NGINX
NGINX (pronounced "engine-x") is a high-performance web server that also functions as a reverse proxy, load balancer, and HTTP cache. It’s known for its speed, scalability, and low resource consumption.
For our purposes we are concerned primarily about its reverse proxy function.
Reverse Proxy: Forwards client requests to backend servers, useful for security and load distribution.
What is a Reverse Proxy?
A reverse proxy is a server that sits between clients (like browsers) and backend servers. Unlike a typical proxy that hides client identities from servers, a reverse proxy hides backend servers from clients. It intercepts client requests and then forwards them to the appropriate backend server.
Security: A reverse proxy is a means to limit access to your home network. Without a reverse proxy for each backend server application (you want to make available over the internet) you have to have an open port(s) on your router. More open ports means more vulnerability of your home network.
If you are concerned please do further reading about reverse proxies and internet security.
Benefits of a Reverse Proxy
This doesn't proclaim to be the ultimate list of benefits of using a reverse proxy. However, in general terms some benefits are:
- Exposing fewer ports in your firewall (as you route traffic to only your reverse proxy using usually only ports 80 and 443).
- Get around ISP blocking restrictions if they are blocking high or unusual ports.
- You do NOT reveal what service is behind the subdomain by virtue of what port it's on. Undesirable actors can deduce what service you are running when common port numbers are used.
- Hides backend servers from direct access.
- Helps prevent DDoS attacks by absorbing and filtering malicious traffic.
- Can enforce SSL/TLS encryption, even if backend servers don’t support it.
- Simplifies SSL certificate management in one place rather than on each server.
- Load balancing.
Pre-requisites
The following is the default login information when you first start NGINX. Its use will become clear later but for now it is handy to have it located here for your use later:
- Default login: admin@example.com
- Password: changeme
High Level Process
To run NGINX successfully it needs to be both:
- (1) Installed; and
- (2) have ports forwarded to NGINX in your router.
This is intertwined with the role of NGINX where internet traffic is funnelled to NGINX which then passes the data to the relevant app.
The above two steps are required to get NGINX up and running although won't actually be doing it's reverse proxy function until you add a "proxy host".
NGINX Installation Instructions
Step 1: In Unraid App tab search for NGINX.
Find the "Nginx-Proxy-Manager-Official" repository and click on the "Install" button.
Enter repository data as per the following then click the "Apply" button.
WARNING 1: If any of the ports are already being used by another app you will have to use an alternative available port.
WARNING 2: These port numbers are critical as they will be forwarded in your router in a later step.
After installation click on the "Done" button.
Go to the Docker tab and make sure that AUTOSTART is set to "ON" for NGINX.
Start NGINX using the WebUI.
The login screen will appear:
Enter the Default credentials as outlined earlier then click the "Sign in" button.
- Email address: admin@example.com
- Password: changeme
You will then have to set up a real user using a real email address. Not joking - make sure you use a real email address. Enter details then click "Save" button.
WARNING: The email needs to be a real email address as Let's Encrypt certification service will send your email notifications there.
You will then be prompted to set your new password then clcik the "Save" button.
You are in. You have successfully installed NGINX on Unraid.
Port Forwarding to NGINX Instructions
Port forwarding is a critical step in getting NGINX up and running and working. If this is NOT done correctly then you are basically stuffed.
This then becomes a difficult part of this tutorial as there are multitudes of routers used all across the world all with graphical user interfaces that are all subtly different.
For your reference in this tutorial I am using the following router:
- TPLink VX420-G2h AX5400 Hybrid WiFi 6 Modem Router with VoIP
Pre-requisites
You need to have the following port numbers handy from the settings you used when you installed NGINX:
- Http port number (in this tutorial, 1880)
- Https port number (in this tutorial, 18443)
What we are doing
Essentially what are doing is sending internet traffic that is on:
- Http port number 80 to 1880, ie, NGINX
- Https port number 443 to 18443, ie, NGINX
Although the screens will differ on your specific router the process should be similar.
Step 1: Log into your router.
Step 2: Navgigate to Port Forwarding. In our case, under "Virtual Servers".
Counter-intuitively, the following screen shows the end goal. I will show you how to reach this end-point. The important thing to note is that:
- external port 443 is forwarded to port 18443 using service Https.
- external port 80 is forwarded to port 1880 using service Http.
Note: The "Internal IP" is the ip address of NGINX on your internal network.
Step 3: Click on "Add" button.
Step 4: Input the form for forwarding port 443 to 18443 using service "HTTPS" and Protocol "All", ie, All = TCP and UDP. As outlined earlier, the Internal IP must be the ip address that NGINX is using.
Step 5: Input the form for forwarding port 80 to 1880 using service "HTTP" and Protocol "All", ie, All = TCP and UDP. As outlined earlier, the Internal IP must be the ip address that NGINX is using.
Congratulations!! You have successfully setup the port forwarding.
Please support this channel: Have I saved you minutes, hours or even days of scouring the internet to find an actual working solution.
It takes me time and effort to both find a working solution and then write everything up. Please consider buying me a coffee so I can keep producing useful content, especially if I've made your life easier. Cheers!
What's Next
At this stage you have basically built a base. However, to actually do something useful, ie. make an application accessible outside of your home network (without exposing it's real IP address and port) you have to add a "proxy host" in NGINX.
To make an application available outside your home network, follow this tutorial using Jellyfin, NGINX and DuckDNS on Unraid.
0 Comments