This video is the first time I have been able to use nginx proxy manager. I have struggled for years to learn how it works. The best video out there right here. Thanks.
Mate, truly, thank you. You did a great job demonstrating the process and keeping it simple. I have tried following other tutorials, but they always end up brushing by the concepts, expecting you to already know everything. Great job, I'm integrating this asap
Interesting way to accomplish this. The only issue I can see is if you have a wild card resolve from Cloudlfare DNS to your public IP and you don't want the app publicly accessible. I do something very similar without Pi-Hole. The way I accomplish this type of access is to have the wildcard DNS entry in Cloufflare point to my local IP of NPM. No need for the double entry for the app in both Pi-Hole and NPM. Nginx config is all that is needed since locally Cloudflare will point to the local Nginx Proxy Server. Outside access is handled, in my case is with another domain name. I also spin Authentik in there too for added security. But that is the beautiful thing about what we do. There's more than one way to do things and if it works, it's not wrong. Good videos, keep it up.
This solved my problem with proxy hosts being unreachable after turning DNS Rebind Check and Browser HTTP_REFERER enforcement back on in pfSense. I had the DNS records in Pi-hole associated with the proxy host IPs when I should of had them pointed at the Nginx IP address instead. Of course I still had to add pfSense and Nginx to the Alternate Hostnames or else I'd get the block page from pfSense. Thanks a bunch.
6:11 this key point solved my multi-day troubleshooting of the issue lol. I was having weird connectivity issues where only some services connected. turns out local dns > dns records should point to the NPM site for routing - and not the actual service IP. In hindsight, DUH Great helpful video bro
Great video! Thank you. How long do you need to wait for DNS to catch up to the browser? I’ve refreshed a few times now and still not seeing my local domain
That would be Homepage - Here's me showcasing mine - ruclips.net/video/KQ_fYtkQZSM/видео.htmlsi=Ag9L5aBfqjQaZxsF&t=477 Also here's a dedicated video - ruclips.net/video/a5-4u0qFKaE/видео.htmlsi=LbeUNFHlvI44uFfO
@@Techdox I found out that you can do it via CLI, creating a file on /etc/dnsmasq.d/, there you can use a wildcard for the domain, this way it works for all addresses from that domain. Example: adress=/*.DOMAIN/NGINX_IP then run pihole restartdns
Thanks for the question! CNAME records wouldn't work well for my setup because: Direct Mapping: I need direct IP-to-domain mapping for my local services, which CNAME can't provide as it just points one domain to another. Nginx Proxy Manager: My Nginx Proxy Manager setup works best with A records that point directly to IPs, making the process straightforward and reliable. Local Control: I manage my own DNS, so using A records is quicker and easier than dealing with the extra lookup that CNAMEs require.
Thanks for the great video. It works perfectly. I have a question: I would also like to access my PiHole and the Proxmox server with SSL via the NPM. However, both services do not only have IP:Port There is also the text and special characters at the end. How do you enter such things in the NPN?
@@Techdox So this method allows services to remain local. If you want them public, then configure them in CF? That right? (excellent video btw. finding a solution to this has been on my backlog for years!)
I see that PiHole is under differnt IP addres than the Nginx Proxy Server. I was trying to set it up running both on docker but here is the trick: I need to make PiHole also a DHCP server. I only made it work by granting "host" network mode to it. Having that unfortunatelly blocks from starting Nginx Proxy server as it requires port 80 to be free. Do you have any idea or hints what can I try to make this work?
But all these are available from outside your network, correct? How would I do the same thing but for them all to be private? Eg.. only available from inside the lan.
@@pinsondetailing no these are local only unless I open them up publicly, default my proxy is not open to the internet and if I want a service to be public I use the Cloudflare tunnel.
I have not exposed my Nginx to the web it’s all local and if I want to expose a service then I use Cloudflare tunnel to expose that one service otherwise it’s local
@@Techdox it says in when setting up ssl itself this" These domains must be already configured to point to this installation". How come without portfowarding can this be obtained?
i'm not quiet clear on this... you made random subdomain and showed it's not reachable since it doesn't exist. As soon as you add the address to the nginx reverse proxy manager, of course it will and it means it is also publicly accessable? Can you add something that shows your new sub-domain isn't available from outside and only accessible from internal network only?
@@kiloy1006 it’s not reachable because Nginx proxy manager is not exposed to the web. So if I want a service exposed to the web I add a Cloudflare tunnel to expose the specific service. Local works as follows. I add the domain name to Pihole to resolve to NPM, I search that domain name, Pihole sends it to NPM I hit the service. All local. Public, I have a Cloudflare tunnel I point the domain name to my NPM address NPM gets the traffic from Cloudflare and sends it to the service. I was sure I mentioned this process in the video
@@Techdox as soon as you said nginx proxy manager was not exposed to the web, it clicked! One more question though, in that case, i would have to spin up another NPM for local use only. Would 'local-only' NPM be able to issue & renew the certificate every 90days?
@@kiloy1006 since I use local only and expose via cloudflare I need to open up my NPM via a port forward just while I renew my license then I lock it back down again, might be another way but that’s how I do it. Issuing is no problem at all
If you want to add Pihole to Nginx Proxy Manager, here's a guide - docs.techdox.nz/pihole-on-npm/
This video is the first time I have been able to use nginx proxy manager. I have struggled for years to learn how it works. The best video out there right here. Thanks.
You’re more than welcome
Mate, truly, thank you. You did a great job demonstrating the process and keeping it simple. I have tried following other tutorials, but they always end up brushing by the concepts, expecting you to already know everything. Great job, I'm integrating this asap
Interesting way to accomplish this. The only issue I can see is if you have a wild card resolve from Cloudlfare DNS to your public IP and you don't want the app publicly accessible.
I do something very similar without Pi-Hole. The way I accomplish this type of access is to have the wildcard DNS entry in Cloufflare point to my local IP of NPM. No need for the double entry for the app in both Pi-Hole and NPM. Nginx config is all that is needed since locally Cloudflare will point to the local Nginx Proxy Server. Outside access is handled, in my case is with another domain name. I also spin Authentik in there too for added security. But that is the beautiful thing about what we do. There's more than one way to do things and if it works, it's not wrong.
Good videos, keep it up.
Yeah, 100%! That’s why I added “How I fix this” as like you mentioned there’s so many different ways :)
Hey, I know this comment is old but would you be able to point to any good resources on how you did this? I’m very new to all of this.
you're truly a life saver!
@@dreevy A few days later but wanted to check. Have you recieved a response on this question?
This solved my problem with proxy hosts being unreachable after turning DNS Rebind Check and Browser HTTP_REFERER enforcement back on in pfSense. I had the DNS records in Pi-hole associated with the proxy host IPs when I should of had them pointed at the Nginx IP address instead. Of course I still had to add pfSense and Nginx to the Alternate Hostnames or else I'd get the block page from pfSense. Thanks a bunch.
Same issue here - this video helped me resolve it, key point is around 6:11
6:11 this key point solved my multi-day troubleshooting of the issue lol. I was having weird connectivity issues where only some services connected. turns out local dns > dns records should point to the NPM site for routing - and not the actual service IP. In hindsight, DUH
Great helpful video bro
Glad you got it working! It’s always something simple
Great video! Thank you. How long do you need to wait for DNS to catch up to the browser? I’ve refreshed a few times now and still not seeing my local domain
Did you add it to your PiHole or what ever DNS server you are using as well as NPM?
Great guide! Thank you so much!
Just what I searched for. Thank you!
Glad I could help!
Nice! Going to use this to set up my toys. I am wondering what that homepage is running on. Is that similar to CasaOS or something entirely different?
That would be Homepage - Here's me showcasing mine - ruclips.net/video/KQ_fYtkQZSM/видео.htmlsi=Ag9L5aBfqjQaZxsF&t=477
Also here's a dedicated video - ruclips.net/video/a5-4u0qFKaE/видео.htmlsi=LbeUNFHlvI44uFfO
Great video, thanks!
But do I really need to enter each service/server on Pi Hole one by one?
I can’t really see how else it would know what where to send the traffic. You need to tell it this name goes to this IP in some shape or form
@@Techdox I found out that you can do it via CLI, creating a file on /etc/dnsmasq.d/, there you can use a wildcard for the domain, this way it works for all addresses from that domain.
Example:
adress=/*.DOMAIN/NGINX_IP
then run pihole restartdns
Nice tutorial, can i ask why you are not using cname to forward services isn't that cleaner/easier when you would change the ip of a server?
Thanks for the question! CNAME records wouldn't work well for my setup because:
Direct Mapping: I need direct IP-to-domain mapping for my local services, which CNAME can't provide as it just points one domain to another.
Nginx Proxy Manager: My Nginx Proxy Manager setup works best with A records that point directly to IPs, making the process straightforward and reliable.
Local Control: I manage my own DNS, so using A records is quicker and easier than dealing with the extra lookup that CNAMEs require.
Thanks for the great video. It works perfectly.
I have a question: I would also like to access my PiHole and the Proxmox server with SSL via the NPM. However, both services do not only have IP:Port
There is also the text and special characters at the end. How do you enter such things in the NPN?
Proxmox is port 8006 and PiHole is port 80 but needs some custom config for PiHole. Feel free to join the Discord and I can run you through it
@@Techdox 💯 work 😃
Awesome demo, thanks for the info and config.
You’re more than welcome
So to accomplish that particular task you have to own a domain, right? What if I don't have any? How to add ssl cert to each of my containers then?
To get let's encrypt SSL certificates, yeah you need to own a domain name
Any preference doing via NPM as compared to Cloudflared tunnel ?
I use cloudflare tunnels for services I want made public, and private I keep out of Cloudflare.
@@Techdox So this method allows services to remain local. If you want them public, then configure them in CF? That right? (excellent video btw. finding a solution to this has been on my backlog for years!)
@@-nepherim that’s correct :)
I see that PiHole is under differnt IP addres than the Nginx Proxy Server. I was trying to set it up running both on docker but here is the trick: I need to make PiHole also a DHCP server. I only made it work by granting "host" network mode to it. Having that unfortunatelly blocks from starting Nginx Proxy server as it requires port 80 to be free. Do you have any idea or hints what can I try to make this work?
Just wondering if you have a way to make nginx a forward proxy with a whitelist?
Would wireguard be the thing you look for?
But all these are available from outside your network, correct? How would I do the same thing but for them all to be private? Eg.. only available from inside the lan.
@@pinsondetailing no these are local only unless I open them up publicly, default my proxy is not open to the internet and if I want a service to be public I use the Cloudflare tunnel.
You're a star! Thanks 👍
Glad I could help!
Would NPM work if i have CG-NAT? NPM always give me an error during sll cert request. And yes 443 & 80 is open
How you did the ssl?
Using the Let’s encrypt feature within Nginx Proxy Manager
this is because U have port forwarded 80 and 443 and a static or dynamic IP with DDNS, and a domain name as well?
I have not exposed my Nginx to the web it’s all local and if I want to expose a service then I use Cloudflare tunnel to expose that one service otherwise it’s local
@@Techdox it says in when setting up ssl itself this" These domains must be already configured to point to this installation". How come without portfowarding can this be obtained?
@@ashoktvm because it’s all local. Nothing is exposed like I mentioned
i'm not quiet clear on this...
you made random subdomain and showed it's not reachable since it doesn't exist. As soon as you add the address to the nginx reverse proxy manager, of course it will and it means it is also publicly accessable?
Can you add something that shows your new sub-domain isn't available from outside and only accessible from internal network only?
@@kiloy1006 it’s not reachable because Nginx proxy manager is not exposed to the web. So if I want a service exposed to the web I add a Cloudflare tunnel to expose the specific service.
Local works as follows.
I add the domain name to Pihole to resolve to NPM, I search that domain name, Pihole sends it to NPM I hit the service. All local.
Public, I have a Cloudflare tunnel I point the domain name to my NPM address NPM gets the traffic from Cloudflare and sends it to the service.
I was sure I mentioned this process in the video
@@Techdox as soon as you said nginx proxy manager was not exposed to the web, it clicked!
One more question though, in that case, i would have to spin up another NPM for local use only. Would 'local-only' NPM be able to issue & renew the certificate every 90days?
@@kiloy1006 since I use local only and expose via cloudflare I need to open up my NPM via a port forward just while I renew my license then I lock it back down again, might be another way but that’s how I do it.
Issuing is no problem at all
Anyone else getting an issue where asking for an ssl certificate doesn’t work due to an internal error
Jump into the Discord if you like. We can help you there :)
how make that 3:29 homepage beautifull? any source?
Jump into the discord and I can help you :)
@@Techdox link please
@@joeshelby3352 discord.com/invite/8mX2KRxDw8
how to make home monitoring like a minute 0:58 ?
That's Homepage, I have a video on it :)
Wehey nz