One problem I ran into with Unifi: I didn’t want to go through the difficulty/effort/burden of getting a TLS cert.
We all know that LetsEncrypt is a trivial way to get certificates, if you can line things up correctly. For the nginx-proxy-letsencrypt, it’s a case of setting environment variables. We don’t always have the option to do that.
So I cheated.
I’m using the “How about that Nginx?” and “And the Crypto Certificates” from https://tech.chickenandporn.com/2019/03/01/one-shot-turnup-of-https-jenkins-on-docker/ and really setting up what that needs to function.
I created a bonehead-simple proxy so I could assign the environment variables. With my unifi
server running an https interface at 196.168.0.4:8443, my docker-compose.xml for this little part looks like the following:
proxyunifi: container_name: "proxyunifi" entrypoint: - socat - tcp-listen:8443,fork,reuseaddr - tcp:192.168.0.4:8443 environment: - LETSENCRYPT_EMAIL=chickenandporn@gmail.com - LETSENCRYPT_HOST=unifi.example.com - VIRTUAL_HOST=unifi.example.com image: "alpine/socat:latest" networks: - proxy ports: - "8443" restart: always
The only real complexity here is that I’m forwarding connections to tcp/8443, so I’m forwarding to the https port. If you have problems with that, try tcp-listen:8080,fork,reuseaddr
for the entry point item but this is what works for me. A VIRTUAL_PROTO=https
can ensure that it works as well.
I would have forwarded the connection to a name instead of an ip address, but my home network has been moved from a dnsmasq
where I trivially have names for DHCP ip addresses leased out
Recent Comments