Super Simple Cloudflare and Nginx Proxy Manager Setup Using YOUR Domain

Don’t forget to forward ports 80 and 443 to the IP of the machine your Nginx Proxy Manager is on. Do this in your router or gateway. Find the IP by opening a terminal and type “ifconfig”. If that doesn’t work install net tools by typing “sudo apt install net-tools” then run the ifconfig command again. You can also use the ip addr command.

You just earned a sub for the ONE detail you included that no one else has mentioned: turning off the Cloudflare proxy temporarily until after adding the SSL!! I've been struggling with this for literally weeks. That one little thing suddenly made my setup work...thank you so much!

I know its been a couple of years now but thanks a ton for this video! I was so lost trying to complete setup and I was constantly making things more complicated than they needed to be. I gave it an honest try but your video did the job, thank you.

Wasted almost 12hours in getting around this hack. You are a life saver. The port mappings were tricky for me. I went around almost all options except what you demonstrated. Cheers! 👌👌🤞🤞

9:32 omg 😳 these are the little things people fail to tell the tale of on why. Thank you extremely helpful.

Not going to lie, im trying to learn some stuff before I start tinkering on my machine and this video is by far the most comprehensive of all of the ones i saw

A million thumbs up, this is the 5th tutorial I've watched on setting up NGINX, the first one I got to work
And I only needed to watch a single time,

This was a super helpful and simple guide. I did an experiment where I booted up the NPM docker on an Unbuntu VM running on my Synology NAS' virtual machine manager and then passed traffic to an OwnCloud docker running on the Synology as well. The VM got its own IP (similar to how it would work with Proxmox) and I did not experience any collisions with the Synology port 80 and 443 issue. The only thing I ran into with that configuration was that the Owncloud docker image did not have SSL configured so I used cloudflare's SSL instead. Seems to work and the cert is valid.

3 month ago I tried to setup cloudflare but without success, now I get why.
Thanks a lot I will try again with your tutorial in mind !

Thank you much! I followed your video today and got my Plex server online now! Most of my time has been spend on "Don’t forget to forward ports 80 and 443 to the IP of the machine your Nginx Proxy Manager is on. " I wish that I read the description before watching the video! LOL! Anyway, great video and please keep going!!!

Hey thanks! I broke a lot doing this tutorial, I learned how to fix more stuff and I got the original thing done using this tutorial lol! Thanks for the quality vid!!

you may not have a ton of subscribers yet but with the way you present you will. thanks for the great video

Finally someone who explains it correctly for a starter. Great video !

Great Explanation! New to home lab and just stumbled across your channel. Bummed to see that you are not creating many new videos.

Great video, thanks. I would suggest you zoom webpages as much as you can so future "tutorials" like this are watchable on smaller screens or smaller windows so we can follow steps while watching

Thank you for sharing your time and expertise with us. Your delivery was clear and precise. No apology necessary. Much appreciated.

I loved this! Thank you! I am getting a 502 error but that means it is my set up officially this video helped me troubleshoot a lot, thank you.

Well. thanks to you i now have subdomains setup and working beautifully, thankyou for the amazing tutorial!

Heya, about Synology: while you're right that :80 and :443 are reserved on the Synology and a real hassle to change, if you're behind a ISP router, you can just redirect :80 and :443 on your router to something else. And run NPM in docker on your Synology. About snapshots: that's also possible on your Synology with snapshot replication. Just target your \volume1\docker folder and restore if needed.

Thank you for your kind explaination! I got it finally!

Thanks this is awesome!
I wish I knew about Nginx Proxy Manager before. using that will make managing all my proxy servers so much easier vs manually editing each one.

Nice video. Not sure about the super simple bit, though. Thanks!

thanks for making a video for the rest of us!

Great walktrough! Have you considered making more of these videos and have a deeper look into the rest of the settings in both cloudflare and NPM?

Hello there.
That tutorial is extremely clear and staightforward ! Thanks to you I was able to get the certificate !
Unfortunately, I still can't access my NAS (Nextcloud) and I'm probably still missing something but can't figure out what...

With nginx proxy manager you can even have it connect to your cloudflare account to create dns records for you so you dont have to do both manually.

This was a great and quick video. Exactly what I wanted to know!

Really loving your content! Very well explained. Keep up the great content and I’ll keep smashing that like button!

❤️❤️❤️ respect Sir it was awesome and full of knowledge...

Thanks for answering my last question and thanks for this whole video on the subject. Love the channel and content. Going with a RPI to try this out 🤙🏽

Nice video, thanks. So you mentioned that I need for turn off proxy in cloud flare before setting up the cert in nginx proxy manager. I’ve not done this and it seems to work fine. every once in a while I’ll get an error in nginx advising of an internal error when adding the cert but i try it again and it works fine. I didn’t know that they proxy should be off, what is the impact of of having proxy on when creating cloudflare entry?

Great Video. While recording use a lower resolution setting for your screen or you will need to edit and focus on smaller windows so we can read properly.
Thanks keep it up.
Subscribed.

this video introduces me to nginx proxy manager :-) thank you

That music is enjoying ^^

it's also a good advice to run a fail2ban docker container which allows cloudflare to block rouge like IP's for enhanced protection of your services

Just FYI you can do the cert in NGINX proxy manager with CloudFlare proxy enabled.

Thank you so much this helped!

Awesome tutorial! keep up the amazing work!

Thank you , this is a life saver

thanks, helped figure out the issue why nginx proxy manager was not getting SSL cert behind cloudflare!

I used this guide to loosely finish up my Jellyfin install, but when I try to connect via a subdomain, I get a 504 error (gateway time-out). I had no A recoed for www, but I've added it. Should the content be my public IP? Any help would be appreciated.

Thanks, this was super helpful!

It was really great sir 👍🏻

Very good tutorial, nice work

Great vid thanks for doing this

How were you able to configure your sites with access lists to read your actual ip and not the proxied ip that cloudflare has you connecting as? When I put an access list on a site that only allows my public ip, I am still unable to access the site because of the cloudflare proxy making my ip appear as one of cloudflares many ips.
I guess I am also asking if you proxy the sites which you have an access list on. How are you getting nginx pm to recognize your IP when you try to connect to your site behind cloudflare proxies?

Honestly super detailed video and incredibly helpful sadly I can't make a ssl certifcate for whatever reason but still great video

I was curious to know which distribution you use on the desktop.

Came here because my ssl certificate was failing, who knew you had to temporally toggle the proxy status to make it work.

Very helpful!

Thanks for your effort. Can I substitute truenas for snology nas in this case ?

Everything was going great except I get an "Internal Error" in NGINX when trying to save with a Let's Encrypt certificate. Any ideas?

hello, i tried, follow all the step but it does'nt work. Always a 522 error. Don't understand why.

so I'm running nginx on a home assistant VM in proxmox, but when I go to the subdomains I create it just takes me to the login page of nginx, any suggestions?

how about using the CF cert for your domain when you do NOT want to expose anything to the internet? I just want trusted certs on all my internal devices and not rely on self signed. I tried to generate an origin cert and upload to NPM, and using a private IP DNS record. Workflow wise this works, but my browser doesn't like it, I probably messed something up. Is there any way to accomplish this (I'm not even a fan of the tunnel option for just myself), without having to setup my whole CA in house?

Why not CNAME ? You added as A what's different?

Very informative video. If you could zoom in on the content a little bit that would be perfect.

I've found Cloudlared Argo Tunnels to be an effective way of exposing services.

When attempting to make the SSL cert at the 11minute mark I keep getting an error saying it is already in use????? Where did I go wrong?

What if I wanted to change the ports from 5:39 AFTER it's already been configured? I can't seem to find the .conf file within docker.

I couldn't find the written guide.. It looks like you migrated to "noted" did you omit this one for a reason, or will it show back up in the future?

why NginX Proxy Manager works with apps in docker (in same docker where is npm)? with other servers still i need to put ports with domain name? (servers are other VMs with diffrent ip address) can You explain me that? what im doing wrong?

This stuff hurts my brain so much. So, does cloudflare work hand in hand with the ssl cert you get from letsencrypt? I assume there are now 2 certs? one for cloudfare and one for nginx?

Hi thanks for the video, but a couple of questions arose:
- If you request a lets encrypt cert with npm and turn on the proxy mode afterwards on cloudflare, will the automatic cert renew work properly?
- After enabling the proxy mode and visiting the domain for which you created an A record, which certificate is used the cloudflare one or the lets encrypt one? If the cloudflare one is used anyway (due to proxyied mode) why bother with lets encrypt?

No matter how many times I do this, as soon as I turn on Proxy it stops working?

6:04 not working. error all over the place. there is a very importand step missing.

Would be possible to give your hdd a new identity (virtualise it) and use it from outside (proxmox/docker)?

So I cant use a proxied cloudflare record?

Hello, will this option work when my ISP assigns multiple users to one IP?

Very clear thanks! a lot! one question can you use the nginx proxy manger as an load balancer or?

Problem i found with cloudflare after following all the steps and it all worked perfectly but cloudflare has kind of a limit 100mb so if u login to the synology nas on synology photos it'll login but if you try to upload a videos thats bigger than 100mb u'll get an error and it wont upload I've followed same steps using wix domain i have and mobile upload worked again

Great video! I ran into the same problem with the Cloudflare proxy needing to be disabled for the certs to get provisioned. One question though, does the enabling of proxy in Cloudflare DNS prevent the certs from being renewed? Any feedback will be appreciated :)

Interesting vid - why the added complexity of Cloudflare and Docker though? Why not just install direct on the Linux box?

after adding the domain to cloudflare in this way and redirecting the service via ngiex proxy manager, I keep getting error Origin is unreachable Error code 523
I will add that the domain is correctly redirected to cloudflare servers thunk you help:)

For those who cannot port-forward for whatever reason (such as being behind CG-NAT). One solution i have found is to use Tailscale Funnel. its in beta right now and i had to join a waiting list to get it although that currently seems to no longer be the case, but this would allow you to self-host in situations where port forwarding is impossible. There are probably other better solutions to this that funnel, but its the only thing i have experience with.

i kept getting 502 Bad Gateway on my vps ..
try to forward docker container

Thank you so much for your mentioning at 9:52 why my Proxy manager SSL cert assigning wouldn't work. It could not see the wan IP because of Cloudflare proxy ... man I feel dumb

is it possible to do this senario using linode vps brother !?

Awesome guide! do you know how we could switch from using Mysql to Mongo DB or Couch DB NoSQL data base?

Great tutorials. I'm trying to following your NPM video, however I need to get docker running on a Ubuntu server.
I'm using Proxmox and trying to place docker in LXC running Ubuntu. I'm getting all sorts of error that docker-ce has failed to load. I followed other videos that say it should work but I can't seem to get it working. I tried 20.4 and 18.04 and get the same error.
Should I hang up trying to use the LXC and attempt the setup in Proxmox VM?
Thanks for these tutorials they are helping me slowly get my Homelab up and running.

What is the difference between your nginx and the standard nginx container?

Hey! Just tried this, but when i connect the orange proxy in Cloudflare, this stops working. I opened the 80,443 ports, and the 2000 port thats redirecting to my service. dont know where it might went wrong. Any help?

Could you use a free hostname from No-IP as a home domain instead, with Cloudflare?

doesn't enabling the cloudflare proxy again on the A record make it impossible for the acme client to renew your ssl certificate?

Thanks for the video it's extremely helpful and I was able to get my setup working. I'm rather new to web security so I don't quite understand why it's necessary to have Let'sEncrypt and cloudflare both supplying certificate security. Couldn't Cloudflare do it alone? or couldn't Let'sEncrypt do it alone? Still wrapping my head around the role each component plays. In any case I appreciate the video!

I keep getting a 502 error. I am hosting this docker container on the same system that i am trying to proxy. Would that cause an issue?

I just found your video, Thank you I was always missing the whole "how to setup external domain". My question is once I set this up can I use this internally as well? So Pihole(Local DNS provider) would direct traffic to cloudflare DNS which would give my ISP's IP and back inside my network. I guess I could just try it and see if it works.

So how do I forward different machines from my router to nginx? Do I just setup a portforward of 80 and 443 for each IP of all the machines I want exposed? That's hella confusing

under "Improve security"i only have "Automatic HTTPS Rewrites" i have no options to set to full. Or is it the same thing? :)

argh, why do I keep getting 'internal error' when requesting a certificate?

Can you highlight specific benefits from using NGINX proxy manager via docker vs using the built-in DSM Proxy management if any? I do like the GUI of the NGINX proxy panel but I'd also like to avoid installation bloat in case it's not needed. Thanks :-)

I've been trying to get dsm working behind npm for a few days and no success, every time i get error 502, however for anything but dsm it works great. Does anyone have any idea what the problem might be?

is there a link to the text that needs to be copied? And where to copy it?

Is it still actual in 2024?

I dont know what i did wrong... It just doesnt work. Im close to giving up :/
I reach the NGINX default site. When i then setup the proxy host in NGINX it says connection refused/rejected whatever, i dont know how it is translated.
Anyone an idea?

@13:20 - this "Proxied" mode, does it work when you need to renew your certificates ???

I am subscribed to you. Can you increase your font size of the text on the website you are displaying in your future videos. Hit the control button then click the plus sign on your keyboard to increase the font size. Thanks.

when i change DNS only to proxited, then stop working site in cname. Any help please?

Greetings, I was pretty excited to find your video as I have been unable to get ssl working on my local network with nginx and cloudflare... from the get go tho following your directions I cant get passed the initial config... here is what I get...
sudo docker run -d \
--name=nginx-proxy-manager \
-p 81:8181
-p 80:8080
-p 443:4443
-v /docker/appdata/nginx-proxy-manager:/config:rw \
Jlesage/nginx-proxy-manager
"docker run" requires at least 1 argument.
See 'docker run --help'.
Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
Run a command in a new container
-p: command not found
-p: command not found
-v: command not found

So what is the "DDNS route" that you mentioned at 9:25?