thank you so much. This has helped me configure my home lab system. Im using Casa OS which is behind a Debian12 linux pc as a docker layer for accessing my pics,vids but mainly my minecraft server, and wit this vido it has helped me set up the server with a sercured connection and I couldnt figure out how to get a secure connection for months and this has helped me out big time. I followed other tutorials that had needed cloud flare or a domain that I needed to purchase for this to work and Im so glad that this works just fine with the local DNS and a local connection as I have set up Tailscale to remote connect to my system as it is but even with that and having remote access through Tailscale and then using this to connect to a secure connection, just made things so much easier I appreciate this so very much and I followed in like and subscribed and added this video to my playlist of many homelab tutorials thank you again’ ive been struggling for at least a year.
Thank you so much for the kind words! 😊 I'm really glad to hear that the video helped you get your home lab set up securely without needing extra domains or cloud services. It sounds like you’ve built an awesome setup with Casa OS, Docker, Tailscale, and a secure connection for your Minecraft server. Nice work! It can definitely be tricky to get everything working together, so knowing this video made a difference after a year of trying means a lot. Thanks for the like, subscribe, and for adding it to your playlist! Feel free to reach out if you ever have more questions.
Finally an easy to follow guide, I watch others but it was too complicated for non tech background users like me which use just for media automation etc. Thank you!
You're very welcome! I'm so glad to hear that the instructions helped and everything worked on the first try. I create these videos to help you all, and even if it helped just one of you, that's a huge achievement in my eyes. If you have any more questions or need further assistance, feel free to reach out!
Great question! Duck DNS usually works with your public IP, but in this case, we pointed it to the local IP because everything is running within the local network. Let's Encrypt was still able to issue the SSL certificate because the reverse proxy (Nginx Proxy Manager) handled the domain validation. This way, even though it's on a local IP, Let's Encrypt could resolve and secure it locally. Let me know if you need more clarification or you can also join my discord community (discord.gg/EHcn4knGW4). We can discuss on this.
@@Tech-TheLazyAutomator thanks for your reply but it still does not make any sense. In this instance the duck dns server that will redirect traffic to your home is redirecting to 192.168.x.x aka local address so how is this possible? You are not reachable over the local address
Thank you for your question! I understand how it can be confusing. In this setup, DuckDNS provides a public domain that points to your home’s local IP address. When you access that domain, your home router handles the redirection to your local IP (192.168.x.x) internally. The SSL is generated through Nginx Proxy Manager for secure communication between the client and the server, even though it's ultimately using a local address. If you have more questions or need further clarification, I invite you to join our Discord server! Our community is great and can provide additional guidance.
@@Tech-TheLazyAutomator Thanks for your reply! Yet this is the issue DuckDNS cannot point to your local ip address as that way it would point to EVERYONES local ip address. DuckDNS does require your public ip that than goes to your reverse proxy nginx or traefik that resides inside your network aka the ports need to be open for it to work. this connection DuckDNS-->Local IP 192.168.0.1 (example) is not possible instead its DuckDNS--->PublicIP-->ReverseProxy(selfhosted)-->LocalIP If I am unaware of any gimmic that direct connection without public ip can work i would love to learn! Thanks
You can join my discord community (discord.gg/EHcn4knGW4). I would definitely like to discuss more with you. And we both can learn something new out of this.
In this way, it works on an internet connection with a fixed IP, but how can those who are in CGNAT and use the same IP address on a street do it? For example, my internet output IP address is 97.43.2.5, but it is 10.23.2.4 in the modem interface.
Thank you for your question! In this video, the DNS resolution is handled locally, so there's no need for a public IP address. Even if you're behind CGNAT, it should still work since the DNS lookup occurs within your own network. If you have any more questions or need further clarification, you're welcome to join our Discord server, and we'd be happy to discuss it further!
No, you do not need a public IP address for DuckDNS. Just make sure to use your local IP address when setting up your DuckDNS domain. This setup is sufficient for local access or when using DNS challenges for services like Let's Encrypt.
Sounds like a great idea! If more people show interest in this make sure to comment here, then I’ll definitely plan add it to my list for future videos.
Thanks for sharing your experience! This setup on TrueNAS Scale (Dragonfish) is outside the scope of this video, but yes-exposing ports 80 and 443 is mandatory for Nginx Proxy Manager to work correctly. However, you can change port 81 since it’s just for the web portal. Our growing Discord community (discord.gg/EHcn4knGW4) is very helpful, so feel free to join! They might be able to offer more insights and guide you through it.
First of all, thank you very much for the excellent explanation. I have a question. Is it possible to configure my own www domain to use with Nginx Proxy Manager?
Thank you for the kind words! I'm glad you found the explanation helpful. 😊 Yes, it’s definitely possible to configure your own custom domain with Nginx Proxy Manager. I’m also planning to create videos soon showing how to set it up with a paid, reliable domain, not just with NPM but with other services as well. Stay tuned!
A 502 error on Proxmox usually means something is blocking the connection, so a few things could be at play here. And yes, the NPM host can share the same IP as Proxmox, but it’s a bit tricky! You’ll want to make sure they’re not conflicting on ports. Usually, NPM defaults to port 80/443, so double-check those. Let me know if adjusting the ports helps or if you’re still running into issues! I’m here to help! 😊Also make sure to set the connection as https in npm as proxmox has self-signed certificate. You can check the video.
@@Tech-TheLazyAutomator I think I now understand the 502 error. I need to install Proxmox on my machine and only then proceed with configuring the Nginx Proxy Manager.
You’ve got it! Just to clarify, the 502 error isn't directly related to Proxmox itself. Nginx Proxy Manager runs on Docker, so you can actually use any virtualization platform to host it. Proxmox is a great choice, but it's not a requirement, you can set it up on whatever platform works best for you!
Great video! Thank you. There's one step that seems missing to me. Don't I need to configure the computer or browser to forward the traffic through the nginx proxy? Otherwise how does the browser know where to go? I'm a noob in this field so maybe this question does not make sense. Thank you for hour help.
Thanks a lot for the feedback and great question! Actually, you don't need to configure the computer or browser manually for traffic forwarding. The browser automatically knows where to go because when you set up the local server IP Address from DuckDNS. Even the domain is being resolved globally but it is pointed a local IP address. If you're still unsure or need clarification, feel free to ask-happy to help! You can join my discord community (discord.gg/EHcn4knGW4).
When you use it only, everything is passing via port 80 and 443 then distributed via NGINX. When on LAN, I'm not too sure. The domain name is rooting to the local IP, so maybe something similar. I've currently issue doing the same as the video: SSL cert is working, domain is working, NGINX also, but can't connect to the various services...
You're definitely on the right track! If you're having trouble connecting to specific services, there might be some small config detail that needs tweaking. And if you need any extra help, feel free to join our Discord server. We’d be happy to help you troubleshoot!
You're welcome! 😊 I'm really glad I could help and the Proxmox installation video covered what you needed. Thanks for your request. It was a great idea! Feel free to reach out if you need anything else!
Thank you very much for this great video but I have a quick question. I have another container that is utilizing the same ports 80 & 443. Is it possible to use different ports on nginx proxy manager? Thanks!
No, you cannot change the 80 and 443 ports on NGINX Proxy Manager as they are used for http and https. You need to modify it for the other container where you are using it. But you can modify the port 81.
You're very welcome! 😊 If you have any more questions or need further assistance, feel free to join our growing community on Discord (discord.gg/EHcn4knGW4). We'd be happy to help you out there!
Hi, thanks for watching! Yes, it's possible to automate the renewal of Let's Encrypt certificates. I'm not entirely sure if we can automate Nginx Proxy Manager, but it’s definitely possible with Traefik. Stay tuned-I'll be covering that in an upcoming video on how to set it up with Traefik.
@@Tech-TheLazyAutomator Seriously, like, I've been using Open WebUi, which REQUIRES an Https connection in order to use the mic and webcam, and for months, I've been blown away at how difficult it's been to figure out how to install a localhost SSL cert that actually works. I gave up completely on it several times, but decided to give it another shot... after wasting a few hours (again) searchign and trying crap, I fiiiinaaallly come across your video and boom, badaboom, boom! It works. Beautiful. Thanks a ton, sir!
Thank you so much for your kind words! I'm really happy that the video helped you get it working. I know how frustrating SSL setups can be as I myself spent so much time to get this working. So I'm glad it finally solved your issue. If you need any more help, feel free to reach out anytime!
This setup isn't an alternative to Cloudflared Tunnel. It’s designed for use on your local network, meaning you can't access it outside your network. The purpose here is to provide a domain for your local services, with SSL protection using Nginx Proxy Manager, but it's all within your local environment.
@@Tech-TheLazyAutomatorSo my question is how to combine the two. I want to be able to set up Nextcloud on one domain and be able to use it on my laptop remotely but also keep the traffic on-LAN if I'm at home. I suspect that cloudflared is running data out and back in over WAN. My best guess is to set up a DNS server (pihole etc) locally that points the domain to the local IP and set that pihole instance as the DNS server in my router. Does that make sense?
You’re on the right track. Setting up a local DNS server like Pi-hole and pointing your domain to the local IP for LAN traffic makes sense and will be the right approach for what you're trying to achieve. It will keep the traffic local.
Modern browsers often flag sites without SSL as 'Not Secure,' even on LAN, so using SSL helps avoid that. Also, few services require SSL to function. Without SSL they will not work. Like Home Assistant Voice Assistant, Vault Warden. You can always buy a domain and use cloudflared. But if you need a free SSL with free domain just to experiment or try new things. You can use this approach.
This setup is entirely for local access, so CG NAT won't be an issue here. As long as you're staying within your local network, everything will work smoothly without needing a public IP or worrying about CG NAT.
@@Tech-TheLazyAutomator If you are inside the local network, why you need a domain?. You can access anything with the local IPs anyways. Or you can create a what every domain you wish and add it to your host file.
You're absolutely right! In a local network, you can access devices using local IPs or even add custom domains to your hosts file. However, the focus of this video is on acquiring a domain which is accessible from your entire local network and generating a TLS certificate with Let's Encrypt. There are certainly other ways to approach this. Really appreciate your input, I hope that helps clarify things!
Thanks for the suggestion! Cloudflare Tunnel and SSL on a local network address different scenarios, but it's definitely a great idea to compare them. I’ll make sure to cover that in a future video. Appreciate the comment!
But are you really making anything more secure? Plain text request are now made from the enginex container to http services. It seems that this is just a way to add custom names to devices. Great video by the way.
You're right! Securing everything is complex, and this video covers just a small part of it. I'll tackle vulnerabilities like plain text requests and use of Docker networks in future videos. Stay tuned, and I really appreciate your input!
Plz make a video on How can I connect cloudflare dns without proxy not the tunnel for the love gawd to connect that to tailscale ip into nginx into truenas so everything is local/ no port forward and I can use jellyfin outside my network without breaking cloudflare tos no one shows this everyone shows wack cloudflare tunnel.
Thanks for the suggestion! Could you clarify if you want to use Cloudflare DNS without the proxy or tunnel, and access Jellyfin securely via Tailscale, Nginx, and TrueNAS? Just want to make sure I understand correctly!
@ so from what I seen if you use cloudflare into a a record and don’t proxy and add it to tailscail into Nginx then to Truenas you don’t break cloudflare tos and data limit if you stream jellyfin outside the network this route. If I use just cloudflare tunnel you can potentially get banned because your breaking tos from what I saw. Also with the method I posted nothing is public and it should still not need portfowarding. I just don’t know how to do it I’ve seen a vid on how to set it up but it was with caddy and I rather use Nguni.
Thanks for the feedback, glad you enjoyed the video! 😊 I'll make sure to work on refining the voice and pronunciation in future videos. Appreciate the heads-up on "Nginx" and "TrueNAS". I am trying to fix it but not able to. Thanks for watching and for the helpful comment!
Thanks for the comment! 😊 We’ve actually tried a few different things to get the voice to pronounce "Nginx" correctly, but it’s still not quite working out. Sorry for any distractions, but we’re glad you enjoyed the video! We’ll keep trying to improve it. Thanks for watching and for your support!
You're welcome! 😊 I definitely plan to cover Nextcloud with Docker Compose and Nextcloud HPB in a future video. Stay tuned, and thanks for the suggestion!
Sorry to hear that. No, there is no requirement for port forwarding. You can join my discord server (discord.gg/EHcn4knGW4) and we can check together if we can resolve the issue.
At 3:49, I'm remotely connected to an Ubuntu server using SSH, which might make it look a bit complicated. If you'd like to set up SSH access yourself, you can check out this video for a step-by-step guide: ua-cam.com/video/mY6DwYPDtWI/v-deo.html . Hope that helps!
Thanks. This worked for me. I still do think that port forwarding to NGIX machine of 443 and 80 is required to get the SSL certificate activated. Without that letsencrypt will not get updated etc. I already had NGIX in a docker for accessing externally so it was an easy adaptation. Any idea as to how I could add Unifi UDM pro to this as it does not require port to access and proxy host does not save unless there is a port
Sorry. My comment on needing to open port 80/443 for this to work is incorrect. The DNS challenge method in this video eliminate that need. By bad. This is confirmed by GPT4 AI too. This is a must watch video for all. I spent time and adopted many of local services I have. However if you need NGIX to work externally accessing your servers you still need to open port 443 unless you have a pfSense or OPNsense or similar that has reverse proxy feature as add ons (unifi gear does not have reverse proxy feature). I have closed all my ports today. now I can use VPN when I am outside and still use some of the services like bitwarden that need https access with certificates. this video finally helped me to achieve that. Thanks again
Thank you so much for your comments and for sharing your experience, @sanjeewasamaranayake! I'm glad the video helped, and you were able to adapt it to your setup. You're absolutely right. If you're using a DNS challenge like in this video, opening ports 80/443 isn't necessary. It's great to hear you've managed to close your ports. Sounds like you are having a more secure setup now. I'm happy the video played a part in your solution. Thanks again for the detailed feedback, and I'm sure this will be helpful for others too! 😊
Ok. The downsides of not having DNS records are a) if internet is down you cannot reach to your local servers so have to use IP addresses b) latency -take 2-5secs for what should be resolved instantly. As such I did end up creating DNS recorded in my UDM pro. If you have synology nas it support this and there may be add-on for home assistant and built in features in good routers. Adding these notes so that it may be useful to someone else.
Thank you so much for sharing these insights! Your experience with setting up DNS records on UDM Pro is super helpful, and I’m sure others will appreciate the tips on using Synology NAS or routers with built-in support. If you're interested in diving deeper into this topic or exploring similar setups, feel free to join our Discord community! (discord.gg/EHcn4knGW4). We have ongoing discussions and would love to have you there for further research and brainstorming. Really looking forward to continuing this conversation! 😊
Why was this video set to play at 0.25 instead if normal??? And why (HOW as well) couldn't I change it to normal using the usual option. I eventually found I could use a slide control. WHY? Also you seem to speak perfect english but pronounce NAS as NASH. It's pronounced NASS or NAZ, not NASH.
Haha, sounds like UA-cam threw in a speed challenge for you! Not sure why it started at 0.25x, but glad you found the slider trick. Mystery solved! 😅 And just to clarify, that’s my text-to-speech voice, so I guess it has a mind of its own when it comes to pronunciation! I’ll make sure to adjust it next time. Thanks for keeping me sharp on both speed and pronunciation!
You're very welcome! 😊 I really enjoy chatting with everyone in the comment section, and I'm currently trying to reply to each and every one of you! Your thoughts and feedback mean a lot to me!
Thank you for the compliment! Just to clarify, this isn’t an AI-generated video. I personally scripted everything word by word, and even the voice is normal Text-To-Speech, the content and structure were carefully planned by me. I appreciate the support!
But your reverse proxy connects to the sites via unsecure http protocol and self singned https. It could be easily snifed or tampered, so there is no security improvement at all. You have to setup your own local CA and all the related stuff, including adding your root certificate the nginx proxy and implement cert. rotating logic for all you local services (proxmox, freenas, etc). The other option is to share generated on nginx certificate along all your local services. But its also not secure because you generated astrisk sertificate and if only one of your device will be compromissed the whole network will be compromissed. Also you need to implement a rotating logic in addition. So unfortunately securing local network is not a piece of cake :(
Thank you so much for the insightful comment! You're absolutely right that securing the reverse proxy and local services goes beyond basic HTTPS, and a local CA with proper certificate management would be much more secure than just relying on self-signed certs or wildcard certificates. Implementing a proper cert rotation process is indeed crucial to avoid the potential compromise of the entire network. I'd love to dive deeper into these advanced topics, and it would be great to continue the conversation with you. Feel free to join our Discord server(discord.gg/EHcn4knGW4) - there's a growing community there where we can explore these more complex security setups together. Looking forward to hearing your thoughts!
Yeah, DuckDNS does experience downtime occasionally, but it's worth noting they’re providing a free service, which is amazing. That said, I’m planning to create videos soon on how to achieve the same functionality using a paid, more reliable domain, stay tuned!
Thanks for the feedback! 😊 Glad you liked the tutorial content-I'll take that as a win! And hey, I'll let the AI voice know to tone down its robotic charm next time. 😆 I'll aim to add a bit more ‘human’ touch in future videos. Thanks for watching!
Appreciate the clarification! I'll make sure to nail the pronunciation of Nginx in future videos. Thanks for pointing that out. Always striving to improve, and your feedback helps a lot!
Hey! Good catch on the SSL vs. TLS terminology. Actually, what Let’s Encrypt provides are TLS certificates. They’re technically called “SSL/TLS certificates” because TLS has effectively replaced SSL for secure connections. When people refer to "SSL certificates," it's more out of habit since TLS is the current standard that builds on SSL’s foundation with stronger security protocols. So, you're getting TLS with Let's Encrypt and Nginx Proxy Manager, which is great for modern security standards! Let me know if you have more questions about setting it up!
To enable SSL for Proxmox, use the Proxmox IP address; for TrueNAS, use the TrueNAS IP address. This IP should correspond to the specific service you want to secure with SSL.
thank you so much. This has helped me configure my home lab system. Im using Casa OS which is behind a Debian12 linux pc as a docker layer for accessing my pics,vids but mainly my minecraft server, and wit this vido it has helped me set up the server with a sercured connection and I couldnt figure out how to get a secure connection for months and this has helped me out big time. I followed other tutorials that had needed cloud flare or a domain that I needed to purchase for this to work and Im so glad that this works just fine with the local DNS and a local connection as I have set up Tailscale to remote connect to my system as it is but even with that and having remote access through Tailscale and then using this to connect to a secure connection, just made things so much easier I appreciate this so very much and I followed in like and subscribed and added this video to my playlist of many homelab tutorials thank you again’ ive been struggling for at least a year.
Thank you so much for the kind words! 😊 I'm really glad to hear that the video helped you get your home lab set up securely without needing extra domains or cloud services. It sounds like you’ve built an awesome setup with Casa OS, Docker, Tailscale, and a secure connection for your Minecraft server. Nice work! It can definitely be tricky to get everything working together, so knowing this video made a difference after a year of trying means a lot. Thanks for the like, subscribe, and for adding it to your playlist! Feel free to reach out if you ever have more questions.
Finally an easy to follow guide, I watch others but it was too complicated for non tech background users like me which use just for media automation etc. Thank you!
Thank you so much! I'm really glad to hear you found the guide easy to follow.
Straight to the point and clear. Excellent.
Thanks so much! Glad to hear it was clear and helpful. I appreciate the feedback!
Thank you so much for an excellent video.
Thanks Sir, been struggling getting this going for a week. Worked first try using your instructions.
You're very welcome! I'm so glad to hear that the instructions helped and everything worked on the first try. I create these videos to help you all, and even if it helped just one of you, that's a huge achievement in my eyes. If you have any more questions or need further assistance, feel free to reach out!
Fantastic - 6 weeks I was on SWAG/Authelia, line of code configuration. - 5 min with that video and it is done !
Wow, that's amazing to hear! 🎉Thanks for sharing, and congrats on getting everything up and running! 🚀🙌
Thank you. Excellent demonstration.
Glad you enjoyed it!
wow! you have made secure connection seems easy. thank you!
Thanks so much! Glad I could make the process easier to understand. Let me know if you have any questions or need help with anything else!
This is awesome, thank you!
You're so welcome! 😊
Very good and with details required. Thanks.
You're welcome
Hold on how does duck dns work with local ip? Doesnt it need your public ip address to connect to the server so the lets encrypt will work?
Great question! Duck DNS usually works with your public IP, but in this case, we pointed it to the local IP because everything is running within the local network. Let's Encrypt was still able to issue the SSL certificate because the reverse proxy (Nginx Proxy Manager) handled the domain validation. This way, even though it's on a local IP, Let's Encrypt could resolve and secure it locally. Let me know if you need more clarification or you can also join my discord community (discord.gg/EHcn4knGW4). We can discuss on this.
@@Tech-TheLazyAutomator thanks for your reply but it still does not make any sense.
In this instance the duck dns server that will redirect traffic to your home is redirecting to 192.168.x.x aka local address so how is this possible? You are not reachable over the local address
Thank you for your question! I understand how it can be confusing. In this setup, DuckDNS provides a public domain that points to your home’s local IP address. When you access that domain, your home router handles the redirection to your local IP (192.168.x.x) internally. The SSL is generated through Nginx Proxy Manager for secure communication between the client and the server, even though it's ultimately using a local address.
If you have more questions or need further clarification, I invite you to join our Discord server! Our community is great and can provide additional guidance.
@@Tech-TheLazyAutomator Thanks for your reply! Yet this is the issue DuckDNS cannot point to your local ip address as that way it would point to EVERYONES local ip address.
DuckDNS does require your public ip that than goes to your reverse proxy nginx or traefik that resides inside your network aka the ports need to be open for it to work.
this connection DuckDNS-->Local IP 192.168.0.1 (example) is not possible instead its DuckDNS--->PublicIP-->ReverseProxy(selfhosted)-->LocalIP
If I am unaware of any gimmic that direct connection without public ip can work i would love to learn!
Thanks
You can join my discord community (discord.gg/EHcn4knGW4). I would definitely like to discuss more with you. And we both can learn something new out of this.
In this way, it works on an internet connection with a fixed IP, but how can those who are in CGNAT and use the same IP address on a street do it? For example, my internet output IP address is 97.43.2.5, but it is 10.23.2.4 in the modem interface.
Thank you for your question! In this video, the DNS resolution is handled locally, so there's no need for a public IP address. Even if you're behind CGNAT, it should still work since the DNS lookup occurs within your own network. If you have any more questions or need further clarification, you're welcome to join our Discord server, and we'd be happy to discuss it further!
Excellent tutorial
Thank you! So glad you enjoyed the it.
So excellent explanation
Happy to hear that!
Do you need to have public ip address for duckdns? Dns challenge?
No, you do not need a public IP address for DuckDNS. Just make sure to use your local IP address when setting up your DuckDNS domain. This setup is sufficient for local access or when using DNS challenges for services like Let's Encrypt.
Great detailed video. Thanks sir❤😊
You're very welcome! I'm glad you found the video helpful 😊. Thanks for watching and supporting the channel! ❤
It have auto renew SSL?
How to install and running Paperless-ngx on lecal using this method?
Sounds like a great idea! If more people show interest in this make sure to comment here, then I’ll definitely plan add it to my list for future videos.
@Tech-TheLazyAutomator definitely✨✈️
Really appreciate your inputs!
@@Tech-TheLazyAutomator your welcome, I'm glad to find your videos. I'm happy watching it ✨🙏🏽 such a gem
Thank you so much for your kind words! 😊🙏🏽 It means a lot to me that you’re enjoying the videos. Your support keeps me motivated to create more! ✨💎
Bro, loving the videos! Very professional! Could you please share how you make them? Please make a tutorial.
Maybe one day!
Swag with Tailscale integration can run together with ngm? Ngm for internal, swag for external
Absolutely! You can run SWAG with Tailscale alongside NPM without issues. Just use NPM for internal routing and SWAG for external access.
I tried this on trunas scale (Dragaonfish) but was unsucceful , is it mandatory to assign port 80 ,81,443 to NPM ?
Thanks for sharing your experience! This setup on TrueNAS Scale (Dragonfish) is outside the scope of this video, but yes-exposing ports 80 and 443 is mandatory for Nginx Proxy Manager to work correctly. However, you can change port 81 since it’s just for the web portal. Our growing Discord community (discord.gg/EHcn4knGW4) is very helpful, so feel free to join! They might be able to offer more insights and guide you through it.
First of all, thank you very much for the excellent explanation.
I have a question. Is it possible to configure my own www domain to use with Nginx Proxy Manager?
Thank you for the kind words! I'm glad you found the explanation helpful. 😊 Yes, it’s definitely possible to configure your own custom domain with Nginx Proxy Manager. I’m also planning to create videos soon showing how to set it up with a paid, reliable domain, not just with NPM but with other services as well. Stay tuned!
"I’m having trouble creating the Proxmox host, as it’s returning a 502 error. Can the NPM host have the same IP address?"
A 502 error on Proxmox usually means something is blocking the connection, so a few things could be at play here. And yes, the NPM host can share the same IP as Proxmox, but it’s a bit tricky! You’ll want to make sure they’re not conflicting on ports. Usually, NPM defaults to port 80/443, so double-check those. Let me know if adjusting the ports helps or if you’re still running into issues! I’m here to help! 😊Also make sure to set the connection as https in npm as proxmox has self-signed certificate. You can check the video.
@@Tech-TheLazyAutomator I think I now understand the 502 error. I need to install Proxmox on my machine and only then proceed with configuring the Nginx Proxy Manager.
You’ve got it! Just to clarify, the 502 error isn't directly related to Proxmox itself. Nginx Proxy Manager runs on Docker, so you can actually use any virtualization platform to host it. Proxmox is a great choice, but it's not a requirement, you can set it up on whatever platform works best for you!
Great video!
Thank you.
There's one step that seems missing to me. Don't I need to configure the computer or browser to forward the traffic through the nginx proxy?
Otherwise how does the browser know where to go?
I'm a noob in this field so maybe this question does not make sense.
Thank you for hour help.
Thanks a lot for the feedback and great question! Actually, you don't need to configure the computer or browser manually for traffic forwarding. The browser automatically knows where to go because when you set up the local server IP Address from DuckDNS. Even the domain is being resolved globally but it is pointed a local IP address. If you're still unsure or need clarification, feel free to ask-happy to help! You can join my discord community (discord.gg/EHcn4knGW4).
When you use it only, everything is passing via port 80 and 443 then distributed via NGINX. When on LAN, I'm not too sure. The domain name is rooting to the local IP, so maybe something similar. I've currently issue doing the same as the video: SSL cert is working, domain is working, NGINX also, but can't connect to the various services...
You're definitely on the right track! If you're having trouble connecting to specific services, there might be some small config detail that needs tweaking. And if you need any extra help, feel free to join our Discord server. We’d be happy to help you troubleshoot!
Hi bro.
Love your videos.
Maybe you can share about installation of proxmox
So glad you’re enjoying the videos! Proxmox installation is coming up soon-stay tuned!
@Tech-TheLazyAutomator thanks you bro..
Success for you 👍🏻👍🏻👍🏻
Thank you so much! I really appreciate the support.
Thanks you bro, you realized my requests 😊😊@Tech-TheLazyAutomator
You're welcome! 😊 I'm really glad I could help and the Proxmox installation video covered what you needed. Thanks for your request. It was a great idea! Feel free to reach out if you need anything else!
Thank you very much for this great video but I have a quick question. I have another container that is utilizing the same ports 80 & 443. Is it possible to use different ports on nginx proxy manager? Thanks!
No, you cannot change the 80 and 443 ports on NGINX Proxy Manager as they are used for http and https. You need to modify it for the other container where you are using it. But you can modify the port 81.
@@Tech-TheLazyAutomator Thank you very much for the info ℹ️
You're very welcome! 😊 If you have any more questions or need further assistance, feel free to join our growing community on Discord (discord.gg/EHcn4knGW4). We'd be happy to help you out there!
hi sir tks for the tutorial....sorry is possible to automate the renew of lets encrypt certifucate?
Hi, thanks for watching! Yes, it's possible to automate the renewal of Let's Encrypt certificates. I'm not entirely sure if we can automate Nginx Proxy Manager, but it’s definitely possible with Traefik. Stay tuned-I'll be covering that in an upcoming video on how to set it up with Traefik.
💪
💪 Appreciate the support!
What if you have services on coule of devices/pc and each device has different IP?
You can mention it in the IP address field. You can check the video for reference, Proxmox and TrueNAS has different IP Address.
Amazing❤
Thanks for the awesome feedback. 😊
Sir can you create video on hfs rejetto with same process
Thank you for the suggestion! I'll definitely note it down as an idea for future videos. Stay tuned, and I appreciate your input!
GOLD!
Glad you think so! Thanks for the support!
@@Tech-TheLazyAutomator Seriously, like, I've been using Open WebUi, which REQUIRES an Https connection in order to use the mic and webcam, and for months, I've been blown away at how difficult it's been to figure out how to install a localhost SSL cert that actually works. I gave up completely on it several times, but decided to give it another shot... after wasting a few hours (again) searchign and trying crap, I fiiiinaaallly come across your video and boom, badaboom, boom! It works. Beautiful. Thanks a ton, sir!
Thank you so much for your kind words! I'm really happy that the video helped you get it working. I know how frustrating SSL setups can be as I myself spent so much time to get this working. So I'm glad it finally solved your issue. If you need any more help, feel free to reach out anytime!
is this better than cloudflared tunnel?
This setup isn't an alternative to Cloudflared Tunnel. It’s designed for use on your local network, meaning you can't access it outside your network. The purpose here is to provide a domain for your local services, with SSL protection using Nginx Proxy Manager, but it's all within your local environment.
@@Tech-TheLazyAutomator got it, gen question why you need ssl for local? i understand if change ips into domain make it easier.
@@Tech-TheLazyAutomatorSo my question is how to combine the two. I want to be able to set up Nextcloud on one domain and be able to use it on my laptop remotely but also keep the traffic on-LAN if I'm at home. I suspect that cloudflared is running data out and back in over WAN.
My best guess is to set up a DNS server (pihole etc) locally that points the domain to the local IP and set that pihole instance as the DNS server in my router. Does that make sense?
You’re on the right track. Setting up a local DNS server like Pi-hole and pointing your domain to the local IP for LAN traffic makes sense and will be the right approach for what you're trying to achieve. It will keep the traffic local.
Modern browsers often flag sites without SSL as 'Not Secure,' even on LAN, so using SSL helps avoid that. Also, few services require SSL to function. Without SSL they will not work. Like Home Assistant Voice Assistant, Vault Warden. You can always buy a domain and use cloudflared. But if you need a free SSL with free domain just to experiment or try new things. You can use this approach.
CG NAT put by ISP: Allow me to introduce myself here.
This setup is entirely for local access, so CG NAT won't be an issue here. As long as you're staying within your local network, everything will work smoothly without needing a public IP or worrying about CG NAT.
@@Tech-TheLazyAutomator If you are inside the local network, why you need a domain?. You can access anything with the local IPs anyways. Or you can create a what every domain you wish and add it to your host file.
You're absolutely right! In a local network, you can access devices using local IPs or even add custom domains to your hosts file. However, the focus of this video is on acquiring a domain which is accessible from your entire local network and generating a TLS certificate with Let's Encrypt. There are certainly other ways to approach this. Really appreciate your input, I hope that helps clarify things!
Not able to add the ssl certificate after following this guide. Please let me know how to resolve.
Sorry to hear that. You can join my discord server (discord.gg/EHcn4knGW4) and we can discuss more on the issue and try to resolve it.
Creating the certificate doesn't work for me either. I have even set the propagation to 100 seconds, but it cancels with the same error.
Sorry to hear that. You can join my discord server (discord.gg/EHcn4knGW4) and we can discuss more on the issue and try to resolve it.
Then go even higher like 160..
Yes, we can try it as well.
how about compare with cloudflare tunnel?
Thanks for the suggestion! Cloudflare Tunnel and SSL on a local network address different scenarios, but it's definitely a great idea to compare them. I’ll make sure to cover that in a future video. Appreciate the comment!
Yes cloudflare tunnel is easy to use to, i am already use the cloudflare tunnel to, its can run on multiple os even already have docker
Absolutely! Cloudflare Tunnel is such a great tool for simplifying access, and it's awesome to hear you're using it too! Thanks for sharing!
But are you really making anything more secure? Plain text request are now made from the enginex container to http services. It seems that this is just a way to add custom names to devices.
Great video by the way.
You're right! Securing everything is complex, and this video covers just a small part of it. I'll tackle vulnerabilities like plain text requests and use of Docker networks in future videos. Stay tuned, and I really appreciate your input!
Perfect 👍❤
Thanks 😄
After 5 minutes the static private ip updates to the public ip again. How to solve this?
Are you using DDNS for duckdns? This should not happen unless you are using DDNS service to dynamically update the IP address.
@@Tech-TheLazyAutomator no, I’m not using ddns, but my raspberry pi has a private static IP.
You can join my discord server (discord.gg/EHcn4knGW4) and we can discuss more on the issue and try to resolve it.
use ddns or create container for it ;)
@@mariuszzawierucha1310 thanks, I’ll try that solution. If I pull this off, I’ll post here. 😊
Plz make a video on How can I connect cloudflare dns without proxy not the tunnel for the love gawd to connect that to tailscale ip into nginx into truenas so everything is local/ no port forward and I can use jellyfin outside my network without breaking cloudflare tos no one shows this everyone shows wack cloudflare tunnel.
Thanks for the suggestion! Could you clarify if you want to use Cloudflare DNS without the proxy or tunnel, and access Jellyfin securely via Tailscale, Nginx, and TrueNAS? Just want to make sure I understand correctly!
@ so from what I seen if you use cloudflare into a a record and don’t proxy and add it to tailscail into Nginx then to Truenas you don’t break cloudflare tos and data limit if you stream jellyfin outside the network this route. If I use just cloudflare tunnel you can potentially get banned because your breaking tos from what I saw. Also with the method I posted nothing is public and it should still not need portfowarding. I just don’t know how to do it I’ve seen a vid on how to set it up but it was with caddy and I rather use Nguni.
Nice video.
Too bad the AI voice is otherwise distracting; "En Gee Eye En Ex" and "TrueNASH," anyone? 🙂
Thanks for the feedback, glad you enjoyed the video! 😊 I'll make sure to work on refining the voice and pronunciation in future videos. Appreciate the heads-up on "Nginx" and "TrueNAS". I am trying to fix it but not able to. Thanks for watching and for the helpful comment!
You can just type it out like "engine x" =) Thanks for the video!
Thanks for the comment! 😊 We’ve actually tried a few different things to get the voice to pronounce "Nginx" correctly, but it’s still not quite working out. Sorry for any distractions, but we’re glad you enjoyed the video! We’ll keep trying to improve it. Thanks for watching and for your support!
@@Tech-TheLazyAutomator - How about just using a human to read the script? 🤔
I appreciate your suggestion! Will give it some thought for sure.
Thanks.please, nextcloud docker compose. And nextcloud hpb. 😊
You're welcome! 😊 I definitely plan to cover Nextcloud with Docker Compose and Nextcloud HPB in a future video. Stay tuned, and thanks for the suggestion!
Sorry I just can't get the certificate part to authorise.
No port forwarding is needed for this is there.? Thanks
Sorry to hear that. No, there is no requirement for port forwarding. You can join my discord server (discord.gg/EHcn4knGW4) and we can check together if we can resolve the issue.
3:49 very complicated
At 3:49, I'm remotely connected to an Ubuntu server using SSH, which might make it look a bit complicated. If you'd like to set up SSH access yourself, you can check out this video for a step-by-step guide: ua-cam.com/video/mY6DwYPDtWI/v-deo.html . Hope that helps!
Thank you
You're welcome. Happy to help!
Thanks. This worked for me. I still do think that port forwarding to NGIX machine of 443 and 80 is required to get the SSL certificate activated. Without that letsencrypt will not get updated etc. I already had NGIX in a docker for accessing externally so it was an easy adaptation. Any idea as to how I could add Unifi UDM pro to this as it does not require port to access and proxy host does not save unless there is a port
ok. port 443 worked for UDM pro with https
Sorry. My comment on needing to open port 80/443 for this to work is incorrect. The DNS challenge method in this video eliminate that need. By bad. This is confirmed by GPT4 AI too. This is a must watch video for all. I spent time and adopted many of local services I have. However if you need NGIX to work externally accessing your servers you still need to open port 443 unless you have a pfSense or OPNsense or similar that has reverse proxy feature as add ons (unifi gear does not have reverse proxy feature). I have closed all my ports today. now I can use VPN when I am outside and still use some of the services like bitwarden that need https access with certificates. this video finally helped me to achieve that. Thanks again
Thank you so much for your comments and for sharing your experience, @sanjeewasamaranayake! I'm glad the video helped, and you were able to adapt it to your setup.
You're absolutely right. If you're using a DNS challenge like in this video, opening ports 80/443 isn't necessary. It's great to hear you've managed to close your ports. Sounds like you are having a more secure setup now. I'm happy the video played a part in your solution.
Thanks again for the detailed feedback, and I'm sure this will be helpful for others too! 😊
Ok. The downsides of not having DNS records are a) if internet is down you cannot reach to your local servers so have to use IP addresses b) latency -take 2-5secs for what should be resolved instantly. As such I did end up creating DNS recorded in my UDM pro. If you have synology nas it support this and there may be add-on for home assistant and built in features in good routers. Adding these notes so that it may be useful to someone else.
Thank you so much for sharing these insights! Your experience with setting up DNS records on UDM Pro is super helpful, and I’m sure others will appreciate the tips on using Synology NAS or routers with built-in support. If you're interested in diving deeper into this topic or exploring similar setups, feel free to join our Discord community! (discord.gg/EHcn4knGW4). We have ongoing discussions and would love to have you there for further research and brainstorming. Really looking forward to continuing this conversation! 😊
Why was this video set to play at 0.25 instead if normal??? And why (HOW as well) couldn't I change it to normal using the usual option. I eventually found I could use a slide control. WHY?
Also you seem to speak perfect english but pronounce NAS as NASH. It's pronounced NASS or NAZ, not NASH.
Haha, sounds like UA-cam threw in a speed challenge for you! Not sure why it started at 0.25x, but glad you found the slider trick. Mystery solved! 😅 And just to clarify, that’s my text-to-speech voice, so I guess it has a mind of its own when it comes to pronunciation! I’ll make sure to adjust it next time. Thanks for keeping me sharp on both speed and pronunciation!
@@Tech-TheLazyAutomator Thanks for the reply!
You're very welcome! 😊 I really enjoy chatting with everyone in the comment section, and I'm currently trying to reply to each and every one of you! Your thoughts and feedback mean a lot to me!
Nginx is pronounced "engine X" by the way
Thanks for the correction! I’ll remember it.
Pretty good for an AI video.
Thank you for the compliment! Just to clarify, this isn’t an AI-generated video. I personally scripted everything word by word, and even the voice is normal Text-To-Speech, the content and structure were carefully planned by me. I appreciate the support!
But your reverse proxy connects to the sites via unsecure http protocol and self singned https. It could be easily snifed or tampered, so there is no security improvement at all. You have to setup your own local CA and all the related stuff, including adding your root certificate the nginx proxy and implement cert. rotating logic for all you local services (proxmox, freenas, etc).
The other option is to share generated on nginx certificate along all your local services. But its also not secure because you generated astrisk sertificate and if only one of your device will be compromissed the whole network will be compromissed. Also you need to implement a rotating logic in addition.
So unfortunately securing local network is not a piece of cake :(
Thank you so much for the insightful comment! You're absolutely right that securing the reverse proxy and local services goes beyond basic HTTPS, and a local CA with proper certificate management would be much more secure than just relying on self-signed certs or wildcard certificates. Implementing a proper cert rotation process is indeed crucial to avoid the potential compromise of the entire network.
I'd love to dive deeper into these advanced topics, and it would be great to continue the conversation with you. Feel free to join our Discord server(discord.gg/EHcn4knGW4) - there's a growing community there where we can explore these more complex security setups together. Looking forward to hearing your thoughts!
Duckdns is down bro.
Yeah, DuckDNS does experience downtime occasionally, but it's worth noting they’re providing a free service, which is amazing. That said, I’m planning to create videos soon on how to achieve the same functionality using a paid, more reliable domain, stay tuned!
Decent tutorial but the AI voice ruins it.
Thanks for the feedback! 😊 Glad you liked the tutorial content-I'll take that as a win! And hey, I'll let the AI voice know to tone down its robotic charm next time. 😆 I'll aim to add a bit more ‘human’ touch in future videos. Thanks for watching!
@@Tech-TheLazyAutomator It’s mainly the pronunciation of Nginx that breaks the immersion.
Appreciate the clarification! I'll make sure to nail the pronunciation of Nginx in future videos. Thanks for pointing that out. Always striving to improve, and your feedback helps a lot!
Eww SSL. If it ain’t TLS then I dont want it
Hey! Good catch on the SSL vs. TLS terminology. Actually, what Let’s Encrypt provides are TLS certificates. They’re technically called “SSL/TLS certificates” because TLS has effectively replaced SSL for secure connections. When people refer to "SSL certificates," it's more out of habit since TLS is the current standard that builds on SSL’s foundation with stronger security protocols. So, you're getting TLS with Let's Encrypt and Nginx Proxy Manager, which is great for modern security standards!
Let me know if you have more questions about setting it up!
in the "new proxy host", field "forward hostname /IP" is ip of my debian server or what ??
"forward hostname /IP" field is the ip address of the service you want to use SSL for.
@@Tech-TheLazyAutomator you mean like an ip adress from my DHCP server range on my router ??
To enable SSL for Proxmox, use the Proxmox IP address; for TrueNAS, use the TrueNAS IP address. This IP should correspond to the specific service you want to secure with SSL.