Overseerr on HTTPS

[atah]

Hello,

I used DockerVersion, how can I add my SSL certificate?

Thanks

[gonzalezb]

Hello,

I used DockerVersion, how can I add my SSL certificate?

Thanks

To get https you have to setup a reverse proxy for Overseerr as it does not support ssl by itself. Reverse proxy is more secure anyway look into nginx reverse proxy manager it's a docker container very easy to use.

[sgtcoder]

You can't use Nginx with SSL as the backend to connect to Overseerr though with an SSL connection. You would be forced to run everything as plain text on the backend. Can we get an option to put an SSL in so we can connect to Nginx with SSL?

[gonzalezb]

Not sure i use docker and keep everything in a private network within docker my nginx docker container is my only application open to the web. That is what i meant with the original comment but i was very vague i apologize for that i see you setup something similar based on your latest comment.

[war59312]

A check the box option would be ideal.

Said check box would grab a Let's Encrypt cert based on the hostname. Of course verify that A and or AAAA DNS exists and matches IP first and port 80 and 443 are open. Then if so grab the cert and apply.

That's the "easy" button way I'd go about it. Then have a more advanced option to use a TLS Proxy.

[sgtcoder]

I was able to figure out how to setup nginx as a primary with signed ssls through certbot, and I was able to get it so I don't have to expose the ports and have it on a private network in docker!

[war59312]

Nice. Mind providing the steps/documentation?

[war59312]

Finally figured it out on Synology.

The easy way, use the built in nginx server. 🥇

sudo nano /usr/syno/share/nginx/WWWService.mustache

Add:

server {

        listen portToUse ssl http2;
        server_name overseerr.domain.com;

        ssl on;

        ssl_certificate "/volume1/docker/Let's Encrypt/fullchain1.pem";
        ssl_certificate_key "/volume1/docker/Let's Encrypt/privkey1.pem";

        proxy_set_header Referer $http_referer;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-Port $remote_port;
        proxy_set_header X-Forwarded-Host $host:$remote_port;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-Port $remote_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Ssl on;

        location / {
                proxy_pass http://ipOfOverseerr:5055;
    }
}

1. Set portToUse to whatever port you wish to use for secure Overseerr.

2. Set overseerr.domain.com to the sub domain you using for Overseerr.

3. Created the Let's Encrypt cert via https://certbot.eff.org/

Get Cert Via certbot:

certbot certonly --authenticator standalone

On Windows Files Created at:

C:\Certbot\archive\

4. Change /volume1/docker/Let's Encrypt/ to whatever path you used when copied over the Let's Encrypt files.

5. Change http://ipOfOverseerr:5055 to the IP address you currently already using for Overseerr.

6. Restart nginx to take effect:

DSM 6: sudo synoservice --restart nginx

DSM 7: sudo synosystemctl restart nginx

Note: DSM 6 supports TLS 1.2 as Modern Compatibility while DSM 7.0 support TLS 1.3 as Modern Compatibility.

Unless someone found a way to enable TLS 1.3 on DSM 6? Just doing ssl_protocols TLSv1.3; does NOT work, in fact kills nginx.

nginx -V
nginx version: nginx/1.16.1
TLS SNI support enabled