Don’t forget to forward ports 80 and 443 to the IP of the machine your Nginx Proxy Manager is on. Do this in your router or gateway. Find the IP by opening a terminal and type “ifconfig”. If that doesn’t work install net tools by typing “sudo apt install net-tools” then run the ifconfig command again. You can also use the ip addr command.
When it comes time for the automatic Let's Encrypt cert renewal, will I have to turn the Cloudflare proxy back off for it to renew? Or it will renew on its own?
You just earned a sub for the ONE detail you included that no one else has mentioned: turning off the Cloudflare proxy temporarily until after adding the SSL!! I've been struggling with this for literally weeks. That one little thing suddenly made my setup work...thank you so much!
Wasted almost 12hours in getting around this hack. You are a life saver. The port mappings were tricky for me. I went around almost all options except what you demonstrated. Cheers! 👌👌🤞🤞
I know its been a couple of years now but thanks a ton for this video! I was so lost trying to complete setup and I was constantly making things more complicated than they needed to be. I gave it an honest try but your video did the job, thank you.
Not going to lie, im trying to learn some stuff before I start tinkering on my machine and this video is by far the most comprehensive of all of the ones i saw
Thank you much! I followed your video today and got my Plex server online now! Most of my time has been spend on "Don’t forget to forward ports 80 and 443 to the IP of the machine your Nginx Proxy Manager is on. " I wish that I read the description before watching the video! LOL! Anyway, great video and please keep going!!!
This was a super helpful and simple guide. I did an experiment where I booted up the NPM docker on an Unbuntu VM running on my Synology NAS' virtual machine manager and then passed traffic to an OwnCloud docker running on the Synology as well. The VM got its own IP (similar to how it would work with Proxmox) and I did not experience any collisions with the Synology port 80 and 443 issue. The only thing I ran into with that configuration was that the Owncloud docker image did not have SSL configured so I used cloudflare's SSL instead. Seems to work and the cert is valid.
Hey thanks! I broke a lot doing this tutorial, I learned how to fix more stuff and I got the original thing done using this tutorial lol! Thanks for the quality vid!!
Nice video, thanks. So you mentioned that I need for turn off proxy in cloud flare before setting up the cert in nginx proxy manager. I’ve not done this and it seems to work fine. every once in a while I’ll get an error in nginx advising of an internal error when adding the cert but i try it again and it works fine. I didn’t know that they proxy should be off, what is the impact of of having proxy on when creating cloudflare entry?
Great video, thanks. I would suggest you zoom webpages as much as you can so future "tutorials" like this are watchable on smaller screens or smaller windows so we can follow steps while watching
How were you able to configure your sites with access lists to read your actual ip and not the proxied ip that cloudflare has you connecting as? When I put an access list on a site that only allows my public ip, I am still unable to access the site because of the cloudflare proxy making my ip appear as one of cloudflares many ips. I guess I am also asking if you proxy the sites which you have an access list on. How are you getting nginx pm to recognize your IP when you try to connect to your site behind cloudflare proxies?
Heya, about Synology: while you're right that :80 and :443 are reserved on the Synology and a real hassle to change, if you're behind a ISP router, you can just redirect :80 and :443 on your router to something else. And run NPM in docker on your Synology. About snapshots: that's also possible on your Synology with snapshot replication. Just target your \volume1\docker folder and restore if needed.
I used this guide to loosely finish up my Jellyfin install, but when I try to connect via a subdomain, I get a 504 error (gateway time-out). I had no A recoed for www, but I've added it. Should the content be my public IP? Any help would be appreciated.
Hello there. That tutorial is extremely clear and staightforward ! Thanks to you I was able to get the certificate ! Unfortunately, I still can't access my NAS (Nextcloud) and I'm probably still missing something but can't figure out what...
Great Video. While recording use a lower resolution setting for your screen or you will need to edit and focus on smaller windows so we can read properly. Thanks keep it up. Subscribed.
Thanks this is awesome! I wish I knew about Nginx Proxy Manager before. using that will make managing all my proxy servers so much easier vs manually editing each one.
Hi thanks for the video, but a couple of questions arose: - If you request a lets encrypt cert with npm and turn on the proxy mode afterwards on cloudflare, will the automatic cert renew work properly? - After enabling the proxy mode and visiting the domain for which you created an A record, which certificate is used the cloudflare one or the lets encrypt one? If the cloudflare one is used anyway (due to proxyied mode) why bother with lets encrypt?
Thanks for answering my last question and thanks for this whole video on the subject. Love the channel and content. Going with a RPI to try this out 🤙🏽
@@selfhosted Wondering if I now use a domain such as nas.mydomain.com via Nginx to load up DSM, can now use that domain to use services such as Hyper Backup that require ports such as 6281 from a remote NAS, or am I stuck using home IP + opening ports.
Great tutorials. I'm trying to following your NPM video, however I need to get docker running on a Ubuntu server. I'm using Proxmox and trying to place docker in LXC running Ubuntu. I'm getting all sorts of error that docker-ce has failed to load. I followed other videos that say it should work but I can't seem to get it working. I tried 20.4 and 18.04 and get the same error. Should I hang up trying to use the LXC and attempt the setup in Proxmox VM? Thanks for these tutorials they are helping me slowly get my Homelab up and running.
Great video! I ran into the same problem with the Cloudflare proxy needing to be disabled for the certs to get provisioned. One question though, does the enabling of proxy in Cloudflare DNS prevent the certs from being renewed? Any feedback will be appreciated :)
Thank you so much for your mentioning at 9:52 why my Proxy manager SSL cert assigning wouldn't work. It could not see the wan IP because of Cloudflare proxy ... man I feel dumb
This stuff hurts my brain so much. So, does cloudflare work hand in hand with the ssl cert you get from letsencrypt? I assume there are now 2 certs? one for cloudfare and one for nginx?
You can just change them in the command and rerun it. As long as your files are there it will use the new ports and then go into your router and change them accordingly.
so I'm running nginx on a home assistant VM in proxmox, but when I go to the subdomains I create it just takes me to the login page of nginx, any suggestions?
Problem i found with cloudflare after following all the steps and it all worked perfectly but cloudflare has kind of a limit 100mb so if u login to the synology nas on synology photos it'll login but if you try to upload a videos thats bigger than 100mb u'll get an error and it wont upload I've followed same steps using wix domain i have and mobile upload worked again
how about using the CF cert for your domain when you do NOT want to expose anything to the internet? I just want trusted certs on all my internal devices and not rely on self signed. I tried to generate an origin cert and upload to NPM, and using a private IP DNS record. Workflow wise this works, but my browser doesn't like it, I probably messed something up. Is there any way to accomplish this (I'm not even a fan of the tunnel option for just myself), without having to setup my whole CA in house?
I just found your video, Thank you I was always missing the whole "how to setup external domain". My question is once I set this up can I use this internally as well? So Pihole(Local DNS provider) would direct traffic to cloudflare DNS which would give my ISP's IP and back inside my network. I guess I could just try it and see if it works.
I am subscribed to you. Can you increase your font size of the text on the website you are displaying in your future videos. Hit the control button then click the plus sign on your keyboard to increase the font size. Thanks.
Can you highlight specific benefits from using NGINX proxy manager via docker vs using the built-in DSM Proxy management if any? I do like the GUI of the NGINX proxy panel but I'd also like to avoid installation bloat in case it's not needed. Thanks :-)
I tried to use NPM after using the DSM reverse Proxy but it didn't let me use the ports, maybe it's because they are being used by Synology services, I don't know, I'm sticking with DSM reverse proxy for now.
Using all broadcasted services from synology, they each punch a hole in your firewall, And you're declaring to the world that you're hosting a synology server. So if there is a security exploit with synology, malicious parties will just try it on any synology service that's in the open. NPM, acts as the front desk and only opens 2 ports. It transfers you do whatever department without the need for an extra hole to get there
Hey! Just tried this, but when i connect the orange proxy in Cloudflare, this stops working. I opened the 80,443 ports, and the 2000 port thats redirecting to my service. dont know where it might went wrong. Any help?
Sorry to necro a 9 month old comment. I am looking into setting up NGINX to work with DUCK DNS using Cloudflare as domain manager. Did you ever get any progress with the DDNS route?
why NginX Proxy Manager works with apps in docker (in same docker where is npm)? with other servers still i need to put ports with domain name? (servers are other VMs with diffrent ip address) can You explain me that? what im doing wrong?
Thanks for the video it's extremely helpful and I was able to get my setup working. I'm rather new to web security so I don't quite understand why it's necessary to have Let'sEncrypt and cloudflare both supplying certificate security. Couldn't Cloudflare do it alone? or couldn't Let'sEncrypt do it alone? Still wrapping my head around the role each component plays. In any case I appreciate the video!
I've been trying to get dsm working behind npm for a few days and no success, every time i get error 502, however for anything but dsm it works great. Does anyone have any idea what the problem might be?
Great video! I followed along and everything seems to function, as in pages load. I was able to get the SSL cert to generate, cloudflare set to full and my A record is set to proxied. I chose to expose Seafile. I still get the "Your connection to this site isn't fully secure" error. Any suggestions?
Just in case someone else stumbles across this same issue I resolved it with help from this forum. forum.seafile.com/t/private-seafile-page-connection-is-not-fully-secure-with-https-enabled/11826/3
So how do I forward different machines from my router to nginx? Do I just setup a portforward of 80 and 443 for each IP of all the machines I want exposed? That's hella confusing
@@selfhosted Thanks for the fast reply, much appreciated. So from my understanding: I would run a docker NPM instance and connect all other docker services on the same machine into the same network and other machines (syno nas) also just through NPM with each having a specific subdomain and this should work. I'll try again and follow your video step by step.
@@_obscuritas_ External IP if you want the NAS to be accessible from the internet, or internal one if you just want local access. Internal local access will require a Cloudflare token to get the Let's Encrypt certificates though.
Make a cloudflare video on a game server. I'm getting ddos every day bringing it down and no idea what to do or how.
ปีที่แล้ว
after adding the domain to cloudflare in this way and redirecting the service via ngiex proxy manager, I keep getting error Origin is unreachable Error code 523 I will add that the domain is correctly redirected to cloudflare servers thunk you help:)
I dont know what i did wrong... It just doesnt work. Im close to giving up :/ I reach the NGINX default site. When i then setup the proxy host in NGINX it says connection refused/rejected whatever, i dont know how it is translated. Anyone an idea?
You quickly mentioned that you used a VM in Proxmox. Is there any reason why you didn't use a Ubuntu container? I am trying to avoid the overhead of a VM because my system resources are limited and I use my Proxmox for many other services. For some reason I cannot get NPM to work in a container. If you could share some light on this, maybe a VM would be the only way to go.
Nick O It’s known to not work well in containers if at all. So I use a VM and it works really well for me. Use a very light OS. Maybe Ubuntu server. It only needs like a gig of ram.
@@selfhosted Yes I get a internal error whenever I want to get a SSL cert. When I checked the github, many people have the same issue. I hope they release a LXC template for NPM. That would make it PERFECT! Thanks for the video tho!
Don’t forget to forward ports 80 and 443 to the IP of the machine your Nginx Proxy Manager is on. Do this in your router or gateway. Find the IP by opening a terminal and type “ifconfig”. If that doesn’t work install net tools by typing “sudo apt install net-tools” then run the ifconfig command again. You can also use the ip addr command.
When it comes time for the automatic Let's Encrypt cert renewal, will I have to turn the Cloudflare proxy back off for it to renew? Or it will renew on its own?
Man hot did i forget that! Thanks!!! was struggling for hours to get https working!
When i forward the ports. and click on my domain name. It just takes me to the login page of the nginx proxy manager
Hi there. I'm wanting to follow your written guide, but it looks like your site is down?
LOL I was wondering why my subdomain kept taking me to my router login!! Hah! May want to add this as one of those info cards on the video.
You just earned a sub for the ONE detail you included that no one else has mentioned: turning off the Cloudflare proxy temporarily until after adding the SSL!! I've been struggling with this for literally weeks. That one little thing suddenly made my setup work...thank you so much!
I’ve had quite a few people tell me this. Good to hear my video helped you and thanks for watching!
hey, do you know why right now you dont have to do that actually? when proxy is enabled i can still make a certificate in nginx ?@@selfhosted
A million thumbs up, this is the 5th tutorial I've watched on setting up NGINX, the first one I got to work
And I only needed to watch a single time,
Wasted almost 12hours in getting around this hack. You are a life saver. The port mappings were tricky for me. I went around almost all options except what you demonstrated. Cheers! 👌👌🤞🤞
Glad it helped! Thanks for sharing your feedback!
I know its been a couple of years now but thanks a ton for this video! I was so lost trying to complete setup and I was constantly making things more complicated than they needed to be. I gave it an honest try but your video did the job, thank you.
Not going to lie, im trying to learn some stuff before I start tinkering on my machine and this video is by far the most comprehensive of all of the ones i saw
Thank you much! I followed your video today and got my Plex server online now! Most of my time has been spend on "Don’t forget to forward ports 80 and 443 to the IP of the machine your Nginx Proxy Manager is on. " I wish that I read the description before watching the video! LOL! Anyway, great video and please keep going!!!
3 month ago I tried to setup cloudflare but without success, now I get why.
Thanks a lot I will try again with your tutorial in mind !
Sandro Man Let me know how it goes!
@@selfhosted unfortunately nginx didn't work because I use a raspberry as my selfhost machine, but cloudflare did !
Thanks again
Sandro Man th-cam.com/video/2oi4IQF7VnE/w-d-xo.html
@@selfhosted uhh, thanks
9:32 omg 😳 these are the little things people fail to tell the tale of on why. Thank you extremely helpful.
This was a super helpful and simple guide. I did an experiment where I booted up the NPM docker on an Unbuntu VM running on my Synology NAS' virtual machine manager and then passed traffic to an OwnCloud docker running on the Synology as well. The VM got its own IP (similar to how it would work with Proxmox) and I did not experience any collisions with the Synology port 80 and 443 issue. The only thing I ran into with that configuration was that the Owncloud docker image did not have SSL configured so I used cloudflare's SSL instead. Seems to work and the cert is valid.
Lon.TV sounds right! As long as you’re not hosting NPM on synology root. The VM makes sense! Happy to have your input!
wow! you got input from Lon.TV!! how cool is that! I am subscribed to both of you guys' channel good stuff!!
@Harlem Wilder uh yeah, we don't give a shit! F- off
Hey thanks! I broke a lot doing this tutorial, I learned how to fix more stuff and I got the original thing done using this tutorial lol! Thanks for the quality vid!!
you may not have a ton of subscribers yet but with the way you present you will. thanks for the great video
Thank you for sharing your time and expertise with us. Your delivery was clear and precise. No apology necessary. Much appreciated.
Nice video, thanks. So you mentioned that I need for turn off proxy in cloud flare before setting up the cert in nginx proxy manager. I’ve not done this and it seems to work fine. every once in a while I’ll get an error in nginx advising of an internal error when adding the cert but i try it again and it works fine. I didn’t know that they proxy should be off, what is the impact of of having proxy on when creating cloudflare entry?
Finally someone who explains it correctly for a starter. Great video !
I loved this! Thank you! I am getting a 502 error but that means it is my set up officially this video helped me troubleshoot a lot, thank you.
Great video, thanks. I would suggest you zoom webpages as much as you can so future "tutorials" like this are watchable on smaller screens or smaller windows so we can follow steps while watching
Great walktrough! Have you considered making more of these videos and have a deeper look into the rest of the settings in both cloudflare and NPM?
Great Explanation! New to home lab and just stumbled across your channel. Bummed to see that you are not creating many new videos.
How were you able to configure your sites with access lists to read your actual ip and not the proxied ip that cloudflare has you connecting as? When I put an access list on a site that only allows my public ip, I am still unable to access the site because of the cloudflare proxy making my ip appear as one of cloudflares many ips.
I guess I am also asking if you proxy the sites which you have an access list on. How are you getting nginx pm to recognize your IP when you try to connect to your site behind cloudflare proxies?
Thank you for your kind explaination! I got it finally!
Heya, about Synology: while you're right that :80 and :443 are reserved on the Synology and a real hassle to change, if you're behind a ISP router, you can just redirect :80 and :443 on your router to something else. And run NPM in docker on your Synology. About snapshots: that's also possible on your Synology with snapshot replication. Just target your \volume1\docker folder and restore if needed.
With nginx proxy manager you can even have it connect to your cloudflare account to create dns records for you so you dont have to do both manually.
thanks for making a video for the rest of us!
No worries!
❤️❤️❤️ respect Sir it was awesome and full of knowledge...
I used this guide to loosely finish up my Jellyfin install, but when I try to connect via a subdomain, I get a 504 error (gateway time-out). I had no A recoed for www, but I've added it. Should the content be my public IP? Any help would be appreciated.
Thanks for your effort. Can I substitute truenas for snology nas in this case ?
Hello there.
That tutorial is extremely clear and staightforward ! Thanks to you I was able to get the certificate !
Unfortunately, I still can't access my NAS (Nextcloud) and I'm probably still missing something but can't figure out what...
Really loving your content! Very well explained. Keep up the great content and I’ll keep smashing that like button!
Thank you so much this helped!
It was really great sir 👍🏻
Great Video. While recording use a lower resolution setting for your screen or you will need to edit and focus on smaller windows so we can read properly.
Thanks keep it up.
Subscribed.
this video introduces me to nginx proxy manager :-) thank you
Very good tutorial, nice work
Thank you! Cheers!
thanks, helped figure out the issue why nginx proxy manager was not getting SSL cert behind cloudflare!
Thanks this is awesome!
I wish I knew about Nginx Proxy Manager before. using that will make managing all my proxy servers so much easier vs manually editing each one.
Well. thanks to you i now have subdomains setup and working beautifully, thankyou for the amazing tutorial!
Rune W0lf Awesome! Glad to hear!
I was curious to know which distribution you use on the desktop.
This was a great and quick video. Exactly what I wanted to know!
it's also a good advice to run a fail2ban docker container which allows cloudflare to block rouge like IP's for enhanced protection of your services
6:04 not working. error all over the place. there is a very importand step missing.
Thanks, this was super helpful!
Awesome tutorial! keep up the amazing work!
Thank you , this is a life saver
Interesting vid - why the added complexity of Cloudflare and Docker though? Why not just install direct on the Linux box?
Great vid thanks for doing this
Hi thanks for the video, but a couple of questions arose:
- If you request a lets encrypt cert with npm and turn on the proxy mode afterwards on cloudflare, will the automatic cert renew work properly?
- After enabling the proxy mode and visiting the domain for which you created an A record, which certificate is used the cloudflare one or the lets encrypt one? If the cloudflare one is used anyway (due to proxyied mode) why bother with lets encrypt?
Yes it will.
That music is enjoying ^^
When attempting to make the SSL cert at the 11minute mark I keep getting an error saying it is already in use????? Where did I go wrong?
Nice video. Not sure about the super simple bit, though. Thanks!
Very helpful!
Thanks for answering my last question and thanks for this whole video on the subject. Love the channel and content. Going with a RPI to try this out 🤙🏽
Eduardo Almonte Mieses my good buddy DBTech has a great video for installing NPM on rpi. th-cam.com/video/2oi4IQF7VnE/w-d-xo.html
@@selfhosted Up and running! Huge thank you!
@@eduardoalmontemieses4842 Awesome! good to hear!
@@selfhosted Wondering if I now use a domain such as nas.mydomain.com via Nginx to load up DSM, can now use that domain to use services such as Hyper Backup that require ports such as 6281 from a remote NAS, or am I stuck using home IP + opening ports.
Very clear thanks! a lot! one question can you use the nginx proxy manger as an load balancer or?
I couldn't find the written guide.. It looks like you migrated to "noted" did you omit this one for a reason, or will it show back up in the future?
Great tutorials. I'm trying to following your NPM video, however I need to get docker running on a Ubuntu server.
I'm using Proxmox and trying to place docker in LXC running Ubuntu. I'm getting all sorts of error that docker-ce has failed to load. I followed other videos that say it should work but I can't seem to get it working. I tried 20.4 and 18.04 and get the same error.
Should I hang up trying to use the LXC and attempt the setup in Proxmox VM?
Thanks for these tutorials they are helping me slowly get my Homelab up and running.
Why not CNAME ? You added as A what's different?
Just FYI you can do the cert in NGINX proxy manager with CloudFlare proxy enabled.
Great video! I ran into the same problem with the Cloudflare proxy needing to be disabled for the certs to get provisioned. One question though, does the enabling of proxy in Cloudflare DNS prevent the certs from being renewed? Any feedback will be appreciated :)
I have the same question. If I would guess, I assume the renewal won’t work in this way.
Thank you so much for your mentioning at 9:52 why my Proxy manager SSL cert assigning wouldn't work. It could not see the wan IP because of Cloudflare proxy ... man I feel dumb
This stuff hurts my brain so much. So, does cloudflare work hand in hand with the ssl cert you get from letsencrypt? I assume there are now 2 certs? one for cloudfare and one for nginx?
Everything was going great except I get an "Internal Error" in NGINX when trying to save with a Let's Encrypt certificate. Any ideas?
What if I wanted to change the ports from 5:39 AFTER it's already been configured? I can't seem to find the .conf file within docker.
You can just change them in the command and rerun it. As long as your files are there it will use the new ports and then go into your router and change them accordingly.
so I'm running nginx on a home assistant VM in proxmox, but when I go to the subdomains I create it just takes me to the login page of nginx, any suggestions?
Problem i found with cloudflare after following all the steps and it all worked perfectly but cloudflare has kind of a limit 100mb so if u login to the synology nas on synology photos it'll login but if you try to upload a videos thats bigger than 100mb u'll get an error and it wont upload I've followed same steps using wix domain i have and mobile upload worked again
Hello, will this option work when my ISP assigns multiple users to one IP?
how about using the CF cert for your domain when you do NOT want to expose anything to the internet? I just want trusted certs on all my internal devices and not rely on self signed. I tried to generate an origin cert and upload to NPM, and using a private IP DNS record. Workflow wise this works, but my browser doesn't like it, I probably messed something up. Is there any way to accomplish this (I'm not even a fan of the tunnel option for just myself), without having to setup my whole CA in house?
I just found your video, Thank you I was always missing the whole "how to setup external domain". My question is once I set this up can I use this internally as well? So Pihole(Local DNS provider) would direct traffic to cloudflare DNS which would give my ISP's IP and back inside my network. I guess I could just try it and see if it works.
Would be possible to give your hdd a new identity (virtualise it) and use it from outside (proxmox/docker)?
I keep getting a 502 error. I am hosting this docker container on the same system that i am trying to proxy. Would that cause an issue?
Honestly super detailed video and incredibly helpful sadly I can't make a ssl certifcate for whatever reason but still great video
Awesome guide! do you know how we could switch from using Mysql to Mongo DB or Couch DB NoSQL data base?
hello, i tried, follow all the step but it does'nt work. Always a 522 error. Don't understand why.
Could you use a free hostname from No-IP as a home domain instead, with Cloudflare?
Unfortunately not.
You can most probably. At least with free domains from DuckDNS (which is similar to No-Ip) it works.
I am subscribed to you. Can you increase your font size of the text on the website you are displaying in your future videos. Hit the control button then click the plus sign on your keyboard to increase the font size. Thanks.
Can you highlight specific benefits from using NGINX proxy manager via docker vs using the built-in DSM Proxy management if any? I do like the GUI of the NGINX proxy panel but I'd also like to avoid installation bloat in case it's not needed. Thanks :-)
I tried to use NPM after using the DSM reverse Proxy but it didn't let me use the ports, maybe it's because they are being used by Synology services, I don't know, I'm sticking with DSM reverse proxy for now.
Using all broadcasted services from synology, they each punch a hole in your firewall,
And you're declaring to the world that you're hosting a synology server. So if there is a security exploit with synology, malicious parties will just try it on any synology service that's in the open.
NPM, acts as the front desk and only opens 2 ports. It transfers you do whatever department without the need for an extra
hole to get there
What is the difference between your nginx and the standard nginx container?
Hey! Just tried this, but when i connect the orange proxy in Cloudflare, this stops working. I opened the 80,443 ports, and the 2000 port thats redirecting to my service. dont know where it might went wrong. Any help?
So what is the "DDNS route" that you mentioned at 9:25?
Sorry to necro a 9 month old comment. I am looking into setting up NGINX to work with DUCK DNS using Cloudflare as domain manager. Did you ever get any progress with the DDNS route?
@@mpt126 me too
is it possible to do this senario using linode vps brother !?
@13:20 - this "Proxied" mode, does it work when you need to renew your certificates ???
That's what I'm wondering
is there a link to the text that needs to be copied? And where to copy it?
why NginX Proxy Manager works with apps in docker (in same docker where is npm)? with other servers still i need to put ports with domain name? (servers are other VMs with diffrent ip address) can You explain me that? what im doing wrong?
under "Improve security"i only have "Automatic HTTPS Rewrites" i have no options to set to full. Or is it the same thing? :)
Thanks for the video it's extremely helpful and I was able to get my setup working. I'm rather new to web security so I don't quite understand why it's necessary to have Let'sEncrypt and cloudflare both supplying certificate security. Couldn't Cloudflare do it alone? or couldn't Let'sEncrypt do it alone? Still wrapping my head around the role each component plays. In any case I appreciate the video!
Also I was a bit surprised when I did docker-compose down and all my data got erased. Guess I need to make the volumes external?
i kept getting 502 Bad Gateway on my vps ..
try to forward docker container
I've been trying to get dsm working behind npm for a few days and no success, every time i get error 502, however for anything but dsm it works great. Does anyone have any idea what the problem might be?
No matter how many times I do this, as soon as I turn on Proxy it stops working?
Very informative video. If you could zoom in on the content a little bit that would be perfect.
I'll keep that in mind. Thanks for watching!
Great video!
I followed along and everything seems to function, as in pages load. I was able to get the SSL cert to generate, cloudflare set to full and my A record is set to proxied. I chose to expose Seafile. I still get the "Your connection to this site isn't fully secure" error. Any suggestions?
Just in case someone else stumbles across this same issue I resolved it with help from this forum. forum.seafile.com/t/private-seafile-page-connection-is-not-fully-secure-with-https-enabled/11826/3
nginx proxy manager vs traefik
Which do you prefer or is better? I heard that traefik can easily and seamlessly tie into a k8's cluster.
Traefik is unnecessary. It’s not bad but I think it’s way overdone for what it does.
So how do I forward different machines from my router to nginx? Do I just setup a portforward of 80 and 443 for each IP of all the machines I want exposed? That's hella confusing
No. I would just setup domains for each machine in one NPM instance.
@@selfhosted Thanks for the fast reply, much appreciated. So from my understanding: I would run a docker NPM instance and connect all other docker services on the same machine into the same network and other machines (syno nas) also just through NPM with each having a specific subdomain and this should work. I'll try again and follow your video step by step.
Thanks for the guide :)
Do I need to enter in cloudflare DNS management the external IP address of the synology, or the local address of the nas?
Did you find it out?
@@_obscuritas_ External IP if you want the NAS to be accessible from the internet, or internal one if you just want local access. Internal local access will require a Cloudflare token to get the Let's Encrypt certificates though.
Make a cloudflare video on a game server. I'm getting ddos every day bringing it down and no idea what to do or how.
after adding the domain to cloudflare in this way and redirecting the service via ngiex proxy manager, I keep getting error Origin is unreachable Error code 523
I will add that the domain is correctly redirected to cloudflare servers thunk you help:)
when i change DNS only to proxited, then stop working site in cname. Any help please?
So I cant use a proxied cloudflare record?
I dont know what i did wrong... It just doesnt work. Im close to giving up :/
I reach the NGINX default site. When i then setup the proxy host in NGINX it says connection refused/rejected whatever, i dont know how it is translated.
Anyone an idea?
Another question I'm getting internal error with NPM when requesting a cert from LetsinEncrypt. Do I need to open ports on my home router?
No! You need to make sure the cloudflare protection is disabled before requesting certs then enable it when it's done.
doesn't enabling the cloudflare proxy again on the A record make it impossible for the acme client to renew your ssl certificate?
For some reason it doesn’t. Not in my experience.
You quickly mentioned that you used a VM in Proxmox. Is there any reason why you didn't use a Ubuntu container?
I am trying to avoid the overhead of a VM because my system resources are limited and I use my Proxmox for many other services.
For some reason I cannot get NPM to work in a container. If you could share some light on this, maybe a VM would be the only way to go.
Nick O It’s known to not work well in containers if at all. So I use a VM and it works really well for me. Use a very light OS. Maybe Ubuntu server. It only needs like a gig of ram.
@@selfhosted Yes I get a internal error whenever I want to get a SSL cert. When I checked the github, many people have the same issue. I hope they release a LXC template for NPM. That would make it PERFECT! Thanks for the video tho!
Nick O keep me posted if they do! Thank you!