Thanks much Scott. This video is exactly what I needed after our discussions yesterday. I not only know how to do what I needed, but why I should follow your suggested path to get there. I truly appreciate the hours you invest in your publications. You are the expert I turn to most often these days.
DNS doesn't resolve ports in general. DNS resolves only addresses. That being said, NginX is not a DNS resolver. NginX is a web server. NginX can use "proxy_pass" like most any web server. DNS Resolvers like dnsmasq or ftldns which Pi-hole uses NEVER resolve port numbers because that is not a part of the DNS specification. Port numbers are for application daemons. So, in this tutorial, I addressed local DNS translation pointing to NginX Proxy Manager which uses the NginX web server at its core and of course it uses port numbers for its proxy-forward functions. Pi-hole is primarily a DNS Forwarder. I showed in this tutorial how to leverage the Pi-hole local DNS table in conjunction with the proxy_pass capabilities of NginX Proxy Manager.
Great video, thank you. Is it possible to use a similar setup for Local-only SSL? I have several services on a single host, all with different ports, so Pihople-only does not work for me as it only picks up the IP. But I want to have SSL on those local services without making them public on the web.
Follow the video and to make service local only leverage nginx proxy manager ability to restrict to local lan addresses. Chat on chat.scottibyte.com/ to ask questions.
@@scottibyte Good lead! For an extra level of security, I went with using a separate domain and pointing to the internal IP at cloudflare, then using API token to validate SSL on NPM, and pihole DNS in case internet is not an option.
Yes, I am aware. However, the Unifi DNS doesn't support CNAME records and Unifi doesn't have granular ad blocking like Pi-hole. We have waited five years for Unifi DNS and perhaps another five it will be there.
Nginx proxy manager is not a DNS. Pi-hole is a DNS. The video describes using pi-hole to replicate local CNAME records for your hosted subdomains to provide local DNS resolution.
@marksilva3983, although the SSL certs can be locally resolved, you still need a public facing NPM to manage the renewal of these self signed certificates. The websites that use these certificates do not need to be accessible from the public internet though. NPM can deny access through its "access lists".
@@scottibyte Tried setting up various access lists in npm, but they seem pretty buggy. Things like access from public works, despite blocking it, and access from LAN won´t, despite allowing it.
@@ZorexZockt Suggest you join the chat. The access lists allow access from certain address ranges and then the last entry in the list denies access not specifically granted. Once you set the access list, you assign the access list to the NPM entries that you want access controlled. For really advanced user based access, you can always use Authentik. I have never heard anyone say that NPM access lists are buggy or don't work 100% of the time. Again, join the chat at chat.scottibyte.com/.
Thanks much Scott. This video is exactly what I needed after our discussions yesterday. I not only know how to do what I needed, but why I should follow your suggested path to get there. I truly appreciate the hours you invest in your publications. You are the expert I turn to most often these days.
Most excellent. Thank you for this video.
Thx for the kudo. Be sure to come by chat.scottibyte.com/
🔥🔥🔥🔥🔥
Nginx will also resolve ip:port numbers for containers, in Proxy Hosts, which Pi-Hole doesn't.
DNS doesn't resolve ports in general. DNS resolves only addresses. That being said, NginX is not a DNS resolver. NginX is a web server. NginX can use "proxy_pass" like most any web server. DNS Resolvers like dnsmasq or ftldns which Pi-hole uses NEVER resolve port numbers because that is not a part of the DNS specification. Port numbers are for application daemons. So, in this tutorial, I addressed local DNS translation pointing to NginX Proxy Manager which uses the NginX web server at its core and of course it uses port numbers for its proxy-forward functions. Pi-hole is primarily a DNS Forwarder. I showed in this tutorial how to leverage the Pi-hole local DNS table in conjunction with the proxy_pass capabilities of NginX Proxy Manager.
Great video, thank you. Is it possible to use a similar setup for Local-only SSL? I have several services on a single host, all with different ports, so Pihople-only does not work for me as it only picks up the IP. But I want to have SSL on those local services without making them public on the web.
Follow the video and to make service local only leverage nginx proxy manager ability to restrict to local lan addresses. Chat on chat.scottibyte.com/ to ask questions.
@@scottibyte Good lead! For an extra level of security, I went with using a separate domain and pointing to the internal IP at cloudflare, then using API token to validate SSL on NPM, and pihole DNS in case internet is not an option.
@@eduardoalmontemieses4842 The best part about these configurations is there are ALWAYS many other options.
Unifi is capable of DNS records now btw.
Yes, I am aware. However, the Unifi DNS doesn't support CNAME records and Unifi doesn't have granular ad blocking like Pi-hole. We have waited five years for Unifi DNS and perhaps another five it will be there.
How can i use both Pi-hole and nginx-proxy-manager together as one DNS?
Nginx proxy manager is not a DNS. Pi-hole is a DNS. The video describes using pi-hole to replicate local CNAME records for your hosted subdomains to provide local DNS resolution.
Nice! Can Pi-Hole configured as you described be used for renewing SSL certificates using Let's Encrypt without a public facing DNS?
@marksilva3983, although the SSL certs can be locally resolved, you still need a public facing NPM to manage the renewal of these self signed certificates. The websites that use these certificates do not need to be accessible from the public internet though. NPM can deny access through its "access lists".
@@scottibyte Tried setting up various access lists in npm, but they seem pretty buggy. Things like access from public works, despite blocking it, and access from LAN won´t, despite allowing it.
@@ZorexZockt Suggest you join the chat. The access lists allow access from certain address ranges and then the last entry in the list denies access not specifically granted. Once you set the access list, you assign the access list to the NPM entries that you want access controlled. For really advanced user based access, you can always use Authentik. I have never heard anyone say that NPM access lists are buggy or don't work 100% of the time. Again, join the chat at chat.scottibyte.com/.