Hi,
I am now using Dietpi on my Raspberry Pi 4 for more than a year, for all kind of server software. Some are only on my LAN, some are available for friends and family outside my network.
I would like to upgrade that and I think a reverse proxy would be the best thing to set up. It would allow me to only forward 1 port, and to make all that safer with SSL and HTTPS.
But I am struggling a lot to find good guides or help for what I would like to achieve. I would like to ask here if you have ressources, step by step guides, or availability to help me a bit for this. Any help is appreciated.
Here is what I would like to set up behind my reverse proxy :
I already have a dynamic DNS at ChangeIP.com.
All these things are currently installed on my Raspberry, and works great by entering [dyndns]:port
My goal is to have all this now accessible with [dyndns]/jellyfin ; [dyndns]/transmission and so on…
A bonus thing, but it’s really not an obligation, would be to have a landing page when connecting to [dyndns] only, that acts like an homepage with tiles to the main services.
Do you have tips or guides on how to begin this ?
Thanks in advance for any answer. I know this is a very complicated subject but I don’t know where to begin.
Have a great day !
Hi,
at least 2 ports you would need to forward on your router (80 + 443)
I don’t have a real guide but I guess there are quite some out on the web. Best option would be using Nginx as revers proxy. Some applicatons like Jellyfin offer own configs this https://jellyfin.org/docs/general/networking/nginx.html
Next to this, a VPN server you should not handle via revers proxy. their you still need to forward vpn port
Thanks for your quick answer.
I will try with Nginx. But maybe there is other reverse proxy softwares that could be easier for newbies ?
Thanks for your explations with the VPN, I won’t put it behind the reverse proxy.
well you could have a look to HAProxy https://dietpi.com/docs/software/advanced_networking/#haproxy
But it might be complicated to setup.
An easy to click solution would be Nginx Proxy Manager. This is a solution based on Docker. Quite a heavy solution with database aso, but nice easy gui https://nginxproxymanager.com/
Thanks, Nginx proxy manager looks very interesting.
But I’m not using Docker yet, so I’m hesitating to use it. That represents a big thing. Because using it for 1 app only is a bit useless, so I guess I should move everything to Docker container formats. Not sure if this would be useful. I’ll look into it.
yes indeed that’s a downside as it require Docker. However there is no need to migrate all stuff. 
as well you could have a look on this https://github.com/MichaIng/DietPi/issues/1622#issuecomment-756783571
Thanks.
I’ll look into Portainer, your post on github let me think that it’s better for a newbie like me to begin with Portainer to avoid errors with Docker and Nginx.
You could play with it on a VM to get some experience on how it behave before installation on your live system
Hi again,
It looks like I can’t install portainer.
I tried running the script twice, as the script requests it. But at its second run I always run into this issue :
DietPi-Software
│ - Command: docker rm --force
│ - Exit code: 1
│ - DietPi version: v6.34.3 (MichaIng/master) | HW_MODEL: 4 | HW_ARCH: 2 | DISTRO: 5
│ - Image creator: DietPi Core Team
│ - Pre-image: Raspbian Lite
│ - Error log:
│ Container name cannot be empty
I’m on a clean install, nothing else is installed. I don’t know what to try. Could you help me please ?
Thanks in advance for your help.
Where did you get the information to run a script twice?
Hi again,
Sorry for the false error, it’s just me that messed things up.
Docker + Portainer are now installed, yay !
Now, I would need some help to create a new container to install Nginx Proxy Manager.
Here is the content of the docker-compose.yml from the website :
version: ‘3’
services:
app:
image: ‘jc21/nginx-proxy-manager:latest’
ports:
- ‘80:80’
- ‘81:81’
- ‘443:443’
environment:
DB_MYSQL_HOST: “db”
DB_MYSQL_PORT: 3306
DB_MYSQL_USER: “npm”
DB_MYSQL_PASSWORD: “npm”
DB_MYSQL_NAME: “npm”
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
db:
image: ‘jc21/mariadb-aria:10.4’
environment:
MYSQL_ROOT_PASSWORD: ‘npm’
MYSQL_DATABASE: ‘npm’
MYSQL_USER: ‘npm’
MYSQL_PASSWORD: ‘npm’
volumes:
- ./data/mysql:/var/lib/mysql
I’m now in front of my Portainer admin page, and I have approximately the same settings as the content of this file.
Is there a way to directly import this file into Portainer, to be sure to avoid any misconfiguration ?
Hi again,
I found how to directly import a docker-compose file into Portainer, using the Stacks tab.
But the issue is that portainer supports only up to docker-compose v2 files, and my file is v3. So I have an error.
What would be the solution to this ?
Hi again,
I just misunderstood a message in the cli, sorry.
Portainer + Docker are now correctly installed.
But I have an issue that I didn’t manage to solve : Nginx Proxy Manager uses docker-compose.yml version 3, but Portainer only supports up to version 2.
Did you already encountered that kind of issues ?
I’m going to copy myself from the post above
Hi again,
I’m having a new issue.
I succeeded 1 time to install Portainer + Docker. I had to reformat my SD card, now I would like to install it again.
But I can’t manage to install it again. I don’t understand why it worked the first time, but I’m raning into the same issue I had before.
It looks like the Pi reboots itself during the Portainer installation, so it doesn’t finalize it.
My Pi is a fresh Dietpi install. I am just trying to install portainer, and the Pi inexplicably reboots at this point of the installation :
DietPi-Software
─────────────────────────────────────────────────────
Mode: Configuring Portainer: Simplifies container management in Docker (standalone host)
[ INFO ] DietPi-Software | Docker will be restarted to be able to deploy the container.
[ OK ] DietPi-Software | systemctl daemon-reload
[ OK ] DietPi-Software | systemctl restart docker
[ OK ] DietPi-Software | docker volume create portainer_data
[ INFO ] DietPi-Software | Portainer will be deployed now. This could take a while…
[ INFO ] DietPi-Software | docker run -d -p 9002:9000 --name=portainer --restart=always -v /run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce, please wait…
Unable to find image ‘portainer/portainer-ce:latest’ locally
latest: Pulling from portainer/portainer-ce
94cfa856b2b1: Pulling fs layer
49d59ee0881a: Pulling fs layer
5cc18cc44bf4: Pulling fs layer
49d59ee0881a: Verifying Checksum
49d59ee0881a: Download complete
94cfa856b2b1: Verifying Checksum
94cfa856b2b1: Download complete
94cfa856b2b1: Pull complete
49d59ee0881a: Pull complete
5cc18cc44bf4: Verifying Checksum
5cc18cc44bf4: Download complete
The pi reboots at this point
If I re-try installing Portainer, it will always reboot at this point and Portainer is not installed.
I tried with installing Docker only first, then Portainer, or Portainer only that should include Docker, I always have this issue.
I absolutely don’t understand why it worked the first time and how I can’t manage to make it work again. There is always issues during Portainer installation from dietpi-software.
Do you have an idea about what could be causing this ?
Thanks in advance for your answer and have a good day
strange that you system is doing a reboot out of the box. I hope there are no other issues like low voltage. Did you tried using a different SD card?
Anyway you could try installing portainer yourself
docker run -d -p 9002:9000 --name=portainer --restart=always -v /run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce
You were perfectly right. Undervolting was the issue. I wasn’t using the official power supply and I applied a +2V overclocking profile. That was causing the random reboots during Docker installation. I am now using the official power supply and the default overclocking profile. I will only apply my overclocking at the end when everything will be set up.
Thank you for having pointed that possible issue.
I started all over, and now I have Docker + Portainer + Nginx Proxy Manager installed from the stack tabs using your docker-compose file. Thanks a lot for this again.
I have correctly set up my admin account on NPM, and my Jellyfin is correctly set up.
I am now (finally) ready for the real reverse proxy configuration.
I’m on this page :
Jellyfin is usually using HTTP port 8096 to communicate. I would like to secure all that behind my proxy with an SSL certificate.
Jellyfin official docs provide these configs : https://jellyfin.org/docs/general/networking/nginx.html
But they provide an exemple for no subpath but with SSL, and an example with SSL but no subpath. I would like Subpath + SSL and I don’t know how to adapt these config files to fit my needs. Could you help me on this, if you have some time ?
Thanks in advance for any answer and have a great day
just simply add your Jellyfin server information. It’s fine to stay with HTTP because SSL is done between internet and the proxy manager. HTTP is done inside your local network only.
Personally I don’t use this tool as I don’t have something exposed to the web. It might be good to check some guides or YouTube tutorials on the web, showing how to configure the proxy manager correctly. It’s quite a powerful tool with plenty of options.
Thanks for your explanation about HTTP inside the server itself.
The problem is that I don’t know how to read the infos from https://jellyfin.org/docs/general/networking/nginx.html , to adapt them into Nginx Manager. An issue is that they provide examples for no subpath with SSL, and subpath but without SSL. I’m searching to have subpath AND SSL. Both configuration files provide additionnals informations that the other don’t have.
Here is all the setting pages of NPM : https://imgur.com/a/1fLdBdZ
I tried filling it that way :
And I’ve also requested correctly a new SSL certificate.
But with these settings, my host is not online and I can’t access it from outside my network.
I don’t want to ask too much but could you help me to find what is incorrect in my settings ?
Thanks again for your help and have great day.