QNAP Nginx Reverse Proxy Installation Guide
(Special thanks to the expert for full guidance)
1. Preparation Work
-
Register a primary domain name (Aliyun, Tencent, or some foreign websites like https://www.namesilo.com, https://www.dynadot.com/)
-
Register a CloudFlare account (https://www.cloudflare.com/), remember to verify the email link after registration, otherwise, errors may occur later.
2. SSH Installation of Nginx
- Installation
docker run -d
--restart=always \
--name=NginxProxyManager \
-e TZ="Asia/Shanghai" \
-p 3081:81 \
-p 3080:80 \
-p 30443:443 \
-v /share/Container/NginxProxyManager/data:/data \
-v /share/Container/NginxProxyManager/cert:/etc/letsencrypt \
chishin/nginx-proxy-manager-zh
- Settings
Access the management page at nas's IP:3081
Default account credentials: Email@example.com Password: changeme
After logging in, change the login email, password, and other settings as desired.
3. CloudFlare Settings
- Log in to the homepage, add a site, just enter your domain name, select Free and continue.
- Perform the operations as shown in the image below, and copy the two nameservers (dns) to a notepad or somewhere for backup.
- Go to the domain management section where you registered the domain (taking Tencent as an example, others are similar), modify the registered domain, customize DNS, and enter the two dns you just copied.
- Go to the Cloudflare homepage and check if it is effective. If it looks like the image below, it is good.
- On this page, find and click to get your API token, then on the next page click create token, and in the editing area under DNS, click use template.
- After obtaining the token, copy and save it for backup, then go back to the page where you created the token and check the general key as well, copying both secret keys for backup.
- Return to the CloudFlare homepage, then click on DNS on the left (if not, click your domain in the middle of the webpage), click add record, and fill in or select as shown in the red box below, leaving the rest as default.
4. Domain Resolution
- Enter ssh and run the following command to install DDNS-GO:
docker run -d
--name ddns-go --restart=always --net=host -v /share/Container/ddns-go:/root
jeessy/ddns-go
- After installation, access nas's IP:9876 to enter the management interface, fill in as shown in the image below: Token is the API token you just obtained, or the general key (I didn't succeed with the general key; I used the API token). For the IP acquisition method, fill in this: https://ddns.oray.com/checkip, https://ip.3322.net, then Domain is your own domain like: *.xxx.cn, and click save in the upper left corner.
- If the prompt shown in the image below appears in the upper right corner, it indicates that DDNS resolution was successful.
- Open the Cloudflare page and observe, click DNS on the left, and if you see that the previous 1.1.1.1 has changed to your public IP address, it indicates success.
- This DDNS-GO is set to block external access by default. If you need external access, please uncheck the option to prohibit external access at the bottom of this page, and set a username and password to ensure security, then forward port 9876 in the router.
5. Obtain SSL Certificate
- Access the management page at nas's IP:3081 where Nginx is installed, select SSL certificate, and add an SSL certificate.
- Fill in the relevant information, the domain name is your registered domain, note to include the * symbol, below is the registered Cloudflare email, select Cloudflare as the DNS provider, and change the certificate content after the = sign to your API token or general token (my general token didn't succeed; I used the API token), select agree, and then save. (At this time, you need to use a proxy, otherwise, a timeout error may occur.)
- If the image below appears, it indicates that the certificate was successfully obtained.
- Copy the folder "custome" (link: https://pan.baidu.com/s/1Xkk1oe7ERoaNA_FvEfW33w extraction code: q8zf) to the container directory, with the final directory being Container\NginxProxyManager\data\nginx\custom.
-
Restart Nginx in the ContainerStation container.
-
Enter the router to perform port forwarding, mapping 888 to the QNAP IP's 30443.
6. Reverse Proxy
- Access ip:3081 to enter the Nginx management interface, click to add a proxy service, and fill in the details.
- SSL settings, select the applied certificate, check the two options below, and save.
Final effect
- External access address qb1.xxxxx.cn:888 (note to add :888), if you need to change 888, modify the CONF file under custom.
4. Special Note:
(1) qb usage precautions
(2) WizNote precautions
Modify the IP address in the code to your own local area network address + port.
(3) Heimdall precautions
After deploying Heimdall, if accessed through Nginx reverse proxy, the page may not display correctly, as shown:
Solution:
Edit the proxy service - custom settings, define the location input as "/" (just a slash), then forward the host IP, forward the host port, fill in your relevant settings, then click the gear next to it, and add the following in the box below:
proxy_set_header X-Forwarded-Host $http_host; # with a semicolon
Copy the homework:
location / {
proxy_pass http://192.xxx.xx.:1234; # Change this to your internal IP:port
proxy_set_header Host $http_host;
proxy_redirect http:// https://;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
}
Click save to finish.