This is part two, the final part of configuring NGINX with SSL as a reverse proxy. Now that you have successfully installed NGINX and obtained a free SSL cert, you can proceed.

 

There is one important thing to note when configuring reverse proxy:

For each “subfolder” you want to act as a proxy to another server, you must have that server configured to listen on that subfolder.

 

This makes little sense in plain english so let’s review briefly, using CouchPotato as our example:

  • Say I run CouchPotato on port 5050 of 192.168.2.100… well, if I were to attempt a reverse proxy to couch potato such as this:

My CouchPotato server at 192.168.2.100:5050 must have a base_url of /couchpotato.

  • I would then access CouchPotato at 192.168.2.100:5050/couchpotato internally

 

 

  • If the BASE URL of your service or web server is not set the same as the location configured in your NGINX, you will get errors.

I struggled with this for at least an hour before I decided that there was nothing wrong with my configuration; just that my servers weren’t able to pass the data along properly the way I configured it.

 


Now that we have cleared that up, the rest is fairly simple.

1. Set the URL base of your services

  • This will be different depending on which services you are running, so I would consult documentation for those specific services. For CouchPotato, I have shown above that you can change the URL base within the settings.

 

2. Create entries in NGINX config

  • Edit your config file
  • If you followed part one, you can continue with the below:

For each server or service you want to access through your reverse proxy, you must have an entry.

  • I’ve decided to use MuxiMux as the root server of my proxy, so I don’t have to re-write the base url for that, and I can access it at the root of my FQDN.

Here for PlexPy, I did have to change the base URL, and so internally my PlexPy server is accessible at http://192.168.2.250:8181/plexpy

Here, for Sonarr, I have the same server hosting this service on a different port. I had to change the Base URL for this as well, so it is accessible at http://192.168.2.250:8989/sonarr

For headphones, it’s still the same thing. I did have a notably more difficult modifying the base URL for this, but the process is the same: Headphones must be accessible internally at http://192.168.2.250:8187/headphones

 

OK, so as you can see, I’m doing the same thing here each time. It’s really straightforward.

3. Check configuration

You should always check your nginx configuration for errors after making any changes and/or restarting the service:

As long as the configuration check passes, you should be ready to roll.

 

4. Restart NGINX

Finally, you only need to restart the service for the changes to take.

 

That’s it!


 

This isn’t the only way to configure a reverse proxy, but it is my recommended approach.

  • To save yourself subdomain A records and obtaining multiple certificates, it’s easiest to simply add each of your services as a separate “directory” on the reverse proxy.

 

If you want to install any of these services or would like additional example configurations or more in-depth and targeted guides, you should check out https://www.htpcguides.com/
After all, I probably wouldn’t have gotten my reverse proxy working without paying them a visit. xD

 

Thank you for reading, I hope this helps.


1 Comment

Leave a Reply

Related Posts

Linux Server

Easy SSL for ScreenConnect with NGINX Reverse Proxy

On the topic of NGINX Reverse Proxy, it just so happens that the process for installing an SSL certificate onto your ScreenConnect server can be rather difficult, and a much more flexible approach is by Read more…

Amazon AWS

netdata: A remarkable server monitoring utility.

I wanted to write a short introduction to a tool that I’ve been using a lot on my newest servers and development projects. This tool seriously provides the most amazing way of monitoring and comprehending Read more…

Linux Server

NGINX Security Hardening

 After setting up an NGINX webserver with a GoDaddy-issued SSL certificate, I did an SSL test and saw that I was graded a C. That’s average! I want a secure site. So I looked around Read more…

%d bloggers like this: