Great video this is exactly what I needed to get unstuck! Could you also have used cloudflared tunnels instead of opening the port in your firewall? Then you could throw access rules in front of it for added security.
The issue I had with doing this is that jellyfin/plex will want to transcode the movie because it thinks it’s coming from outside the network. And if you have a slow upload speed, you are limited to that.
Hi! Thanks a lot for the tutorial :) I followed all the steps, but I'm encountering a 'Connection timed out (code 552)' error and I'm not sure how to resolve it :-(. Do you have any idea what might be causing this?
To update you only need to change the tag in the docker compose with the new version and then do a docker compose down, then docker compose up -d, and it will pull the new version, you can get the version tags directly from the npm github, thank you for watching!
@@distrodomain thanks for your reply. As a matter of fact, I was able to update it using Portainer after posting my comment above. However, I still think it would be a great tutorial to have and one that would bring you more views, as I'm sure many people would find it useful. I wasn't able to find much info when I was trying to do this. Even your comment above is not very clear to me, lol, so an actual video guide would be awesome. BTW Awesome channel. Liked and subscribed.
Great video! I've followed all the steps to setup my local home assistant, however I'm getting a 400 error. I can ping successfully my npm but the forwarding part is not working. Any tips?
@@distrodomain thanks for replying to my comment. I was able to figure it out at the end. I needed to add the npm as part of HA config as a trusted proxy, after doing that, it started working.
It's just a different way, and it's more secure too. You don't need to keep port 80 open in your firewall. Some ISPs don't allow you to open port 80. Thank you for watching!
@@distrodomain Does that mean all traffic gets tunneled through their connection, or is that something different? I run a Jellyfin server from home and didn't think I could send all that traffic through their connection.
@@MikeDeVincentis Everything gets proxied through them yes, at home I have a dns sever and a dns record that points to my local server to avoid pulling/pushing to cloudflare for home use, on the go and outside of my local netwok it will pull from cloudflare, it even caches some pictures and other things for faster load.
@@distrodomain Gotcha. I do the same thing but without the proxy from Cloudflare. I share my Jellyfin with my family and it's external using NPM because my understanding was proxying that content was not allowed with Cloudflare. It's a lot of data.
you can use your current public ip, if it changes a lot then you can use a setup with something like dynamic dns, or ducky dns, thank you for watching!
Very nice tut!! Thank you - unfortunately I getting "502 Bad Gateway openresty" errors with google chrome. Does anyone have an idea to solve that problem?
Hi@@distrodomain thanks for replying. My setup: - udmp as router - Raspberry Pi with docker - Pihole+Unbound for DNS (as container) - NPM (as container) Both containers are on the same bridge network and can ping each other. My FQDN is hosted on cloudflare and the certificates are not a problem - I get them via DNS challange.
@@distrodomain Good idea, but it was already on https for my portainer site. But I think I have a solution for now. I took out unbound as my DNS server and chose cloudflare instead. And voila, I couldn't reach my services.... But then I replace the forward host name (name of the Docker container) with the IP of the host and poof, it works. I don't know why the container name technique doesn't work for me, but I prefer IPs anyway. Now I need to clarify why my pihole/unbound config isn't working properly. Thanks again - like your work pretty much :)
@@distrodomain I actually have no clue what's truly wrong as I've tried so many things over the past couple days. I've followed several tutorials and utilized ChatGPT, but still can't figure it out. Essentially I was SSH'ing into the Docker on my NAS to set up a CloudDB data base and ran into issues; to determine if the database was the issue I tried it with Jellyfin and had the same experience. I confirmed my network can find all the associated dockers, I can also ping the Cloudflare server URL, local ips and their open ports, and I've ensured that the firewall on my PC, NAS, and router aren't blocking anything. Both Nginx and Cloudflare were configured as shown in the video. However, the associated domain URL still returns a "failed to connect to host" error.
@@AbyssalSoda are you running docker on bare linux or on something like proxmox, or unraid, are you able to generate a certificate, "failed to connect to host" you get that when you try to navigate to the url?, your firewall rule should be set on your nat connection and forward to the host local ip, from there docker takes over, what do you use for firewall.
@@distrodomain I'm running on UGOS which is a fork of debian used by Ugreen for their NAS lineup. The only difference I could find was the fact I need to use Sudo when pinging jelly.domainname - which could hint at a permissions issue, but I already cleared everything as admin.
@@distrodomain Not sure if you're getting my replies, but to recap again. I am using UGOS a fork of Debian for Ugreen NAS devices, and can generate a certificate just fine. I receive the failed to connect to host when clicking on the url. Firewall/ISP is Verizon.
The process for the proxy sub domain continues to give Internal Error error. However, I was able to get it on another subdomain, I just can't get it for the proxy.
which service won't change, is the serivce you try to secure a regular web server on the backend, sometimes you need to clear chrome cache and relad for it to pick up the cert, thank you for watching!
I've looked into this but haven't found a concrete solution, you can use custom https ports and still use a cert, tho you will need to specify it on your browser like yoursite.com:8080, thank you for watching!
It's simple solution for home use if you don't want to setup a local dns server, but if you are advanced you can setup something like Pi-Hole at home to resolve those ip, or alteratively you can edit your hosts file but it will only work on that device, thank you for watching! :)
All the commands are in the description, thanks for the feedback I'll make sure the commands are more legible on the next videos, thank you for watching!
I followed your whole explanation, but it gives me an error: certbot: error: unrecognized arguments: --dns-cloudflare-credentials /etc/letsencrypt/credentials/credentials-10
Awesome !! I will do this right away!!! thanks for sharing...
Thank you for watching!
Superb.
Thank you! Cheers!
Great video this is exactly what I needed to get unstuck! Could you also have used cloudflared tunnels instead of opening the port in your firewall? Then you could throw access rules in front of it for added security.
Yes exactly that would make the setup even more secure! thank you for watching :)
The issue I had with doing this is that jellyfin/plex will want to transcode the movie because it thinks it’s coming from outside the network. And if you have a slow upload speed, you are limited to that.
Yes for local access I still use just the ip of my server instead of the domain
Thanks for tutorial, in case if we also use pihole as DNS we can add a or cname record right into pihole dns settings right and use that one?
Yes exactly, you setup a canme in piehole that all your local devices will resolve to the local ip, thank you for watching!
Hi! Thanks a lot for the tutorial :) I followed all the steps, but I'm encountering a 'Connection timed out (code 552)' error and I'm not sure how to resolve it :-(. Do you have any idea what might be causing this?
what type of service are you putting behind the proxy is it a regular web server?, thank you for watching!
Great video. Can you create a tutorial on how to update Ngnix Proxy Manager to the latest version? Thank you.
To update you only need to change the tag in the docker compose with the new version and then do a docker compose down, then docker compose up -d, and it will pull the new version, you can get the version tags directly from the npm github, thank you for watching!
@@distrodomain thanks for your reply. As a matter of fact, I was able to update it using Portainer after posting my comment above. However, I still think it would be a great tutorial to have and one that would bring you more views, as I'm sure many people would find it useful. I wasn't able to find much info when I was trying to do this. Even your comment above is not very clear to me, lol, so an actual video guide would be awesome. BTW Awesome channel. Liked and subscribed.
How does this work if you're using your domain for home assistant public access via the cloudflared add on? Would I need a second domain?
You can create a subdomain like home.yourdomain.com and generate a certificate for it, and point it to your puclic ip, thank you for watching!
Great video! I've followed all the steps to setup my local home assistant, however I'm getting a 400 error. I can ping successfully my npm but the forwarding part is not working. Any tips?
try http on the forwarding rule, what ports and protocol is the home assistant container using, thank you for watching
@@distrodomain thanks for replying to my comment. I was able to figure it out at the end. I needed to add the npm as part of HA config as a trusted proxy, after doing that, it started working.
Awesome! I'm glad it works now
Why use the challenge dns with Cloudflare instead of the normal letsencrypt option for SSL? Is that because you're proxying the dns on Cloudflare?
It's just a different way, and it's more secure too. You don't need to keep port 80 open in your firewall. Some ISPs don't allow you to open port 80. Thank you for watching!
@@distrodomain Does that mean all traffic gets tunneled through their connection, or is that something different? I run a Jellyfin server from home and didn't think I could send all that traffic through their connection.
@@MikeDeVincentis Everything gets proxied through them yes, at home I have a dns sever and a dns record that points to my local server to avoid pulling/pushing to cloudflare for home use, on the go and outside of my local netwok it will pull from cloudflare, it even caches some pictures and other things for faster load.
@@distrodomain Gotcha. I do the same thing but without the proxy from Cloudflare. I share my Jellyfin with my family and it's external using NPM because my understanding was proxying that content was not allowed with Cloudflare. It's a lot of data.
so, you also need a PUBLIC STATIC ip? it cost money to have one. Can we use noip?
you can use your current public ip, if it changes a lot then you can use a setup with something like dynamic dns, or ducky dns, thank you for watching!
Very nice tut!! Thank you - unfortunately I getting "502 Bad Gateway openresty" errors with google chrome. Does anyone have an idea to solve that problem?
what service on the back end are you trying to secure with https?, thank you for watching!
Hi@@distrodomain
thanks for replying.
My setup:
- udmp as router
- Raspberry Pi with docker
- Pihole+Unbound for DNS (as container)
- NPM (as container)
Both containers are on the same bridge network and can ping each other.
My FQDN is hosted on cloudflare and the certificates are not a problem - I get them via DNS challange.
maybe the service you trying to secure is using https as scheme, try changing from http to https, in the proxy host
@@distrodomain Good idea, but it was already on https for my portainer site. But I think I have a solution for now. I took out unbound as my DNS server and chose cloudflare instead. And voila, I couldn't reach my services.... But then I replace the forward host name (name of the Docker container) with the IP of the host and poof, it works. I don't know why the container name technique doesn't work for me, but I prefer IPs anyway.
Now I need to clarify why my pihole/unbound config isn't working properly.
Thanks again - like your work pretty much :)
This was so easy, if only it actually worked
What part is not working for you, I might be able to help, thank you for watching
@@distrodomain I actually have no clue what's truly wrong as I've tried so many things over the past couple days. I've followed several tutorials and utilized ChatGPT, but still can't figure it out.
Essentially I was SSH'ing into the Docker on my NAS to set up a CloudDB data base and ran into issues; to determine if the database was the issue I tried it with Jellyfin and had the same experience. I confirmed my network can find all the associated dockers, I can also ping the Cloudflare server URL, local ips and their open ports, and I've ensured that the firewall on my PC, NAS, and router aren't blocking anything. Both Nginx and Cloudflare were configured as shown in the video. However, the associated domain URL still returns a "failed to connect to host" error.
@@AbyssalSoda are you running docker on bare linux or on something like proxmox, or unraid, are you able to generate a certificate, "failed to connect to host" you get that when you try to navigate to the url?, your firewall rule should be set on your nat connection and forward to the host local ip, from there docker takes over, what do you use for firewall.
@@distrodomain I'm running on UGOS which is a fork of debian used by Ugreen for their NAS lineup. The only difference I could find was the fact I need to use Sudo when pinging jelly.domainname - which could hint at a permissions issue, but I already cleared everything as admin.
@@distrodomain Not sure if you're getting my replies, but to recap again. I am using UGOS a fork of Debian for Ugreen NAS devices, and can generate a certificate just fine. I receive the failed to connect to host when clicking on the url. Firewall/ISP is Verizon.
Another helpful video, thanks man!!
No problem, thank you for watching!
The process for the proxy sub domain continues to give Internal Error error. However, I was able to get it on another subdomain, I just can't get it for the proxy.
to secure the proxy itself?, thank you for watching! :)
won't change to secure, maybe its my docker name for nginx which is nginxproxymanager.
any ideas?
thx for the video
which service won't change, is the serivce you try to secure a regular web server on the backend, sometimes you need to clear chrome cache and relad for it to pick up the cert, thank you for watching!
@@distrodomain nginx proxy manager web page won't show secure, after following your tutorial on either firefox or chrome
are you using http as scheme and port 81 to redirect, what error do you get on chrome if you look at the certificate
thank you
Thank you for watching!
Thanks!
I'm glad it was helpful! thank you for watching!
Is there a way to secure an exposed streamed tcp port?
I've looked into this but haven't found a concrete solution, you can use custom https ports and still use a cert, tho you will need to specify it on your browser like yoursite.com:8080, thank you for watching!
what about other network like other device that same subnet with host ? how to forward to that.
You can use the ip of that device instead and It will forward the requests, to that ip, Thank You for watching!
Great videos as usual
Thank you for watching!
can we insert API Token only one time ?
At the moment, you need to input once per proxy host, the certs will renew after that.
ice video but why do u need nginx proxy manager if your using cloudflare
Its because nginx proxy manager is the only app that has been opened in the firewall, thus cloudflare can only reach nginx.
Good point, npm will encrypt cloudflare --> you server connections, but yes you could run all of from cloudflare, thank you for watching!
local ip on public dns... why?
It's simple solution for home use if you don't want to setup a local dns server, but if you are advanced you can setup something like Pi-Hole at home to resolve those ip, or alteratively you can edit your hosts file but it will only work on that device, thank you for watching! :)
and for ssl reasons
I could not watch your video becasue the code on your screen is not readable.
All the commands are in the description, thanks for the feedback I'll make sure the commands are more legible on the next videos, thank you for watching!
I followed your whole explanation, but it gives me an error: certbot: error: unrecognized arguments: --dns-cloudflare-credentials /etc/letsencrypt/credentials/credentials-10
Sometimes this happens on some of the docker builds, try changing the version of npm on the docker compose, thank you for watching!