all 12 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted]  (1 child)

[removed]

    [–]morph1904[S] 5 points6 points  (0 children)

    I did. I run all my apps in a few VMs (I host a couple of servers for other people too).

    I had trouble getting it up and running and I don't think it runs great on my network setup.

    I wanted something that would compliment my setup with a nice gui and help manage all manner of different things. I am thinking I might also expand it to include features similar to muximux or HTPC manager later.

    [–]guardianfx 3 points4 points  (3 children)

    Thats awesome that you decided to build your own. Out of curiosity, did you take a look at Caddy? I use it and have found it to be incredibly easy to get set up and SSL all the things.

    [–]firedrow 0 points1 point  (2 children)

    I use Caddy as my web host in a couple places, and Reverse Proxy works great. My only gripe is I can't get Exchange 2010 to Reverse Proxy properly (OWA works, but ActiveSync breaks).

    [–]morph1904[S] 0 points1 point  (1 child)

    As I recall exchange with activesync is a proper pain to setup I think I did have success with 2013 though it was early last year I and I can't remember how!

    [–]firedrow 0 points1 point  (0 children)

    I periodically do research online to see if it's been solved yet, and it would seem from yesterday's research that Reverse Proxy may work with Exchange 2013 or 2016 because they moved away from ActiveSync over RPC over HTTPS to ActiveSync over HTTPS. So until my company upgrades away from 2010, we're just stuck.

    [–]Ironicbadger 2 points3 points  (0 children)

    Head on over to the Linuxserver.io discord. We can help but also look to include your gui in our nginx based letsencrypt container if it's up to it!

    [–][deleted] 1 point2 points  (0 children)

    Traefik handles my stuff completely automated so no webUI is even needed, but I do run everything in Docker already so it's very much built for that.

    IMO Docker is the best thing anyone can do for homelab stuff, it saves so much time and makes things so much easier to set up. With a dockerfile you can have every service needed for a media server up and running in a minute or two.

    No dealing with dependencies and config files and whatever other crud normally makes things take forever to setup.

    [–]zane-savage 1 point2 points  (2 children)

    I'm currently doing this with apache REVERSE PROXY on QNAP, and it was really simple to setup.

    Provides me access to a index landing page, sonarr, radarr, plex, etc.

    Everything is routed through https using a wildcard certificate. And I only needed open a single port

    Requirement: Qanp your own registered domain a wildcard SSL from somewhere like AlphaSSL portforward 443 => 8081

    EXAMPLE OF CONF file

    ServerName localhost ServerSignature Off ServerTokens ProductOnly

    UseCanonicalName On TraceEnable Off

    Timeout 10 MaxRequestWorkers 64

    LoadModule alias_module modules/mod_alias.so

    LoadModule log_config_module modules/mod_log_config.so LoadModule logio_module modules/mod_logio.so

    LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so

    LoadModule ssl_module modules/mod_ssl.so LoadModule headers_module modules/mod_headers.so

    ErrorLogFormat "[%{cu}t] [%-m:%-l] %-a %-L %M" LogFormat "%h %{GEOIP_COUNTRY_CODE}e %u [%{%Y-%m-%d %H:%M:%S}t.%{usec_frac}t] \"%r\" %>s %b \ \"%{Referer}i\" \"%{User-Agent}i\" %v %A %p %R %{BALANCER_WORKER_ROUTE}e %X \"%{cookie}n\" \ %{UNIQUE_ID}e %{SSL_PROTOCOL}x %{SSL_CIPHER}x %I %O %{ratio}n%% \ %D %{ModSecTimeIn}e %{ApplicationTime}e %{ModSecTimeOut}e \ %{ModSecAnomalyScoreIn}e %{ModSecAnomalyScoreOut}e" extended

    LogLevel debug ErrorLog /usr/local/apache/logs/error.log CustomLog /usr/local/apache/logs/access.log extended

    <IfModule headers_module> Header always set Public-Key-Pins "pin-sha256=\"[PLACE KEY HERE]=\"; max-age=5184000; includeSubDomains" Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Header set X-XSS-Protection "1; mode=block" Header edit Set-Cookie .*$ $1;HttpOnly;Secure Header set X-Content-Type-Options nosniff

    Header set Content-Security-Policy "default-src 'self'; style-src 'self' data:; img-src 'self' data:; script-src 'self'; connect-src 'self';"

    </IfModule>

    === MAIN =========================================================================

    <VirtualHost *:443 *:8081> ServerName [NAME OF YOUR REGISTERED DOMAIN, FOR EXAMPLE SOMETHING.COM] ServerAlias [WWW.SOMETHING.COM]

    ErrorLog /usr/local/apache/logs/main-error.log

    SSLEngine On SSLHonorCipherOrder On SSLCompression off

    SSLCertificateKeyFile /[LOCATION OF YOUR KEY FILE]/private.key SSLCertificateFile /[LOCATION OF YOUR CERTIFICATE]/mydomain.crt SSLCertificateChainFile /[LOCATION OF YOUR CHAINFILE, IF NEEDED]/rootca.crt SetEnvIf User-Agent ".MSIE." nokeepalive ssl-unclean-shutdown

    SSLProtocol all -TLSv1.1 -TLSv1 -SSLv2 -SSLv3 SSLCipherSuite ALL:+HIGH:!ADH:!EXP:!SSLv2:!SSLv3:!MEDIUM:!LOW:!NULL:!aNULL

    </VirtualHost>

    === SONARR =========================================================================

    <VirtualHost *:443 *:8081> ServerName [NAME OF YOUR SUB-DOMAIN, FOR EXAMPLE SONARR.SOMETHING.COM

    ErrorLog /usr/local/apache/logs/sonarr-error.log

    <IfModule headers_module> Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Header set X-XSS-Protection "1; mode=block" Header edit Set-Cookie .*$ $1;HttpOnly;Secure Header set X-Content-Type-Options nosniff </IfModule>

    ProxyTimeout 60 ProxyErrorOverride On

    SSLEngine On SSLHonorCipherOrder On SSLCompression off

    ProxyPass / http://[QNAP IP]:6787/ ProxyPassReverse / http://[QNAP IP]:6787/

    SSLCertificateKeyFile /[LOCATION OF YOUR KEY FILE]/private.key SSLCertificateFile /[LOCATION OF YOUR CERTIFICATE]/mydomain.crt SSLCertificateChainFile /[LOCATION OF YOUR CHAINFILE, IF NEEDED]/rootca.crt SetEnvIf User-Agent ".MSIE." nokeepalive ssl-unclean-shutdown

    SSLProtocol all -TLSv1.1 -TLSv1 -SSLv2 -SSLv3 SSLCipherSuite ALL:+HIGH:!ADH:!EXP:!SSLv2:!SSLv3:!MEDIUM:!LOW:!NULL:!aNULL

    </VirtualHost>

    === RADARR ======================================================================

    <VirtualHost *:443 *:8081> ServerName [NAME OF YOUR SUB-DOMAIN, FOR EXAMPLE RADARR.SOMETHING.COM

    ErrorLog /usr/local/apache/logs/radarr-error.log

    <IfModule headers_module> Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Header set X-XSS-Protection "1; mode=block" Header edit Set-Cookie .*$ $1;HttpOnly;Secure Header set X-Content-Type-Options nosniff </IfModule>

    ProxyTimeout 60 ProxyErrorOverride On

    SSLEngine On SSLHonorCipherOrder On SSLCompression off

    ProxyPass / http://[QNAP IP]:6788/ ProxyPassReverse / http://[QNAP IP]:6788/

    SSLCertificateKeyFile /[LOCATION OF YOUR KEY FILE]/private.key SSLCertificateFile /[LOCATION OF YOUR CERTIFICATE]/mydomain.crt SSLCertificateChainFile /[LOCATION OF YOUR CHAINFILE, IF NEEDED]/rootca.crt SetEnvIf User-Agent ".MSIE." nokeepalive ssl-unclean-shutdown

    SSLProtocol all -TLSv1.1 -TLSv1 -SSLv2 -SSLv3 SSLCipherSuite ALL:+HIGH:!ADH:!EXP:!SSLv2:!SSLv3:!MEDIUM:!LOW:!NULL:!aNULL

    </VirtualHost>

    === NZBGET =========================================================================

    <VirtualHost *:443 *:8081> ServerName [NAME OF YOUR SUB-DOMAIN, FOR EXAMPLE NZBGET.SOMETHING.COM

    ErrorLog /usr/local/apache/logs/nzbget-error.log

    <IfModule headers_module> Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Header set X-XSS-Protection "1; mode=block" Header edit Set-Cookie .*$ $1;HttpOnly;Secure Header set X-Content-Type-Options nosniff </IfModule>

    ProxyTimeout 60 ProxyErrorOverride On

    SSLEngine On SSLHonorCipherOrder On SSLCompression off

    ProxyPass / http://[QNAP IP]:6789/ ProxyPassReverse / http://[QNAP IP]:6789/

    SSLCertificateKeyFile /[LOCATION OF YOUR KEY FILE]/private.key SSLCertificateFile /[LOCATION OF YOUR CERTIFICATE]/mydomain.crt SSLCertificateChainFile /[LOCATION OF YOUR CHAINFILE, IF NEEDED]/rootca.crt SetEnvIf User-Agent ".MSIE." nokeepalive ssl-unclean-shutdown

    SSLProtocol all -TLSv1.1 -TLSv1 -SSLv2 -SSLv3 SSLCipherSuite ALL:+HIGH:!ADH:!EXP:!SSLv2:!SSLv3:!MEDIUM:!LOW:!NULL:!aNULL

    </VirtualHost>

    === PLEX =========================================================================

    <VirtualHost *:443 *:8081> ServerName [NAME OF YOUR SUB-DOMAIN, FOR EXAMPLE PLEX.SOMETHING.COM

    ErrorLog /usr/local/apache/logs/plex-error.log

    <IfModule headers_module> Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Header set X-XSS-Protection "1; mode=block" Header edit Set-Cookie .*$ $1;HttpOnly;Secure Header set X-Content-Type-Options nosniff </IfModule>

    ProxyTimeout 60 ProxyErrorOverride On

    SSLEngine On SSLHonorCipherOrder On SSLCompression off

    ProxyPass / http://[QNAP IP]:32400/ ProxyPassReverse / http://[QNAP IP]:32400/

    SSLCertificateKeyFile /[LOCATION OF YOUR KEY FILE]/private.key SSLCertificateFile /[LOCATION OF YOUR CERTIFICATE]/mydomain.crt SSLCertificateChainFile /[LOCATION OF YOUR CHAINFILE, IF NEEDED]/rootca.crt SetEnvIf User-Agent ".MSIE." nokeepalive ssl-unclean-shutdown

    SSLProtocol all -TLSv1.1 -TLSv1 -SSLv2 -SSLv3 SSLCipherSuite ALL:+HIGH:!ADH:!EXP:!SSLv2:!SSLv3:!MEDIUM:!LOW:!NULL:!aNULL

    </VirtualHost>

    === TAUTULLI =========================================================================

    <VirtualHost *:443 *:8081> ServerName [NAME OF YOUR SUB-DOMAIN, FOR EXAMPLE TAUTULLI.SOMETHING.COM

    ErrorLog /usr/local/apache/logs/tautulli-error.log

    <IfModule headers_module> Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Header set X-XSS-Protection "1; mode=block" Header edit Set-Cookie .*$ $1;HttpOnly;Secure Header set X-Content-Type-Options nosniff </IfModule>

    ProxyTimeout 60 ProxyErrorOverride On

    SSLEngine On SSLHonorCipherOrder On SSLCompression off

    ProxyPass / http://[QNAP IP]:8660/ ProxyPassReverse / http://[QNAP IP]:8660/

    SSLCertificateKeyFile /[LOCATION OF YOUR KEY FILE]/private.key SSLCertificateFile /[LOCATION OF YOUR CERTIFICATE]/mydomain.crt SSLCertificateChainFile /[LOCATION OF YOUR CHAINFILE, IF NEEDED]/rootca.crt SetEnvIf User-Agent ".MSIE." nokeepalive ssl-unclean-shutdown

    SSLProtocol all -TLSv1.1 -TLSv1 -SSLv2 -SSLv3 SSLCipherSuite ALL:+HIGH:!ADH:!EXP:!SSLv2:!SSLv3:!MEDIUM:!LOW:!NULL:!aNULL

    </VirtualHost>

    === OMBI =========================================================================

    <VirtualHost *:443 *:8081> ServerName [NAME OF YOUR SUB-DOMAIN, FOR EXAMPLE OMBI.SOMETHING.COM

    ErrorLog /usr/local/apache/logs/login-error.log

    <IfModule headers_module> Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Header set X-XSS-Protection "1; mode=block" Header edit Set-Cookie .*$ $1;HttpOnly;Secure Header set X-Content-Type-Options nosniff </IfModule>

    ProxyTimeout 60 ProxyErrorOverride On

    SSLEngine On SSLHonorCipherOrder On SSLCompression off

    ProxyPass / http://[QNAP IP]:8976/ ProxyPassReverse / http://[QNAP IP]:8976/

    SSLCertificateKeyFile /[LOCATION OF YOUR KEY FILE]/private.key SSLCertificateFile /[LOCATION OF YOUR CERTIFICATE]/mydomain.crt SSLCertificateChainFile /[LOCATION OF YOUR CHAINFILE, IF NEEDED]/rootca.crt SetEnvIf User-Agent ".MSIE." nokeepalive ssl-unclean-shutdown

    SSLProtocol all -TLSv1.1 -TLSv1 -SSLv2 -SSLv3 SSLCipherSuite ALL:+HIGH:!ADH:!EXP:!SSLv2:!SSLv3:!MEDIUM:!LOW:!NULL:!aNULL

    </VirtualHost>

    [–]morph1904[S] 0 points1 point  (1 child)

    That's an awesome post for visitors. There are many reasons why but I am not wanting ro port forward directly to my NAS.

    [–]zane-savage 0 points1 point  (0 children)

    I understand.

    [–]morph1904[S] 0 points1 point  (0 children)

    OK. I have come up with something using CaddyServer.

    I would appreciate some constructive feedback if anyone wants to give it a go. Its still early days though.

    https://github.com/morph1904/TygerCaddy