Secure Local Domains Easily with Pi-hole & Nginx Proxy

แชร์
ฝัง
  • เผยแพร่เมื่อ 27 พ.ย. 2024

ความคิดเห็น • 68

  • @Techdox
    @Techdox  6 หลายเดือนก่อน +3

    If you want to add Pihole to Nginx Proxy Manager, here's a guide - docs.techdox.nz/pihole-on-npm/

  • @JayB6
    @JayB6 5 หลายเดือนก่อน +3

    This video is the first time I have been able to use nginx proxy manager. I have struggled for years to learn how it works. The best video out there right here. Thanks.

    • @Techdox
      @Techdox  5 หลายเดือนก่อน

      You’re more than welcome

  • @Oschar157
    @Oschar157 3 หลายเดือนก่อน

    Mate, truly, thank you. You did a great job demonstrating the process and keeping it simple. I have tried following other tutorials, but they always end up brushing by the concepts, expecting you to already know everything. Great job, I'm integrating this asap

  • @wizzbangtg
    @wizzbangtg 6 หลายเดือนก่อน +4

    Interesting way to accomplish this. The only issue I can see is if you have a wild card resolve from Cloudlfare DNS to your public IP and you don't want the app publicly accessible.
    I do something very similar without Pi-Hole. The way I accomplish this type of access is to have the wildcard DNS entry in Cloufflare point to my local IP of NPM. No need for the double entry for the app in both Pi-Hole and NPM. Nginx config is all that is needed since locally Cloudflare will point to the local Nginx Proxy Server. Outside access is handled, in my case is with another domain name. I also spin Authentik in there too for added security. But that is the beautiful thing about what we do. There's more than one way to do things and if it works, it's not wrong.
    Good videos, keep it up.

    • @Techdox
      @Techdox  6 หลายเดือนก่อน +2

      Yeah, 100%! That’s why I added “How I fix this” as like you mentioned there’s so many different ways :)

    • @dreevy
      @dreevy 3 หลายเดือนก่อน

      Hey, I know this comment is old but would you be able to point to any good resources on how you did this? I’m very new to all of this.

    • @duleepalakmal1482
      @duleepalakmal1482 2 หลายเดือนก่อน

      you're truly a life saver!

    • @wizzbangtg
      @wizzbangtg 2 หลายเดือนก่อน

      @@dreevy A few days later but wanted to check. Have you recieved a response on this question?

  • @anthonyyu2722
    @anthonyyu2722 5 หลายเดือนก่อน +1

    This solved my problem with proxy hosts being unreachable after turning DNS Rebind Check and Browser HTTP_REFERER enforcement back on in pfSense. I had the DNS records in Pi-hole associated with the proxy host IPs when I should of had them pointed at the Nginx IP address instead. Of course I still had to add pfSense and Nginx to the Alternate Hostnames or else I'd get the block page from pfSense. Thanks a bunch.

    • @mariotorres8910
      @mariotorres8910 3 หลายเดือนก่อน

      Same issue here - this video helped me resolve it, key point is around 6:11

  • @mariotorres8910
    @mariotorres8910 3 หลายเดือนก่อน

    6:11 this key point solved my multi-day troubleshooting of the issue lol. I was having weird connectivity issues where only some services connected. turns out local dns > dns records should point to the NPM site for routing - and not the actual service IP. In hindsight, DUH
    Great helpful video bro

    • @Techdox
      @Techdox  3 หลายเดือนก่อน +1

      Glad you got it working! It’s always something simple

  • @Holytepps
    @Holytepps 3 หลายเดือนก่อน

    Just what I searched for. Thank you!

    • @Techdox
      @Techdox  3 หลายเดือนก่อน

      Glad I could help!

  • @thefuzul
    @thefuzul 17 วันที่ผ่านมา

    Great guide! Thank you so much!

  • @benturner2973
    @benturner2973 หลายเดือนก่อน

    Great video! Thank you. How long do you need to wait for DNS to catch up to the browser? I’ve refreshed a few times now and still not seeing my local domain

    • @Techdox
      @Techdox  หลายเดือนก่อน

      Did you add it to your PiHole or what ever DNS server you are using as well as NPM?

  • @JamesBisseling
    @JamesBisseling 3 หลายเดือนก่อน

    Nice! Going to use this to set up my toys. I am wondering what that homepage is running on. Is that similar to CasaOS or something entirely different?

    • @Techdox
      @Techdox  3 หลายเดือนก่อน +1

      That would be Homepage - Here's me showcasing mine - th-cam.com/video/KQ_fYtkQZSM/w-d-xo.htmlsi=Ag9L5aBfqjQaZxsF&t=477
      Also here's a dedicated video - th-cam.com/video/a5-4u0qFKaE/w-d-xo.htmlsi=LbeUNFHlvI44uFfO

  • @Redostrike
    @Redostrike 3 หลายเดือนก่อน

    Nice tutorial, can i ask why you are not using cname to forward services isn't that cleaner/easier when you would change the ip of a server?

    • @Techdox
      @Techdox  3 หลายเดือนก่อน +1

      Thanks for the question! CNAME records wouldn't work well for my setup because:
      Direct Mapping: I need direct IP-to-domain mapping for my local services, which CNAME can't provide as it just points one domain to another.
      Nginx Proxy Manager: My Nginx Proxy Manager setup works best with A records that point directly to IPs, making the process straightforward and reliable.
      Local Control: I manage my own DNS, so using A records is quicker and easier than dealing with the extra lookup that CNAMEs require.

  • @pooley999
    @pooley999 3 วันที่ผ่านมา

    What’s that homepage you’re using?

    • @Techdox
      @Techdox  3 วันที่ผ่านมา

      It’s called homepage :) check my channel for the video :)

  • @diegofelipe2119
    @diegofelipe2119 5 หลายเดือนก่อน

    Great video, thanks!
    But do I really need to enter each service/server on Pi Hole one by one?

    • @Techdox
      @Techdox  5 หลายเดือนก่อน +1

      I can’t really see how else it would know what where to send the traffic. You need to tell it this name goes to this IP in some shape or form

    • @diegofelipe2119
      @diegofelipe2119 5 หลายเดือนก่อน

      ​@@Techdox I found out that you can do it via CLI, creating a file on /etc/dnsmasq.d/, there you can use a wildcard for the domain, this way it works for all addresses from that domain.
      Example:
      adress=/*.DOMAIN/NGINX_IP
      then run pihole restartdns

  • @mioszszyrner5990
    @mioszszyrner5990 หลายเดือนก่อน

    I see that PiHole is under differnt IP addres than the Nginx Proxy Server. I was trying to set it up running both on docker but here is the trick: I need to make PiHole also a DHCP server. I only made it work by granting "host" network mode to it. Having that unfortunatelly blocks from starting Nginx Proxy server as it requires port 80 to be free. Do you have any idea or hints what can I try to make this work?

  • @empierrelouis
    @empierrelouis 3 วันที่ผ่านมา

    Thank you!

  • @mariobrandt2984
    @mariobrandt2984 4 หลายเดือนก่อน

    Thanks for the great video. It works perfectly.
    I have a question: I would also like to access my PiHole and the Proxmox server with SSL via the NPM. However, both services do not only have IP:Port
    There is also the text and special characters at the end. How do you enter such things in the NPN?

    • @Techdox
      @Techdox  4 หลายเดือนก่อน +1

      Proxmox is port 8006 and PiHole is port 80 but needs some custom config for PiHole. Feel free to join the Discord and I can run you through it

    • @mariobrandt2984
      @mariobrandt2984 3 หลายเดือนก่อน

      @@Techdox 💯 work 😃

  • @chrisumali9841
    @chrisumali9841 6 หลายเดือนก่อน

    Awesome demo, thanks for the info and config.

    • @Techdox
      @Techdox  6 หลายเดือนก่อน

      You’re more than welcome

  • @mitchhoneysett7674
    @mitchhoneysett7674 2 วันที่ผ่านมา

    Followed the step. but local dns not working in browsers. nslookup works, not secure message still appears

    • @Techdox
      @Techdox  2 วันที่ผ่านมา

      @@mitchhoneysett7674 cache? Tried another browser?

  • @mariuszzawierucha1310
    @mariuszzawierucha1310 5 หลายเดือนก่อน

    So to accomplish that particular task you have to own a domain, right? What if I don't have any? How to add ssl cert to each of my containers then?

    • @Techdox
      @Techdox  5 หลายเดือนก่อน

      To get let's encrypt SSL certificates, yeah you need to own a domain name

  • @pinsondetailing
    @pinsondetailing 3 หลายเดือนก่อน

    But all these are available from outside your network, correct? How would I do the same thing but for them all to be private? Eg.. only available from inside the lan.

    • @Techdox
      @Techdox  3 หลายเดือนก่อน

      @@pinsondetailing no these are local only unless I open them up publicly, default my proxy is not open to the internet and if I want a service to be public I use the Cloudflare tunnel.

  • @fossdom5568
    @fossdom5568 6 หลายเดือนก่อน

    Any preference doing via NPM as compared to Cloudflared tunnel ?

    • @Techdox
      @Techdox  6 หลายเดือนก่อน +2

      I use cloudflare tunnels for services I want made public, and private I keep out of Cloudflare.

    • @-nepherim
      @-nepherim 6 หลายเดือนก่อน

      @@Techdox So this method allows services to remain local. If you want them public, then configure them in CF? That right? (excellent video btw. finding a solution to this has been on my backlog for years!)

    • @Techdox
      @Techdox  6 หลายเดือนก่อน

      @@-nepherim that’s correct :)

  • @POV-Fire-Response
    @POV-Fire-Response 6 หลายเดือนก่อน

    Just wondering if you have a way to make nginx a forward proxy with a whitelist?

    • @FelipeBudinich
      @FelipeBudinich 5 หลายเดือนก่อน

      Would wireguard be the thing you look for?

  • @diazrocks
    @diazrocks 6 หลายเดือนก่อน

    Would NPM work if i have CG-NAT? NPM always give me an error during sll cert request. And yes 443 & 80 is open

  • @kiloy1006
    @kiloy1006 3 หลายเดือนก่อน

    i'm not quiet clear on this...
    you made random subdomain and showed it's not reachable since it doesn't exist. As soon as you add the address to the nginx reverse proxy manager, of course it will and it means it is also publicly accessable?
    Can you add something that shows your new sub-domain isn't available from outside and only accessible from internal network only?

    • @Techdox
      @Techdox  3 หลายเดือนก่อน

      @@kiloy1006 it’s not reachable because Nginx proxy manager is not exposed to the web. So if I want a service exposed to the web I add a Cloudflare tunnel to expose the specific service.
      Local works as follows.
      I add the domain name to Pihole to resolve to NPM, I search that domain name, Pihole sends it to NPM I hit the service. All local.
      Public, I have a Cloudflare tunnel I point the domain name to my NPM address NPM gets the traffic from Cloudflare and sends it to the service.
      I was sure I mentioned this process in the video

    • @kiloy1006
      @kiloy1006 3 หลายเดือนก่อน

      @@Techdox as soon as you said nginx proxy manager was not exposed to the web, it clicked!
      One more question though, in that case, i would have to spin up another NPM for local use only. Would 'local-only' NPM be able to issue & renew the certificate every 90days?

    • @Techdox
      @Techdox  3 หลายเดือนก่อน

      @@kiloy1006 since I use local only and expose via cloudflare I need to open up my NPM via a port forward just while I renew my license then I lock it back down again, might be another way but that’s how I do it.
      Issuing is no problem at all

  • @m12652
    @m12652 6 หลายเดือนก่อน

    You're a star! Thanks 👍

    • @Techdox
      @Techdox  6 หลายเดือนก่อน

      Glad I could help!

  • @ashoktvm
    @ashoktvm 3 หลายเดือนก่อน

    this is because U have port forwarded 80 and 443 and a static or dynamic IP with DDNS, and a domain name as well?

    • @Techdox
      @Techdox  3 หลายเดือนก่อน +1

      I have not exposed my Nginx to the web it’s all local and if I want to expose a service then I use Cloudflare tunnel to expose that one service otherwise it’s local

    • @ashoktvm
      @ashoktvm 3 หลายเดือนก่อน +1

      @@Techdox it says in when setting up ssl itself this" These domains must be already configured to point to this installation". How come without portfowarding can this be obtained?

    • @Techdox
      @Techdox  หลายเดือนก่อน

      @@ashoktvm because it’s all local. Nothing is exposed like I mentioned

  • @udhayakumarcp
    @udhayakumarcp 5 หลายเดือนก่อน

    How you did the ssl?

    • @Techdox
      @Techdox  5 หลายเดือนก่อน

      Using the Let’s encrypt feature within Nginx Proxy Manager

  • @creelfo
    @creelfo 3 หลายเดือนก่อน

    Anyone else getting an issue where asking for an ssl certificate doesn’t work due to an internal error

    • @Techdox
      @Techdox  3 หลายเดือนก่อน

      Jump into the Discord if you like. We can help you there :)

  • @joeshelby3352
    @joeshelby3352 5 หลายเดือนก่อน

    how make that 3:29 homepage beautifull? any source?

    • @Techdox
      @Techdox  5 หลายเดือนก่อน

      Jump into the discord and I can help you :)

    • @joeshelby3352
      @joeshelby3352 5 หลายเดือนก่อน

      @@Techdox link please

    • @Techdox
      @Techdox  5 หลายเดือนก่อน

      @@joeshelby3352 discord.com/invite/8mX2KRxDw8

  • @programmergoogle
    @programmergoogle 3 หลายเดือนก่อน

    how to make home monitoring like a minute 0:58 ?

    • @Techdox
      @Techdox  2 หลายเดือนก่อน

      That's Homepage, I have a video on it :)

  • @LiamKarlMitchell
    @LiamKarlMitchell 3 หลายเดือนก่อน

    Wehey nz