Just got it, Your videos of higher level stuff are great, these kinds of things never get videos. I guess because the documentation is so good now days, but as much as I love this stuff I don't have the time to tinker and learn what I don't know, so the info is very useful. The critique was one I received in the past for flight instruction, when you love something you love to share the knowledge, but sometimes we can turn into a firehouse of info :D From my comments you can see it is a hard habit to break, hah
I may have lost a few details such as: 1) Network Type: Custom @ 5:20 --> How do you set it up? Is it needed? What's the difference to not using it (in terms of settings/upsides/downsides)? 2) What if I don't have a domain and therefore I can't set cloudflare @14:00 ? I just have a DynDNS pointing to my public IP that I will not really give out
Thanks for the great guide! 🙌 It helped me recover my Nginx Proxy Manager setup on Unraid. Quick tip for others: If you're using Cloudflare, temporarily disable the orange cloud (proxy) to avoid SSL handshake issues when issuing Let’s Encrypt certificates. Once done, re-enable it and switch to Full (Strict) SSL mode. This step tripped me up, but your video saved me a lot of time-appreciate it!
Thanks for the video & documentation, finally got it working after moving from SWAG. For anyone having trouble with getting the certificates issued. It could be that in Cloudlfare the proxy is on while the cert hasn't been issued yet. Turning the proxy off allowed me to request a cert after which I could enable cloudflare's proxy once again.
Thanks, man! I am running nginx on Truenas, so I had to change values to fit my set up. But I got it working in the end. Took two days and having this video up on a second monitor. Only issue I’m having now is the site will only load in Chrome, not Safari.
Great video, very helpful! Quick question (noob here): At 15:55 what do you mean by create your admin account and set it up all the way before accessing remotely?
Seriously great video I have done everything and am losing my mind. Each time I try to create a proxy host it fails saying "Internal Error". I have tried so many things and now have a Cloudflare account with a domain that I am not using because I can't figure out these issues. Would it be possible to do a follow up video maybe with some trouble shooting along the way?
I've spent probably 10-15 hours trying to get swag and cloudflare working. The reasons you described fit me to a T. I was successful with your guide and I really appreciate it. +1 sub!
Did the video "skip" or did I miss something? At around the 14 minute mark you add a cname of "proxy" but then do nothing else with it. Are we to add that somewhere in nginx?
This is a life saver. Also, I'd like to highlight, in case with some people, at the end of the process, the domain opens not private page or the router's page, they should check their new domain on some other network to see if it's working or not. They can also connect to a VPN and then check on their network too.
I’d be really interested to know more about the custom bridge mode you set up for the network. It seems you prefer the custom one over just “bridge” so it would be great to know why and how to set that up! :)
For those getting "internal error" and other issues, I found switching the container from custom to bridge actually fixed my problems, after temporarily disabling the proxy slider on cloudflare. Got SSL from Let's Encrypt working now.
IF YOU ARE GETTING "INTERNAL ERROR"... try disabling "proxied" for your CNAME record in cloudflare, then try again. It should work. At this point, reenable the proxied toggle and everything should work fine.
Why would you port forward the entire unraid server and not just that single docker container? Shouldn't it show up as its own host on your network that you port forward?
We don't forward to the 'whole unraid server'. We forward to the ip and port of the reverse proxy. In this case, the IP is the server, and port is NPM. Alternatively, you can set up separate IP for the container or use a VM. Or use a tunnel, which is how we operate nowadays here and don't open any ports at all.
Hi Ibra! I really like your videos, they're great and helped me so much with my unraid server. One question here: I've been using letsencrypt, then swap and since I watched this video I've been trying NPM with no issues on hosting my docker services but, I've also configured some websites on swap pointing each one to a specific folder, tried to do it with NPM with no luck. What could I be missing? Thanks in advance mate!
I cannot get the DNS and Cloudflare part to work. I have my DNS switched to use CLoudflare now and I get a 552 error when trying to navigate to the cname record I have configured. Now I am sure I am just missing something important. I have an A record that points to my external IP then a CNAME record pointing to that A record. The rest of the config is the same as the video. Do I need to have the docker containers I want to forward to also on a private network within UnRaid? Any guidance is appreciated.
thanks for creating this! Quick question that I don't see an answer anywhere: would you advise against reverse proxying NPM itself so that it's webui isnt accessible remote, or it's fine to have that visible too?
@@IBRACORP Actually realized youre right. There's no point as I can just VPN in when I want to add. I'm just in install mode so constantly back and forth but after this lot is done, it's something I wouldn't need to touch often. Cheers!
I like your video, but I wish it was that easy for me. My domain and DNS provider is namecheap, I am adding the subdomain there as an A Record, pointing to my public IP, I also have other A Records pointing to the same IP, but anyway... In NPM I am adding a new host, with my subdomain, when I follow your steps and click save I get the Internal Error message, at that point I cannot follow the suggestions other users have commented here because I am not using cloudfare. Also, I have tried with different network settings, host, bridge and custom with a static IP, nothing works... I have realized that sometimes I get the error "the domain already exist", so I go to hosts and I see the host there but it is not online, when I try to generate the ssl again and click save, the internal error comes back. Now, I successfully generated a SSL cert for my root domain, however, when I try to open Home Assistant from NPM (yes I am using my root domain with home assistant), it doesn't load the website, I have to manually add the home assistant port at the end (5123), however that works only in my PC, if I load the Home Assistant Companion from my tablet using my root domain, it doesnt work. Home Assistant works when I redirect port 443 in my router to port 5123 in my Home Assistant Pi. So at then I dont know what to do, I basically deleted the container for NPM, I went back and port forward my home assistant as it used to be, I cant use NPM for another application as I wanted (deemix) and I am in square one... I see everybody uses cloudfare and all videos or guides are made for that, but my case is different, I have had my domain for years with namecheap, I have used letsencrypt in VMs using the DNS method with namecheap without any issues, but I cant understand why is it so complicated with NPM. Any help is appreciated. Thanks.
I was with you right up until the SSL cert part. I click [Save], it thinks a moment, then I get a generic "Internal Error" banner in red across the top of the dialog. Any idea how to proceed?
If you're using Let's Encrypt then often this means LetsEncrypt is unable to verify your domain so it fails. We prefer using Cloudlfare origin certificates for this. Also, worth checking the logs when that error appears to help you figure out why. Otherwise, the method is definitely still working.
Love the video, I have almost the same setup as you here but am having problems when I try and do the certificate. I get an api communication error, do I need to do something in Cloudflare for the certificate request to work properly? I think the port forwarding and stuff is OK because if I don't use ssl I can access the site properly, but that's not ideal obviously. Do I need to set the domain in Cloudflare from "Flexible" ssl settings to "Full" or something else in Cloudflare? I think the problem I am having is to do with the certificate not being issued properly.
Flawless. Amazing. Got it working across a few subdomains/containers really great... But for some reason I cant get an SSL for Jellyfin ("Internal Error" in NGINX when I try and create the proxy host) and can't get it to work without it either... Hmmm... Gonna have to keep digging.
Thanks for the video it helped a lot! The only issue Im having is with enabling "Force SSL" option. If that is enabled I am not able to access the website. If it is disabled I have no issues. I am using CloudFlare and have HSTS and always use HTTPS enabled. Any thoughts on how I can get Force SSL working?
Accessing my subdomain works perfectly! However, when I attempt to access the domain itself - I get SSL handshake failed Error code 525 message. I'm guessing that's due to not having a web server running and hosting a site for the domain?
Amazing walk-thru! I've just started my Unraid journey with much help from illuminated nerd & spaceinvaderone. Now I'll be adding a 3rd source 😉😁🤘I'm slowly migrating from a Win10 box with emby/sonarr/radarr/unifi/etc and I've been using Caddy V2 as the reverse proxy for them. The GUI and ease of use won me over right away with NPM. However my OCD is wondering if this is the same as Swag, minus the gui? 🤔
Thank you for watching and subscribing! Look it depends on preferences, SWAG has some different features such as Docker mods and much flexibility in it's functions. NPM is simpler but does a great job at what it needs to do. Watch our SWAG video too and compare the pair !
Hey mate, good to hear an aussie accent on these tutorials. Hoping you can help if you have time. I have set up successfully with sonnarr and radarr. Seems to have no problem with other unraid dockers, but going to docker or web server on another VM is an issue. Currently having issues with a self hosted HUDU install. Works fine by direct IP or port forwarded to direct IP. Soon as I port forward to NPM I get redirect issues. Hudu has SSL (letsencrupt) built in so I have tried turning it off in NPM and various other configs that don't seem to work.
More info: Using Bridge network. If I select SSL-none I get http2 protocol error, and if I select SSL and ony check HTTP2 support I get too many redirects. Have also played with site config files and 'custom locations'. I spent weeks (maybe more) trying to build a reverse proxy server a couple of years ago and gave up. Really would like to get this working so I can host more than one thing. Any help is greatly appreciated. Even pointing me towards another vid or some conscise docs.
@@notoryous2 Yes mate. Turns out I had completely missed a couple of settings. Scheme - HTTPS instead of HTTP and make sure the port is also correct... not always 80 or 443.
hello, I have followed your guide and I really want to thank you for all the efforts you put into this. however, after a couple of months that I had NGINX working, I am now facing a disaster... I am locked out... I can access all the services I added in NGINX but I can't access unraid itself (not even when I am at home and I try to connect locally)... do you have any clue, before I erase everything and I restart from scratch?... should have I made a subdomain for unraid too? should have I changed the default ports of unraid? please help!!!
Need elaboration on setting up access list info. How to setup this fir homeassistant on another machine on another vlan in network. You can do without the cloudflare, you just have to make a sub-sub-domain point to the sub-domain of your duck dns. (Id give an example but my comments been deleted 2 times already, probably because of the examples i gave) that would bw nice to have included if you ever do an updated version of this, not that it it out of date or anything, i just used it to get my setup running in about 30 min...
I just switched from SWAG to Nginx Proxy Manager. Thank you for making this so clear. I am not familiar with how certificates work. I have successfully added nextcloud and got it to work (THANK YOU!!!) I'm trying to add other reverse proxies but I don't know if I can use the same nextcloud certificate from the dropdown list or do I need to create an individual certificate for each proxy? Thank you!!!
Great video, I understand everything but one thing - why will the Let'sEncrypt fail with internal server error when I set the cname/a record in Cloudflare to "proxied"? It works fine when set to DNS only. Don't I loose a lot of security when Cloudflare is set to DNS only?
this was all working great for me until, for some reason, certbot failed to renew the certs "Failed to renew certificate npm-1 with error: Some challenges have failed." Manually clicking the Renew Cert button in NPM also fails. Is it a port forwarding issue? Ive read that you need to have port 80 staying at port 80 elsewhere on the web. I think for this I had port 80 forwarded to 1880 for NPM in my pfsense.
I have a quick question, when i added overseer to this, it works on an external whise and internal, however ive noticed that the loading time for the login is very slow. I was wondering if this is because in docker i have my plex media server on the bridge network? I tried adding the plex media server to my custom docker network, which improved the login speed for overseer, however connecting to the media server externally isn't able to be done directly for playing and uses the dreaded plex relay service, is there a step im missing on port forwarding or something that i need to do?
Hoi, is there something else one have to do to reverse proxy for example a webcam stream on another computer, in this case, klipper webcam on a raspberry pi to successfully pass through nginx on unraid?
Nice one, i spend a lot off time with SWAG. I think in this video u got missing part about duckdns :D And one question, how you can protect yourself when you opened your server to the internet? Which protection can be added to secure your domain names from someone else?
Hi Aleksejs, thanks for watching. You are correct, I intentionally left the duckdns part out as it's already covered by spaceinvaderone and I didn't want to double up on that. Keeping a dynamic DNS can be separate video for the future. As for security, the safest bet in my opinion is having something like CloudFlare because the IP address shown to someone on the end is CloudFlare and not my own so it's takes that risk away
@IBRACORP I have been struggling to get any reverse proxy to work. You being a UDM Pro user could the UDM be blocking something in this process? I tried with the tunnel as well and no luck.
In my router, am I supposed to forward those ports to the proxy server? Is it actually serving as a relay server, or is it just translating the dns request and then passing the port number to request along? The tutorial is kinda fuzzy on how the routing of the traffic of the services themselves is actually handled.
hey great video! but i have a problem, this guide work perfectly for NEXTCLOUD but when I try to do it to - radarr/obmi etc. it doest work with SSL and only HTTP, doest it's mean my server will be more vulnerable?
Do you own a raspberry pi? im trying to do what you have but using docker through portainer to expose ombi to public using my own domain. I keep running into problems though. can you provide a solution? thanks
How do you have your content empty at 14:12 when setting the www and @ for cloudflare? I'm prompted to use the server IP and unable to proxy it cause it isn't externally facing
You can have both the WWW and non WWW in the proxy host. But this is best set on the domain level/DNS. A 301 permanent redirect of WWW to non WWW is best
hey so its not entirely this subject but i have tried running pterocdactyl with nginx proxy manager by putting nginx cli on another port and redirecting via nginx proxy manager but im having a bit of issues getting error of too many redirects and cannot login like i opened a new icognito mode tab and tried to login with multiple emails doesnt work
im forwarding the ports as you shown (except for 18443, i had to put it as 1443 bc my router couldn’t do that with 443, saying not allowed) and my domain still links to the unraid web gui. I also did the A record of @ leading to my home IP and another A record of www leads to the server IP
A great video and it helped guide me off of troubleshooting SWAG. One question relates to managing nextcloud. The reverse proxy works with nextcloud (ie: I can access it through my subdomain), but the nextcloud container gives me a bunch of security errors (The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds, or Your web server is not properly set up to resolve "/.well-known/webfinger".) All of the help documentation assumes .conf files can be manipulated (like in SWAG). How can I do something like this in NPM?
Hey I know this is an old vid but could you do a DDWRT video? Like what the best setting a home lab environment and such, greatly appreciate your contents!
So ive done all of these steps, and I have used overseerr as well. When i load overseerr it says you are offline. and there is abutton to press that says reload. No matter what I do it just comes back to that screen.
@@ViscountJimmy yeah regardless of what app I try, I can access it from the local IP, but when I press the source in NPM it times out with a 522 error.
Could you explain the DNS part of this container ? I hate you didn’t die to a lot of us not being able to validate via HTTP and we have to use DNS verification instead. I watched up to that point and I was disappointed you didn’t show this because I have gotten the whole thing to work all but this part:(
After installing NPM I had to wait about 10 minutes before I could login with the default credentials. Not sure why but it kept giving me a bad user error (user not found, or something to that effect). I couldn't find that documented anywhere, but after about 10 minutes I could get in. Also, I switched from swag container, and got errors when adding the proxy hosts. I switched to CF origin server cert and it took care of the issue. I think LE in NPM was conflicting somehow with certs I already had registered in swag
Yeah could be due to using similar details in the LE certificates which might return a failure as the certificates already exist elsewhere. Using CloudFlare is the best way in my opinion anyway, great job getting it going
thats a bummer, my ISP is basically blocking all the ports and i am not able to access plex outside the network apart from the relay. Tried portmapping.io, no-ip and at last wanted to try this option :(. Have to look for way to get this working now. Any suggestions ?
Since we are using CloudFlare origin certificate we don't need to challenge against CloudFlare. When using a Let'sEncrypt certificate we do since it's a third party to CloudFlare
The next challenge is how to go about setting this up using non-standard ports!! DNS TXT records is one way but I have not figured out how to do this with the UnRaid container
Use the CloudFlare tunnel and avoid ports all together (we did a video on it) Otherwise 80 443 can be forwarded to a different port as long as that is what you set in the container for NPM
Good guide. I'm still on the SWAG thing, but always wondered hoe this thing worked. Do you know if you can limit bandwith for a certain Docker in NPM? For example NExtcloud, I can limit my upload speed for other peoples downloads from NC, but Uploads to NC are not limited? Keep making that good content! Cheers
Thanks for coming back and watching my friend. If you have a snippet in your SWAG/NGINX that does this, then yes, you can simply add this to the Custom Configuration section on your Proxy Host in NPM. I should have mentioned it in the video but anything you code in SWAG or LetsEncrypt can usually be pasted directly into a Proxy Host in NPM. It works the same, just a nice interface to do it in
This is an alternative to SWAG. If it suits you and your needs then I can recommend it. A few people have made the jump and really like it. Others prefer SWAG for a variety of reasons so please weigh up what you'd prefer. It's easy enough to make a container and try it, so why not?
Great video and nice for some updated videos, while space invaders video are very good some are now getting outdated especially if your new to unraid like me thanks again
Hi Nigel, you are correct and technology changes often so staying on the forefront is critical to do justice to our users as well as unRAID who constantly improve their platform. Thanks for tuning in and hope to share more soon
Hi, im having an issue, i have followed all of your vids to get cloudflare and NGINX to work but i just keep getting a error 521 whenever i try and go to a subdomain. I have a UDM Pro from ubiquiti and im sure i have forwarded the ports correctly but just cant get it to work. Any suggestions?
Got pretty baffled by this because I previously followed a SpaceInvader tutorial on using DDNS with Cloudflare with my own domain, (resulting in a Cloudflare docker on unraid) so all the duckdns stuff is irrelevant to me. Seems odd that you're using Cloudflare for DNS management but not for DDNS - or am I missing something ? Some gentle constructive criticism, as I do really appreciate your videos: - you have a bit of a habit of saying that something is 'super simple'. In fairness, when you use this comment after a slow paced, step by step explanation, then - because you've just demystified the subject - it's fair enough. However you do also use the phrase after sections that are anything but simple, and I suspect they only strike you as straightforward because you have a top down, 'big picture' perspective most of us watching these videos don't have. I appreciate that it must be very difficult - especially since it's clear that some of Space Invader's videos that are only a couple of years old are already well out of date compared to current best practice. Must feel like trying to juggle a dozen balls at once, so I really do appreciate your efforts, just please bear in mind that your 'simple' isn't necessarily so for some of your thicker viewers i.e. me!
Hi Julian, thank you for your feedback. I appreciate you taking the time to write it up. In regards to the DDNS I actually made a seperate video for that subject which is why it's not mentioned here. As for the phrase I use I can see where you're coming from and I think I say it as a form of encouragement while teaching. I'll see if I can be more mindful about it.
I currently have 5 of your videos in progress trying to bounce between each one to get one thing set up lol appreciate that you have these videos but I am very lost on the duckdns part, that wasn't explained and no video was referenced like you normally do (hence why I have 5 open at the moment).
I had this installed and working great. Long story short I messed up and all my vms and dockers were deleted. I've reinstalled nginx but cannot seem to create a new certificate. Any thoughts how I can recover the old one or create new?
@@IBRACORP I've been following the video to a T and now this second time around it's not working. Going to try a different domain and see what happens.
@@IBRACORP I used a new domain that i've never done anything with also i reinstalled nginxproxymanager and changed the config directory around a bit figuring maybe something was hanging in the older folder (changed it to: /mnt/user/appdata/NginxProxy) and the same exact problem persists trying to create the certificate it says "Internal error" if i check the logs of the docker i am presented with the following: ⚠ warning Command failed: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --agree-tos --authenticator webroot --email "myemail@myemail.com" --preferred-challenges "dns,http" --domains "radarr.mydomain.cloud" Saving debug log to /var/log/letsencrypt/letsencrypt.log Some challenges have failed.
I've been thinking about setting up something like this or haproxy on pfsense for a while now, not cause i really want to, but I think I'm going to have to. For years I've just had separate physical network coming off pfsense, nic switch etc. And 1 fqdn with everything pointing directly here, a records, mx, etc, well not my own ns servers, but away. Its worked great. I figured isp would get mad about the whole mx thing and either block or send me a nastly letter or something, but after a couple of years they never have. But i'm really light on 25 so idk, but back to my point: Now I have a 2nd fqdn pointing here as well and there is where problems began and where I find my myself scratching my head as to how to proceed. Another subnet won't help anything with that i don't think. I'm a little out of touch i guess. Oh, and 1 or the domains i have uses cloudflare ns. Your cloudflare vid has kind of changed my mind about how i feel about them. I probably commented there.
I didn't get a chance to watch the entire video, but previously NPM didn't allow for DNS validation on the SSL. I went to SWAG specifically for this issue... Is this still the case with NPM? And what about wildcard certs?
What would cause an Internal Error when saving the Host Proxy with SSL in NPM? I'm trying to get overseerr externally accessible. I've got the CNAME set and I've got 5055 port forwarded to the host IP. I also have 3 other apps that I have external access to. I'm losing my mind. lol
If I use the Cloudflare CA certificate to configure the NPM, do I need to re-issue it again after 15 years or 60 days like ACME? When will my subdomains stop working?
Hi, thanks for the video. I followed it step by step. I created an aname rather than a cname but When I save the proxy host and or request the SSL certifcate I get an internal error. I did forward the ports and also checked if I get through when I pointed it to another webseite on the unraid server.
IMPORTANT NOTE FOR FELLOW AUSSIES: One potential issue is your ISP blocking ports 443 and 80. Im with Aussie BB and they do indeed block them, a simple call to support gets them unblocked (also get out of cgnat as well if you haven't already). Took me 3 days of hair pulling to figure that out.
Thanks for watching! We appreciate ya. Do you like NPM as a reverse proxy? What do you use currently? Let us know below!
Just got it, Your videos of higher level stuff are great, these kinds of things never get videos. I guess because the documentation is so good now days, but as much as I love this stuff I don't have the time to tinker and learn what I don't know, so the info is very useful. The critique was one I received in the past for flight instruction, when you love something you love to share the knowledge, but sometimes we can turn into a firehouse of info :D From my comments you can see it is a hard habit to break, hah
That's okay Ben I appreciate taking the time to leave the feedback. I will take it on board! Thanks for watching
It's good to have another Unraid youtuber out there. I love Spaceinvader's content but having more and varied perspectives is a good thing.
Thank you! Glad to have you 🙂
I may have lost a few details such as:
1) Network Type: Custom @ 5:20 --> How do you set it up? Is it needed? What's the difference to not using it (in terms of settings/upsides/downsides)?
2) What if I don't have a domain and therefore I can't set cloudflare @14:00 ? I just have a DynDNS pointing to my public IP that I will not really give out
3 years later, this video still holds up. Thanks for the tutorial!
Thanks for the great guide! 🙌 It helped me recover my Nginx Proxy Manager setup on Unraid. Quick tip for others: If you're using Cloudflare, temporarily disable the orange cloud (proxy) to avoid SSL handshake issues when issuing Let’s Encrypt certificates. Once done, re-enable it and switch to Full (Strict) SSL mode. This step tripped me up, but your video saved me a lot of time-appreciate it!
Thanks for the video & documentation, finally got it working after moving from SWAG. For anyone having trouble with getting the certificates issued. It could be that in Cloudlfare the proxy is on while the cert hasn't been issued yet. Turning the proxy off allowed me to request a cert after which I could enable cloudflare's proxy once again.
Fantastic videos on this channel! Just changed from SWAG to NPM. Was way easier than the SWAG config and I was up and running in no time flat.
That's the best part of NPM! Thanks for coming and checking out the channel
Thanks, man! I am running nginx on Truenas, so I had to change values to fit my set up. But I got it working in the end. Took two days and having this video up on a second monitor.
Only issue I’m having now is the site will only load in Chrome, not Safari.
Thanks for this video! Got my NPM all setup and configured. Just moved from SWAG and this is way easier!
Heaps easier! Thanks for watching
Why was a CNAME DNS entry added for "proxy"? I didn't see that get used anywhere after adding it.
Great video, very helpful!
Quick question (noob here):
At 15:55 what do you mean by create your admin account and set it up all the way before accessing remotely?
Seriously great video I have done everything and am losing my mind. Each time I try to create a proxy host it fails saying "Internal Error". I have tried so many things and now have a Cloudflare account with a domain that I am not using because I can't figure out these issues. Would it be possible to do a follow up video maybe with some trouble shooting along the way?
I've spent probably 10-15 hours trying to get swag and cloudflare working. The reasons you described fit me to a T. I was successful with your guide and I really appreciate it. +1 sub!
Did the video "skip" or did I miss something? At around the 14 minute mark you add a cname of "proxy" but then do nothing else with it. Are we to add that somewhere in nginx?
Did you figure this out?
@@GravyBoatyes but I'm not sure what I did at this point. I think I used the cloud flare tunnel docker.
@@jwhite175 ya I got it too found it from a different video. Had to set A name as domain without the prefix.
This is a life saver. Also, I'd like to highlight, in case with some people, at the end of the process, the domain opens not private page or the router's page, they should check their new domain on some other network to see if it's working or not. They can also connect to a VPN and then check on their network too.
I'm having this issue. When I browse to my domain from outside my network, I get stopped at my router page with an error. How did you fix it?
Thanks a bunch. Thought it wasn't working until I read this and tried using mobile data.
I’d be really interested to know more about the custom bridge mode you set up for the network. It seems you prefer the custom one over just “bridge” so it would be great to know why and how to set that up! :)
It's your lucky day! We actually covered this here: th-cam.com/video/7fzBDCI8O2w/w-d-xo.html
Be sure to check the pinned comment too
Thanks for the shout out. This was an excellent how to. Very very good!
My pleasure mate, you deserve it. And thank you for the feedback, feel it's getting better
For those getting "internal error" and other issues, I found switching the container from custom to bridge actually fixed my problems, after temporarily disabling the proxy slider on cloudflare. Got SSL from Let's Encrypt working now.
IF YOU ARE GETTING "INTERNAL ERROR"... try disabling "proxied" for your CNAME record in cloudflare, then try again. It should work. At this point, reenable the proxied toggle and everything should work fine.
Thank you for this sir! You saved my day :) (Thanks IBRACORP for the video as well!)
Why would you port forward the entire unraid server and not just that single docker container? Shouldn't it show up as its own host on your network that you port forward?
We don't forward to the 'whole unraid server'. We forward to the ip and port of the reverse proxy. In this case, the IP is the server, and port is NPM.
Alternatively, you can set up separate IP for the container or use a VM. Or use a tunnel, which is how we operate nowadays here and don't open any ports at all.
Hi Ibra! I really like your videos, they're great and helped me so much with my unraid server.
One question here: I've been using letsencrypt, then swap and since I watched this video I've been trying NPM with no issues on hosting my docker services but, I've also configured some websites on swap pointing each one to a specific folder, tried to do it with NPM with no luck. What could I be missing?
Thanks in advance mate!
This was very helpful! I'm looking forward to more guides.
Thanks Scott, appreciate coming back and checking it out. Look forward to putting more out
I don't understand how this is so easy. It seems too good to be true. Thanks for the video.
Amazing guide. NPM is amazing. It takes all the guesswork out of setting up a reverse proxy with a nice web-gui.
I cannot get the DNS and Cloudflare part to work. I have my DNS switched to use CLoudflare now and I get a 552 error when trying to navigate to the cname record I have configured. Now I am sure I am just missing something important.
I have an A record that points to my external IP then a CNAME record pointing to that A record. The rest of the config is the same as the video.
Do I need to have the docker containers I want to forward to also on a private network within UnRaid? Any guidance is appreciated.
Does not get a certificate. Internal server error.
thanks for creating this! Quick question that I don't see an answer anywhere: would you advise against reverse proxying NPM itself so that it's webui isnt accessible remote, or it's fine to have that visible too?
Would never recommend it but if you choose to definitely lock it down with Authelia
@@IBRACORP Actually realized youre right. There's no point as I can just VPN in when I want to add. I'm just in install mode so constantly back and forth but after this lot is done, it's something I wouldn't need to touch often. Cheers!
Totally get that, done it myself too!
I like your video, but I wish it was that easy for me. My domain and DNS provider is namecheap, I am adding the subdomain there as an A Record, pointing to my public IP, I also have other A Records pointing to the same IP, but anyway... In NPM I am adding a new host, with my subdomain, when I follow your steps and click save I get the Internal Error message, at that point I cannot follow the suggestions other users have commented here because I am not using cloudfare. Also, I have tried with different network settings, host, bridge and custom with a static IP, nothing works... I have realized that sometimes I get the error "the domain already exist", so I go to hosts and I see the host there but it is not online, when I try to generate the ssl again and click save, the internal error comes back.
Now, I successfully generated a SSL cert for my root domain, however, when I try to open Home Assistant from NPM (yes I am using my root domain with home assistant), it doesn't load the website, I have to manually add the home assistant port at the end (5123), however that works only in my PC, if I load the Home Assistant Companion from my tablet using my root domain, it doesnt work. Home Assistant works when I redirect port 443 in my router to port 5123 in my Home Assistant Pi.
So at then I dont know what to do, I basically deleted the container for NPM, I went back and port forward my home assistant as it used to be, I cant use NPM for another application as I wanted (deemix) and I am in square one... I see everybody uses cloudfare and all videos or guides are made for that, but my case is different, I have had my domain for years with namecheap, I have used letsencrypt in VMs using the DNS method with namecheap without any issues, but I cant understand why is it so complicated with NPM. Any help is appreciated. Thanks.
Thanks for the help, even 3 years later still working guide :)
I was with you right up until the SSL cert part. I click [Save], it thinks a moment, then I get a generic "Internal Error" banner in red across the top of the dialog. Any idea how to proceed?
did you figure out the problem, i got the same thing
@@isakolsen679 nope. I just gave up. lol
i have the same problem :(
If you're using Let's Encrypt then often this means LetsEncrypt is unable to verify your domain so it fails.
We prefer using Cloudlfare origin certificates for this.
Also, worth checking the logs when that error appears to help you figure out why.
Otherwise, the method is definitely still working.
Love the video, I have almost the same setup as you here but am having problems when I try and do the certificate. I get an api communication error, do I need to do something in Cloudflare for the certificate request to work properly? I think the port forwarding and stuff is OK because if I don't use ssl I can access the site properly, but that's not ideal obviously.
Do I need to set the domain in Cloudflare from "Flexible" ssl settings to "Full" or something else in Cloudflare? I think the problem I am having is to do with the certificate not being issued properly.
The proxy manager shows the proxy as online, but when clicking the link, I get "hmm we're having trouble accessing that site."
Thanks so much for posting this. Helped me to no end with getting my nextcloud up and running.
Thank you for letting me move from Swaq to NGINX Proxy Manager.
This is well explained but I have a question what happens if your ISP have blocked most of your ports as mine has would this still work ?
You skipped the part of adding the Cname im stuck on adding it because it requires I add an answer to the Cname which I dont know what to place
Flawless. Amazing.
Got it working across a few subdomains/containers really great...
But for some reason I cant get an SSL for Jellyfin ("Internal Error" in NGINX when I try and create the proxy host) and can't get it to work without it either... Hmmm... Gonna have to keep digging.
Thanks for the video it helped a lot! The only issue Im having is with enabling "Force SSL" option. If that is enabled I am not able to access the website. If it is disabled I have no issues. I am using CloudFlare and have HSTS and always use HTTPS enabled. Any thoughts on how I can get Force SSL working?
What if you dont have a domain and just want to access your dockers remotely?
doesnt this open up your unraid server to attacks?
Accessing my subdomain works perfectly! However, when I attempt to access the domain itself - I get SSL handshake failed Error code 525 message. I'm guessing that's due to not having a web server running and hosting a site for the domain?
Amazing walk-thru!
I've just started my Unraid journey with much help from illuminated nerd & spaceinvaderone. Now I'll be adding a 3rd source 😉😁🤘I'm slowly migrating from a Win10 box with emby/sonarr/radarr/unifi/etc and I've been using Caddy V2 as the reverse proxy for them.
The GUI and ease of use won me over right away with NPM. However my OCD is wondering if this is the same as Swag, minus the gui? 🤔
Thank you for watching and subscribing! Look it depends on preferences, SWAG has some different features such as Docker mods and much flexibility in it's functions. NPM is simpler but does a great job at what it needs to do.
Watch our SWAG video too and compare the pair !
@@IBRACORP awesome thanks! Will def check out the your Swag vid. 🤔 NPM being simpler is a good thing. My caddyfile is the shortest ever. 😆
Hey mate, good to hear an aussie accent on these tutorials. Hoping you can help if you have time. I have set up successfully with sonnarr and radarr. Seems to have no problem with other unraid dockers, but going to docker or web server on another VM is an issue. Currently having issues with a self hosted HUDU install. Works fine by direct IP or port forwarded to direct IP. Soon as I port forward to NPM I get redirect issues. Hudu has SSL (letsencrupt) built in so I have tried turning it off in NPM and various other configs that don't seem to work.
More info: Using Bridge network. If I select SSL-none I get http2 protocol error, and if I select SSL and ony check HTTP2 support I get too many redirects. Have also played with site config files and 'custom locations'. I spent weeks (maybe more) trying to build a reverse proxy server a couple of years ago and gave up. Really would like to get this working so I can host more than one thing. Any help is greatly appreciated. Even pointing me towards another vid or some conscise docs.
Did you ever find a solution to this?
@@notoryous2 Yes mate. Turns out I had completely missed a couple of settings. Scheme - HTTPS instead of HTTP and make sure the port is also correct... not always 80 or 443.
Thanks for the video. But why did we use "request a new ssl certificate" vs choosing the custom one we added to nginx? I wanna be able to understand.
hello, I have followed your guide and I really want to thank you for all the efforts you put into this. however, after a couple of months that I had NGINX working, I am now facing a disaster... I am locked out... I can access all the services I added in NGINX but I can't access unraid itself (not even when I am at home and I try to connect locally)... do you have any clue, before I erase everything and I restart from scratch?... should have I made a subdomain for unraid too? should have I changed the default ports of unraid? please help!!!
Need elaboration on setting up access list info.
How to setup this fir homeassistant on another machine on another vlan in network.
You can do without the cloudflare, you just have to make a sub-sub-domain point to the sub-domain of your duck dns. (Id give an example but my comments been deleted 2 times already, probably because of the examples i gave) that would bw nice to have included if you ever do an updated version of this, not that it it out of date or anything, i just used it to get my setup running in about 30 min...
Thank you sir, a really great video. Made the switch from SWAG so easy. Looking forward to more
You're very welcome Stuart, thanks for watching, appreciate your patronage
Did you remove swag completely, or just stop the app? I have have more trouble than I care to admit. Which seems silly since it looks so simple
Me to. my nextclud was down for like 2 min when i make the switch. so mutch more fun now
I have a question, is my homenetwork exposed to the internet with this stuff? or am I safe and no open ports to the wan?
I just switched from SWAG to Nginx Proxy Manager. Thank you for making this so clear. I am not familiar with how certificates work. I have successfully added nextcloud and got it to work (THANK YOU!!!) I'm trying to add other reverse proxies but I don't know if I can use the same nextcloud certificate from the dropdown list or do I need to create an individual certificate for each proxy? Thank you!!!
It's one certificate per domain. So if it's the same domain name then you can repick the same certificate 🙂
You're so welcome thanks for watching
Great video, I understand everything but one thing - why will the Let'sEncrypt fail with internal server error when I set the cname/a record in Cloudflare to "proxied"? It works fine when set to DNS only. Don't I loose a lot of security when Cloudflare is set to DNS only?
this was all working great for me until, for some reason, certbot failed to renew the certs "Failed to renew certificate npm-1 with error: Some challenges have failed." Manually clicking the Renew Cert button in NPM also fails. Is it a port forwarding issue? Ive read that you need to have port 80 staying at port 80 elsewhere on the web. I think for this I had port 80 forwarded to 1880 for NPM in my pfsense.
I have a quick question, when i added overseer to this, it works on an external whise and internal, however ive noticed that the loading time for the login is very slow. I was wondering if this is because in docker i have my plex media server on the bridge network?
I tried adding the plex media server to my custom docker network, which improved the login speed for overseer, however connecting to the media server externally isn't able to be done directly for playing and uses the dreaded plex relay service, is there a step im missing on port forwarding or something that i need to do?
I install it, it says it installs fine... but it wont take the default credentials.... can't sign in... not sure what i'm doing wrong.
Hoi, is there something else one have to do to reverse proxy for example a webcam stream on another computer, in this case, klipper webcam on a raspberry pi to successfully pass through nginx on unraid?
Nice one, i spend a lot off time with SWAG. I think in this video u got missing part about duckdns :D And one question, how you can protect yourself when you opened your server to the internet? Which protection can be added to secure your domain names from someone else?
Hi Aleksejs, thanks for watching. You are correct, I intentionally left the duckdns part out as it's already covered by spaceinvaderone and I didn't want to double up on that. Keeping a dynamic DNS can be separate video for the future.
As for security, the safest bet in my opinion is having something like CloudFlare because the IP address shown to someone on the end is CloudFlare and not my own so it's takes that risk away
@@IBRACORP thanks:) it means i need to follow your instructions with setup, i think i will spend all day to change spaceinvader one to use cloudflare
How can I point/reverse proxy to apps/dockers only to LAN. I don't care about cloudflare/ssl. I want to keep everything in house.
@IBRACORP I have been struggling to get any reverse proxy to work. You being a UDM Pro user could the UDM be blocking something in this process? I tried with the tunnel as well and no luck.
In my router, am I supposed to forward those ports to the proxy server? Is it actually serving as a relay server, or is it just translating the dns request and then passing the port number to request along? The tutorial is kinda fuzzy on how the routing of the traffic of the services themselves is actually handled.
Followed this video and DAMN it made my day, everything works perfectly. Love NGINX. Thanks a lot!
You're welcome thank you for watching!
hey great video! but i have a problem, this guide work perfectly for NEXTCLOUD but when I try to do it to - radarr/obmi etc. it doest work with SSL and only HTTP, doest it's mean my server will be more vulnerable?
Thanks do Nextcloud next :)
Do you own a raspberry pi? im trying to do what you have but using docker through portainer to expose ombi to public using my own domain. I keep running into problems though. can you provide a solution? thanks
How do you have your content empty at 14:12 when setting the www and @ for cloudflare? I'm prompted to use the server IP and unable to proxy it cause it isn't externally facing
It works, but if I want to have another 443 on another internal address? it doesn't work anymore! how do I solve this problem?
correct me if i'm wrong, but wouldn't port forwarding 80 and 443 be a bad idea?
Yes, in summary, you're correct.. That's unfortunately how this works, though. The alternative is using tunnels like Cloudflare or Tailscale.
@@IBRACORP hmm, might try that then 🤔
Thanks!
Grate Tutorial!!! one question con you redirect www to non www using NGNIX Proxy manager?
You can have both the WWW and non WWW in the proxy host. But this is best set on the domain level/DNS. A 301 permanent redirect of WWW to non WWW is best
hey so its not entirely this subject but i have tried running pterocdactyl with nginx proxy manager by putting nginx cli on another port and redirecting via nginx proxy manager but im having a bit of issues getting error of too many redirects and cannot login like i opened a new icognito mode tab and tried to login with multiple emails doesnt work
I'm using my br0 network, is there any way to connect the br0 network to host?
This is a problem when I'm using HASSIO supervisor that runs on host
im forwarding the ports as you shown (except for 18443, i had to put it as 1443 bc my router couldn’t do that with 443, saying not allowed) and my domain still links to the unraid web gui. I also did the A record of @ leading to my home IP and another A record of www leads to the server IP
A great video and it helped guide me off of troubleshooting SWAG. One question relates to managing nextcloud. The reverse proxy works with nextcloud (ie: I can access it through my subdomain), but the nextcloud container gives me a bunch of security errors (The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds, or Your web server is not properly set up to resolve "/.well-known/webfinger".) All of the help documentation assumes .conf files can be manipulated (like in SWAG). How can I do something like this in NPM?
Hey I know this is an old vid but could you do a DDWRT video? Like what the best setting a home lab environment and such, greatly appreciate your contents!
So ive done all of these steps, and I have used overseerr as well. When i load overseerr it says you are offline. and there is abutton to press that says reload. No matter what I do it just comes back to that screen.
I am getting the default landing page with the external IP. but having 522 cloudflare issues when trying to access with the domain name.
me too. on and off issue. not sure how to fix
@@ViscountJimmy yeah regardless of what app I try, I can access it from the local IP, but when I press the source in NPM it times out with a 522 error.
Please join our Discord if you need additional help
@@ViscountJimmy Hi James, thanks to the guys in the Discord I was able to fix it, let me know if you need help
@@IBRACORP the guys in the discord were amazing, so much support by the community, it was incredible to see
Could you explain the DNS part of this container ? I hate you didn’t die to a lot of us not being able to validate via HTTP and we have to use DNS verification instead. I watched up to that point and I was disappointed you didn’t show this because I have gotten the whole thing to work all but this part:(
After installing NPM I had to wait about 10 minutes before I could login with the default credentials. Not sure why but it kept giving me a bad user error (user not found, or something to that effect). I couldn't find that documented anywhere, but after about 10 minutes I could get in.
Also, I switched from swag container, and got errors when adding the proxy hosts. I switched to CF origin server cert and it took care of the issue. I think LE in NPM was conflicting somehow with certs I already had registered in swag
Yeah could be due to using similar details in the LE certificates which might return a failure as the certificates already exist elsewhere.
Using CloudFlare is the best way in my opinion anyway, great job getting it going
Can I import my softs into soft soft and process without using a mic
Thanks for the info. I have Google Fiber and I think it's just not accessible on port 80/443 externally so I wasn't able to get this setup.
Try our video on CloudFlare Tunnels to bypass 80/443 blocks and close open ports altogether
This is an amazing video. Followed all the steps to setup but couldnt get it to work. Would this work if I am not able to do port forwarding ?
Thank you for watching. As far as I know you would need ports 80 and 443 but I'm happy to be corrected by someone if otherwise
thats a bummer, my ISP is basically blocking all the ports and i am not able to access plex outside the network apart from the relay. Tried portmapping.io, no-ip and at last wanted to try this option :(. Have to look for way to get this working now. Any suggestions ?
Thats unfortunate mate I wish they didn't do that. A VPN would be another option for option possibly
hello thank you for your video, just one question please, why do you not use dns challenge? are you able to explain what this does/is for?
Since we are using CloudFlare origin certificate we don't need to challenge against CloudFlare. When using a Let'sEncrypt certificate we do since it's a third party to CloudFlare
@@IBRACORP did you set it up this way in the video?
it says I cant make it to the host for some reason. Brower working and cloudflare is working
Thank you so much for this! Everything is presented so well!
Thank you for the feedback glad you enjoyed it :)
The next challenge is how to go about setting this up using non-standard ports!!
DNS TXT records is one way but I have not figured out how to do this with the UnRaid container
Use the CloudFlare tunnel and avoid ports all together (we did a video on it)
Otherwise 80 443 can be forwarded to a different port as long as that is what you set in the container for NPM
Good guide. I'm still on the SWAG thing, but always wondered hoe this thing worked. Do you know if you can limit bandwith for a certain Docker in NPM? For example NExtcloud, I can limit my upload speed for other peoples downloads from NC, but Uploads to NC are not limited?
Keep making that good content!
Cheers
Thanks for coming back and watching my friend.
If you have a snippet in your SWAG/NGINX that does this, then yes, you can simply add this to the Custom Configuration section on your Proxy Host in NPM.
I should have mentioned it in the video but anything you code in SWAG or LetsEncrypt can usually be pasted directly into a Proxy Host in NPM. It works the same, just a nice interface to do it in
@@IBRACORP Thanks! Good to know.
So this is an alternative to swag? Should I make the switch as this has a nice looking ui.
This is an alternative to SWAG. If it suits you and your needs then I can recommend it. A few people have made the jump and really like it. Others prefer SWAG for a variety of reasons so please weigh up what you'd prefer.
It's easy enough to make a container and try it, so why not?
Great video and nice for some updated videos, while space invaders video are very good some are now getting outdated especially if your new to unraid like me thanks again
Hi Nigel, you are correct and technology changes often so staying on the forefront is critical to do justice to our users as well as unRAID who constantly improve their platform.
Thanks for tuning in and hope to share more soon
Hi, im having an issue, i have followed all of your vids to get cloudflare and NGINX to work but i just keep getting a error 521 whenever i try and go to a subdomain. I have a UDM Pro from ubiquiti and im sure i have forwarded the ports correctly but just cant get it to work. Any suggestions?
Are the ports blocked by your ISP? 80 and 443 that is. If so, you'll need something like the CloudFlare tunnel which did a video on to bypass it
Got pretty baffled by this because I previously followed a SpaceInvader tutorial on using DDNS with Cloudflare with my own domain, (resulting in a Cloudflare docker on unraid) so all the duckdns stuff is irrelevant to me. Seems odd that you're using Cloudflare for DNS management but not for DDNS - or am I missing something ?
Some gentle constructive criticism, as I do really appreciate your videos: - you have a bit of a habit of saying that something is 'super simple'. In fairness, when you use this comment after a slow paced, step by step explanation, then - because you've just demystified the subject - it's fair enough.
However you do also use the phrase after sections that are anything but simple, and I suspect they only strike you as straightforward because you have a top down, 'big picture' perspective most of us watching these videos don't have. I appreciate that it must be very difficult - especially since it's clear that some of Space Invader's videos that are only a couple of years old are already well out of date compared to current best practice. Must feel like trying to juggle a dozen balls at once, so I really do appreciate your efforts, just please bear in mind that your 'simple' isn't necessarily so for some of your thicker viewers i.e. me!
Hi Julian, thank you for your feedback. I appreciate you taking the time to write it up.
In regards to the DDNS I actually made a seperate video for that subject which is why it's not mentioned here.
As for the phrase I use I can see where you're coming from and I think I say it as a form of encouragement while teaching. I'll see if I can be more mindful about it.
@@IBRACORP Thanks for replying - and you're right, it can be and often is encouraging. Cheers
Pumba is always a good name!! And a cute warthog
Thank you so much for the video, was way easier than setting up swag.
I currently have 5 of your videos in progress trying to bounce between each one to get one thing set up lol appreciate that you have these videos but I am very lost on the duckdns part, that wasn't explained and no video was referenced like you normally do (hence why I have 5 open at the moment).
Have you looked into purchasing your own domain?
I had this installed and working great. Long story short I messed up and all my vms and dockers were deleted. I've reinstalled nginx but cannot seem to create a new certificate. Any thoughts how I can recover the old one or create new?
Using CloudFlare certificates? Can always create a new origin and install it again?
@@IBRACORP I've been following the video to a T and now this second time around it's not working. Going to try a different domain and see what happens.
@@IBRACORP I used a new domain that i've never done anything with also i reinstalled nginxproxymanager and changed the config directory around a bit figuring maybe something was hanging in the older folder (changed it to: /mnt/user/appdata/NginxProxy) and the same exact problem persists trying to create the certificate it says "Internal error" if i check the logs of the docker i am presented with the following:
⚠ warning Command failed: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --agree-tos --authenticator webroot --email "myemail@myemail.com" --preferred-challenges "dns,http" --domains "radarr.mydomain.cloud"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
@@IBRACORP Disregard - i am an idiot and was on the wrong video. setup the cloudflare certificate and all is working just fine now
I've been thinking about setting up something like this or haproxy on pfsense for a while now, not cause i really want to, but I think I'm going to have to. For years I've just had separate physical network coming off pfsense, nic switch etc. And 1 fqdn with everything pointing directly here, a records, mx, etc, well not my own ns servers, but away. Its worked great. I figured isp would get mad about the whole mx thing and either block or send me a nastly letter or something, but after a couple of years they never have. But i'm really light on 25 so idk, but back to my point: Now I have a 2nd fqdn pointing here as well and there is where problems began and where I find my myself scratching my head as to how to proceed. Another subnet won't help anything with that i don't think. I'm a little out of touch i guess. Oh, and 1 or the domains i have uses cloudflare ns. Your cloudflare vid has kind of changed my mind about how i feel about them. I probably commented there.
I didn't get a chance to watch the entire video, but previously NPM didn't allow for DNS validation on the SSL. I went to SWAG specifically for this issue... Is this still the case with NPM? And what about wildcard certs?
It does have DNS challenge inbuilt now if that's what you mean? I use a wildcard cert from CloudFlare so in that scenario it is available
nginx proxy manager get interner error..any solution?
Got this working whit all containers on unraid except Plex. Do you mind sharing the settings needed to get this working with Plex?
Shouldn't be anything special for Plex mate. If you need some help jump in our Discord
What would cause an Internal Error when saving the Host Proxy with SSL in NPM? I'm trying to get overseerr externally accessible. I've got the CNAME set and I've got 5055 port forwarded to the host IP. I also have 3 other apps that I have external access to. I'm losing my mind. lol
Using Let'sEncrypt or CloudFlare origin certificate? Check your NPM logs it will usually tell you
If I use the Cloudflare CA certificate to configure the NPM, do I need to re-issue it again after 15 years or 60 days like ACME? When will my subdomains stop working?
15 years :) (if you remember)
@@IBRACORP Awesome! Another question, instead of using NPM can I use the CA certificate obtained from cloudflare with pfsense (using haproxy)?
Hi, thanks for the video. I followed it step by step. I created an aname rather than a cname but When I save the proxy host and or request the SSL certifcate I get an internal error. I did forward the ports and also checked if I get through when I pointed it to another webseite on the unraid server.
Figured it out, I had the port in the proxy redirection wrong.
Awesome! Glad you sorted it. :)
IMPORTANT NOTE FOR FELLOW AUSSIES: One potential issue is your ISP blocking ports 443 and 80. Im with Aussie BB and they do indeed block them, a simple call to support gets them unblocked (also get out of cgnat as well if you haven't already). Took me 3 days of hair pulling to figure that out.
Cheers mate. You can also use CloudFlare tunnels for this purpose and to avoid opening ports altogether. Video on it on our channel
Still great videos. Really appreciate the help with unraid.
Thank you ♥️