Exposing an Unraid Service to the Internet

Nov 19, 2020

In the previous post I set up a Hasura GraphQL endpoint on my home server. The purpose of this is to set up a backend for a SwiftUI app I'm working on. What I'll be doing here is exposing the Hasura service endpoint the internet.

In this post I'll be using Cloudflare, Nginx Proxy Manager, Let's Encrypt, Unraid OS, and NextDNS.io. Though there's many combinations of tools that will work, these are the best tools I've found for the job.

Cloudflare - The Web Performance & Security Company | Cloudflare
Cloudflare is a free global CDN and DNS provider that can speed up and protect any site online.
Nginx Proxy Manager
Docker container and built in Web Application for managing Nginx proxy hosts with a simple, powerful interface, providing free SSL support via Let’s Encrypt
Unleash Your Hardware
Unraid OS allows sophisticated media aficionados, gamers, and other intensive data-users to have ultimate control over their data, media, applications, and desktops, using just about any combination of hardware.
Let’s Encrypt - Free SSL/TLS Certificates
Let’s Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG).
NextDNS
The new firewall for the modern Internet.

Setup

Step 1: Purchase a domain

Or you can use an existing domain.

Step 2: Set up the domain on Cloudflare.

whatismyipaddress.com

Setup for Cloudflare is very simple. If you create a new account, the onboarding will guide you through the process.

Step 3: Point the DNS records to your router's IP address.

You can find your IP address by using something like https://whatismyipaddress.com/

Then go to the DNS section of your domain in Cloudflare. And add a new A record for a subdomain (or root) pointing to your IP address without enabling proxy (cloud icon).

Step 4: Start setup for Ngnix Proxy Manager

Install Ngnix Proxy manager from the Apps tab of Unraid in the web config and select ports to use for secure and unsecure connections. In my case I used 1443 for secure and 180 for unsecure.

Ngnix Proxy Manager Ports

Step 5: Set up port forwarding on your home router

This step will look differently depending on your router and firmware.

Typically this will consist of:

  1. Logging into your router at an IP like 192.168.1.1 (depends on your router)
  2. Navigating to the port forwarding config for your router
  3. Forwarding incoming ports 443 and 80 to the IP of your Unraid Server (top right of web config) and the secure and unsecure ports used for Ngnix Proxy Manager
This is what my OpenWRT config looks like for my router

Step 6: Finish setup for Nginx Proxy Manager

Start Nginx Proxy Manager if you haven't already and navigate to the web console. Create an account if needed and navigate to the Hosts -> Proxy Hosts section of the web console and we can add a new Proxy Host.

Then just fill in all the required fields.

  • Forward Hostname / IP: The local ip address of the service you want to expose to the internet.
  • Forward Port: The unsecure port of the service you want to expose to the internet.
  • Request a new SSL Certificate. This will use Let's Encrypt automatically.
New Proxy Host config

Step 6: Finish Cloudflare Config

At this point you can navigate to the subdomain, and you should see your locally hosted service exposed to the internet!

Before we're done we have one more setting to update.

Back in the Cloudflare DNS config for the domain, re-enable Proxy for the subdomain (cloud icon).

If you're having issues at this point see this this link or this link

Bonus NextDNS.io

Since we are proxying requests to our router through Cloudflare, any requests we make to our domain from the same network will bounce around before they get back to the router. This will slow down our request and be speed limited by our ISP.

The solution here is to use NextDNS.io.

Sign up for a new account in NextDNS.io. Then add a new rewrite to go from the subdomain to the IP address of your router.

Then all requests to the subdomain will go directly to the router!

Done!

Now we we can access our service through the internet, our service will be protected by Cloudflare and we can still access it locally with the same speed!

Hasura GraphQL endpoint exposed over the internet!

I hope you've found this post useful. If you have any questions or comments, please feel free to reach out!

Get In Touch


or via telegram

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.