One problem I ran into with Unifi: I didn’t want to go through the difficulty/effort/burden of getting a TLS cert.
We all know that LetsEncrypt is a trivial way to get certificates, if you can line things up correctly. For the nginx-proxy-letsencrypt, it’s a case of setting environment variables. We don’t always have the option to do that.
So I cheated.
I’m using the “How about that Nginx?” and “And the Crypto Certificates” from https://tech.chickenandporn.com/2019/03/01/one-shot-turnup-of-https-jenkins-on-docker/ and really setting up what that needs to function.
I created a bonehead-simple proxy so I could assign the environment variables. With my unifi server running an https interface at 196.168.0.4:8443, my docker-compose.xml for this little part looks like the following:
proxyunifi:
container_name: "proxyunifi"
entrypoint:
- socat
- tcp-listen:8443,fork,reuseaddr
- tcp:192.168.0.4:8443
environment:
- LETSENCRYPT_EMAIL=chickenandporn@gmail.com
- LETSENCRYPT_HOST=unifi.example.com
- VIRTUAL_HOST=unifi.example.com
image: "alpine/socat:latest"
networks:
- proxy
ports:
- "8443"
restart: always
The only real complexity here is that I’m forwarding connections to tcp/8443, so I’m forwarding to the https port. If you have problems with that, try tcp-listen:8080,fork,reuseaddr for the entry point item but this is what works for me. A VIRTUAL_PROTO=https can ensure that it works as well.
I would have forwarded the connection to a name instead of an ip address, but my home network has been moved from a dnsmasq where I trivially have names for DHCP ip addresses leased out
Recent Comments