Setting up a HTTPS reverse proxy with IIS for Radarr and Sonarr
This guide goes over how to setup a reverse proxy on Windows for Radarr and Sonarr.
Prerequisites:
- Windows 7/8/10 (This guide goes over the steps for Windows 10, so additional work might be needed for other versions of Windows)
- Radarr/Sonarr is already installed, this guide does not cover that as it quite straight forward.
- About 20min to get it all working
- Dynamic DNS setup (in order to get a HTTPS certificate)
- A router that supports port forwarding (and an ISP that has port 80 open)
Part One: Installing IIS
If you’ve already installed IIS you can skip this step, otherwise install IIS via “Turn Windows features on or off”, this can be accessed via the control panel (Uninstall a program > Turn Windows features on or off) or via searching it in the start menu.
Once you’ve brought up the dialog, scroll down to “Internet Information Services” and click the checkbox (if it is already enabled you can proceed to the next step), once that’s done hit “OK” and Windows should start installing IIS.
Part Two: Configuring IIS
Now, you’re going to need to add a site into IIS, for this launch IIS (type IIS into the start menu) and on the left side you should see your computer name
Expand the dropdown and right click on “Sites”, in this image I’ve already created one but we’ll create another, click “New website”. Enter a site name and for “Physical Path” set it to a folder (we won’t really use this much later, but it can come in handy), if the folder you’ve chosen is within your User directory select connect as and enter your login credentials for your PC account (if your account is a Microsoft account it will be your email, if it’s a local account then just enter the account name). Leave the binding set to HTTP, as we’ll add SSL later. Enter your Dynamic DNS address into the host name field and click OK.
Next you’re going to need to install “URL Rewrite” from iis.net, the download is quick and the process to install it is super easy.
URL Rewrite can be found: here.
Once you’ve installed URL Rewrite and setup your site we can move on to the next step, which is getting a HTTPS certificate, for this we’re going to use letsencrypt, as they provide free HTTPS certificates, if you don’t have a dynamic dns domain setup then you’ll need to do that first.
To get started, download the latest version of win-acme from here, extract the zip file and run “letsencrypt.exe”.
It should be able to see IIS, if it doesn’t then verify IIS is installed and double check your website is running.
Enter in N to create a new cert
Then choose “1”, and in the menu presented enter the number corresponding with your IIS site.
The rest of the process should be automated and your certificate will be installed into IIS.
We’re now going to add several rewrite rules, open your site settings by double clicking on your site name in the left bar, you should see a series of options, click on URL Rewrite and then hit Add Rules on the top right.
From the options presented select “Reverse Proxy” (IIS may prompt you to install an additional module, hit yes and wait for it to finish before proceeding).
The steps for Radarr and Sonarr do not differ besides ports used and obvious changes so we’ll use Radarr for this example.
For the first box, “Server name or IP where the HTTP requests will be forwarded” enter
localhost:7878Make sure “Enable SSL offloading” is ticked and don’t tick the outbound rules, as they’re not required for Radarr or Sonarr to work (and can cause IIS to throw errors).
Once this is done you’ll see “ReverseProxyInboundRule1” show up in the list of Rewrite Rules, double click on it and enter the following additional options:
Pattern:
radarr\/?(.*)Rewrite URL:
http://localhost:7878/radarr/{R:1}
It should look like the screenshot above (log rewritten URL is optional, I have since disabled it after testing that the setup worked). There should be no Outbound rules in the Outbound Rules section once you’ve completed this, if there are make sure to disable them.
Repeat these steps for Sonarr.
Part Three: Configuring Radarr/Sonarr
This step is quite easy, as Radarr and Sonarr are setup for this sort of method.
To get started, open Radarr/Sonarr and navigate to: Settings > General.
Under start up, set the URL base to /radarr or /sonarr appropriately and under Security turn on authentication to “Forms (Login Page)” and set a strong password, I also recommend changing the username to something besides admin, to throw off any bruteforcing attempts.
It should look something like this:
Once you’ve done this, you should be able to access Radarr/Sonarr by visiting your Dynamic DNS adresss/radarr.
If you can’t access it, you’ll need to port forward port 80 and port 443 (HTTPS) in your router, this varies significantly depending on your router model so do some googling around to find an appropriate tutorial. I also recommend adding a rewrite rule to change HTTP to HTTPS, like pictured below:
If I’ve missed anything out, let me know and I’ll make sure to correct it.
