this post was submitted on 20 Oct 2023
1 points (100.0% liked)

Self-Hosted Main

593 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 2 years ago
MODERATORS
communick@selfhosted.forum
1
Reverse proxy Set-Up (alien.top)
submitted 2 years ago by Ancient_Station1590@alien.top to c/main@selfhosted.forum
1 comments fedilink hide all child comments
 

Hi all,

the last week I tried to set-up a reverse proxy for SSL/TLS certificate without open any ports(no port forwoarding).

I got a domain [mydomain.com] on namecheap and I'm using cloduflare for DNS.

In cloduflare I have set-up the following DNS record:

Type Name Content Proxy Status
A ddns MyPublicIPAddress DSN only
CNAME * mydomain.com DSN only

In PFSenese I have set-up in: Services/DynamicDNS a client:

  • Service Type: Cloudflare
  • Interface to monitor: WAN
  • Hostname: ddns.mydomain.com
  • Cloudflare Proxy: Un-check
  • Username: zoneID (found in cloduflare)
  • Password: API Key ( token create with DNS Zone Edit permissions)

Everything until now is working fine couse the IP that I get at https://whatismyipaddress.com/ is the same that i get both in PFSense and Cloduflare

After that I have set-up NginxProxyManger in docker (port 80, 443, 81) and add an SSL Certificate with DNS challange:

  • Domain Names: *.mydomain.com
  • Use a DNS Challange: Check
  • DNS Provider: Cloduflare
  • dns_cloudflare_api_token = MyApiToken (same Api Token that I have used in PFSense)
  • Propagation Second: 30 (or I get an error)

Also here everything seemed fine to me because I got my certificate for *.mydomain.com

After that in NginxProxyManger I created a ProxyHost:

  • Domain Names: homepage.mydomain.com
  • Scheme: http
  • Forward Hostname/IP: homepageIPAddress (IP of the docker-net of homepage)
  • Forward Port: 3000
  • Chache Assets, Block Common Exploits, Websocket Support: Un-Check
  • SSL section --> SSL Certificate --> *.mydomain.com
  • Forse SSL, HTTP/2 Support: Check

I am using Pi-Hole for local DNS an it's setup like that:

  • Local DNS:
    • A record:
      • Domain: npm.mydomain.com
      • IP: myIPAddress (IP address of the VM where docker run)
    • CNAME record:
      • Domain: homepage.mydomain.com
      • Target: npm.mydomain.com

Setting, DNS:

  • Custom 1: myIPAddress (point to PFsense)
  • Interface settings: Bind only to interface

Now if I surf at: myIPAddress:3000 (IP address of the VM where docker run) I access to my homepage dashboard (with no SSL certificate) but if I surf at homepage.mydomain.com I get: ERR_CONNECTION_TIMED_OUT

In a windows machine if I lunch a tracert at homepage.mydomain.com I get:

  • IPAddress of PFSense DHCP server (gateway)
  • npm.roghouse.com [IPAddress] (IP address of the VM where docker run)

The local DNS in the windows machine point to Pihole

If I surf to npm.mydomain.com from the windows machine I get:

" Congratulations!

You've successfully started the Nginx Proxy Manager.

If you're seeing this site then you're trying to access a host that isn't set up yet.

Log in to the Admin panel to get started."

My scope is to obtain the homepage.mydomain.com with and SSL/TLS certificate

Thanks in advance for your help

top 1 comments
sorted by: hot top controversial new old
[–] thekrautboy@alien.top 1 points 2 years ago

/r/NginxProxyManager exists