Comments (7)
Sorry for the long post!
from gooby.
What is really interesting is that I tried accessing the webUI through http://[server IP]:9091 and it works, I can connect to it. So definitely the reverse proxy isn't doing its thing...
from gooby.
I updated the yaml to change the ip address range - LOCAL_NETWORK=127.0.0.1
to 172.27.0.0/16, seems it was too restrictive. Now the reverse proxy seems to pickup the fact that there is a service running; this is the section from /etc/nginx/conf.d/default.conf that now refers to transmission:
# transmission.mydomain.com
upstream transmission.mydomain.com {
## Can be connected with "docker_default" network
# transmission
server 172.27.0.5 down;
}
server {
server_name transmission.mydomain.com;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
return 301 https://$host$request_uri;
}
server {
server_name transmission.mydomain.com;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/transmission.mydomain.com.crt;
ssl_certificate_key /etc/nginx/certs/transmission.mydomain.com.key;
ssl_dhparam /etc/nginx/certs/transmission.mydomain.com.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/transmission.mydomain.com.chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
include /etc/nginx/vhost.d/default;
location / {
proxy_pass http://transmission.mydomain.com;
}
}
Also, the webUI is left wide open, I can't set a password or any form of authentication...
from gooby.
Interesting! Yeah a reverse proxy would probably not work out of the box with Open VPN... not sure what can be done. And it seems like you have been doing quite a bit of homework on this yourself :D
Let me know what you come up with - and I'll keep my eyes open too (but no promises, this is quite a bit beyond the scope of what Gooby was intended for haha).
from gooby.
I would leave off any of the network settings to begin with. This includes the DNS and local_network. If you NEED a local network, then the /16 should work but this won't be very portable (ie, if Docker switches to 192.168.x.x/16 for example).
The next thing is that you're VPNing from remote TO this container, if it even works, it will probably terminate inside the Docker container's network. That is, you'll be "local" to Transmission, Plex, etc., but won't have host access. If that's your intention, then it's a reasonable goal. You'll still have Internet access via your VPN I believe, but it will be going from inside the container through the Docker NAT system to the host and then out from the host to the "real" Internet.
from gooby.
Thanks for your comments! I'm holding off on this thing until I can figure out how to get more bandwidth out of the VPN, since I could connect using the IP address of the VPS.
The local network address range seems to be needed in order to be able to 'see' the container from within the 'local' network, since the container only uses the VPN to access the internet and do its thing. The amended local address range allows the other containers to see this one, but I still haven't figured out how to get the reverse proxy going. In any case, if I can't get more speed out of the VPN this point is moot.
from gooby.
Nice, let us know what you come up with @nesbcn :) Always great to see people making the system their own... and adding useful information in the meantime 🥇 I'll close this issue for the moment, but please do share how things went with your enhancements!
from gooby.
Related Issues (20)
- Emby Image correction. HOT 2
- Media variable HOT 1
- Migration from Ubuntu to Debian HOT 4
- Issue with Deluge HOT 3
- Everything seams gone after server reboot HOT 9
- Radarr errors and healthcheck failures HOT 14
- Emby Websocket connection closing after 1 Min. HOT 5
- Radarr DOA HOT 8
- Restored Emby from backup, now have SSL cert error on Emby domain HOT 1
- letsencrypt invalid certificate on radarr HOT 1
- Unable to install Deluge Docker container HOT 2
- Ombi, Sonarr, Jackett constantly restarting HOT 8
- How to reclaim plex server HOT 1
- Totally borked mounts after upgrading Ubuntu to 22.04.1 LTS HOT 2
- Waiting on mountpoints... HOT 4
- Mergerfs service can't start HOT 6
- Update on BSchuster
- RIP Google Workspace HOT 12
- Decoupling Google Drive from Gooby (switching to SMB) HOT 4
- Sonarr container blocked in restarting (Bad gateway) HOT 27
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gooby.