This is an awesome tutorial and I am thankful that I found it. I was able to recreate everything in just few minutes and now it is working without any problems at all. Clear instructions with a nice flow that it is really easy to follow, thanks a lot.
So two things here. First I messes up a bit here. You can enable Force SSL I should have. All force SSL does from my understanding is make it so if someone goes to the http address instead of https it will "force" ssl by redirecting to https. Secondly, I used http because the service that I am point to is using http. Using http redirects to port 80 where as https redirects to port 443. If I use https on a service without https it will point to the right ip, but not the correct port. In this case think I could have used either since nginx proxy manager I believe supports https as well. I used http in this case to just show that it will work with http and make it a https address when visiting. I should have caught this. You have great attention to details!
What does the code do that you inserted in the Advanced section of Pihole? Do you need to configure anything in Pihole itself for DNS resolution for internal services?
Could you time stamp the code you are talking about please? Right click the video after you pause and copy video URL at current time and reply back please. You should not have to use Pihole for DNS resolution for internal service. We are using Nginx Proxy Manger to almost replace DNS in a way. Since the DNS entry is on the internet it just points to your internal IP address then the proxy tells the browser where to go. You can still setup local DNS records if you would like and I believe you could use that instead of an IP address when adding something to the proxy. Hope this helps.
Thanks sorry about that. Without it when we attempt to go to pihole we can not, we will get an error. This is because we need to go to pihole's admin page not just to the ip/port. Normally pihole would automatically redirect us, but for some reason it does not. If we set this in the UI it doesn't seem to work either. So this is the work around. All the code is doing is redirecting us to IPADDRESS:PORT/admin. it is also passing some of the information pihole needs to pihole.
I am not 100% sure as I do not know your setup fully however. I would suspect maybe a firewall on other machines. I would check firewall and verify they are on the same subnet. I am not really sure without details about the setup.
same. 2nd video on the topic. I can get the SSL on NPM. I use cloudflare. I point to to the correct subdomain/IPaddress with HTTPS and port number. Even have a PTR record on my windows server. Still does not work on Proxmox, Opnsense, or Portainer.
Same story here. Working with Cloudflare, but can't seem to get it up and running on other instances but the NPM system itself (which gets the certificate). Not sure why the other systems are irresponsive...
did you find any solution guys? im stuck at the same problem, the hosts shows up as online on npm with a green dot, but it doesnt work when i click on it, the subnet is the same...
I got SSL to work only for ngnix, I have a pretty simple setup with proxmox running my containers for my other servers. and I have a container with docker installed where ngnix lives, would I have to install certbot in all of my other containers in proxmox to have this work as well or am I missing something?
I do not believe you would need to. In my experience with this setup I have 3 different proxmox nodes all running different services and only one is running ssl for everything.
Great video! Im an absolut newbie and want to set up my first ever Rasberry Pi homelab and have been researching for the oast month on how to set things up. This solves the question on how to get ssl certs for vaultwarden without opening any ports. Additionally, I want to set up Pi Hole (as you showed) but also unbound as a local recursive DNS. Will this somehow interfere with the local dns challange you set up with DuckDNS? (Sorry for the stupid question. Im still very unsure with all the IT-Terms and get cofused with how everything interacts with each other)
I also had issues with unbound it seems to be a common issues people have had in the comments in my case I was able to switch over to dnsmasq. I know it isn't fixing the problem but avoiding it, but for me it was the solution I needed at the time I am still looking into issues concerning unbound, but I have quite a bit to learn about it before I can give a perfect answer. Thanks for the feedback.
I would recommend using a VPN like in this video th-cam.com/video/g6Fy2WVz6ek/w-d-xo.html . I personally do not recommend exposing services anyway other than via VPN access. You can, but it requires a bit of network knowledge to do so. You would need to open up nginx proxy manager to the internet normally using port forwarding.
@@perkelatorZ79 thanks so much for this. This was basically exactly what I was looking for explained in great detail. Previously, I was only able to access my emby server off my home network unsecured and I didn’t want to leave it like that.
@@perkelatorZ79 do you also happen to have any advice or suggestions for trying to setup making my services accessible using a vpn tunnels with a paid vpn service?
@@petrosposiedon3210 you can split it so that your network traffic like watching a TH-cam video will be over a paid VPN and still have access to your services it is called a split tunnel and it is just a bit of configuration depending on what VPN and VPN service that is used.
Hey there, this might be a silly question but can you explain why you set your duckDNS domain to a local IP address? If you want to access a service over the internet, how would a user in another place resolve that IP? I'm very much a beginner trying to learn homelabbing and networking. Is this meant only to provide certificates for local use? Or maybe i'm misunderstanding. Thanks a bunch!
Yes, this is for local lan use only. You are basically using a valid letsencrypt certificate using the public dns api to create certificates that will resolve properly within your local network.
@@azazahamed Thank you for your response! That makes sense, I just got confused. I appreciate your time. I've watched all of the videos in this series and they were really helpful!
Great video, this has been really helpful and interesting in getting a base lab setup for SSL certs. I'm excited to dive in and look at setting up and generating internal certs for my lab in the future.
You should be able to ignore local DNS and treat this as local DNS, but I have very little experience with unbound. Local DNS can't be used with let's encrypt from what I understand so your local DNS records shouldn't matter.
@@perkelatorZ79 I'm having the same issue. Not sure what you mean when you say "You should be able to ignore local DNS and treat this as local DNS". I'm using a Pihole as well. I have the DNS for the Pihole set in my router.
The video is very well explained, but for some reason i can't understand why it doesnt work in my case, i have installed nginx correctly, and duckdns is pointed to the correct ip of my subnet where nginx is installed, btw is the same of portainer since i have it installed on portainer, but for some reason, after i add the SSL certificates, if i create the host, it shows up as "online" with a green dot, but if i click on it, it can't resolve and redirect to my service, any suggestion on how to solve this? Thank's in advance for your help!
I can't say exactly. Is it all services or just one. I have had some services not play well due to needing to be redirected to a specific location like www.example.duckdns.org/service/admin/ where the service has to be point to /serivce/admin/ or it results in an error. Also on a side note the green dot seems to be misleading quite often for me. I have yet to see other talk about it, but sometimes I can point it to something that just doesn't exist and it will still report online despite not having a service at that location.
Thank you for the response, honestly i figured it out, basically i missed the part where i had a dns resolver to do the job, a lot of guides talked about pihole, but since i dont use it, i just had to add a dns override entry in the router, that pointed to the npm machine, after that , everything worked flawlessy, once again thank you so much for taking your time answering me. I'm gonna leave this hear hoping someone will find it helpful @@perkelatorZ79
It's a nice way and used it many times. But if you are trying to create SSL for local connections where there is no internet, you can create a certificate authority and trust the local certificates.
Really nice video.Do you know if the ssl certs is auto renewed by nginx proxy manager? I have not seen any option about it. Thanks for this kind of content.
Hi, so I can access, for example, to one of my servers from internet? Right? And if my home IP address change ( i have a provider with no fix ip address, also if i poweroff my modem/router and on i’ll have a new ip address ) I perhaps must so install the DuckerDNS container on docker to refresh the dns link with DuckDNS? Thanks in advance!
ah no, ok, looking closely at the video and the comments I saw that to have access from the outside I have to use port forwarding or VPN. While for the other question, if my IP changes, is it better to have the DuckDNS container installed or is it not needed?
I do believe that they do. I should know the answer, but in preparation for staring TH-cam I was constantly blowing away my lab so I haven't made it long enough to test it. Sorry for the untested answer.
When i follow these steps and open link of the proxy host chrome browser blocks it with security error saying dangerous site. Can you help me with this?
This is a link to how to visit unsafe sites from google: support.google.com/chrome/answer/99020?hl=en&co=GENIE.Platform%3DDesktop It should have a details button, click it then click visit unsafe site.
Hello, Thanks for a Great video and amazing explanation. I have questions though.. Without the internet, will I still be having certs on my LAN services? What about the domain name? This I asked because of your previous video on pihole setup with local dns. How can I get the best of both worlds, local and external access with ssl? Are the certs going to be updated automatically?
These certs are setup without exposure to the Internet so in this case you can add any LAN service you would like. I showed local DNS just for completeness. I am not using local DNS records. Pihole is only being used as a service many people like to have in there home lab. It is not required for SSL certs. I am not using these certs for external access, I am using them mostly for removing warning as and as a local DNS of sorts. You can use them for external access but I would setup a domain with cloudflare and you would want to setup some firewall rules to only accept connections from cloudflare. Personally I feel like a vpn I ls a better way to access homelab stuff. th-cam.com/video/g6Fy2WVz6ek/w-d-xo.htmlsi=ZX6RAl4pXWEzbgDG is a link to my video on should you expose your homelab to the Internet. I show how to setup tailscale VPN access to your lan. The certs should be renewed automatically. Thanks for the feedback! I hope I answered your questions! If not let me know.
Not dumb at all, asking to learn can never be dumb. Dumb would be to not know and not ask. Yes you can install NPM inside of an LXC container. With a bit of google-fu I found this bobcares.com/blog/nginx-proxy-manager-lxc/ it may be of use to you. I am not saying it is perfect instructions as I have not personally validated it, but it looks pretty close.
Yes, how this is setup. You can make it work for public services as well, but I would recommend using a VPN to share out resources instead. It minimizes security risk using a VPN over just having it out on the public internet. Hope this helps!
As usual I seem to be missing parts because nothing ever works the 1st time. I followed everything step by step but it does not work for me on either my local machine it is installed on nor when trying to navigate to another machine on my same network. I can access my machine/service fine using just the ip address but not using the name i put under source.
Will this work for remote access like sharing jellyfin with family or is this only for your LAN? Edit: nevermind I just heard the beginning of the video again, but how would you go about configuring for public access?
I wouldn't use just this to give access I would personally used some kind of a VPN like wireguard or tailscale. I feel it is more secure than allowing it just on the open internet. You can use this for public access there are plenty of tutorials for it, it consist of port forwarding the proxy and a few other steps I haven't personally done this so I can't give details out of ignorance.
For some reason I can't get the certificate. It always fails with the same error you showed. I have even tried after 24 hours, but same result. Do I need to open any ports on the ISP router?
You should not have to portforward anything. At the time of the video I have only a minecraft server open to the world. I am not sure why it would happen providing it is the same error. I am sorry not to be of more help.
Thanks for that video. It helped me a lot with direction. I could even configure NextCloud based on the same container wwith Portainer as Nginx Proxy Manager, but at cost of 4-5 hours :)
This could be quite a few things what service are you trying to add? It could be pointing at the wrong port. May need to add a location like /admin or /example.
@@perkelatorZ79 I figured it out. I had to add a host header under the advanced tab. I realized that when I saw you adding on for pihole. :). Thanks a ton! :)
Awesome tutorial i only didn't got the proxy not working i put the ip of the container where NPM is running in the dns record from duckdns but when i create a proxy in NPM and i click on it i get a error that the server can not be found but when i use the normal ip of the server it does work (same is true when i add NPM to the proxy list and try with my domain from duckdns) Edit:my first comment disappeared so i hope this one stays. Edit 2: if you encounter the same problem as me so following the tutorial and not able to reach the server. turn off DNS Rebind protection or whitelist them so your router lets them through. well come to the 7 hour story of my life all because of DNS rebind protection :P
Turn off DNS Rebind protection or whitelist them so your router lets them through Thank you for that. It could explain issues other have been having I appreciate this finding!
I've diagnosed my similar situation while using Tailscale & npm. It's not called 'rebinding' but the intent is clear. Without it, I'm in ❤ with npm (setup is simple & it works!). With it, all forwards fail.
Days....DAYS I tell you I have been pounding my head on the wall trying to figure out why this wasn't working!!!! One small little tick box in OPNsense and, boom, works as it was supposed to. I'm so happy and frustrated at the same time!!! Thank you fine person for bringing this to my attention!!!
Hello , Nice tut , i Have Questions ! the way u doing that .. its accusable from Outside network or u just using that way so u not write Port of any app that u are using?! because if its accusable from outside network ! how u enter ip 192.168.0.x ?! And Why u Installed Nginx proxy manager 2 time !
It is not accessible from outside the local network. Part of it is so you do not have to remember ports/ip addresses, but it is also for good practice and to remove the warning that may services give when no SSL is present. As explained in the video you do not have to install it in both ways, the video is intended so that one can use either Docker-Compose or Portainer depending on which is easier. Knowing how to do something in more than one way can be useful. In this case the install is very similar, but I do not want to assume that the person watching knows that or has experiences with either. Thanks for your feedback hope I answered your question.
Ayyyy my guy, nice to see. I for a while was doing soundwave and Mini-Cassettes then that fell though when I got a mini cassette bigger than soundwave so now I just go to the wiki page and copy paste at this point.
maybe I'm missing something, and I'm not using DuckDNS but another provider. I can get it all working, but I have to set the record in the DNS provider. Like at th-cam.com/video/sRI4Xhyedw4/w-d-xo.htmlsi=xwk1yKz-cja2Cxzv&t=959 you set up Megatron in NPM but how would it know what that resolves to without defining it in DNS. At the least I would think you'd need a CNAME record to point megatron.perkelator to perkalator (where the A record for perkalator is already defined). Don't you need to add a DNS entry for every entry in NPM or does DuckDNS do this automagically somehow? also great video!
So this works because the proxy is handling traffic not DNS. So once it contacts the proxy the proxy returns the correct site. So the DNS only has to be pointing at NPM. We use a wildcard DNS record so that all the subdomains for say example.com can be used. This is done using a * as the subdomain. With *.example.com it means that say megatron.example.com and starscream.example.com will return the same address. From there NPM will return the correct site based off the subdomain. So this working kind of how you suggested, but the cname is says every subdomain points to the same address if that makes sense. My first assumption would be that the DNS isn't set as a wildcard subdomain, but that could be wrong. Hope this was helpful! Let me know.
Too bad my install of NPM is acting like a Piece of $h!t. It wont let me modify my access list, among other things. Thuis is a great tutorial, but im really frustrated with the process recently. I just want Vaultwarden to be served over HTTPS so its usable. ::sad face::
So this will not work how I have it setup over the open internet. Personally if you are just setting up vaultwarden for personal use I would just use a VPN into your network over exposing it to the internet. You would still get access and have much more minimal attack surface from what I understand.
Still one of the BEST NPM walkthrough's I've seen.
Appreciate the high praise!
This is an awesome tutorial and I am thankful that I found it. I was able to recreate everything in just few minutes and now it is working without any problems at all. Clear instructions with a nice flow that it is really easy to follow, thanks a lot.
Nice to know it worked for you. Thanks for watching hopfully you will find future videos just a helpful.
best tutorial ive seen so far. congrats...
Makes my day to see comments like this! Thanks!
18:50 can you explain why for this particular entry you're leaving the scheme set to "http" instead of https and you're not enabling "Force SSL"?
So two things here.
First I messes up a bit here. You can enable Force SSL I should have. All force SSL does from my understanding is make it so if someone goes to the http address instead of https it will "force" ssl by redirecting to https.
Secondly, I used http because the service that I am point to is using http. Using http redirects to port 80 where as https redirects to port 443. If I use https on a service without https it will point to the right ip, but not the correct port. In this case think I could have used either since nginx proxy manager I believe supports https as well. I used http in this case to just show that it will work with http and make it a https address when visiting.
I should have caught this. You have great attention to details!
What does the code do that you inserted in the Advanced section of Pihole? Do you need to configure anything in Pihole itself for DNS resolution for internal services?
Could you time stamp the code you are talking about please? Right click the video after you pause and copy video URL at current time and reply back please.
You should not have to use Pihole for DNS resolution for internal service. We are using Nginx Proxy Manger to almost replace DNS in a way. Since the DNS entry is on the internet it just points to your internal IP address then the proxy tells the browser where to go. You can still setup local DNS records if you would like and I believe you could use that instead of an IP address when adding something to the proxy.
Hope this helps.
@@perkelatorZ79 it's the code you have the in the description but it's at 18:07 th-cam.com/video/sRI4Xhyedw4/w-d-xo.html
Thanks sorry about that.
Without it when we attempt to go to pihole we can not, we will get an error. This is because we need to go to pihole's admin page not just to the ip/port. Normally pihole would automatically redirect us, but for some reason it does not. If we set this in the UI it doesn't seem to work either. So this is the work around. All the code is doing is redirecting us to IPADDRESS:PORT/admin. it is also passing some of the information pihole needs to pihole.
can't seem to make this work on other local machines, only works on services where nginx-proxy-manager is hosted, did i miss something?
I am not 100% sure as I do not know your setup fully however. I would suspect maybe a firewall on other machines. I would check firewall and verify they are on the same subnet. I am not really sure without details about the setup.
same. 2nd video on the topic. I can get the SSL on NPM. I use cloudflare. I point to to the correct subdomain/IPaddress with HTTPS and port number. Even have a PTR record on my windows server. Still does not work on Proxmox, Opnsense, or Portainer.
Same story here. Working with Cloudflare, but can't seem to get it up and running on other instances but the NPM system itself (which gets the certificate). Not sure why the other systems are irresponsive...
@@ralph4370 Same story here. Have you ever found a solution?
did you find any solution guys? im stuck at the same problem, the hosts shows up as online on npm with a green dot, but it doesnt work when i click on it, the subnet is the same...
Video is very well explained ! but when put "*" 13:12 in domains not work , not permit , any tip?
I hate to say it, but i have not seen that error sorry to not be or any help
I got SSL to work only for ngnix, I have a pretty simple setup with proxmox running my containers for my other servers. and I have a container with docker installed where ngnix lives, would I have to install certbot in all of my other containers in proxmox to have this work as well or am I missing something?
I do not believe you would need to. In my experience with this setup I have 3 different proxmox nodes all running different services and only one is running ssl for everything.
Great video! Im an absolut newbie and want to set up my first ever Rasberry Pi homelab and have been researching for the oast month on how to set things up. This solves the question on how to get ssl certs for vaultwarden without opening any ports. Additionally, I want to set up Pi Hole (as you showed) but also unbound as a local recursive DNS. Will this somehow interfere with the local dns challange you set up with DuckDNS? (Sorry for the stupid question. Im still very unsure with all the IT-Terms and get cofused with how everything interacts with each other)
I also had issues with unbound it seems to be a common issues people have had in the comments in my case I was able to switch over to dnsmasq. I know it isn't fixing the problem but avoiding it, but for me it was the solution I needed at the time I am still looking into issues concerning unbound, but I have quite a bit to learn about it before I can give a perfect answer. Thanks for the feedback.
Really interesting! Thanks for the guide!
Can you show how to configure or setup for remote access outside my local network, please. I can’t seem to figure it out.
I would recommend using a VPN like in this video th-cam.com/video/g6Fy2WVz6ek/w-d-xo.html . I personally do not recommend exposing services anyway other than via VPN access. You can, but it requires a bit of network knowledge to do so. You would need to open up nginx proxy manager to the internet normally using port forwarding.
@@perkelatorZ79 thanks so much for this. This was basically exactly what I was looking for explained in great detail. Previously, I was only able to access my emby server off my home network unsecured and I didn’t want to leave it like that.
@@perkelatorZ79 do you also happen to have any advice or suggestions for trying to setup making my services accessible using a vpn tunnels with a paid vpn service?
@@petrosposiedon3210 you can split it so that your network traffic like watching a TH-cam video will be over a paid VPN and still have access to your services it is called a split tunnel and it is just a bit of configuration depending on what VPN and VPN service that is used.
Great tutorial! Is anyone else getting a dangerous site warning when trying to access Protainer through NPM? Is there a solution?
Hey there, this might be a silly question but can you explain why you set your duckDNS domain to a local IP address? If you want to access a service over the internet, how would a user in another place resolve that IP? I'm very much a beginner trying to learn homelabbing and networking.
Is this meant only to provide certificates for local use? Or maybe i'm misunderstanding. Thanks a bunch!
Yes, this is for local lan use only. You are basically using a valid letsencrypt certificate using the public dns api to create certificates that will resolve properly within your local network.
@@azazahamed Thank you for your response! That makes sense, I just got confused. I appreciate your time.
I've watched all of the videos in this series and they were really helpful!
@@HowlYeYe You're very much welcome! Glad I could be of help!
@azazahamed thanks for answering!
Great video, this has been really helpful and interesting in getting a base lab setup for SSL certs. I'm excited to dive in and look at setting up and generating internal certs for my lab in the future.
Thanks!! I'm happy you found it useful.
Can you do a tutorial of this with Cloudflare and Nginx Proxy Manager?
Any idea how to setup this when I have Pi-Hole+unbound being used a local DNS?
You should be able to ignore local DNS and treat this as local DNS, but I have very little experience with unbound. Local DNS can't be used with let's encrypt from what I understand so your local DNS records shouldn't matter.
@@perkelatorZ79 I'm having the same issue. Not sure what you mean when you say "You should be able to ignore local DNS and treat this as local DNS". I'm using a Pihole as well. I have the DNS for the Pihole set in my router.
I have this setup as well, but noticed that it does not makes a difference when you disable the pihole. So it seems the pihole is not a problem.
The video is very well explained, but for some reason i can't understand why it doesnt work in my case, i have installed nginx correctly, and duckdns is pointed to the correct ip of my subnet where nginx is installed, btw is the same of portainer since i have it installed on portainer, but for some reason, after i add the SSL certificates, if i create the host, it shows up as "online" with a green dot, but if i click on it, it can't resolve and redirect to my service, any suggestion on how to solve this?
Thank's in advance for your help!
I can't say exactly. Is it all services or just one. I have had some services not play well due to needing to be redirected to a specific location like www.example.duckdns.org/service/admin/ where the service has to be point to /serivce/admin/ or it results in an error. Also on a side note the green dot seems to be misleading quite often for me. I have yet to see other talk about it, but sometimes I can point it to something that just doesn't exist and it will still report online despite not having a service at that location.
Thank you for the response, honestly i figured it out, basically i missed the part where i had a dns resolver to do the job, a lot of guides talked about pihole, but since i dont use it, i just had to add a dns override entry in the router, that pointed to the npm machine, after that , everything worked flawlessy, once again thank you so much for taking your time answering me. I'm gonna leave this hear hoping someone will find it helpful @@perkelatorZ79
It's a nice way and used it many times.
But if you are trying to create SSL for local connections where there is no internet, you can create a certificate authority and trust the local certificates.
how to do it?
@@r3tr0n17
th-cam.com/video/WqgzYuHtnIM/w-d-xo.html
Really nice video.Do you know if the ssl certs is auto renewed by nginx proxy manager? I have not seen any option about it. Thanks for this kind of content.
I do believe that it is auto renewed. Thanks for the feedback!
Hi, so I can access, for example, to one of my servers from internet? Right? And if my home IP address change ( i have a provider with no fix ip address, also if i poweroff my modem/router and on i’ll have a new ip address ) I perhaps must so install the DuckerDNS container on docker to refresh the dns link with DuckDNS?
Thanks in advance!
ah no, ok, looking closely at the video and the comments I saw that to have access from the outside I have to use port forwarding or VPN.
While for the other question, if my IP changes, is it better to have the DuckDNS container installed or is it not needed?
Yea some kind of dynamic DNS is needed endless you have a static IP address.
Amazing, very useful video and clear step. one question, certificate will automatically renew?
I do believe that they do. I should know the answer, but in preparation for staring TH-cam I was constantly blowing away my lab so I haven't made it long enough to test it. Sorry for the untested answer.
Thank you for your response. One more question, i have using macvlan, after deploy the nginx proxy manager, how to change IP and set it as static IP?
That I am not sure about. Sorry for not being a help.
When i follow these steps and open link of the proxy host chrome browser blocks it with security error saying dangerous site. Can you help me with this?
This is a link to how to visit unsafe sites from google: support.google.com/chrome/answer/99020?hl=en&co=GENIE.Platform%3DDesktop
It should have a details button, click it then click visit unsafe site.
Hello, Thanks for a Great video and amazing explanation. I have questions though..
Without the internet, will I still be having certs on my LAN services? What about the domain name? This I asked because of your previous video on pihole setup with local dns. How can I get the best of both worlds, local and external access with ssl?
Are the certs going to be updated automatically?
These certs are setup without exposure to the Internet so in this case you can add any LAN service you would like. I showed local DNS just for completeness. I am not using local DNS records. Pihole is only being used as a service many people like to have in there home lab. It is not required for SSL certs. I am not using these certs for external access, I am using them mostly for removing warning as and as a local DNS of sorts. You can use them for external access but I would setup a domain with cloudflare and you would want to setup some firewall rules to only accept connections from cloudflare. Personally I feel like a vpn I ls a better way to access homelab stuff. th-cam.com/video/g6Fy2WVz6ek/w-d-xo.htmlsi=ZX6RAl4pXWEzbgDG is a link to my video on should you expose your homelab to the Internet. I show how to setup tailscale VPN access to your lan.
The certs should be renewed automatically.
Thanks for the feedback! I hope I answered your questions! If not let me know.
@@perkelatorZ79 Many thanks, I really appreciate.
sorry for the probable dumb question, but with this method can i access the *.domain.etcetera from outside my local network?
You could, but you would need to forward the ports for the proxy I would also recommend, buying a domain and setting it up behind cloudflair
dumb question and also just learning all this can I install an lxc container of nginx proxy manager without installing docker and this still work?
Not dumb at all, asking to learn can never be dumb. Dumb would be to not know and not ask. Yes you can install NPM inside of an LXC container. With a bit of google-fu I found this bobcares.com/blog/nginx-proxy-manager-lxc/ it may be of use to you. I am not saying it is perfect instructions as I have not personally validated it, but it looks pretty close.
Does it only work inside of the home network?
Yes, how this is setup. You can make it work for public services as well, but I would recommend using a VPN to share out resources instead. It minimizes security risk using a VPN over just having it out on the public internet. Hope this helps!
Thx for this great Video now its working for me
big thumps up!! thank you very much
Great tutorial, thanks.
Glad you enjoyed it! Thanks for the feedback and motivation to continue making videos!
As usual I seem to be missing parts because nothing ever works the 1st time. I followed everything step by step but it does not work for me on either my local machine it is installed on nor when trying to navigate to another machine on my same network. I can access my machine/service fine using just the ip address but not using the name i put under source.
I got the same issue - could you find a solution?
Will this work for remote access like sharing jellyfin with family or is this only for your LAN?
Edit: nevermind I just heard the beginning of the video again, but how would you go about configuring for public access?
I wouldn't use just this to give access I would personally used some kind of a VPN like wireguard or tailscale. I feel it is more secure than allowing it just on the open internet. You can use this for public access there are plenty of tutorials for it, it consist of port forwarding the proxy and a few other steps I haven't personally done this so I can't give details out of ignorance.
For some reason I can't get the certificate. It always fails with the same error you showed. I have even tried after 24 hours, but same result. Do I need to open any ports on the ISP router?
You should not have to portforward anything. At the time of the video I have only a minecraft server open to the world. I am not sure why it would happen providing it is the same error. I am sorry not to be of more help.
Thanks for that video. It helped me a lot with direction. I could even configure NextCloud based on the same container wwith Portainer as Nginx Proxy Manager, but at cost of 4-5 hours :)
Yeah, nextcloud can take some time!
very good tutorial, thank you.
very nice video. thanks you bro, you really help. this tutorial is work nicely and very detail step
Thanks! Glad to hear it helped you out.
This tutorial works perfect
Glad to here it!
When I click on the newly added host entry, I get "502 Bad Gateway" :(
This could be quite a few things what service are you trying to add? It could be pointing at the wrong port. May need to add a location like /admin or /example.
@@perkelatorZ79 I figured it out. I had to add a host header under the advanced tab. I realized that when I saw you adding on for pihole. :). Thanks a ton! :)
no pueden tener un nombre de ssl distinto con la misma ip, tenganlo en cuenta
Esto es a través del traductor de Google, pero sí, creo que es correcto.
Awesome tutorial i only didn't got the proxy not working i put the ip of the container where NPM is running in the dns record from duckdns but when i create a proxy in NPM and i click on it i get a error that the server can not be found but when i use the normal ip of the server it does work (same is true when i add NPM to the proxy list and try with my domain from duckdns) Edit:my first comment disappeared so i hope this one stays. Edit 2: if you encounter the same problem as me so following the tutorial and not able to reach the server. turn off DNS Rebind protection or whitelist them so your router lets them through. well come to the 7 hour story of my life all because of DNS rebind protection :P
Turn off DNS Rebind protection or whitelist them so your router lets them through
Thank you for that. It could explain issues other have been having I appreciate this finding!
I've diagnosed my similar situation while using Tailscale & npm.
It's not called 'rebinding' but the intent is clear. Without it, I'm in ❤ with npm (setup is simple & it works!). With it, all forwards fail.
Days....DAYS I tell you I have been pounding my head on the wall trying to figure out why this wasn't working!!!! One small little tick box in OPNsense and, boom, works as it was supposed to. I'm so happy and frustrated at the same time!!! Thank you fine person for bringing this to my attention!!!
Hello , Nice tut ,
i Have Questions !
the way u doing that .. its accusable from Outside network or u just using that way so u not write Port of any app that u are using?!
because if its accusable from outside network ! how u enter ip 192.168.0.x ?!
And Why u Installed Nginx proxy manager 2 time !
It is not accessible from outside the local network. Part of it is so you do not have to remember ports/ip addresses, but it is also for good practice and to remove the warning that may services give when no SSL is present. As explained in the video you do not have to install it in both ways, the video is intended so that one can use either Docker-Compose or Portainer depending on which is easier. Knowing how to do something in more than one way can be useful. In this case the install is very similar, but I do not want to assume that the person watching knows that or has experiences with either. Thanks for your feedback hope I answered your question.
@@perkelatorZ79
Aha ok thnx i was asking to be sure what i understood 😊
this was the simplest and working nginx tutorial among a few, thank you!
That is what I am aiming for! Thanks.
Props to decepticon naming convention. Same at my home.
Ayyyy my guy, nice to see. I for a while was doing soundwave and Mini-Cassettes then that fell though when I got a mini cassette bigger than soundwave so now I just go to the wiki page and copy paste at this point.
maybe I'm missing something, and I'm not using DuckDNS but another provider. I can get it all working, but I have to set the record in the DNS provider. Like at th-cam.com/video/sRI4Xhyedw4/w-d-xo.htmlsi=xwk1yKz-cja2Cxzv&t=959 you set up Megatron in NPM but how would it know what that resolves to without defining it in DNS. At the least I would think you'd need a CNAME record to point megatron.perkelator to perkalator (where the A record for perkalator is already defined). Don't you need to add a DNS entry for every entry in NPM or does DuckDNS do this automagically somehow?
also great video!
So this works because the proxy is handling traffic not DNS. So once it contacts the proxy the proxy returns the correct site. So the DNS only has to be pointing at NPM. We use a wildcard DNS record so that all the subdomains for say example.com can be used. This is done using a * as the subdomain. With *.example.com it means that say megatron.example.com and starscream.example.com will return the same address. From there NPM will return the correct site based off the subdomain.
So this working kind of how you suggested, but the cname is says every subdomain points to the same address if that makes sense.
My first assumption would be that the DNS isn't set as a wildcard subdomain, but that could be wrong.
Hope this was helpful! Let me know.
Too bad my install of NPM is acting like a Piece of $h!t. It wont let me modify my access list, among other things. Thuis is a great tutorial, but im really frustrated with the process recently. I just want Vaultwarden to be served over HTTPS so its usable. ::sad face::
So this will not work how I have it setup over the open internet. Personally if you are just setting up vaultwarden for personal use I would just use a VPN into your network over exposing it to the internet. You would still get access and have much more minimal attack surface from what I understand.