https access to Tautulli web interface?

Currently reading
https access to Tautulli web interface?

507
189
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS212, RS816, RS819, DS223, DS920+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
I am having trouble getting https (SSL) (with Let's Encrypt certs) access to the Tautulli web interface to work under Docker.
Here's what I have done; where did I go wrong?

Installed Tautulli, web access is at port 8181, and using http it works just fine using http://my_own_non_Synology_related_domain.com:8181

Exported the Let's Encrypt certificate files (since I can't find where the NAS stores them, dammit) cert.pem, chain.pem, privkey.pem, and copied them to a directory, /volume1/lecerts

In Tautulli settings, Web Interface, I unchecked "create a self-signed certificate."

I set the https domain to my_own_non_Synology_related_domain.com , set the https IPs to the static WAN and static LAN addresses of the NAS, put /volume1/lecerts/cert.pem in "Location of HTTPS Certificate," put /volume1/lecerts/chain.pem in "The location of the SSL certificate chain," and put /volume1/lecerts/privkey.pem in "The location of the SSL key. "

When I then try to connect using a browser to https://my_own_non_Synology_related_domain.com , I get an error. And the Tautulli log says:

"Tautulli WebStart :: Disabled HTTPS because of missing certificate and key. "

Any idea what I'm missing here?
 
Yes. Excellent idea. Of course, I screwed up a couple times adding tautulli.mydomain.com to the cert, and reached the maximum attempts permitted by let's encrypt(!), so now I have to wait a while...
 
Aha yes that’s a bit limiting then. Main reason why I switched to docker LE. not using it as revers proxy just for creating and renewing. Using that wild card on multiple Nas as well so there is no need to reissue each nas cert. After that I just import it to all of them and case closed.

If you are lookin into multiple custom sub domain apps being accessed from the web, wild card might be a way to go.

I have a one liner ready if you need a hand as well as a few other steps that need to be done in order to protect your domain with cloudflare and use it as a alternative method of LE validation, so you don’t have to open port 80/443 for renewal as well.
 
Aha yes that’s a bit limiting then. Main reason why I switched to docker LE. not using it as revers proxy just for creating and renewing. Using that wild card on multiple Nas as well so there is no need to reissue each nas cert. After that I just import it to all of them and case closed.

If you are lookin into multiple custom sub domain apps being accessed from the web, wild card might be a way to go.

I have a one liner ready if you need a hand as well as a few other steps that need to be done in order to protect your domain with cloudflare and use it as a alternative method of LE validation, so you don’t have to open port 80/443 for renewal as well.

I have one NAS that functions as a web server, open to the internet, so its ports 80 and 443 are open anyway. That's the one that obtains and renews the LE certs, and then I just export them from that one to the others.
 
If you run a swarm cluster, you can deploy traefik as a global service on all nodes, it acts as a reverse proxy and uses etcd3 as a backend to share the certificate among the instances. The beautiy is that it leverages docker events to automaticly create/remove proxy rules, based on container or swarm deploy labels you add to the target service. Traefik wil take care to create and extend the LE certificates for each subdomain or a wildcare domain.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
https://bitwarden.dadsnas.i234.me:443 still directs to DSM login screen. I did not have "automatically...
Replies
11
Views
2,517
That’s interesting. On their github page I read that it requires Redis so I installed it first. It’s good...
Replies
21
Views
5,049
Setup of BW will take a few minutes then you will achieve free of charge full version of your own host for...
Replies
22
Views
21,795
You're a genius, doing what you said sorted my issue out. Here's a screenshot for anyone else who has the...
Replies
9
Views
7,143
  • Question
You could register it inside Docker UI - Setup a docker registry on Synology
Replies
5
Views
5,971
I can not install downloaded files for additional functionality in odoo In the docker I have got the...
Replies
0
Views
2,176
@fredbert THNAKS! https://www.synology.com/en-global/knowledgebase/DSM/help/Docker/docker_container
Replies
6
Views
4,924

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top