Teddycloud behind a reverse proxy

Hello, I would like to run Teddybox on a Synology, but this also means that ports 80 and 443 are already occupied.

One possibility I can think of would be to use the integrated reverse proxy. This way I can point a domain teddycloud.xyz.com to the container.

My question would be how best to proceed with regard to the certificates. Do I have to use the certificates from Teddycloud, or can I also use the self-created certificates from xyz.com?

I would appreciate any help, maybe someone has already done something similar. Many people will certainly have the problem with the occupied port 443, so in my opinion the reverse proxy option could be of interest to many users.

Thank you and best regards

1 Like

You cannot use teddyCloud in combination with a reverse proxy solution like nginx or traefik.
The problem is, that the boxes do not support SNI and teddyCloud needs to handle the connection to the box itself, as it sends client certificates.

The only known solution is to give teddyCloud a dedicated ip, like in this post:

THX, i will try this way!

It is working just fine!

You can use a reverse proxy, e.g. nginx when using mTLS on the catch all domain b/c the box requests are missing SNI as mentioned before. On my box the extracted ca cert does not match the issued client cert. Thus you need to disable ca checking. You can check/decide on the fingerprint though.

see Feasibility of hosting Teddycloud - #7 by cfelder for an example nginx configuration file.

For completeness, here Feasibility of hosting Teddycloud - #11 by adn77 is an example for HAProxy as well.