in ,

How to Setup a Reverse Proxy in OMV with Let’s Encrypt SSL for Sabnzbd, Radarr, Sonarr and Transmission

Setup a Reverse Proxy with Let's Encrypt SSL

In this chapter I will show you how you can setup a reverse proxy in Nginx for Sonarr and/or Radarr using the Let’s Encrypt SSL-certificates you’ve generated in the first chapter of this giant how-to for OpenMediaVault (OMV). Let’s begin.

How to Setup a Reverse Proxy with SSL (HTTPS) for Sonarr and/or Radarr

Setting up an SSL-secured Reverse Proxy for Sonarr/Radarr is much easier, compared to e.g. SABnzbd or Plex. Sonarr and Radarr have all the tools included to map it to a sub-directory, which will allow it to use the same Let’s Encrypt SSL-certificate you’ve generated on the first page of this tutorial. It’s built in such a way, that there’s need to provide custom certificates.

Configuring Let’s Encrypt SSL in Sonarr/Radarr

Because Sonarr and Radarr are basically the same software, I’ll use Sonarr in my example, but the steps should be exactly the same in Radarr. If this changes in a later release, I’ll update this how-to.

Configuring Sonarr to use Let's Encrypt SSL (HTTPS)
Configuring Sonarr/Radarr to use Let’s Encrypt SSL (HTTPS)
  1. In Sonarr/Radarr, go to Settings > General and click on the toggle next to ‘Advanced Settings‘ so it says ‘Shown‘.
  2. If you haven’t already, change the ‘URL Base‘ to ‘/sonarr‘.
  3. Toggle ‘Enable SSL‘ to ‘Yes‘.
  4. The default ‘SSL Port Number‘ isn’t relevant as Sonarr/Radarr will be listening on both ports.
  5. Click ‘Save‘.

That’s it. Sonarr will now prefix every request to both ports with the provided Base-URL so we can make it work with a Reverse Proxy.

How to Set Up a Nginx Reverse Proxy for Sonarr and/or Radarr

If you’ve followed the steps on the previous page, this part will be easy. For the sake of full disclosure, I will assume you didn’t. If you did, you can skip steps 2 and 3:

  1. Open a terminal and connect with your NAS using SSH.
  2. Go to the folder containing OMV’s Nginx configuration files: cd /etc/nginx/openmediavault-webgui.d/
  3. Create a new .conf-file or edit the existing file using your favourite shell text-editor, e.g. nano apps.conf
  4. Insert the following text to the top of the file:
    location /sonarr {
    proxy_pass http://localhost:8989/sonarr;
    }
    location /radarr {
    proxy_pass http://localhost:7878/radarr;
    }
    view raw apps.conf hosted with ❤ by GitHub
    Obviously, nas.yourdomain.com and 192.168.xxx.xxx need to be replaced by your NAS’ web-address and its local IP-address. If the server_name-node is already there. Don’t replace it or re-add it. Only add the location-node and make sure the port after localhost points to Sonarr (default: 8989).
  5. Save the file and restart Nginx: service nginx restart

Give it a view hours for the settings to take effect. If you’ve just set up your CNAME-records to make your NAS accessible from outside your LAN it can take while. Your domain’s DNS-settings need to be propagated among all internet providers worldwide.

In all other cases Sonarr/Radarr should be accessible from the outside immediately after restarting Nginx. So you can confirm your Let’s Encrypt SSL-secured Reverse Proxy for OpenMediaVault is working correctly. You can do the same for Transmission. I’ll tell you all about it on the next page.

Written by Daan van den Bergh

Magento 2 Back-end Developer with a passion for trainlifting, airplane-gliding, hunting trees and creating fake hobbies.

12 Comments

Leave a Reply
  1. You don’t need Sonarr’s “Enable SSL” if you’re implementing the HTTPS encryption with Let’s Encrypt at the reverse proxy level, I assume.

  2. While I appreciate the time you took to write this article, the title is incredibly misleading. I came here for info on sonarr reverse proxying yet I can only find sabnzbd, with a configuration that will result in a imperfect configuration at that.

  3. This tutorial is outdated. You should consider revising it as certain things changed in Letsencrypt interface.

  4. Hi Daan,

    Thanks so much for your useful guide! I set this up months ago and it’s been working perfectly up until yesterday. I haven’t changed any settings but it’s just stopped working :( I rebooted my router, double checked the port forwarding was still in place, checked the certificate was still valid etc and nada :( I can see that DuckDNS is working correctly also, it’s correctly obtaining my WAN IP.

    Do you have any ideas?

  5. I’m a bit confused when you say that the NAS needs to be accessible from outside. So if I want to access OMV, I need to type for example mydomain.com:portToMyNAS. Then my router will forward this request to my NAS and the login page will be displayed. Is this what you mean?

    Also isn’t this a security risk – shouldn’t we use an VPN service instead of leaving it directly open to the public internet?

    • If you want to use a VPN, then using a reverse proxy isn’t relevant IMO. You can just access your NAS from inside your VPN.

      But to answer your question. It’s not necessarily a security risk if OMV (your NAS’s IP, on port 443/80) is accessible over WAN.

  6. Hi Daan,
    I’ve successfully installed the certificate, and installed sonarr – used your config for the ngnix. The problem is that i get the following web page when I try to load mydomain.com/sonarr: https://imgur.com/a/HUxfC16 (this image shows my internal IP, but the same thing happens if I use my domain)

    I’ve port forwarded port 80 and 443 in my router to my OMV server. Also the OMV server has ports 80 and 443 setup (in general settings > web administration).
    What am I doing wrong?
    Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.