• Post last modified:June 12, 2020
  • Post Comments:0 Comments

Reverse Proxy With NGINX Proxy Manager and Duck DNS

Introduction

If you’ve read my previous tutorial on setting up NGINX Proxy Manager using Cloudflare and a custom domain and are looking for a similar solution that doesn’t require paying for a custom domain, there are several free dynamic DNS providers you can leverage instead. In this tutorial, I’ll walk you through using Duck DNS, one of my favorite free alternatives, to accomplish the same task.

Before we begin, if you’ve stumbled upon this tutorial and aren’t sure what a reverse proxy is – it is a secure way to externally access applications or services installed on a computer or server on a home or internal network. Instead of exposing your network to the internet through port forwarding, setting up a reverse proxy will allow you to set up an application behind an internal firewall that can be accessed through a domain or subdomain name rather than an exposed IP address.

While the guide will be catered towards configuration on Unraid, NGINX Proxy Manager can be installed on most Linux-based operating systems and the process should be fairly similar across distributions.

What We’ll Need

Below is a list of the services and applications I’ll be referencing in this guide. By default, I’ll assume you already have Unraid installed and the basics configured (user shares, hard drives, etc.).

Everything below is free and does not cost any money to maintain.

Setting Up DuckDNS.org

The first thing we need to do is create the subdomains we’d like to use to externally access our application. Navigate to DuckDNS.org and sign in using one of the account options given to you.

Logging in will bring you to a page with some key pieces of information we’ll need throughout the guide, with the most pertinent being the token in the header section. Note where that is because we’ll need it later in the tutorial.

The token is specific to your account and should not be shared, which is why I’ve blurred mine out in the screenshot below.

In the body of the Duck DNS page you’ll find a section titled “Domains”. This is where we’ll create the subdomains that we’ll use to create our reverse proxy links.

There are a few things to note about Duck DNS before we move forward:

  • Duck DNS is a free service, and since you aren’t purchasing your own custom domain, all of your subdomains will end in “.duckdns.org”.
  • The free account type only provides five free subdomains. If you need more, log in using one of the other account options for an additional five.

For my subdomain, since I’d like to access my remote instance of Visual Studio Code, I’m going to name my subdomain “shift14-vscode.duckdns.org” and will enter my current public IP address in the “current ip” field right away. The “ipv6” field can be left blank.

(I’ve obfuscated my IP address below for privacy purposes.)

Configuring the Duck DNS Docker container in Unraid

Because your ISP will occasionally change your public IP address, we’re going to install a Docker container in Unraid that will monitor your network for IP address changes and update the “current ip” field that we just set up on the Duck DNS website.

Navigate to the “Apps” tab in Unraid to access the Community Applications plug-in. Search for “duckdns” and click the installation button for the only duckdns container that appears.

The installation parameters are fairly straightforward – enter the subdomains you created on the Duck DNS website in the “SUBDOMAINS” field and the token referenced earlier in the “TOKEN” field and hit “Apply”.

Once installed, verify the container is working correctly by opening its logs in the “Docker” tab.

Configuring NGINX Proxy Manager

Now that Duck DNS is ready-to-go, navigate to the Community Applications plug-in in Unraid and install the Docker application “NGINX Proxy Manager”. Take note of the following parameters:

  • Web UI Port: Ensure this is not conflicting with any existing port assignments. I manually chose 7818 because the default port conflicted with another popular application I have installed (Tautulli).
  • HTTP Port: ’80’ is already being used by Unraid so we need to assign a different port. I’ve used ‘280’ instead.
  • HTTPS Port: ‘443’ is already being used by Unraid so we need to assign a different port. I’ve used ‘2443’ instead.
  • Leave everything else as is and click “Apply”

If you’re installing this on a Linux-based operating system other than Unraid, refer to the application’s GitHub page for additional installation instructions.

Before we can begin setting up subdomains within the NGINX Proxy Manager web interface, we need to make two quick changes to our router settings.

Forwarding HTTP/HTTPS To NGINX Proxy Manager In Your Router

NGINX Proxy Manager is now installed and listening for external web requests on port 280 (HTTP) and 2443 (HTTPS). However, by default, your home network’s router is configured to send external requests to port 80 and 443 (which we were unable to assign to NGINX Proxy Manager above due to Unraid already using them for its own internal purposes).

So let’s go into our home network’s router settings and configure them to reroute HTTP traffic from port 80 to 280 and port 443 to 2443 (or whichever custom ports you assigned in your own installation above).

The tricky part about this step is that every router’s configuration tools look different, so I can’t provide exact steps on how to do this. However, the concept should be the same regardless of the router you have – we want to log into our router’s settings and find the port forwarding section. From there, we should be able to forward HTTP and HTTPS traffic to our custom ports.

For this guide, I’m using the Verizon Fios router I have installed in my house as an example. Here’s what the configuration looks like after updating the settings:

My router is now configured to take any HTTP traffic from port 80 and forward it to port 280 on my server (which has an internal IP address of 192.168.1.155), and then the same for HTTPS traffic (443 –> port 2443 on my server).

On the server (192.168.1.155), NGINX Proxy Manager is listening for traffic on those same ports and after completing the next section, will redirect it to the application being requested.

Save and exit your router’s settings.

Configuring the Subdomain In the NGINX Proxy Manager Web Interface

Navigating back to Unraid, access NGINX Proxy Manager’s web interface using your server’s IP address and the web UI port you assigned during installation (mine defaulted to 7818, so I can access it from 192.168.1.155:7818).

Follow the prompts, create an account, and log in to the web interface.

There are quite a few options to choose from after logging in, but we’ll only need one or two to configure our reverse proxy. If you’re interested in learning more about the functionality not covered in this guide, please reference the project’s online documentation (or stay tuned for a future guide covering additional functionality).

From the main page, select “Proxy Hosts” and then click the “Add Proxy Host” button in the top-right corner.

In the window that appears, populate the following fields in the following tabs:

Details

  • Domain Names: Duck DNS subdomain name of the application you’re trying to configure
  • Scheme: Leave as “http”
  • Forward Hostname / IP: Enter the internal IP address of your server
  • Forward Port: Port of application assigned in Unraid at installation (Visual Studio Code for me is port 8085)
  • Check “Block Common Exploits”
  • Access List: I usually leave this as “Publicly Accessible” and make sure all of my applications are password-protected within their settings. If desired, you can set up a user with a username and password in NGINX Proxy Manager and change the setting to allow you to use that to log in to your application instead)

SSL

NGINX Proxy Manager will manage Let’s Encrypt and SSL for you if you complete these settings (including automatically renewing your certificates every 90 days).

  • SSL Certificate: Request a new SSL certificate
  • Toggle the “Force SSL” button on
  • Enter the e-mail address to register the Let’s Encrypt certificate under
  • Toggle the “I Agree to the Let’s Encrypt Terms of Service” button on
  • Hit the “Save” button

Your new Duck DNS subdomain should now show as a new row under Proxy Hosts and – if set up correctly – will display as “Online” under the “Status” column.

Confirm it works by navigating to the subdomain you configured in your web browser!

Repeat the steps to add a Proxy Host in NGINX Proxy Manager for every subdomain you’d like to set up.

Configuring Additional Subdomains

Now that NGINX Proxy Manager has been set up properly, the process of adding additional subdomains in the future is simple:

  • Add a new subdomain on the Duck DNS website
  • Add the subdomain as a Proxy Host in NGINX Proxy Manager using the steps above
  • Enjoy external access to your application!

Additional Configuration

If you’re configuring a reverse proxy for Nextcloud, please reference this post for an additional step required for it to work properly.

Conclusion

While the steps in this guide may seem like a lot, NGINX Proxy Manager has really streamlined the process of configuring a reverse proxy after the initial setup. Additional subdomains can now be figured in a matter of minutes.

Enjoy!

If you’ve found this or any of the other posts on SHIFT14 helpful, please consider supporting the site through a one-time PayPal donation or ongoing support through Patreon. My goal is to continue providing in-depth guides for the technical community and the support helps justify the time and resources spent doing so.

Leave a Reply