Reverse Proxy SSL

[WoodenBleachers]

Do the following

- Put Jellyfin back on port 8096.  It does NOT need to be on 80 or 443.  Nginx will handle those ports.
- If possible, switch Jellyfin to bridge networking and "expose" port 8096 instead of publishing it.  I can't remember if unRAID allows you to do that.
- Configure Nginx Proxy Manager to listen on your domain name, set the proxy to go to protocol http, the bridge network IP for Jellyfin, on port 8096.  Use the host IP if you aren't able to switch Jellyfin to "expose" instead of publish.  Enable websockets, block common exploits, DO NOT enable caching.  Ensure that the NPM container is publishing ports 80 and 443 or that you are using host networking.
- Setup port forwarding on your router to send port 443 external to port 443 internal to your unRAID host's IP.
- Add the container IP to Jellyfin as a "Known proxy", Dashboard > Networking.  If you are using host networking for NPM, use the host's IP.
- Hopefully your router supports NAT loopback.  If it does, enable it.  If it doesn't, you can also add custom DNS entries (often labeled "edit hosts") so that DNS requests to your domain, while on your home network, will resolve to the local IP instead of your public IP.  Either option will keep local traffic local when using your domain name.

I've been trying to do something similar on TrueNAS (I know it's not the best tool for docker) and have run into an issue.  I read that Pi Hole could be used to resolve the DNS and route all traffic to nginx, and then from there control the other ports.  This would be a bit easier for me to visualize and manage, do you think this would work?  And if it does work, would it be able to work from a free dns domain like duckdns?

The way I see it, pi hole would route my *.mydomain.duckdns.org exposure to nginx, subverting my router's dns entirely. Nginx would then manage the actual routing. Pardon for any improper terminology, but I am relatively new to networking. This stuff is a bit of a beast.