Exposing an Unraid Service to the Internet

Nov 19, 2020

In the previous post I set up a Hasura GraphQL endpoint on my home server. The purpose of this is to set up a backend for a SwiftUI app I'm working on. What I'll be doing here is exposing the Hasura service endpoint the internet.

In this post I'll be using Cloudflare, Nginx Proxy Manager, Let's Encrypt, Unraid OS, and NextDNS.io. Though there's many combinations of tools that will work, these are the best tools I've found for the job.

Nginx Proxy Manager

Docker container and built in Web Application for managing Nginx proxy hosts with a simple, powerful interface, providing free SSL support via Let’s Encrypt

Let’s Encrypt - Free SSL/TLS Certificates

Let’s Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG).

Free SSL/TLS Certificates

Setup

Step 1: Purchase a domain

Or you can use an existing domain.

Step 2: Set up the domain on Cloudflare.

Setup for Cloudflare is very simple. If you create a new account, the onboarding will guide you through the process.

Step 3: Point the DNS records to your router's IP address.

You can find your IP address by using something like https://whatismyipaddress.com/

Then go to the DNS section of your domain in Cloudflare. And add a new A record for a subdomain (or root) pointing to your IP address without enabling proxy (cloud icon).

Step 4: Start setup for Ngnix Proxy Manager

Install Ngnix Proxy manager from the Apps tab of Unraid in the web config and select ports to use for secure and unsecure connections. In my case I used 1443 for secure and 180 for unsecure.

Step 5: Set up port forwarding on your home router

This step will look differently depending on your router and firmware.

Typically this will consist of:

Logging into your router at an IP like 192.168.1.1 (depends on your router)
Navigating to the port forwarding config for your router
Forwarding incoming ports 443 and 80 to the IP of your Unraid Server (top right of web config) and the secure and unsecure ports used for Ngnix Proxy Manager

This is what my OpenWRT config looks like for my router

Step 6: Finish setup for Nginx Proxy Manager

Start Nginx Proxy Manager if you haven't already and navigate to the web console. Create an account if needed and navigate to the Hosts -> Proxy Hosts section of the web console and we can add a new Proxy Host.

Then just fill in all the required fields.

Forward Hostname / IP: The local ip address of the service you want to expose to the internet.
Forward Port: The unsecure port of the service you want to expose to the internet.
Request a new SSL Certificate. This will use Let's Encrypt automatically.

Step 6: Finish Cloudflare Config

At this point you can navigate to the subdomain, and you should see your locally hosted service exposed to the internet!

Before we're done we have one more setting to update.

Back in the Cloudflare DNS config for the domain, re-enable Proxy for the subdomain (cloud icon).

If you're having issues at this point see this this link or this link

Bonus NextDNS.io

Since we are proxying requests to our router through Cloudflare, any requests we make to our domain from the same network will bounce around before they get back to the router. This will slow down our request and be speed limited by our ISP.

The solution here is to use NextDNS.io.

Sign up for a new account in NextDNS.io. Then add a new rewrite to go from the subdomain to the IP address of your router.

Then all requests to the subdomain will go directly to the router!

Done!

Now we we can access our service through the internet, our service will be protected by Cloudflare and we can still access it locally with the same speed!

Hasura GraphQL endpoint exposed over the internet!

I hope you've found this post useful. If you have any questions or comments, please feel free to reach out!

Get In Touch

or via telegram