# Setup The included configuration - [ ] configure tailscale API key and update `env` - [ ] configure drkno/plexsso `config.json` ``` config.json ``` - [ ] `docker-conmpose up -d` - [ ] obtain the Tailscale IP address from the logs ``` docker logs tailscale | grep full ``` - [ ] launch your browser to http://tailscale-ip:81 - [ ] login to Nginx Proxy Manager with the default credentials - [ ] update the admin credentials - [ ] create a new proxy host for` tld.com, *.tld.com` - [ ] request a new SSL certificate using DNS Validation
[![Screenshot 2024-12-21 at 02.49.50.png](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2025-01/scaled-1680-/screenshot-2024-12-21-at-02-49-50-png.png)](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2025-01/scaled-1680-/screenshot-2024-12-21-at-02-49-50-png.png) [![Screenshot 2024-12-21 at 02.49.50.png](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2025-01/scaled-1680-/screenshot-2024-12-21-at-02-49-50-png.png)](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2025-01/scaled-1680-/screenshot-2024-12-21-at-02-49-50-png.png) [![Screenshot 2024-12-21 at 02.49.50.png](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2025-01/scaled-1680-/screenshot-2024-12-21-at-02-49-50-png.png)](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2025-01/scaled-1680-/screenshot-2024-12-21-at-02-49-50-png.png) [![Screenshot 2024-12-21 at 02.49.50.png](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2025-01/scaled-1680-/screenshot-2024-12-21-at-02-49-50-png.png)](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2025-01/scaled-1680-/screenshot-2024-12-21-at-02-49-50-png.png)
- [ ] create a new proxy host for secure.tld.com, \*.secure.tld.com - [ ] request a new SSL certificate using DNS Validation - [ ] update the Advanced config
``` # the advanced rule for the secure domain checks for the drkno/plexsso cookie # if the cookie is present, the request is forwarded normally # if the cookie is missing, the user is redirected to the SSO url location ~* ^/$ { set $subdomain ""; if ($host ~* ^([^.]+)\.) { set $subdomain $1; } if ($http_cookie !~* "AdminDomain") { return 302 https://sso.tld.com/$subdomain.secure;} } # the $subdomain.secure URI ensues that once authentication is complete, the user # is redirected to the requested host ``` - - [ ] create a new proxy host for admin.tld.com, \*.admin.tld.com - [ ] request a new SSL certificate using DNS Validation - [ ] update the Advanced config
``` # for the admin wildcard subdomain, any requests are checked for the # source network - so any request via the Tailscale connection will be # allowed, but any valid connection will pass through to the internal proxy location ~* ^/$ { allow 172.250.250.0/24; deny all; } ``` - [ ] update your DNS ``` # only configure wildcard domains in DNS, to reduce visbility of # services that you are running behind your proxy tld.com - A - 999.999.999.999 *.tld.com - CNAME tld.com secure.tld.com - CNAME - tld.com *.secure.tld.com - CNAME - tld.com admin.tld.com - A - 000.000.000.000 *.admin.tld.com - CNAME - admin.tld.com ```