file as customized.conf in your web root directory. For my QNAP, this directory is "/share/Web", but it may be different for you (doubtful if you are using QNAP's Apache). If for some reason you defined your web root directory to be somewhere else, you can save the customized.conf file there instead and also edit the customized.conf file near the bottom where it defines the DocumentRoot and Directory as "/share/Web" and change it to your root directory. You will also want to change "domain.com" throughout the customized.conf file to your specific domain name as well.
  • The areas that you see where I have the <Location> tags are where the reverse proxy magic happens. I have 2 apps configured here: SickChill (a fork of SickRage) and NZBGet. You can just copy and paste that entire section and add as many as you want, or remove sections as you please. This is where the reverse proxy magic happens:

    Code: Select all

    
        <Location /sickchill>
    Order deny,allow
    ProxyPass http://127.0.0.1:8081/sickchill
    ProxyPassReverse http://127.0.0.1:8081/sickchill
    </Location>

    You can replace "http://127.0.0.1:8081/sickchill" (twice) with wherever your app resides on your system. For me, my SickChill app is on the same machine as the web server (QNAP), so I have the IP as 127.0.0.1, but if your app is on a different machine you can just use that internal IP (192.168.x.x for example). The port # for my Sickchill installation is 8081, so you can also change that to whatever port you have your app configured for. After that comes the webroot "/sickchill". I've decided to go with that but you can make it whatever you want. Just keep in mind that for certain apps like CouchPotato, SickRage, Tautulli, Radarr, etc you will need to specify the webroot in their settings somewhere, so make sure you use the same webroot here as you set up in each app's configuration/settings page. NZBGet does not require you to specify a webroot, but I used "/nzbget". Keep in mind to change the webroot in the URL as well as on the first line in the <Location /sickchill> tag. You will use this webroot to access your web app's UI later on.
  • After you are done editing your customized.conf and saving it to your web root directory, there is just one more step that you will need to perform in order to get your QNAP's apache to read it. You will need to Include this customized.conf file in your Apache's main configuration file. For me it is found at '/etc/config/apache/apache.conf'. So all you have to do is SSH into your QNAP (if you aren't already in) and just nano the apache.conf file, as so:

    Code: Select all

    nano /etc/config/apache/apache.conf

    Then, scroll to the very bottom and paste this new line at the very end:

    Code: Select all

    Include /share/Web/customized.conf

    Remember, my customized.conf was saved in my web root directory "/share/Web", so if you saved your customized file somewhere else, make sure to change the path above.
  • After the file is saved (Ctrl-o, Enter in nano), you will just need to restart the QNAP HTTP server by performing this command in your shell:

    Code: Select all

    /etc/init.d/Qthttpd.sh restart

    This will restart the QNAP Apache web server and read your customized configuration file as well as load the Apache modules we included at the beginning of our .conf file. Now you can go to https://domain.com/sickchill or wherever you specified your web app to be, and you should see a nice little lock in the URL bar with a valid Let's Encrypt cert!!! Also, remember that you do NOT need to port forward any ports from your web apps on your router such as 6789, or 8081, or 5050, etc. The only ports that need to be forwarded to your QNAP IP is port 80 and port 443 which are the HTTP/HTTPS ports. The customized.conf is also set up to redirect any HTTP (non-secure) traffic automatically to HTTPS, so even if you try going to http://domain.com/sickchill, it should automatically re-direct you to the HTTPS page with the secure lock.


    The main thing to remember here is that Apache is handling all the security and traffic to and from your browser and server, wherever on the internet you may be. This is definitely the safest way to configure all of this, as opposed to opening up dozens of ports and relying on each web app to provide you with security. Apache is literally designed to handle this type of thing, so proxying everything through that is the smartest way to do it, especially using SSL encryption
-----------------------------------------------------------------------------------------------------------

NOW YOU ARE FINALLY DONE! Your secured web apps should look like this in a Chrome browser now:

Image

Image


The trick to all of this was to figure out that the Let's Encrypt Github script installed the key and cert in "/etc/stunnel/" where QNAP's Apache web server looks.

If you ever need to edit your customized.conf file, make sure to also restart the QNAP web server using the "/etc/init.d/Qthttpd.sh restart" command as shown above.

Let me know if you run into any issues--I must have been trying to get this to work for a week before I finally put all the puzzle pieces together, so don't be discouraged if somewhere along the way you got lost or if something doesn't work. I basically took 2 or 3 other guides here on the QNAP forums and pieced them all together to get my finalized SSL-enabled customized QNAP Apache web server with Reverse Proxy webroots for all of my Usenet web apps. This should work for Sonarr, Radarr, CouchPotato, SickRage, SickChill, Medusa, Tautulli, NZBGet, Sabnzbd, Ombi, Transmission, NZBHydra, and many more. The best part about it is that we let QNAP's Apache handle the proxying and the SSL so that each individual app does not need to be configured with SSL at all. Like I stated previously, the only setting you will probably need to change is the webroot (/nzbget, /taututlli, etc.) in each app's config page.

If you run into any issues, and I'm sure you will at some point, PLEASE do not hesitate to post about it. Provide some logs or error messages and I will do my best to help you sort through it. Good luck!

NOTE: The Let's Encrypt cert expires after 90 days I believe, so all you need to do is run the "renew_certificate.sh" script in your "qnap-letsencrypt" directory that you ran earlier from the GitHub page in order to renew the SSL cert. The GitHub page also describes setting up a cronjob to do this automatically so you don't have to do it yourself, but choose whatever method you want.

Cheers!!
Last edited by mannibis on Thu Dec 06, 2018 10:43 am, edited 14 times in total.
nasnoob
Getting the hang of things
Posts: 74
Joined: Sun Jun 21, 2009 4:31 pm

Re: [HOW-TO] QNAP Apache Reverse Proxy with SSL using Let's Encrypt (for apps like SickRage, Couchpotato, NZBGet, Sonarr

Post by nasnoob »

This is great!! exactly what i'm looking to do, however I've run into a couple of issues:

1) When I amend apache.conf and add Include /share/Web/customized.conf then restart QNAP http server, the config file gets overwritten and the line is removed, am i doing something wrong?

2) Is there anyway to use the existing LetsEncrypt SSL certificate if you use the myqnapcloud ddns service? wouldn't this resolve problems with auto renewal for the certificates?

I tried replacing your certificate lines with the below

SSLCertificateKeyFile /mnt/HDA_ROOT/.config/QcloudSSLCertificate/cert/key

SSLCertificateFile /mnt/HDA_ROOT/.config/QcloudSSLCertificate/cert/cert


however it didn't seem to work, any suggestions?
Jibay
New here
Posts: 3
Joined: Sat Oct 08, 2016 2:18 am

Re: [HOW-TO] QNAP Apache Reverse Proxy with SSL using Let's Encrypt (for apps like SickRage, Couchpotato, NZBGet, Sonarr

Post by Jibay »

Hi,

thanks for the post i had one question, when i enable the web server i want to put the same value of the screen (80/443) but qnap say it's already in use,

(i suppose it's because the interface of QT) but how to do to have two in 443?

Thanks
mannibis
Getting the hang of things
Posts: 87
Joined: Thu Jan 16, 2014 10:23 pm

Re: [HOW-TO] QNAP Apache Reverse Proxy with SSL using Let's Encrypt (for apps like SickRage, Couchpotato, NZBGet, Sonarr

Post by mannibis »

nasnoob wrote: Wed Dec 12, 2018 8:33 am This is great!! exactly what i'm looking to do, however I've run into a couple of issues:

1) When I amend apache.conf and add Include /share/Web/customized.conf then restart QNAP http server, the config file gets overwritten and the line is removed, am i doing something wrong?

2) Is there anyway to use the existing LetsEncrypt SSL certificate if you use the myqnapcloud ddns service? wouldn't this resolve problems with auto renewal for the certificates?

I tried replacing your certificate lines with the below

SSLCertificateKeyFile /mnt/HDA_ROOT/.config/QcloudSSLCertificate/cert/key

SSLCertificateFile /mnt/HDA_ROOT/.config/QcloudSSLCertificate/cert/cert


however it didn't seem to work, any suggestions?
I did not try this with the myqnapcloud ddns service, so I have no idea. I'd imagine if the key and cert was valid, that it would work.

The reason that QNAP over-write your .conf is because there was an error in your customized.conf. Obviously, you are sure that is is located in "/share/Web"? If so, can you pastebin me your customized.conf so I can take a look at where you may be going wrong? Also send over your apache.conf so I can compare with mine. Thanks, and sorry for the delay in getting back to you. I thought I had email alerts on but I don't
mannibis
Getting the hang of things
Posts: 87
Joined: Thu Jan 16, 2014 10:23 pm

Re: [HOW-TO] QNAP Apache Reverse Proxy with SSL using Let's Encrypt (for apps like SickRage, Couchpotato, NZBGet, Sonarr

Post by mannibis »

Jibay wrote: Mon Dec 17, 2018 9:07 pm Hi,

thanks for the post i had one question, when i enable the web server i want to put the same value of the screen (80/443) but qnap say it's already in use,

(i suppose it's because the interface of QT) but how to do to have two in 443?

Thanks
There should be a setting somewhere where you can change the port of the QNAP WEB interface. I changed mine to 8080 for HTTP and 8443 for HTTPS. Obviously, you cannot have two services running on port 443.
billerr
First post
Posts: 1
Joined: Thu Oct 19, 2017 5:54 pm

Re: [HOW-TO] QNAP Apache Reverse Proxy with SSL using Let's Encrypt (for apps like SickRage, Couchpotato, NZBGet, Sonarr

Post by billerr »

UPDATE:
Apparently I'm as dumb as they get :D
The issue was that the Web Server ports listed below did not correspond to the Virtual Hosts ports. I suppose either the certificate renewal process reset them or I did will disabling and re-enabling the Web Server while troubleshooting.
I'm just leaving this up for anyone else that stumbles upon the same problem.

To sum up:
"Connection refused" is usually a problem with the server listening on the wrong ports, so this should hint that something is wrong with the port setup.
In case of this reverse proxy set up, Web Server ports should be set to the same ports as your Virtual Hosts file.

Thanks and sorry for the interruption! :)

-------

Hi!
First of all, I'd like to thank you for this guide, it made things much simpler for me compared to all the different and somewhat confusing other guides I found!

I've been using this successfully since December with the built-in Let's Encrypt certificate, but today I had to renew it. Nothing complex, I just pressed the renew button in the built-in app.
Since the renewal, the server is refusing connection on the Virtual Host ports. I've tried restarting the server and system but I don't know what else to try, as the setup is exactly the same as what worked a few hours ago.
Can you please have a look at my setup below and let me know if you have any clue as to what I could change to make this work again?

Here is my setup:
  • I've included my Virtual Host file at the bottom of /etc/config/apache/apache.conf. It looks like it loads successfully (I can see the virtual hosts listed if I run /usr/local/apache/bin/apache -S
  • I can see the new certificate files like normal under /etc/stunnel/ so it doesn't look like anything changed on their setup of the certificates.
  • The secure virtual host port (5223) is still properly forwarded to in my router settings.
  • The virtual host root path proxies the QNAP admin interface (so that I can use the same port for all NAS services, admin & user-installed, based on URL path).
  • My QNAP ports are set up as follows (<insecure> / <secure>):
    • QNAP admin: 8080 / 8443
    • Web Server: 80 / 8081
    • Virtual Host: 5222 / 5223
Below are the contents of my custom apps.conf file:

Code: Select all

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so

<VirtualHost *:5223>
        RequestHeader set X-Apache-Proxy "https"

	ServerName XXX.myqnapcloud.com

	SSLEngine On
	SSLProxyEngine On

	SSLHonorCipherOrder on
	SSLCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:!MD5
	SSLProtocol All -SSLv2 -SSLv3

	SSLCertificateFile "/etc/stunnel/stunnel.pem"
	SSLCertificateChainFile "/etc/stunnel/uca.pem"

	ProxyPreserveHost On
	ProxyRequests Off
	ProxyVia Off

    <Location />
            Order deny,allow
            ProxyPass https://127.0.0.1:8443/
            ProxyPassReverse https://127.0.0.1:8443/
    </Location>

    <Location /transmission>
            Order deny,allow
            ProxyPass http://127.0.0.1:49091/transmission
            ProxyPassReverse http://127.0.0.1:49091/transmission
    </Location>

    <Location /sonarr>
            Order deny,allow
            ProxyPass http://127.0.0.1:8989/sonarr
            ProxyPassReverse http://127.0.0.1:8989/sonarr
    </Location>

    <Location /radarr>
            Order deny,allow
            ProxyPass http://127.0.0.1:7878/radarr
            ProxyPassReverse http://127.0.0.1:7878/radarr
    </Location>

    <Proxy *>
            Order deny,allow
            Allow from all
    </Proxy>

    DocumentRoot "/share/Web"

    <Directory "/share/Web">
            Options FollowSymLinks MultiViews
            Order allow,deny
            Allow from all
    </Directory>
</VirtualHost>

<VirtualHost *:5222>
    ServerName XXX.myqnapcloud.com
    Redirect / https://XXX.myqnapcloud.com:5223/
</VirtualHost>
Many thanks in advance for your help!
Digitalspirit
Starting out
Posts: 24
Joined: Sun Mar 17, 2019 2:31 am

Re: [HOW-TO] QNAP Apache Reverse Proxy with SSL using Let's Encrypt (for apps like SickRage, Couchpotato, NZBGet, Sonarr

Post by Digitalspirit »

Hi, trying to set this up with xxx.myqnapcloud.com domain with Let's Encrypt certs, but getting stuck!

My QNAP ports are set up as follows (<insecure> / <secure>):
QNAP admin: 8080 / 443
Web Server: 80 / 8443

Have Let's Encrypt certs installed via control panel (can see stunnel.pem & uca.pem in apache config folder with same date stamp they were created) and want to use xxx.myqnapcloud.com domain for this, so not using bash script.

Created customized.conf (located in /share/Web) and successfully added to apache.conf

http://xxx.xxx.x.xxx:80/ takes me directly to https://xxx.myqnapcloud.com (so the redirect from the script is working just not the apps after the domain)
https://xxx.xxx.x.xxx:8443/ takes me to https://xxx.xxx.x.xxx/cgi-bin/

Forwarded ports 443 / 80 / 8443 (all verified Open), 8080 closed. When, for example I try and navigate to https://xxx.myqnapcloud.com/sonarr I get the 'Page not found or the web server is currently unavailable.' warning.

Code: Select all

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so

<VirtualHost *:8443>
        RequestHeader set X-Apache-Proxy "https"

	ServerName XXX.myqnapcloud.com

	SSLEngine On
	SSLProxyEngine On
	SSLHonorCipherOrder on

	SSLCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:!MD5
	SSLProtocol All -SSLv2 -SSLv3

	SSLCertificateFile "/etc/stunnel/stunnel.pem"
	SSLCertificateChainFile "/etc/stunnel/uca.pem"

	ProxyPreserveHost On
	ProxyRequests Off
	ProxyVia Off

    <Location /sonarr>
            Order deny,allow
            ProxyPass http://192.168.1.230:8989/sonarr
            ProxyPassReverse http://192.168.1.230:8989/sonarr
    </Location>

    <Location /nzbget>
            Order deny,allow
            ProxyPass http://192.168.1.230:6789/nzbget
            ProxyPassReverse http://192.168.1.230:6789/nzbget
    </Location>

    <Proxy *>
            Order deny,allow
            Allow from all
    </Proxy>

    DocumentRoot "/share/Web"

    <Directory "/share/Web">
            Options FollowSymLinks MultiViews
            Order allow,deny
            Allow from all
    </Directory>
</VirtualHost>

<VirtualHost *:80>
    ServerName XXX.myqnapcloud.com
    Redirect / https://XXX.myqnapcloud.com:8443/
</VirtualHost>
Any help gratefully received, probably something really obvious (hopefully). Thanks.
kebl2825
First post
Posts: 1
Joined: Wed May 15, 2019 11:28 pm

Re: [HOW-TO] QNAP Apache Reverse Proxy with SSL using Let's Encrypt (for apps like SickRage, Couchpotato, NZBGet, Sonarr

Post by kebl2825 »

Digitalspirit wrote: Sun Mar 31, 2019 11:44 pm Hi, trying to set this up with xxx.myqnapcloud.com domain with Let's Encrypt certs, but getting stuck!

My QNAP ports are set up as follows (<insecure> / <secure>):
QNAP admin: 8080 / 443
Web Server: 80 / 8443

Have Let's Encrypt certs installed via control panel (can see stunnel.pem & uca.pem in apache config folder with same date stamp they were created) and want to use xxx.myqnapcloud.com domain for this, so not using bash script.

Created customized.conf (located in /share/Web) and successfully added to apache.conf

http://xxx.xxx.x.xxx:80/ takes me directly to https://xxx.myqnapcloud.com (so the redirect from the script is working just not the apps after the domain)
https://xxx.xxx.x.xxx:8443/ takes me to https://xxx.xxx.x.xxx/cgi-bin/

Forwarded ports 443 / 80 / 8443 (all verified Open), 8080 closed. When, for example I try and navigate to https://xxx.myqnapcloud.com/sonarr I get the 'Page not found or the web server is currently unavailable.' warning.

Code: Select all

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so

<VirtualHost *:8443>
        RequestHeader set X-Apache-Proxy "https"

	ServerName XXX.myqnapcloud.com

	SSLEngine On
	SSLProxyEngine On
	SSLHonorCipherOrder on

	SSLCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:!MD5
	SSLProtocol All -SSLv2 -SSLv3

	SSLCertificateFile "/etc/stunnel/stunnel.pem"
	SSLCertificateChainFile "/etc/stunnel/uca.pem"

	ProxyPreserveHost On
	ProxyRequests Off
	ProxyVia Off

    <Location /sonarr>
            Order deny,allow
            ProxyPass http://192.168.1.230:8989/sonarr
            ProxyPassReverse http://192.168.1.230:8989/sonarr
    </Location>

    <Location /nzbget>
            Order deny,allow
            ProxyPass http://192.168.1.230:6789/nzbget
            ProxyPassReverse http://192.168.1.230:6789/nzbget
    </Location>

    <Proxy *>
            Order deny,allow
            Allow from all
    </Proxy>

    DocumentRoot "/share/Web"

    <Directory "/share/Web">
            Options FollowSymLinks MultiViews
            Order allow,deny
            Allow from all
    </Directory>
</VirtualHost>

<VirtualHost *:80>
    ServerName XXX.myqnapcloud.com
    Redirect / https://XXX.myqnapcloud.com:8443/
</VirtualHost>
Any help gratefully received, probably something really obvious (hopefully). Thanks.

I think you are missing the step of setting the URL base in the app.
e.g. for Sonarr, go to Settings > General and edit the URL Base to /sonarr
This was the last step for me to get my own XXX.myqnapcloud.com/sonarr working.

This will need repeating for each app corresponding to each Location you set up reverse proxy for.
burbulence
New here
Posts: 4
Joined: Mon Jul 16, 2012 6:07 pm

Re: [HOW-TO] QNAP Apache Reverse Proxy with SSL using Let's Encrypt (for apps like SickRage, Couchpotato, NZBGet, Sonarr

Post by burbulence »

Hello. Firstly great how to, has got me right the way up to the almost there point... but unfortunately i'm stuck at the QNAP error page

Error
Page not found or the web server is currently unavailable. Please contact the website administrator for help.

Code: Select all

    <Location /sickchill>

            Order deny,allow

            ProxyPass http://127.0.0.1:8081/sickchill/

            ProxyPassReverse http://127.0.0.1:8081/sickchill/

    </Location>
I have this set in the custom configuration and have the web_root set to sickchill, and after restarting Qhttpd service i still get the above error. Also if i set the web_root i no longer have access via the port address, i think this is normal behaviour?
burbulence
New here
Posts: 4
Joined: Mon Jul 16, 2012 6:07 pm

Re: [HOW-TO] QNAP Apache Reverse Proxy with SSL using Let's Encrypt (for apps like SickRage, Couchpotato, NZBGet, Sonarr

Post by burbulence »

so 8 months later i still cant solve the problem... anyone have any ideas at all?
User avatar
Toxic17
Ask me anything
Posts: 6469
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: [HOW-TO] QNAP Apache Reverse Proxy with SSL using Let's Encrypt (for apps like SickRage, Couchpotato, NZBGet, Sonarr

Post by Toxic17 »

Did you try using the IP of the NAS's interface rather than using the internal IP of the host?

Sent from my GM1913 using Tapatalk

Regards Simon

Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
burbulence
New here
Posts: 4
Joined: Mon Jul 16, 2012 6:07 pm

Re: [HOW-TO] QNAP Apache Reverse Proxy with SSL using Let's Encrypt (for apps like SickRage, Couchpotato, NZBGet, Sonarr

Post by burbulence »

Toxic17 wrote: Wed Jan 29, 2020 5:06 am Did you try using the IP of the NAS's interface rather than using the internal IP of the host?

Sent from my GM1913 using Tapatalk
EDIT:

slight confusion with your comment, yes i have tried the iterface IP, i also tried the hostname, localhost,

running apachectl -S gives me the following output so can see that the customised config is loaded:

Code: Select all

[~] # /usr/local/apache/bin/apachectl -S
[Tue Jan 28 15:14:09.879431 2020] [so:warn] [pid 32066:tid 140580817188736] AH01574: module proxy_module is already loaded, skipping
[Tue Jan 28 15:14:09.880401 2020] [so:warn] [pid 32066:tid 140580817188736] AH01574: module ssl_module is already loaded, skipping
AH00558: apache: Could not reliably determine the server's fully qualified domain name, using 10.0.5.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:8081                 10.0.5.1 (/etc/config/apache/extra/apache-ssl.conf:16)
*:443                  XXXX.XXXX.com (/share/Web/customised.conf:9)
*:80                    XXXX.XXXX.com (/share/Web/customised.conf:99)
Is there any way to get apache to list the locations or the redirects bearing in mind there doesnt seem to be a scorecard file being created in the logs directory
burbulence
New here
Posts: 4
Joined: Mon Jul 16, 2012 6:07 pm

Re: [HOW-TO] QNAP Apache Reverse Proxy with SSL using Let's Encrypt (for apps like SickRage, Couchpotato, NZBGet, Sonarr

Post by burbulence »

Screenshot 2020-02-05 at 10.27.08.png
whatever i do seem to redirect me to this page... so any help getting past this really would be appreciated.
You do not have the required permissions to view the files attached to this post.
truonger64
First post
Posts: 1
Joined: Tue Aug 11, 2020 9:41 am

Re: [HOW-TO] QNAP Apache Reverse Proxy with SSL using Let's Encrypt (for apps like SickRage, Couchpotato, NZBGet, Sonarr

Post by truonger64 »

I have been trying to get this to work for a few days now. I even tried to hire someone to help me but not too many people know how to do this. I set up everything as specified but still no luck. Does anyone know of any additional resources?
User avatar
oyvindo
Experience counts
Posts: 1399
Joined: Tue May 19, 2009 2:08 am
Location: Norway, Oslo

Re: [HOW-TO] QNAP Apache Reverse Proxy with SSL using Let's Encrypt (for apps like SickRage, Couchpotato, NZBGet, Sonarr

Post by oyvindo »

The QNAP help pages and official guides offers very little help.
In Control Panel --> Web Server it says :

Code: Select all

After enabling this service, click the following link to enter to Web server
And then it shows to active links:

http://Your_NAS_LAN_IP:80/
https://Your_NAS_LAN_IP:8081/

None of which will take you anywhere but to the default QTS login page.
Enabling or disabling the Web server makes no difference!
Deleting or replacing the index.php file in the share/Web folder makes no difference.
Restarting the Apache server makes no difference.
Rebooting the NAS makes no difference.
Whatever you do, you always end up at the logon page.

Does anyone know how to get the Web server to display just a simple "Hello World" when you go to http://Your_NAS_LAN_IP:80/
ImageImageImage
Post Reply

Return to “Web Server & Applications (Apache + PHP + MySQL / SQLite)”