I solved my problem by side-stepping the issue. This involved configuring a third Raspberry Pi as a dedicated proxy server running nginx proxy manager( https://nginxproxymanager.com/). I used the settings described here: https://www.gitmemory.com/issue/MichaIng/DietPi/4417/847424141.
Essentially the steps I followed were:
- set up a new Raspberry Pi running Dietpi
- Install docker and docker compose from the Dietpi software menu
- Create a Nginx directory
- Create a docker-compose.yml folder in this directory with this content:
version: "3"
services:
app:
image: 'jc21/nginx-proxy-manager:2'
restart: always
ports:
# Public HTTP Port:
- '80:80'
# Public HTTPS Port:
- '443:443'
# Admin Web Port:
- '81:81'
# Add any other Stream port you want to expose
# - '21:21' # FTP
environment:
# If you would rather use Sqlite uncomment this
# and remove all DB_MYSQL_* lines above
DB_SQLITE_FILE: "/data/database.sqlite"
# Uncomment this if IPv6 is not enabled on your host
# DISABLE_IPV6: 'true'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
- Create a sqlite database:
touch ./data/database.sqlite.
- Set up nginx proxy manager using this command:
docker-compose up -d
Reboot the Raspberry Pi and viola - it works out of the box!
I then logged into the admin interface http://proxyserver_ip:81. This is a neat/modern interface. I then added port forwards to my two servers running nextcloud and weewx. The nginx proxy manager gets SSL certificates via Letsencrypt. There is no need to get these installed on each server. The proxy forwards use port 80 but under the SSL tab of the admin interface, one can force https.
I ran into a small issue with the nextcloud server once I enabled https (502 Bad Gateway). I needed to add the following line to the nextcloud config.php file:
'overwriteprotocol' => 'https',
- All working sweetly as ever!