Reverse proxy
- brokenmass
- Posts: 6
- Joined: 11 Sep 2020, 17:28
Reverse proxy
Would be nice to have a fully fledged reverse proxy, possibly with automated SSL certificate management (through let's encrypt)
Re: Reverse proxy
We will add it to the list. Thank you!
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Re: Reverse proxy
By the way, may I know why you need such features?brokenmass wrote: ↑11 Sep 2020, 17:30 Would be nice to have a fully fledged reverse proxy, possibly with automated SSL certificate management (through let's encrypt)
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
- brokenmass
- Posts: 6
- Joined: 11 Sep 2020, 17:28
Re: Reverse proxy
I have multiple services running on the nas (directly, like emby or in docker like homeassistant) and would like to have a hostname for each and everyone of them to make the intranet 'nicer'.
At the moment I'm providing this functionality running Traefik (a simple reverse proxy) in docker.
I get Let's encrypt certificate by using a domain hosted in godaddy (so that Lego can use dns01 challenge) and by having a wildcard entry in my dns records in the form of *.mydomain.com -> 192.128.0.2 (static ip of the nas router). Then I can just edit a file configuration to add a new route in the shape of serviceA.mydomain.com -> localhost:service-port and Traefik creates the certificate and instantiate the reverse proxy route.
in this way i get my whole intranet secured by ssl certificate and in with nice naming:
emby.mydomain.com
homassistant.mydomain.com
nas.mydomain.com
etc
This setups could also allow me to decide which services are exposed to the public intranet (by configuring for example *.external.mydomain.com => router public ip and then in the router configuring port 443 routing to nas ip on a port differnt from 443 and by configuring traefik to listen on this new port and only route traffic to some of the services)
PS: for anyone else interested into repeating my setup: by default the nas binds to port80 so that if you just input the ip of the nas you get redirected to port 8181.
With this configuration Traefik will not be able to route http traffic (only https on port 443) as the port 80 will be unavailable.
If you really need to bind to port 80 you can disable the autoredirection from 80 to 8181 by sshing into your box, editing the file '/etc/nasips.ini' and ensuring that the jumpd variable is setted as 'no ( 'jumpd = NO' ) and finally restarting the nasips service ('service S99nasips restart')
At the moment I'm providing this functionality running Traefik (a simple reverse proxy) in docker.
I get Let's encrypt certificate by using a domain hosted in godaddy (so that Lego can use dns01 challenge) and by having a wildcard entry in my dns records in the form of *.mydomain.com -> 192.128.0.2 (static ip of the nas router). Then I can just edit a file configuration to add a new route in the shape of serviceA.mydomain.com -> localhost:service-port and Traefik creates the certificate and instantiate the reverse proxy route.
in this way i get my whole intranet secured by ssl certificate and in with nice naming:
emby.mydomain.com
homassistant.mydomain.com
nas.mydomain.com
etc
This setups could also allow me to decide which services are exposed to the public intranet (by configuring for example *.external.mydomain.com => router public ip and then in the router configuring port 443 routing to nas ip on a port differnt from 443 and by configuring traefik to listen on this new port and only route traffic to some of the services)
PS: for anyone else interested into repeating my setup: by default the nas binds to port80 so that if you just input the ip of the nas you get redirected to port 8181.
With this configuration Traefik will not be able to route http traffic (only https on port 443) as the port 80 will be unavailable.
If you really need to bind to port 80 you can disable the autoredirection from 80 to 8181 by sshing into your box, editing the file '/etc/nasips.ini' and ensuring that the jumpd variable is setted as 'no ( 'jumpd = NO' ) and finally restarting the nasips service ('service S99nasips restart')
-
- Posts: 74
- Joined: 04 Feb 2020, 05:00
Re: Reverse proxy
brokenmass - do you mind sharing your config in Docker that you used to get Traefik running successfully? I wouldn't call myself a Docker newb - I've mastered the CLI and building from images on the TNAS Docker GUI, but I'm struggling to get Traefik running properly since all the guides I've found use Docker Compose, which my F2-220 doesn't have. I've made the change that you mentioned for 'jumpd' then restarted nsaips service, and port 80 is no longer bound to autoredirect to 8181/TNAS login - I did do that part successfully. But I can't seem to figure anything else out with building a Traefik container - mine crashes on start and the web port is not accessible. If you could share some of the config for your Traefik container I would be so grateful.brokenmass wrote: ↑17 Sep 2020, 23:06 I have multiple services running on the nas (directly, like emby or in docker like homeassistant) and would like to have a hostname for each and everyone of them to make the intranet 'nicer'.
At the moment I'm providing this functionality running Traefik (a simple reverse proxy) in docker.
I get Let's encrypt certificate by using a domain hosted in godaddy (so that Lego can use dns01 challenge) and by having a wildcard entry in my dns records in the form of *.mydomain.com -> 192.128.0.2 (static ip of the nas router). Then I can just edit a file configuration to add a new route in the shape of serviceA.mydomain.com -> localhost:service-port and Traefik creates the certificate and instantiate the reverse proxy route.
in this way i get my whole intranet secured by ssl certificate and in with nice naming:
emby.mydomain.com
homassistant.mydomain.com
nas.mydomain.com
etc
This setups could also allow me to decide which services are exposed to the public intranet (by configuring for example *.external.mydomain.com => router public ip and then in the router configuring port 443 routing to nas ip on a port differnt from 443 and by configuring traefik to listen on this new port and only route traffic to some of the services)
PS: for anyone else interested into repeating my setup: by default the nas binds to port80 so that if you just input the ip of the nas you get redirected to port 8181.
With this configuration Traefik will not be able to route http traffic (only https on port 443) as the port 80 will be unavailable.
If you really need to bind to port 80 you can disable the autoredirection from 80 to 8181 by sshing into your box, editing the file '/etc/nasips.ini' and ensuring that the jumpd variable is setted as 'no ( 'jumpd = NO' ) and finally restarting the nasips service ('service S99nasips restart')
- JayBlingham
- Posts: 98
- Joined: 04 Oct 2020, 10:34
Re: Reverse proxy
I'd also like to put a vote in for a native reverse proxy.
I'd also be interested in a walk-through of @brokenmass' setup ... if it isn't too much trouble I am a docker newb (at least before I got this NAS). I have a few apps running now, but I haven't had a need to use the command line for docker yet. My main goal was to get a Lets Encrypt cert management tool running, as well as a Team Password Management tool - but they all require reverse proxy which is a built-in function on other NAS devices.
Thanks!
I'd also be interested in a walk-through of @brokenmass' setup ... if it isn't too much trouble I am a docker newb (at least before I got this NAS). I have a few apps running now, but I haven't had a need to use the command line for docker yet. My main goal was to get a Lets Encrypt cert management tool running, as well as a Team Password Management tool - but they all require reverse proxy which is a built-in function on other NAS devices.
Thanks!
Jay
---------------------------------------
F5-221, 5.0.171-00221
---------------------------------------
---------------------------------------
F5-221, 5.0.171-00221
---------------------------------------
Re: Reverse proxy
I'm entirely behind it as well, it would really be useful.
Re: Reverse proxy
Another vote for a reverse proxy here. Running my home services on the NAS via mydomain.com would be nice. My personal preference would be for the SWAG docker or something similar. Though i'm pretty sure with the previous tips i'd be able to get it running after unbinding port80 from via ssh
Re: Reverse proxy
Thank you all, we will add it to our plan.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
- harveydobson
- Posts: 2
- Joined: 19 Nov 2020, 04:17
Re: Reverse proxy
This should be achievable through https://nginxproxymanager.com/.
I have it setup on my TNAS. Including the Let's Encrypt issued SSL certs.
I have it setup on my TNAS. Including the Let's Encrypt issued SSL certs.