Nginx Reverse Proxy VM on Proxmox with Lets Encrypt Cert using Certbot for Plex Home Server
Create a Debian Virtual Machine with copy and paste abilities in Proxmox
Set up a NGINX reverse proxy to help with security when exposing plex or any other app to the internet for friends, family, clients, etc. Note: A later video will be coming to make the NGINX reverse proxy more secure.
Install a certificate from Let’s Encrypt using Certbot
*****************************************************************************
Download debian from
Load ISO image into Local disk on proxmox
Create Virtual Machine
Set up copy and paste capabilites in proxmox instance console:
qm set 102 -vga std,clipboard=vnc
Install Debian on the Virtual Machine:**************************************
Once installed, got to debian virtual machine and navigate to network settings and write down the IP address. (Note: this will be needed for later to add port forwarding through your router)
Open up a terminal
su root
apt-get install spice-vdagent – This is for copy and paste abilities
Reboot Debian Virtual Machine
Open up a terminal
su root
cd /
apt update
Install Nginx on Debian Virtual machine:*********************************
nano /etc/apt/sources.list
Note: When updating sources file for nginx software, match the debian image release to the ubuntu image release to pull the correct nginx software version. In this tutorial I will be using the Nginx version for Ubuntu’s latest release Jammy that matches to Debian’s Bookworm release.
Add the following lines to the sources.list file:
deb jammy nginx
deb-src jammy nginx
apt update
apt-key adv –keyserver keyserver.ubuntu.com –recv-keys [Get key from above]
apt update
apt-get install nginx
systemctl start nginx
cd /etc/nginx/conf.d/
cp default.conf [your domain or subdomain].conf
nano [your domain or subdomain].conf
Below is the sample [your domain or subdomain name].conf file**********
server {
listen 80;
server_name [your domain or subdomain name];
set $upstream 192.168.2.14:32400;
listen 443 ssl; # managed by Certbot
add_header X-Content-Type-Options “nosniff” always;
add_header X-Frame-Options “SAMEORIGIN”;
add_header X-XSS-Protection “1; mode=block” always;
add_header Strict-Transport-Security “max-age=31536000; includeSubDomains;” always;
add_header Content-Security-Policy “frame-ancestors ‘self’;”;
location / {
proxy_pass
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
ssl_certificate /etc/letsencrypt/live/[your domain or subdomain name]/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/[your domain or subdomain name]/privkey.pem;
# Redirect non-https traffic to https
if ($scheme != “https”) {
return 301
} # managed by Certbot
}
*********************************************************************
mv default.conf /home/[user]/Desktop
Go to your Domain Host Provider and enter your router’s external facing IP address in as an A record.
Example: Host = www.example.com Answer = 8.8.8.8
Go to your router’s settings and allow port forwarding for the Debian Virtual Machine’s IP Address that you obtained earlier for ports 443 and 80 with both TCP and UDP.
192.168.2.4
Install Let’s Encrypt Certificate with Certbot: *********************
apt-get install certbot
apt-get install python3-certbot-nginx
certbot certonly –manual –preferred-challenges dns
Go to your Domain Host Provider add a TXT record matching the Let’s Encrypt Challenge provided.
Ex. Host = _acme-challenge.your.domain.com Answer = 98a7y89shrtqwe98rfy9qwhfqw978y97fwyt87657
systemctl restart nginx
[ad_2]
source
