Reverse proxy

Tell us your most wanted new features, or recommendation.
User avatar
brokenmass
Posts: 6
Joined: 11 Sep 2020, 17:28

Reverse proxy

Post by brokenmass »

Would be nice to have a fully fledged reverse proxy, possibly with automated SSL certificate management (through let's encrypt)
User avatar
TMroy
TerraMaster Team
Posts: 2578
Joined: 10 Mar 2020, 14:04
China

Re: Reverse proxy

Post by TMroy »

We will add it to the list. Thank you!
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
TMroy
TerraMaster Team
Posts: 2578
Joined: 10 Mar 2020, 14:04
China

Re: Reverse proxy

Post by TMroy »

brokenmass wrote: 11 Sep 2020, 17:30 Would be nice to have a fully fledged reverse proxy, possibly with automated SSL certificate management (through let's encrypt)
By the way, may I know why you need such features?
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
brokenmass
Posts: 6
Joined: 11 Sep 2020, 17:28

Re: Reverse proxy

Post by brokenmass »

I have multiple services running on the nas (directly, like emby or in docker like homeassistant) and would like to have a hostname for each and everyone of them to make the intranet 'nicer'.

At the moment I'm providing this functionality running Traefik (a simple reverse proxy) in docker.
I get Let's encrypt certificate by using a domain hosted in godaddy (so that Lego can use dns01 challenge) and by having a wildcard entry in my dns records in the form of *.mydomain.com -> 192.128.0.2 (static ip of the nas router). Then I can just edit a file configuration to add a new route in the shape of serviceA.mydomain.com -> localhost:service-port and Traefik creates the certificate and instantiate the reverse proxy route.

in this way i get my whole intranet secured by ssl certificate and in with nice naming:

emby.mydomain.com
homassistant.mydomain.com
nas.mydomain.com
etc

This setups could also allow me to decide which services are exposed to the public intranet (by configuring for example *.external.mydomain.com => router public ip and then in the router configuring port 443 routing to nas ip on a port differnt from 443 and by configuring traefik to listen on this new port and only route traffic to some of the services)

PS: for anyone else interested into repeating my setup: by default the nas binds to port80 so that if you just input the ip of the nas you get redirected to port 8181.
With this configuration Traefik will not be able to route http traffic (only https on port 443) as the port 80 will be unavailable.
If you really need to bind to port 80 you can disable the autoredirection from 80 to 8181 by sshing into your box, editing the file '/etc/nasips.ini' and ensuring that the jumpd variable is setted as 'no ( 'jumpd = NO' ) and finally restarting the nasips service ('service S99nasips restart')
sports_wook
Posts: 74
Joined: 04 Feb 2020, 05:00

Re: Reverse proxy

Post by sports_wook »

brokenmass wrote: 17 Sep 2020, 23:06 I have multiple services running on the nas (directly, like emby or in docker like homeassistant) and would like to have a hostname for each and everyone of them to make the intranet 'nicer'.

At the moment I'm providing this functionality running Traefik (a simple reverse proxy) in docker.
I get Let's encrypt certificate by using a domain hosted in godaddy (so that Lego can use dns01 challenge) and by having a wildcard entry in my dns records in the form of *.mydomain.com -> 192.128.0.2 (static ip of the nas router). Then I can just edit a file configuration to add a new route in the shape of serviceA.mydomain.com -> localhost:service-port and Traefik creates the certificate and instantiate the reverse proxy route.

in this way i get my whole intranet secured by ssl certificate and in with nice naming:

emby.mydomain.com
homassistant.mydomain.com
nas.mydomain.com
etc

This setups could also allow me to decide which services are exposed to the public intranet (by configuring for example *.external.mydomain.com => router public ip and then in the router configuring port 443 routing to nas ip on a port differnt from 443 and by configuring traefik to listen on this new port and only route traffic to some of the services)

PS: for anyone else interested into repeating my setup: by default the nas binds to port80 so that if you just input the ip of the nas you get redirected to port 8181.
With this configuration Traefik will not be able to route http traffic (only https on port 443) as the port 80 will be unavailable.
If you really need to bind to port 80 you can disable the autoredirection from 80 to 8181 by sshing into your box, editing the file '/etc/nasips.ini' and ensuring that the jumpd variable is setted as 'no ( 'jumpd = NO' ) and finally restarting the nasips service ('service S99nasips restart')
brokenmass - do you mind sharing your config in Docker that you used to get Traefik running successfully? I wouldn't call myself a Docker newb - I've mastered the CLI and building from images on the TNAS Docker GUI, but I'm struggling to get Traefik running properly since all the guides I've found use Docker Compose, which my F2-220 doesn't have. I've made the change that you mentioned for 'jumpd' then restarted nsaips service, and port 80 is no longer bound to autoredirect to 8181/TNAS login - I did do that part successfully. But I can't seem to figure anything else out with building a Traefik container - mine crashes on start and the web port is not accessible. If you could share some of the config for your Traefik container I would be so grateful.
User avatar
JayBlingham
Posts: 98
Joined: 04 Oct 2020, 10:34

Re: Reverse proxy

Post by JayBlingham »

I'd also like to put a vote in for a native reverse proxy.

I'd also be interested in a walk-through of @brokenmass' setup :)... if it isn't too much trouble :) I am a docker newb (at least before I got this NAS). I have a few apps running now, but I haven't had a need to use the command line for docker yet. My main goal was to get a Lets Encrypt cert management tool running, as well as a Team Password Management tool - but they all require reverse proxy which is a built-in function on other NAS devices.

Thanks!
Jay
---------------------------------------
F5-221, 5.0.171-00221
---------------------------------------
User avatar
Yunker45
Posts: 5
Joined: 21 Oct 2020, 01:11

Re: Reverse proxy

Post by Yunker45 »

I'm entirely behind it as well, it would really be useful.
User avatar
milky
Posts: 3
Joined: 30 Oct 2020, 05:05

Re: Reverse proxy

Post by milky »

Another vote for a reverse proxy here. Running my home services on the NAS via mydomain.com would be nice. My personal preference would be for the SWAG docker or something similar. Though i'm pretty sure with the previous tips i'd be able to get it running after unbinding port80 from via ssh
User avatar
TMroy
TerraMaster Team
Posts: 2578
Joined: 10 Mar 2020, 14:04
China

Re: Reverse proxy

Post by TMroy »

Thank you all, we will add it to our plan.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
harveydobson
Posts: 2
Joined: 19 Nov 2020, 04:17

Re: Reverse proxy

Post by harveydobson »

This should be achievable through https://nginxproxymanager.com/.

I have it setup on my TNAS. Including the Let's Encrypt issued SSL certs.
Locked