herman

QNAP Nginx Reverse Proxy Installation Guide

(Special thanks to the expert for full guidance)

1. Preparation Work

1. Register a primary domain name (Aliyun, Tencent, or some foreign websites like https://www.namesilo.com, https://www.dynadot.com/)

2. Register a CloudFlare account (https://www.cloudflare.com/), remember to verify the email link after registration, otherwise, errors may occur later.

2. SSH Installation of Nginx

1. Installation

docker run -d 
--restart=always \
--name=NginxProxyManager \
-e TZ="Asia/Shanghai" \
-p 3081:81 \
-p 3080:80 \
-p 30443:443 \
-v /share/Container/NginxProxyManager/data:/data \
-v /share/Container/NginxProxyManager/cert:/etc/letsencrypt \
chishin/nginx-proxy-manager-zh

2. Settings

Access the management page at nas's IP:3081

Default account credentials: Email@example.com Password: changeme

After logging in, change the login email, password, and anything else as desired.

3. CloudFlare Settings

1. Log in to the homepage, add a site, just enter your domain name, select Free and continue.

2. Perform the operations as shown in the image below, you should see two nameservers (dns), copy both and save them in a notepad or somewhere for backup.

3. Go to the domain management area where you registered the domain (using Tencent as an example, others are similar), modify the registered domain, customize DNS, and input the two dns you copied earlier.

3. Go back to the CloudFlare homepage and check if it is effective; if you see the image below, it is good.

4. On this page, find and click to get your API token, on the next page click create token, then in the editing area under DNS, click use template.

5. After obtaining the token, copy and save it for backup, then go back to the previous page (the one where you created the token) and check the general key as well, copy and save both secret keys for backup.

6. Return to the CloudFlare homepage, then click DNS on the left (if not visible, click your domain in the middle of the page), click add record, fill in or select as shown in the red box below, and leave the rest as default.

4. Domain Resolution

1. Enter SSH and run the following command to install DDNS-GO:

docker run -d 
--name ddns-go --restart=always --net=host -v /share/Container/ddns-go:/root 
jeessy/ddns-go

2. After installation, access the management interface at nas's IP:9876, fill in as shown in the image below: Token is the API token you just obtained, or the general key (I didn't succeed with the general key; I used the API token). For the IP acquisition method, fill in this: https://ddns.oray.com/checkip, https://ip.3322.net, then Domain is your own domain like: *.xxx.cn, and click save in the upper left corner.

3. If the prompt shown in the image below appears in the upper right corner, it indicates that DDNS resolution was successful.

4. Open the Cloudflare page and observe; click DNS on the left, and if you see that the previous 1.1.1.1 has changed to your public IP address, it means it is OK.

5. This DDNS-GO is set to block external access by default. If you need external access, please uncheck the option to block external access at the bottom of this page, and set a username and password to ensure security, then forward port 9876 in the router.

5. Obtaining SSL Certificate

1. Access the management page of the NAS with nginx installed at IP:3081, select SSL certificates, and add an SSL certificate.

2. Fill in the relevant information; the domain is your registered domain, remember to include the * symbol, below is the registered CloudFlare email, select CloudFlare as the DNS provider, and change the certificate content after the = sign to your API token or general token (my general token didn't succeed; I used the API token), select agree, and then save. (At this time, you need to use a proxy; otherwise, a timeout error will occur.)

4. If the image below appears, it indicates that the certificate was successfully obtained.

5. Copy the folder "custome" (link: https://pan.baidu.com/s/1Xkk1oe7ERoaNA_FvEfW33w extraction code: q8zf) to the container directory, the final directory will be Container\NginxProxyManager\data\nginx\custom.

6. Restart Nginx in the ContainerStation container.

7. Go to the router to set up port forwarding, mapping 888 to the QNAP IP's 30443.

6. Reverse Proxy

1. Access the nginx management interface at IP:3081, click to add a proxy service, and fill in the details.

2. SSL settings, select the certificate you applied for, check the two options below, and save.

Final effect

3. External access address qb1.xxxxx.cn:888 (note to add :888), if you need to change 888, modify the CONF file under custom.

4. Special Note:

(1) Notes on using qb

(2) Notes on using WizNote

Modify the IP address in the code to your own local area network address + port.

(3) Notes on using Heimdall

After deploying Heimdall, if accessed through nginx reverse proxy, the page may not display correctly, as shown:

Solution:

Edit the proxy service — custom settings, define the location input as "/" (just a slash), then forward the host IP, forward the host port, fill in your relevant settings, then click the gear next to it, and add the following in the box below:

proxy_set_header X-Forwarded-Host $http_host;  # with a semicolon

Copy the homework:

location / {
    proxy_pass http://192.xxx.xx.:1234;  # Change this to your internal IP:port
    proxy_set_header Host $http_host;
    proxy_redirect  http:// https://;
    proxy_set_header X-Forwarded-Host $http_host;
    proxy_set_header X-Forwarded-Port $server_port;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Scheme $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_http_version 1.1;
}

Click save to complete.