Skip to main content
Setup a Reverse Proxy with Let's Encrypt SSL

How to Setup a Reverse Proxy in OMV with Let’s Encrypt SSL for Sabnzbd, Radarr, Sonarr and Transmission

In this chapter I will show you how you can setup a reverse proxy in Nginx for Sonarr and/or Radarr using the Let’s Encrypt SSL-certificates you’ve generated in the first chapter of this giant how-to for OpenMediaVault (OMV). Let’s begin.

How to Setup a Reverse Proxy with SSL (HTTPS) for Sonarr and/or Radarr

Setting up an SSL-secured Reverse Proxy for Sonarr/Radarr is much easier, compared to e.g. SABnzbd or Plex. Sonarr and Radarr have all the tools included to map it to a sub-directory, which will allow it to use the same Let’s Encrypt SSL-certificate you’ve generated on the first page of this tutorial. It’s built in such a way, that there’s need to provide custom certificates.

Configuring Let’s Encrypt SSL in Sonarr/Radarr

Because Sonarr and Radarr are basically the same software, I’ll use Sonarr in my example, but the steps should be exactly the same in Radarr. If this changes in a later release, I’ll update this how-to.

Configuring Sonarr to use Let's Encrypt SSL (HTTPS)
Configuring Sonarr/Radarr to use Let’s Encrypt SSL (HTTPS)
  1. In Sonarr/Radarr, go to Settings > General and click on the toggle next to ‘Advanced Settings‘ so it says ‘Shown‘.
  2. If you haven’t already, change the ‘URL Base‘ to ‘/sonarr‘.
  3. Toggle ‘Enable SSL‘ to ‘Yes‘.
  4. The default ‘SSL Port Number‘ isn’t relevant as Sonarr/Radarr will be listening on both ports.
  5. Click ‘Save‘.

That’s it. Sonarr will now prefix every request to both ports with the provided Base-URL so we can make it work with a Reverse Proxy.

How to Set Up a Nginx Reverse Proxy for Sonarr and/or Radarr

If you’ve followed the steps on the previous page, this part will be easy. For the sake of full disclosure, I will assume you didn’t. If you did, you can skip steps 2 and 3:

  1. Open a terminal and connect with your NAS using SSH.
  2. Go to the folder containing OMV’s Nginx configuration files: cd /etc/nginx/openmediavault-webgui.d/
  3. Create a new .conf-file or edit the existing file using your favourite shell text-editor, e.g. nano apps.conf
  4. Insert the following text to the top of the file:
    location /sonarr {
    proxy_pass http://localhost:8989/sonarr;
    }
    location /radarr {
    proxy_pass http://localhost:7878/radarr;
    }
    view raw apps.conf hosted with ❤ by GitHub
    Obviously, nas.yourdomain.com and 192.168.xxx.xxx need to be replaced by your NAS’ web-address and its local IP-address. If the server_name-node is already there. Don’t replace it or re-add it. Only add the location-node and make sure the port after localhost points to Sonarr (default: 8989).
  5. Save the file and restart Nginx: service nginx restart

Give it a view hours for the settings to take effect. If you’ve just set up your CNAME-records to make your NAS accessible from outside your LAN it can take while. Your domain’s DNS-settings need to be propagated among all internet providers worldwide.

In all other cases Sonarr/Radarr should be accessible from the outside immediately after restarting Nginx. So you can confirm your Let’s Encrypt SSL-secured Reverse Proxy for OpenMediaVault is working correctly. You can do the same for Transmission. I’ll tell you all about it on the next page.

Daan van den Bergh

Magento 2 Back-end Developer with a passion for trainlifting, airplane-gliding, hunting trees and creating fake hobbies.

4 thoughts to “How to Setup a Reverse Proxy in OMV with Let’s Encrypt SSL for Sabnzbd, Radarr, Sonarr and Transmission”

  1. You don’t need Sonarr’s “Enable SSL” if you’re implementing the HTTPS encryption with Let’s Encrypt at the reverse proxy level, I assume.

  2. While I appreciate the time you took to write this article, the title is incredibly misleading. I came here for info on sonarr reverse proxying yet I can only find sabnzbd, with a configuration that will result in a imperfect configuration at that.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.