Setup
The included configuration
- configure tailscale API key and update
env - configure drkno/plexsso
config.json
config.jsondocker-conmpose up -d- obtain the Tailscale IP address from the logs
docker logs tailscale | grep full- launch your browser to http://tailscale-ip:81
- login to Nginx Proxy Manager with the default credentials
- update the admin credentials
- create a new proxy host for
tld.com, *.tld.com- request a new SSL certificate using DNS Validation
- create a new proxy host for secure.tld.com, *.secure.tld.com
- request a new SSL certificate using DNS Validation
- update the Advanced config
# the advanced rule for the secure domain checks for the drkno/plexsso cookie
# if the cookie is present, the request is forwarded normally
# if the cookie is missing, the user is redirected to the SSO url
location ~* ^/$ {
set $subdomain "";
if ($host ~* ^([^.]+)\.)
{ set $subdomain $1; }
if ($http_cookie !~* "AdminDomain")
{ return 302 https://sso.tld.com/$subdomain.secure;}
}
# the $subdomain.secure URI ensues that once authentication is complete, the user
# is redirected to the requested host- create a new proxy host for admin.tld.com, *.admin.tld.com
- request a new SSL certificate using DNS Validation
- update the Advanced config
- create a new proxy host for admin.tld.com, *.admin.tld.com
# for the admin wildcard subdomain, any requests are checked for the
# source network - so any request via the Tailscale connection will be
# allowed, but any valid connection will pass through to the internal proxy
location ~* ^/$ {
allow 172.250.250.0/24;
deny all;
}- update your DNS
# only configure wildcard domains in DNS, to reduce visbility of
# services that you are running behind your proxy
tld.com - A - 999.999.999.999
*.tld.com - CNAME tld.com
secure.tld.com - CNAME - tld.com
*.secure.tld.com - CNAME - tld.com
admin.tld.com - A - 000.000.000.000
*.admin.tld.com - CNAME - admin.tld.com