This video is the first time I have been able to use nginx proxy manager. I have struggled for years to learn how it works. The best video out there right here. Thanks.
Mate, truly, thank you. You did a great job demonstrating the process and keeping it simple. I have tried following other tutorials, but they always end up brushing by the concepts, expecting you to already know everything. Great job, I'm integrating this asap
6:11 this key point solved my multi-day troubleshooting of the issue lol. I was having weird connectivity issues where only some services connected. turns out local dns > dns records should point to the NPM site for routing - and not the actual service IP. In hindsight, DUH Great helpful video bro
Interesting way to accomplish this. The only issue I can see is if you have a wild card resolve from Cloudlfare DNS to your public IP and you don't want the app publicly accessible. I do something very similar without Pi-Hole. The way I accomplish this type of access is to have the wildcard DNS entry in Cloufflare point to my local IP of NPM. No need for the double entry for the app in both Pi-Hole and NPM. Nginx config is all that is needed since locally Cloudflare will point to the local Nginx Proxy Server. Outside access is handled, in my case is with another domain name. I also spin Authentik in there too for added security. But that is the beautiful thing about what we do. There's more than one way to do things and if it works, it's not wrong. Good videos, keep it up.
This solved my problem with proxy hosts being unreachable after turning DNS Rebind Check and Browser HTTP_REFERER enforcement back on in pfSense. I had the DNS records in Pi-hole associated with the proxy host IPs when I should of had them pointed at the Nginx IP address instead. Of course I still had to add pfSense and Nginx to the Alternate Hostnames or else I'd get the block page from pfSense. Thanks a bunch.
That would be Homepage - Here's me showcasing mine - ruclips.net/video/KQ_fYtkQZSM/видео.htmlsi=Ag9L5aBfqjQaZxsF&t=477 Also here's a dedicated video - ruclips.net/video/a5-4u0qFKaE/видео.htmlsi=LbeUNFHlvI44uFfO
@@Techdox So this method allows services to remain local. If you want them public, then configure them in CF? That right? (excellent video btw. finding a solution to this has been on my backlog for years!)
Great video! Thank you. How long do you need to wait for DNS to catch up to the browser? I’ve refreshed a few times now and still not seeing my local domain
It sure can, but if you want to expose it to the web you will need an A record in your domain registrar to point to your Public IP address which then Nginx Proxy manager will handle based on Port forwarding. Won't need PiHole for this. Happy to help in my Discord
Thanks for the question! CNAME records wouldn't work well for my setup because: Direct Mapping: I need direct IP-to-domain mapping for my local services, which CNAME can't provide as it just points one domain to another. Nginx Proxy Manager: My Nginx Proxy Manager setup works best with A records that point directly to IPs, making the process straightforward and reliable. Local Control: I manage my own DNS, so using A records is quicker and easier than dealing with the extra lookup that CNAMEs require.
@@Techdox I found out that you can do it via CLI, creating a file on /etc/dnsmasq.d/, there you can use a wildcard for the domain, this way it works for all addresses from that domain. Example: adress=/*.DOMAIN/NGINX_IP then run pihole restartdns
i'm not quiet clear on this... you made random subdomain and showed it's not reachable since it doesn't exist. As soon as you add the address to the nginx reverse proxy manager, of course it will and it means it is also publicly accessable? Can you add something that shows your new sub-domain isn't available from outside and only accessible from internal network only?
@@kiloy1006 it’s not reachable because Nginx proxy manager is not exposed to the web. So if I want a service exposed to the web I add a Cloudflare tunnel to expose the specific service. Local works as follows. I add the domain name to Pihole to resolve to NPM, I search that domain name, Pihole sends it to NPM I hit the service. All local. Public, I have a Cloudflare tunnel I point the domain name to my NPM address NPM gets the traffic from Cloudflare and sends it to the service. I was sure I mentioned this process in the video
@@Techdox as soon as you said nginx proxy manager was not exposed to the web, it clicked! One more question though, in that case, i would have to spin up another NPM for local use only. Would 'local-only' NPM be able to issue & renew the certificate every 90days?
@@kiloy1006 since I use local only and expose via cloudflare I need to open up my NPM via a port forward just while I renew my license then I lock it back down again, might be another way but that’s how I do it. Issuing is no problem at all
I have not exposed my Nginx to the web it’s all local and if I want to expose a service then I use Cloudflare tunnel to expose that one service otherwise it’s local
@@Techdox it says in when setting up ssl itself this" These domains must be already configured to point to this installation". How come without portfowarding can this be obtained?
I see that PiHole is under differnt IP addres than the Nginx Proxy Server. I was trying to set it up running both on docker but here is the trick: I need to make PiHole also a DHCP server. I only made it work by granting "host" network mode to it. Having that unfortunatelly blocks from starting Nginx Proxy server as it requires port 80 to be free. Do you have any idea or hints what can I try to make this work?
Thanks for the great video. It works perfectly. I have a question: I would also like to access my PiHole and the Proxmox server with SSL via the NPM. However, both services do not only have IP:Port There is also the text and special characters at the end. How do you enter such things in the NPN?
But all these are available from outside your network, correct? How would I do the same thing but for them all to be private? Eg.. only available from inside the lan.
@@pinsondetailing no these are local only unless I open them up publicly, default my proxy is not open to the internet and if I want a service to be public I use the Cloudflare tunnel.
@@Techdoxhow can I ensure that the services are not open to the Internet and set to only be local using this setup? I thought nginx needed to be open to the Internet to get a valid SSL? Maybe I got the wrong idea as to how this works lol
The issue I'm having is, the IP for my Nginx is the same as my unraid server. I'm still in the early stages of this so I'm sure ill work it out (i hope)
If you want to add Pihole to Nginx Proxy Manager, here's a guide - docs.techdox.nz/pihole-on-npm/
This video is the first time I have been able to use nginx proxy manager. I have struggled for years to learn how it works. The best video out there right here. Thanks.
You’re more than welcome
Omg this is literal years of trial and error, you just earned yourself a subscriber
Appreciate the support! Glad it helped you
Mate, truly, thank you. You did a great job demonstrating the process and keeping it simple. I have tried following other tutorials, but they always end up brushing by the concepts, expecting you to already know everything. Great job, I'm integrating this asap
Just what I searched for. Thank you!
Glad I could help!
6:11 this key point solved my multi-day troubleshooting of the issue lol. I was having weird connectivity issues where only some services connected. turns out local dns > dns records should point to the NPM site for routing - and not the actual service IP. In hindsight, DUH
Great helpful video bro
Glad you got it working! It’s always something simple
Interesting way to accomplish this. The only issue I can see is if you have a wild card resolve from Cloudlfare DNS to your public IP and you don't want the app publicly accessible.
I do something very similar without Pi-Hole. The way I accomplish this type of access is to have the wildcard DNS entry in Cloufflare point to my local IP of NPM. No need for the double entry for the app in both Pi-Hole and NPM. Nginx config is all that is needed since locally Cloudflare will point to the local Nginx Proxy Server. Outside access is handled, in my case is with another domain name. I also spin Authentik in there too for added security. But that is the beautiful thing about what we do. There's more than one way to do things and if it works, it's not wrong.
Good videos, keep it up.
Yeah, 100%! That’s why I added “How I fix this” as like you mentioned there’s so many different ways :)
Hey, I know this comment is old but would you be able to point to any good resources on how you did this? I’m very new to all of this.
you're truly a life saver!
@@dreevy A few days later but wanted to check. Have you recieved a response on this question?
This solved my problem with proxy hosts being unreachable after turning DNS Rebind Check and Browser HTTP_REFERER enforcement back on in pfSense. I had the DNS records in Pi-hole associated with the proxy host IPs when I should of had them pointed at the Nginx IP address instead. Of course I still had to add pfSense and Nginx to the Alternate Hostnames or else I'd get the block page from pfSense. Thanks a bunch.
Same issue here - this video helped me resolve it, key point is around 6:11
Great guide! Thank you so much!
What’s that homepage you’re using?
It’s called homepage :) check my channel for the video :)
how make that 3:29 homepage beautifull? any source?
Jump into the discord and I can help you :)
@@Techdox link please
@@joeshelby3352 discord.com/invite/8mX2KRxDw8
So instead of pihole can i set cloudflare zerotrust custom localdomain fallback, which will then point to my nas nginx proxy?
Yeah you can have local DNS as a fall back
Nice! Going to use this to set up my toys. I am wondering what that homepage is running on. Is that similar to CasaOS or something entirely different?
That would be Homepage - Here's me showcasing mine - ruclips.net/video/KQ_fYtkQZSM/видео.htmlsi=Ag9L5aBfqjQaZxsF&t=477
Also here's a dedicated video - ruclips.net/video/a5-4u0qFKaE/видео.htmlsi=LbeUNFHlvI44uFfO
Any preference doing via NPM as compared to Cloudflared tunnel ?
I use cloudflare tunnels for services I want made public, and private I keep out of Cloudflare.
@@Techdox So this method allows services to remain local. If you want them public, then configure them in CF? That right? (excellent video btw. finding a solution to this has been on my backlog for years!)
@@-nepherim that’s correct :)
Followed the step. but local dns not working in browsers. nslookup works, not secure message still appears
@@mitchhoneysett7674 cache? Tried another browser?
Great video! Thank you. How long do you need to wait for DNS to catch up to the browser? I’ve refreshed a few times now and still not seeing my local domain
Did you add it to your PiHole or what ever DNS server you are using as well as NPM?
Hi, can you advise if this can be done with external sites with certs as well as internal sites using the same NPM and Pihole?
It sure can, but if you want to expose it to the web you will need an A record in your domain registrar to point to your Public IP address which then Nginx Proxy manager will handle based on Port forwarding. Won't need PiHole for this.
Happy to help in my Discord
Nice tutorial, can i ask why you are not using cname to forward services isn't that cleaner/easier when you would change the ip of a server?
Thanks for the question! CNAME records wouldn't work well for my setup because:
Direct Mapping: I need direct IP-to-domain mapping for my local services, which CNAME can't provide as it just points one domain to another.
Nginx Proxy Manager: My Nginx Proxy Manager setup works best with A records that point directly to IPs, making the process straightforward and reliable.
Local Control: I manage my own DNS, so using A records is quicker and easier than dealing with the extra lookup that CNAMEs require.
Awesome demo, thanks for the info and config.
You’re more than welcome
How you did the ssl?
Using the Let’s encrypt feature within Nginx Proxy Manager
Just wondering if you have a way to make nginx a forward proxy with a whitelist?
Would wireguard be the thing you look for?
Great video, thanks!
But do I really need to enter each service/server on Pi Hole one by one?
I can’t really see how else it would know what where to send the traffic. You need to tell it this name goes to this IP in some shape or form
@@Techdox I found out that you can do it via CLI, creating a file on /etc/dnsmasq.d/, there you can use a wildcard for the domain, this way it works for all addresses from that domain.
Example:
adress=/*.DOMAIN/NGINX_IP
then run pihole restartdns
So to accomplish that particular task you have to own a domain, right? What if I don't have any? How to add ssl cert to each of my containers then?
To get let's encrypt SSL certificates, yeah you need to own a domain name
Thank you!
i'm not quiet clear on this...
you made random subdomain and showed it's not reachable since it doesn't exist. As soon as you add the address to the nginx reverse proxy manager, of course it will and it means it is also publicly accessable?
Can you add something that shows your new sub-domain isn't available from outside and only accessible from internal network only?
@@kiloy1006 it’s not reachable because Nginx proxy manager is not exposed to the web. So if I want a service exposed to the web I add a Cloudflare tunnel to expose the specific service.
Local works as follows.
I add the domain name to Pihole to resolve to NPM, I search that domain name, Pihole sends it to NPM I hit the service. All local.
Public, I have a Cloudflare tunnel I point the domain name to my NPM address NPM gets the traffic from Cloudflare and sends it to the service.
I was sure I mentioned this process in the video
@@Techdox as soon as you said nginx proxy manager was not exposed to the web, it clicked!
One more question though, in that case, i would have to spin up another NPM for local use only. Would 'local-only' NPM be able to issue & renew the certificate every 90days?
@@kiloy1006 since I use local only and expose via cloudflare I need to open up my NPM via a port forward just while I renew my license then I lock it back down again, might be another way but that’s how I do it.
Issuing is no problem at all
You're a star! Thanks 👍
Glad I could help!
this is because U have port forwarded 80 and 443 and a static or dynamic IP with DDNS, and a domain name as well?
I have not exposed my Nginx to the web it’s all local and if I want to expose a service then I use Cloudflare tunnel to expose that one service otherwise it’s local
@@Techdox it says in when setting up ssl itself this" These domains must be already configured to point to this installation". How come without portfowarding can this be obtained?
@@ashoktvm because it’s all local. Nothing is exposed like I mentioned
I see that PiHole is under differnt IP addres than the Nginx Proxy Server. I was trying to set it up running both on docker but here is the trick: I need to make PiHole also a DHCP server. I only made it work by granting "host" network mode to it. Having that unfortunatelly blocks from starting Nginx Proxy server as it requires port 80 to be free. Do you have any idea or hints what can I try to make this work?
how to make home monitoring like a minute 0:58 ?
That's Homepage, I have a video on it :)
Thanks for the great video. It works perfectly.
I have a question: I would also like to access my PiHole and the Proxmox server with SSL via the NPM. However, both services do not only have IP:Port
There is also the text and special characters at the end. How do you enter such things in the NPN?
Proxmox is port 8006 and PiHole is port 80 but needs some custom config for PiHole. Feel free to join the Discord and I can run you through it
@@Techdox 💯 work 😃
But all these are available from outside your network, correct? How would I do the same thing but for them all to be private? Eg.. only available from inside the lan.
@@pinsondetailing no these are local only unless I open them up publicly, default my proxy is not open to the internet and if I want a service to be public I use the Cloudflare tunnel.
@@Techdoxhow can I ensure that the services are not open to the Internet and set to only be local using this setup? I thought nginx needed to be open to the Internet to get a valid SSL? Maybe I got the wrong idea as to how this works lol
@ it only needs it for the first connection out to verify domain ownership then you can remove the port forward
@@Techdox Wow thanks for the super fast reply. Now I’m looking into how to setup your sweet homepage dashboard haha
@@Techdox port 443 I’m assuming?
Would NPM work if i have CG-NAT? NPM always give me an error during sll cert request. And yes 443 & 80 is open
The issue I'm having is, the IP for my Nginx is the same as my unraid server. I'm still in the early stages of this so I'm sure ill work it out (i hope)
If you get stuck, join the discord and we can help
Anyone else getting an issue where asking for an ssl certificate doesn’t work due to an internal error
Jump into the Discord if you like. We can help you there :)
Wehey nz