Other Services with LetsEncrypt Topic is solved

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
Parkour_Lama
Posts: 34
Joined: Sat Sep 12, 2020 2:02 pm

Other Services with LetsEncrypt

Post by Parkour_Lama »

Hello,
I recently installed a Letsencrypt certificate using dietpi-letsencrypt for my Nextcloud instance (installed bare metal).
The certificate works great on Nextcloud, put that's all that's covered.

The thing is, I also have deluge-web, jackett, etc. (from dietpi-software) on different ports that still use my self-signed certificate.
Now, I've tried to make each one of them use said certificate, but that isn't working out.

If I'm able to do some like Nextcloud, forward [domain name]/nextcloud to [domain name]:port number(443) for all of them, that would encrypt all my traffic, while simultaneously making it much easier to manage correct?
i.e. [domain name]/deluge --> [domain name]:8112
The question is, while it's possible, how do I do it?

I'm on an apache2 web-sever, can anyone please provide any inputs or guide me to the correct articles that explain this?
User avatar
Joulinar
Posts: 5090
Joined: Sat Nov 16, 2019 12:49 am

Re: Other Services with LetsEncrypt

Post by Joulinar »

Hi,

usually you can use apache as revers proxy. There is a small config section how to do it for a couple of web server on deluge wiki https://dev.deluge-torrent.org/wiki/Use ... verseProxy
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Parkour_Lama
Posts: 34
Joined: Sat Sep 12, 2020 2:02 pm

Re: Other Services with LetsEncrypt

Post by Parkour_Lama »

As you say, many thanks, that did indeed solve my problem, I'll assume it's that exact same process with the rest.
User avatar
Joulinar
Posts: 5090
Joined: Sat Nov 16, 2019 12:49 am

Re: Other Services with LetsEncrypt

Post by Joulinar »

yes in theory it should work same. Some application provider offer configuration example's for their software. Just use Google or any other searching engine and search for revers proxy + app name.

if you like, could you share your Apache config file? it might be interesting for other as well. Just mask personal data if available.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Parkour_Lama
Posts: 34
Joined: Sat Sep 12, 2020 2:02 pm

Re: Other Services with LetsEncrypt

Post by Parkour_Lama »

For sure :)

My apache2.conf file looks like this:

Code: Select all

#Deluge-web:
ProxyPass /deluge http://localhost:8112/

<Location /deluge>
    ProxyPassReverse /
    ProxyPassReverseCookiePath / /deluge
    RequestHeader set X-Deluge-Base "/deluge/"
    Order allow,deny
    Allow from all
</Location>
#/Deluge-web

#Monit:
ProxyPass /monit http://localhost:2812/

<Location /monit>
    ProxyPassReverse /
    ProxyPassReverseCookiePath / /monit
    RequestHeader set X-Monit-Base "/monit/"
    Order allow,deny
    Allow from all
</Location>
#/Monit

#MineOS:
<Location /mineos/>
    ProxyPreserveHost On
    RequestHeader set X-Jackett-Base "/mineos/"
    ProxyPass http://127.0.0.1:8443/
    ProxyPassReverse /
</Location>
#/MineOS

#Jackett:
<Location /jackett/>
    ProxyPreserveHost On
    RequestHeader set X-Jackett-Base "/jackett/"
    ProxyPass http://127.0.0.1:9117/
    ProxyPassReverse /
</Location>
#/Jackett
Notes:
1. For this method to work, the server must be accessible from http:localhost:[port number] beforehand, not https.
2. Some services like Jackett, and MineOS require the extra backslash in the Location header in the .conf file, as well as the URL.
i.e. deluge-web can be accessed by using [Domain].com/deluge, but Jackett needs [Domain].com/jackett/
Last edited by Parkour_Lama on Mon Jul 05, 2021 8:33 am, edited 1 time in total.
User avatar
Joulinar
Posts: 5090
Joined: Sat Nov 16, 2019 12:49 am

Re: Other Services with LetsEncrypt

Post by Joulinar »

Still working on jackett, it appears to be a bit different from the others
Jackett has a demo configuration on their GitHub https://github.com/Jackett/Jackett/wiki/Reverse-Proxy

Did you checked that already?
Note for Monit: I've had to completely disable SSL, as that would keep interfering with the proxy
You mean on Monit application directly?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Parkour_Lama
Posts: 34
Joined: Sat Sep 12, 2020 2:02 pm

Re: Other Services with LetsEncrypt

Post by Parkour_Lama »

Joulinar wrote: Sun Jul 04, 2021 8:54 am Jackett has a demo configuration on their GitHub https://github.com/Jackett/Jackett/wiki/Reverse-Proxy
Did you checked that already?
Yep, I took a look and that, and the deluge config. Neither seem to work for jackett, due to URL issues, I've opened an issue for it, hopefully it'll be resolved.
I'll of course update the above once I have a working solution.
You mean on Monit application directly?
Yes, bascially I've just had to comment out:

Code: Select all

#     with ssl {           
#         pemfile: /etc/apache2/ssl/certs/monit.pem
#         selfsigned: allow
#     }
under the login credentials in the monitrc file. That does remove the option to use https on my local network, but since everything is secured behind the LetsEncrypt certificate, it doesn't seem to be too much of an issue.
User avatar
Joulinar
Posts: 5090
Joined: Sat Nov 16, 2019 12:49 am

Re: Other Services with LetsEncrypt

Post by Joulinar »

but since everything is secured behind the LetsEncrypt certificate, it doesn't seem to be too much of an issue.
Fully correct. For incoming internet traffic, SSL termination is done on the revers proxy (Apache). There is no need to use HTTPS/SSL inside your local network.

There is an important hint for Jackett on top of the GitHub page. Just asking, did you set Base URL correctly?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Parkour_Lama
Posts: 34
Joined: Sat Sep 12, 2020 2:02 pm

Re: Other Services with LetsEncrypt

Post by Parkour_Lama »

Yep, Base URL, Jackett Config, and Proxy Configuration, I've tried changing around bits and pieces of everything, but to no avail except the above.

I'm adding the jackett issue https://github.com/Jackett/Jackett/issues/11983 if you're curious, but the TL:DR is the same.
User avatar
Joulinar
Posts: 5090
Joined: Sat Nov 16, 2019 12:49 am

Re: Other Services with LetsEncrypt

Post by Joulinar »

I see the issue closed. Is it working now?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Post Reply