Secure Your Domain with NGINX Proxy Manager and Cloudflare (Including Uptime Kuma Demonstration)

Let me know what containers or services you'd like to see in upcoming videos!!

dont apologize for the long video. it is very detailed compared to before. keep up the good work dude!

I was looing for something like Uptime-Kuma for days. Thank you !

Just moved from route53 to cloudflare - this video was a huge help!

Thank you for this! Love U.Kuma, busy with a oracle cloud free acc + CloudFlare +Ubuntu + docker + portainer + nginx r.proxy + kuma + Wazuh and a few other tools. 4x cores + 24GB Ram + 200GB disk. For . Free.

Awesome information! I appreciate your hard work!

Another great video, very helpful thanks

15:37 The Delay you mentioned is very simple explained. There is a value in your DNS Entries (especially if you install and config a DNS Server locally like BIND) which defines the TTL (Time to Life) of the entries. Here is set the "rhythm" in which the records will be refreshed. That strongly depends on your preferences, how often things change. i know some instances which have 3600 seconds on internal networks, but i know some have 43200 seconds or 86400 seconds. Which are the values for: 1 hr, 1 day and 2 days.
If the provider manages that for you, you are out of luck. If you can manage that by yourself you should take in consideration that it would increase the load on the servers depending on the scale. Maybe you need to split up between multiple dns servers with various TTLs. Like a more "static" TTL for the "base systems" which don't change very often and a more "dynamic" TTL for the testlab where thing can change quickly ;)
But from the best practices i read and i experienced by myself, you should not go under 3600 for that
But the NGINX Proxy Manager looks interesting, i will try that for myself :)

A note for those receiving the error "too many redirects". Go to the Cloudflare SSL/TLS tab, then set your encryption mode to Full (strict)

That was good explanation. however we need to choose the dns challenge in NPM while you request for a SSL. This would avoid disabling proxy on the cloud flare. In dns challenge select the cloud flare and create api and paste it in the npm. Let's encrypt would validate you by creating and deleting a text record in cloud flare using the api token. This would avoid disabling proxy on cloud flare every 3 months for ssl renewals.

Very nice video. I've got some problem using Nginx Proxy Manager and Cloudflare with Home Assistant. If I enable the Cloudflare proxy I can't login using the domain name to my Home Assistant even if I have configured it with the list of proxies and I've enabled the websocket option in NGINX. Any idea?

If I'm doing this on a VPS, how can I secure access to port 81 of NGNIX Proxy Manager's web interface? It’s exposed and accessible from public IP of VPS!
(I can hide the Uptime Kuma container port by giving it to the ngnixproxy network container).

Im having trouble reaching dsm 7 from npm dsm 6 was working and any other apps are working too. Has anyone encountered this problem?

I am trying to setup Uptime Kuma to monitor HTTP(s) monitor but the server keeps returning 302 found eventhough the service is down. I tried adding a firewall rule to disable Browser Integrity Check but that didn't work either :(

i liked it, subbed

Nice video. Is it possible to have nginx and lets encrypt working only locally? I don't want my services exposed publicly. I wish you had a video on that. 😅

how do i install proxy manager ngninx?

This video that goes deep makes things so much clearer!

I was wondering if you had to go to the Cloudflare SSL/TLS tab, and then toggle your encryption mode between Full/Off the same way you toggled the DNS proxy status. If not, what setting do you have it set to? Did you set it to that status prior to saving the proxy status? I actually watched your first video last year, and got close but no cigar, and am now trying it again.

@Db Tech thank you for this video, would you suggest or do a video about NGINX proxy manager versus HA proxy?

Do you have a video that goes over setting up docker and portainer? I tried looking through your past videos and couldn't find one. I've been struggling to get just a good starting point on docker to even begin getting nginx, or other services to work.

Hey, thank you for your videos, they really helped me many times! I have a question regarding Cloudflare's proxy system. How to monitor domains that are being proxied? I faced the situation when the domain responses with the 200 code even if it's down because of Cloudflare's default answer, like on 27:19

Longer AiO videos are good!

Thanks for amazing tutorial. What is the type of cloudflare connection? I put it flexible and worked for me but others didn’t. Please help thanks

Don't forget to use your cloudflare updater if you don't have a permanent /static IP a home. Another great tutorial - thank you.

hi thanks you very much. im having a strange problem though, ive set it just like you did, and pointed to jellyfin on 8096. but it seems to always load the router web interface page ? very odd indeed as i didnt think port forwarding on the router was neccessary. Any ideas ?

When you say to port forward 80 and 443 to the server, are you forwarding to the NPM server or the actual server that you want accessible to the internet?

I love Cloudflare. I wish NPM was even a small fraction as easy to use.

Do I have to disable proxyfying on Cloudflare each time when LE cert needs to be renewed?

My tunnels won't start no matter what I try... It keeps giving me an error about the quic protocol not being allowed outgoing. I can't find any information on-line.
I'm wondering if this is b/c I have comcast's router blocking stuffs.
So question is are your tunnels on your main subnet, or like mine behind a secondary router?

Followed to a T and I get a big Red Deceptive site ahead warning and it just sits there then the cloudflare page Connection timed out and error where it shows my domain on their error screen.. I have literally been working on this for 3 days. So frustrating. I'm about to just give up. Every video is a little different so I don't know who to follow. I followed this one exactly just because it seemed the most straight forward. ugh haha. Thanks if anyone has any help! Jason

How many got the itch to write: “it doesn’t work”?
Lol, I know I did
Good vid though, thanx again

Do I need a static public ip for creating a record in cloudflare

So I created a new domain with Porkbun and switched it to Cloudflare. However, it has 200 CNAME records that I don't really want to delete one by one! Has anybody got any tips on how to remove these quickly?

1 frame, IP leak at 22:27 :P but you have probably changed your IP by now. :D

Can I have more than 1 domain point to the same IP?

can be an performance issue for local servers? Always ping is cause this?

This does not seem to work with cloudflare, any workaround?

porkbun asks me for my ID verification. I am from Oman . Is it safe to provide my ID card to the website?

Hi David, I have a question with setting up the nginx proxy manager docker on my nas. I have setup everything, but when I tried to add proxy host to redirect url to some container, it only shows webstation page instead of actual container page. Do you know why this is happening?

DNS doesn't propagate!

I am fairly certain that I followed directions completely however I cannot get the server up.. I am running docker with omv6 if that matters... here is the error in the logs
2022-03-20 12:32:31,965 fail2ban.configreader [1]: INFO Loading configs for filter.d/npm-docker under /etc/fail2ban
2022-03-20 12:32:31,966 fail2ban.configparserinc[1]: INFO Loading files: ['/etc/fail2ban/filter.d/npm-docker.conf']
2022-03-20 12:32:31,966 fail2ban.configparserinc[1]: INFO Loading files: ['/etc/fail2ban/filter.d/npm-docker.conf']
2022-03-20 12:32:31,969 fail2ban.configreader [1]: INFO Loading configs for action.d/cloudflare-apiv4 under /etc/fail2ban
2022-03-20 12:32:31,970 fail2ban.configparserinc[1]: INFO Loading files: ['/etc/fail2ban/action.d/cloudflare-apiv4.conf']
2022-03-20 12:32:31,971 fail2ban.configparserinc[1]: INFO Loading files: ['/etc/fail2ban/action.d/cloudflare-apiv4.conf']
2022-03-20 12:32:31,973 fail2ban.jailreader [1]: NOTICE No file(s) found for glob /log/npm/default-host_access.log
2022-03-20 12:32:31,974 fail2ban.jailreader [1]: NOTICE No file(s) found for glob /log/npm/proxy-host-*_access.log
2022-03-20 12:32:31,974 fail2ban.jailreader [1]: NOTICE No file(s) found for glob /log/npm/proxy-host-*_error.log
2022-03-20 12:32:31,975 fail2ban [1]: ERROR Failed during configuration: Have not found any log file for npm-docker jail
2022-03-20 12:32:31,977 fail2ban [1]: ERROR Async configuration of server failed
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/fail2ban/client/fail2banserver.py", line 189, in start
raise ServerExecutionException('Async configuration of server failed')
fail2ban.client.fail2bancmdline.ServerExecutionException: Async configuration of server failed
any thoughts?

hi, i did what you did, but i got this message, when i tried to acess my subdomain NET::ERR_CERT_AUTHORITY_INVALID