Just got it, Your videos of higher level stuff are great, these kinds of things never get videos. I guess because the documentation is so good now days, but as much as I love this stuff I don't have the time to tinker and learn what I don't know, so the info is very useful. The critique was one I received in the past for flight instruction, when you love something you love to share the knowledge, but sometimes we can turn into a firehouse of info :D From my comments you can see it is a hard habit to break, hah
Finally. I’ve been looking for a straightforward explanation and how-to for this. Just enough information, demonstration, and without getting too far into the weeds. It’s rare to find this in home lab content anymore. Creators often want to show off every little bit of configuration, tech knowledge, along with all their bells and whistles (“I use this that, and docker, and docker, and docker” etc), while ignoring why most people are watching the content to begin with. Just tell me how it works and what the buttons do lol.
Thanks for the great guide! 🙌 It helped me recover my Nginx Proxy Manager setup on Unraid. Quick tip for others: If you're using Cloudflare, temporarily disable the orange cloud (proxy) to avoid SSL handshake issues when issuing Let’s Encrypt certificates. Once done, re-enable it and switch to Full (Strict) SSL mode. This step tripped me up, but your video saved me a lot of time-appreciate it!
I may have lost a few details such as: 1) Network Type: Custom @ 5:20 --> How do you set it up? Is it needed? What's the difference to not using it (in terms of settings/upsides/downsides)? 2) What if I don't have a domain and therefore I can't set cloudflare @14:00 ? I just have a DynDNS pointing to my public IP that I will not really give out
1. Just keep the network type the same as whatever you are using it for. So whichever apps you plan on making "public" and NGINX should be on the same one. If that's confusing (cuz it is for me too) just leave it on bridged. 2. In order for you to be able to access anything externally without using a vpn tunnel such as wireguard/openvpn you will need to register a domain. they can be had for pretty cheap from various sources. mine costs me $12 a year. I've seen some for less but $12 is pretty standard. I know you probably already found your answers a long time ago but if anyone else comes along and has the same questions, ya know. I just learned how to do all of this roughly an hour ago but it's all piecing together quite nicely. I only have one service that I have pointing externally but I'm sure that'll change in the future and I'll end up running into more issues.
Thanks for the video & documentation, finally got it working after moving from SWAG. For anyone having trouble with getting the certificates issued. It could be that in Cloudlfare the proxy is on while the cert hasn't been issued yet. Turning the proxy off allowed me to request a cert after which I could enable cloudflare's proxy once again.
I've spent probably 10-15 hours trying to get swag and cloudflare working. The reasons you described fit me to a T. I was successful with your guide and I really appreciate it. +1 sub!
This is a life saver. Also, I'd like to highlight, in case with some people, at the end of the process, the domain opens not private page or the router's page, they should check their new domain on some other network to see if it's working or not. They can also connect to a VPN and then check on their network too.
Thanks, man! I am running nginx on Truenas, so I had to change values to fit my set up. But I got it working in the end. Took two days and having this video up on a second monitor. Only issue I’m having now is the site will only load in Chrome, not Safari.
For those getting "internal error" and other issues, I found switching the container from custom to bridge actually fixed my problems, after temporarily disabling the proxy slider on cloudflare. Got SSL from Let's Encrypt working now.
This... though in the video he does briefly explain that having a custom network type lets apps communicate with each other on their own network. So any apps that you are trying to open a proxy to should be on the same custom network. If all of your apps are on Bridge then changing NGINX to bridge is the only way it can see any of your other apps/ports.
Did the video "skip" or did I miss something? At around the 14 minute mark you add a cname of "proxy" but then do nothing else with it. Are we to add that somewhere in nginx?
Great video and nice for some updated videos, while space invaders video are very good some are now getting outdated especially if your new to unraid like me thanks again
Hi Nigel, you are correct and technology changes often so staying on the forefront is critical to do justice to our users as well as unRAID who constantly improve their platform. Thanks for tuning in and hope to share more soon
Seriously great video I have done everything and am losing my mind. Each time I try to create a proxy host it fails saying "Internal Error". I have tried so many things and now have a Cloudflare account with a domain that I am not using because I can't figure out these issues. Would it be possible to do a follow up video maybe with some trouble shooting along the way?
IF YOU ARE GETTING "INTERNAL ERROR"... try disabling "proxied" for your CNAME record in cloudflare, then try again. It should work. At this point, reenable the proxied toggle and everything should work fine.
Great video, very helpful! Quick question (noob here): At 15:55 what do you mean by create your admin account and set it up all the way before accessing remotely?
I was with you right up until the SSL cert part. I click [Save], it thinks a moment, then I get a generic "Internal Error" banner in red across the top of the dialog. Any idea how to proceed?
If you're using Let's Encrypt then often this means LetsEncrypt is unable to verify your domain so it fails. We prefer using Cloudlfare origin certificates for this. Also, worth checking the logs when that error appears to help you figure out why. Otherwise, the method is definitely still working.
I’d be really interested to know more about the custom bridge mode you set up for the network. It seems you prefer the custom one over just “bridge” so it would be great to know why and how to set that up! :)
How do you have your content empty at 14:12 when setting the www and @ for cloudflare? I'm prompted to use the server IP and unable to proxy it cause it isn't externally facing
Hey mate, good to hear an aussie accent on these tutorials. Hoping you can help if you have time. I have set up successfully with sonnarr and radarr. Seems to have no problem with other unraid dockers, but going to docker or web server on another VM is an issue. Currently having issues with a self hosted HUDU install. Works fine by direct IP or port forwarded to direct IP. Soon as I port forward to NPM I get redirect issues. Hudu has SSL (letsencrupt) built in so I have tried turning it off in NPM and various other configs that don't seem to work.
More info: Using Bridge network. If I select SSL-none I get http2 protocol error, and if I select SSL and ony check HTTP2 support I get too many redirects. Have also played with site config files and 'custom locations'. I spent weeks (maybe more) trying to build a reverse proxy server a couple of years ago and gave up. Really would like to get this working so I can host more than one thing. Any help is greatly appreciated. Even pointing me towards another vid or some conscise docs.
@@notoryous2 Yes mate. Turns out I had completely missed a couple of settings. Scheme - HTTPS instead of HTTP and make sure the port is also correct... not always 80 or 443.
I cannot get the DNS and Cloudflare part to work. I have my DNS switched to use CLoudflare now and I get a 552 error when trying to navigate to the cname record I have configured. Now I am sure I am just missing something important. I have an A record that points to my external IP then a CNAME record pointing to that A record. The rest of the config is the same as the video. Do I need to have the docker containers I want to forward to also on a private network within UnRaid? Any guidance is appreciated.
Flawless. Amazing. Got it working across a few subdomains/containers really great... But for some reason I cant get an SSL for Jellyfin ("Internal Error" in NGINX when I try and create the proxy host) and can't get it to work without it either... Hmmm... Gonna have to keep digging.
IMPORTANT NOTE FOR FELLOW AUSSIES: One potential issue is your ISP blocking ports 443 and 80. Im with Aussie BB and they do indeed block them, a simple call to support gets them unblocked (also get out of cgnat as well if you haven't already). Took me 3 days of hair pulling to figure that out.
The next challenge is how to go about setting this up using non-standard ports!! DNS TXT records is one way but I have not figured out how to do this with the UnRaid container
Use the CloudFlare tunnel and avoid ports all together (we did a video on it) Otherwise 80 443 can be forwarded to a different port as long as that is what you set in the container for NPM
Why would you port forward the entire unraid server and not just that single docker container? Shouldn't it show up as its own host on your network that you port forward?
We don't forward to the 'whole unraid server'. We forward to the ip and port of the reverse proxy. In this case, the IP is the server, and port is NPM. Alternatively, you can set up separate IP for the container or use a VM. Or use a tunnel, which is how we operate nowadays here and don't open any ports at all.
Fixed: jumped straight to custom certificates ;) Finaly fot some time to start working on this. When I add a proxy host following the video, clicking "save" gives an internal error on every CNAME I have. The line is added to the hosts, but when I clock the link, HOST gives an error, SSL certificate didn't pass validation. Is this a common thing or am I doing something wrong somewhere? Proxy Hosts overview also shows HTTP Only under SSL. When I run everything on Swag, all works fine. Allready transferred the DNS management to cloudflare.
I tried to follow this setup while accessing my server remotely via tailscale (I am away from my home network for most of the week). I ran into problems right off the bat! No matter what I try, I can't get the NGINX proxy manager webUI to load. I tried enabling tailscale in the nginx proxy manager settings and using the ip assigned to the container by tailscale, no dice. I've tried selecting "tailscale webUI from the docker menu, no dice. Any advice? EDIT: I figured it out! In the docker setrings, you have to set "tailscale serve" to "serve" and then also enable https at the tailscale admin settings (whether or not you want to do that's up to you).
@@ViscountJimmy yeah regardless of what app I try, I can access it from the local IP, but when I press the source in NPM it times out with a 522 error.
Hey there! I know lots may have changed, by I'm an unraid newbie here and wanted to know if the setup process changed. when I try to visit the UI after the first instal on the server, I'm treated with a plain with screen.
Love the video, I have almost the same setup as you here but am having problems when I try and do the certificate. I get an api communication error, do I need to do something in Cloudflare for the certificate request to work properly? I think the port forwarding and stuff is OK because if I don't use ssl I can access the site properly, but that's not ideal obviously. Do I need to set the domain in Cloudflare from "Flexible" ssl settings to "Full" or something else in Cloudflare? I think the problem I am having is to do with the certificate not being issued properly.
Amazing walk-thru! I've just started my Unraid journey with much help from illuminated nerd & spaceinvaderone. Now I'll be adding a 3rd source 😉😁🤘I'm slowly migrating from a Win10 box with emby/sonarr/radarr/unifi/etc and I've been using Caddy V2 as the reverse proxy for them. The GUI and ease of use won me over right away with NPM. However my OCD is wondering if this is the same as Swag, minus the gui? 🤔
Thank you for watching and subscribing! Look it depends on preferences, SWAG has some different features such as Docker mods and much flexibility in it's functions. NPM is simpler but does a great job at what it needs to do. Watch our SWAG video too and compare the pair !
Hi Ibra! I really like your videos, they're great and helped me so much with my unraid server. One question here: I've been using letsencrypt, then swap and since I watched this video I've been trying NPM with no issues on hosting my docker services but, I've also configured some websites on swap pointing each one to a specific folder, tried to do it with NPM with no luck. What could I be missing? Thanks in advance mate!
thanks for creating this! Quick question that I don't see an answer anywhere: would you advise against reverse proxying NPM itself so that it's webui isnt accessible remote, or it's fine to have that visible too?
@@IBRACORP Actually realized youre right. There's no point as I can just VPN in when I want to add. I'm just in install mode so constantly back and forth but after this lot is done, it's something I wouldn't need to touch often. Cheers!
@@IBRACORP No worries mate, I def pronounce stuff wrong all the time and just appreciate the courtesy when someone corrects me in a gentle manner, haha.
Since we are using CloudFlare origin certificate we don't need to challenge against CloudFlare. When using a Let'sEncrypt certificate we do since it's a third party to CloudFlare
You can have both the WWW and non WWW in the proxy host. But this is best set on the domain level/DNS. A 301 permanent redirect of WWW to non WWW is best
Great video, I understand everything but one thing - why will the Let'sEncrypt fail with internal server error when I set the cname/a record in Cloudflare to "proxied"? It works fine when set to DNS only. Don't I loose a lot of security when Cloudflare is set to DNS only?
Hey, absolutely love the videos! Right on point with what many of us are trying to do... Keep it up. Instant subscribe. Best Regards from a Pom. I hope you can help with a small problem.... I successfully have swag running and can access all my stuff remotely... but, trying to swap to NPM using your example with Overseer and keep running into an "Internal error" when I try and save a Proxy Host. Beating my brains out.... tried all sorts of permutations.... meanwhile Swag works serenely on!
Thank you Paul, I appreciate the great comment. Will definitely keep it up, more to come! As for your issue, if you haven't spent too much time on it have you tried deleting NPM and it's config and reinstalled?
Yeh, tried that. I’ve tried installing NPM into my Home Assistant VM as well, but exactly the same issue.... “internal error” . I’m convinced it’s something on my side... swag and NPM dockers won’t interfere with each other on the same custom network will they?
@@IBRACORP ..... after hours of doubting everything I ever thought I knew..... and virtually starting from scratch..... it turned out that my Cloudflare DDNS docker had somehow been deleted.... It's 'A' record was still with my DNS records, so it wasn't obvious until I went back to square one... Re-installed and all is well with the world! Well, still struggling to get the HA VM sorted, but hey ho.... small steps!
Accessing my subdomain works perfectly! However, when I attempt to access the domain itself - I get SSL handshake failed Error code 525 message. I'm guessing that's due to not having a web server running and hosting a site for the domain?
After installing NPM I had to wait about 10 minutes before I could login with the default credentials. Not sure why but it kept giving me a bad user error (user not found, or something to that effect). I couldn't find that documented anywhere, but after about 10 minutes I could get in. Also, I switched from swag container, and got errors when adding the proxy hosts. I switched to CF origin server cert and it took care of the issue. I think LE in NPM was conflicting somehow with certs I already had registered in swag
Yeah could be due to using similar details in the LE certificates which might return a failure as the certificates already exist elsewhere. Using CloudFlare is the best way in my opinion anyway, great job getting it going
Thanks for the video it helped a lot! The only issue Im having is with enabling "Force SSL" option. If that is enabled I am not able to access the website. If it is disabled I have no issues. I am using CloudFlare and have HSTS and always use HTTPS enabled. Any thoughts on how I can get Force SSL working?
In my router, am I supposed to forward those ports to the proxy server? Is it actually serving as a relay server, or is it just translating the dns request and then passing the port number to request along? The tutorial is kinda fuzzy on how the routing of the traffic of the services themselves is actually handled.
Hey I know this is an old vid but could you do a DDWRT video? Like what the best setting a home lab environment and such, greatly appreciate your contents!
this was all working great for me until, for some reason, certbot failed to renew the certs "Failed to renew certificate npm-1 with error: Some challenges have failed." Manually clicking the Renew Cert button in NPM also fails. Is it a port forwarding issue? Ive read that you need to have port 80 staying at port 80 elsewhere on the web. I think for this I had port 80 forwarded to 1880 for NPM in my pfsense.
hey so its not entirely this subject but i have tried running pterocdactyl with nginx proxy manager by putting nginx cli on another port and redirecting via nginx proxy manager but im having a bit of issues getting error of too many redirects and cannot login like i opened a new icognito mode tab and tried to login with multiple emails doesnt work
I'd love to see a video about the move from spaceinvader one's let's encrypt (swag)/nginx reverse proxy setup to your setup and show us the benefits.. I think most of us have this setup.
im forwarding the ports as you shown (except for 18443, i had to put it as 1443 bc my router couldn’t do that with 443, saying not allowed) and my domain still links to the unraid web gui. I also did the A record of @ leading to my home IP and another A record of www leads to the server IP
@IBRACORP I have been struggling to get any reverse proxy to work. You being a UDM Pro user could the UDM be blocking something in this process? I tried with the tunnel as well and no luck.
I like your video, but I wish it was that easy for me. My domain and DNS provider is namecheap, I am adding the subdomain there as an A Record, pointing to my public IP, I also have other A Records pointing to the same IP, but anyway... In NPM I am adding a new host, with my subdomain, when I follow your steps and click save I get the Internal Error message, at that point I cannot follow the suggestions other users have commented here because I am not using cloudfare. Also, I have tried with different network settings, host, bridge and custom with a static IP, nothing works... I have realized that sometimes I get the error "the domain already exist", so I go to hosts and I see the host there but it is not online, when I try to generate the ssl again and click save, the internal error comes back. Now, I successfully generated a SSL cert for my root domain, however, when I try to open Home Assistant from NPM (yes I am using my root domain with home assistant), it doesn't load the website, I have to manually add the home assistant port at the end (5123), however that works only in my PC, if I load the Home Assistant Companion from my tablet using my root domain, it doesnt work. Home Assistant works when I redirect port 443 in my router to port 5123 in my Home Assistant Pi. So at then I dont know what to do, I basically deleted the container for NPM, I went back and port forward my home assistant as it used to be, I cant use NPM for another application as I wanted (deemix) and I am in square one... I see everybody uses cloudfare and all videos or guides are made for that, but my case is different, I have had my domain for years with namecheap, I have used letsencrypt in VMs using the DNS method with namecheap without any issues, but I cant understand why is it so complicated with NPM. Any help is appreciated. Thanks.
Hoi, is there something else one have to do to reverse proxy for example a webcam stream on another computer, in this case, klipper webcam on a raspberry pi to successfully pass through nginx on unraid?
hey great video! but i have a problem, this guide work perfectly for NEXTCLOUD but when I try to do it to - radarr/obmi etc. it doest work with SSL and only HTTP, doest it's mean my server will be more vulnerable?
hello, I have followed your guide and I really want to thank you for all the efforts you put into this. however, after a couple of months that I had NGINX working, I am now facing a disaster... I am locked out... I can access all the services I added in NGINX but I can't access unraid itself (not even when I am at home and I try to connect locally)... do you have any clue, before I erase everything and I restart from scratch?... should have I made a subdomain for unraid too? should have I changed the default ports of unraid? please help!!!
Nice one, i spend a lot off time with SWAG. I think in this video u got missing part about duckdns :D And one question, how you can protect yourself when you opened your server to the internet? Which protection can be added to secure your domain names from someone else?
Hi Aleksejs, thanks for watching. You are correct, I intentionally left the duckdns part out as it's already covered by spaceinvaderone and I didn't want to double up on that. Keeping a dynamic DNS can be separate video for the future. As for security, the safest bet in my opinion is having something like CloudFlare because the IP address shown to someone on the end is CloudFlare and not my own so it's takes that risk away
Need elaboration on setting up access list info. How to setup this fir homeassistant on another machine on another vlan in network. You can do without the cloudflare, you just have to make a sub-sub-domain point to the sub-domain of your duck dns. (Id give an example but my comments been deleted 2 times already, probably because of the examples i gave) that would bw nice to have included if you ever do an updated version of this, not that it it out of date or anything, i just used it to get my setup running in about 30 min...
So ive done all of these steps, and I have used overseerr as well. When i load overseerr it says you are offline. and there is abutton to press that says reload. No matter what I do it just comes back to that screen.
I just switched from SWAG to Nginx Proxy Manager. Thank you for making this so clear. I am not familiar with how certificates work. I have successfully added nextcloud and got it to work (THANK YOU!!!) I'm trying to add other reverse proxies but I don't know if I can use the same nextcloud certificate from the dropdown list or do I need to create an individual certificate for each proxy? Thank you!!!
@@bibwambley7914 I believe it ended up being something in cloudflare where I had to toggle whether the security was "strict" or less secure and then I was able to request the cert, then moved it back to strict. This may be because of a bug somewhere. That said. I would recommend going through the steps of creating a custom cloudflare cert with the pem and key files. They last for 10 years and for me, worked a lot more easily since Cloudflare generated it.
This is an alternative to SWAG. If it suits you and your needs then I can recommend it. A few people have made the jump and really like it. Others prefer SWAG for a variety of reasons so please weigh up what you'd prefer. It's easy enough to make a container and try it, so why not?
Thanks for watching! We appreciate ya. Do you like NPM as a reverse proxy? What do you use currently? Let us know below!
Just got it, Your videos of higher level stuff are great, these kinds of things never get videos. I guess because the documentation is so good now days, but as much as I love this stuff I don't have the time to tinker and learn what I don't know, so the info is very useful. The critique was one I received in the past for flight instruction, when you love something you love to share the knowledge, but sometimes we can turn into a firehouse of info :D From my comments you can see it is a hard habit to break, hah
That's okay Ben I appreciate taking the time to leave the feedback. I will take it on board! Thanks for watching
It's good to have another Unraid youtuber out there. I love Spaceinvader's content but having more and varied perspectives is a good thing.
Thank you! Glad to have you 🙂
3 years later, this video still holds up. Thanks for the tutorial!
Finally. I’ve been looking for a straightforward explanation and how-to for this. Just enough information, demonstration, and without getting too far into the weeds. It’s rare to find this in home lab content anymore. Creators often want to show off every little bit of configuration, tech knowledge, along with all their bells and whistles (“I use this that, and docker, and docker, and docker” etc), while ignoring why most people are watching the content to begin with. Just tell me how it works and what the buttons do lol.
Amen. The whole reason our channel was made was because of that. Thanks for watching
Thanks for the great guide! 🙌 It helped me recover my Nginx Proxy Manager setup on Unraid. Quick tip for others: If you're using Cloudflare, temporarily disable the orange cloud (proxy) to avoid SSL handshake issues when issuing Let’s Encrypt certificates. Once done, re-enable it and switch to Full (Strict) SSL mode. This step tripped me up, but your video saved me a lot of time-appreciate it!
Thanks for sharing your solution! 👍 It's great to help people troubleshoot and get their setups running smoothly.
Thanks for the shout out. This was an excellent how to. Very very good!
My pleasure mate, you deserve it. And thank you for the feedback, feel it's getting better
I may have lost a few details such as:
1) Network Type: Custom @ 5:20 --> How do you set it up? Is it needed? What's the difference to not using it (in terms of settings/upsides/downsides)?
2) What if I don't have a domain and therefore I can't set cloudflare @14:00 ? I just have a DynDNS pointing to my public IP that I will not really give out
1. Just keep the network type the same as whatever you are using it for. So whichever apps you plan on making "public" and NGINX should be on the same one. If that's confusing (cuz it is for me too) just leave it on bridged.
2. In order for you to be able to access anything externally without using a vpn tunnel such as wireguard/openvpn you will need to register a domain. they can be had for pretty cheap from various sources. mine costs me $12 a year. I've seen some for less but $12 is pretty standard.
I know you probably already found your answers a long time ago but if anyone else comes along and has the same questions, ya know. I just learned how to do all of this roughly an hour ago but it's all piecing together quite nicely. I only have one service that I have pointing externally but I'm sure that'll change in the future and I'll end up running into more issues.
Outstanding tutorial, worked first try, thanks so much. Yet another amazing piece of work gentlemen.
Fantastic videos on this channel! Just changed from SWAG to NPM. Was way easier than the SWAG config and I was up and running in no time flat.
That's the best part of NPM! Thanks for coming and checking out the channel
Thanks for the video & documentation, finally got it working after moving from SWAG. For anyone having trouble with getting the certificates issued. It could be that in Cloudlfare the proxy is on while the cert hasn't been issued yet. Turning the proxy off allowed me to request a cert after which I could enable cloudflare's proxy once again.
Thanks for this video! Got my NPM all setup and configured. Just moved from SWAG and this is way easier!
Heaps easier! Thanks for watching
I've spent probably 10-15 hours trying to get swag and cloudflare working. The reasons you described fit me to a T. I was successful with your guide and I really appreciate it. +1 sub!
I don't understand how this is so easy. It seems too good to be true. Thanks for the video.
This is a life saver. Also, I'd like to highlight, in case with some people, at the end of the process, the domain opens not private page or the router's page, they should check their new domain on some other network to see if it's working or not. They can also connect to a VPN and then check on their network too.
I'm having this issue. When I browse to my domain from outside my network, I get stopped at my router page with an error. How did you fix it?
Thanks a bunch. Thought it wasn't working until I read this and tried using mobile data.
Thanks so much for posting this. Helped me to no end with getting my nextcloud up and running.
Thanks, man! I am running nginx on Truenas, so I had to change values to fit my set up. But I got it working in the end. Took two days and having this video up on a second monitor.
Only issue I’m having now is the site will only load in Chrome, not Safari.
This was very helpful! I'm looking forward to more guides.
Thanks Scott, appreciate coming back and checking it out. Look forward to putting more out
Amazing guide. NPM is amazing. It takes all the guesswork out of setting up a reverse proxy with a nice web-gui.
Thanks for the help, even 3 years later still working guide :)
Followed this video and DAMN it made my day, everything works perfectly. Love NGINX. Thanks a lot!
You're welcome thank you for watching!
Thank you sir, a really great video. Made the switch from SWAG so easy. Looking forward to more
You're very welcome Stuart, thanks for watching, appreciate your patronage
Did you remove swag completely, or just stop the app? I have have more trouble than I care to admit. Which seems silly since it looks so simple
Me to. my nextclud was down for like 2 min when i make the switch. so mutch more fun now
For those getting "internal error" and other issues, I found switching the container from custom to bridge actually fixed my problems, after temporarily disabling the proxy slider on cloudflare. Got SSL from Let's Encrypt working now.
This... though in the video he does briefly explain that having a custom network type lets apps communicate with each other on their own network. So any apps that you are trying to open a proxy to should be on the same custom network. If all of your apps are on Bridge then changing NGINX to bridge is the only way it can see any of your other apps/ports.
Why was a CNAME DNS entry added for "proxy"? I didn't see that get used anywhere after adding it.
Thank you so much for this! Everything is presented so well!
Thank you for the feedback glad you enjoyed it :)
Thank you for letting me move from Swaq to NGINX Proxy Manager.
Still great videos. Really appreciate the help with unraid.
Thank you ♥️
Did the video "skip" or did I miss something? At around the 14 minute mark you add a cname of "proxy" but then do nothing else with it. Are we to add that somewhere in nginx?
Did you figure this out?
@@GravyBoatyes but I'm not sure what I did at this point. I think I used the cloud flare tunnel docker.
@@jwhite175 ya I got it too found it from a different video. Had to set A name as domain without the prefix.
Thank you so much for the video, was way easier than setting up swag.
I LOVE YOU. This is exactly what I needed.
I love you too xx
Pumba is always a good name!! And a cute warthog
Thanks do Nextcloud next :)
Great video and nice for some updated videos, while space invaders video are very good some are now getting outdated especially if your new to unraid like me thanks again
Hi Nigel, you are correct and technology changes often so staying on the forefront is critical to do justice to our users as well as unRAID who constantly improve their platform.
Thanks for tuning in and hope to share more soon
YOU make this shit fun for me. ty. keep up these no crap bullshis tutorials. i love them.
You're a legend mate thank you for the feedback I really appreciate it ✌️
Thanks!
Thank you 🙏
Seriously great video I have done everything and am losing my mind. Each time I try to create a proxy host it fails saying "Internal Error". I have tried so many things and now have a Cloudflare account with a domain that I am not using because I can't figure out these issues. Would it be possible to do a follow up video maybe with some trouble shooting along the way?
Love the server name!! 😂
IF YOU ARE GETTING "INTERNAL ERROR"... try disabling "proxied" for your CNAME record in cloudflare, then try again. It should work. At this point, reenable the proxied toggle and everything should work fine.
Thank you for this sir! You saved my day :) (Thanks IBRACORP for the video as well!)
Great video, very helpful!
Quick question (noob here):
At 15:55 what do you mean by create your admin account and set it up all the way before accessing remotely?
I was with you right up until the SSL cert part. I click [Save], it thinks a moment, then I get a generic "Internal Error" banner in red across the top of the dialog. Any idea how to proceed?
did you figure out the problem, i got the same thing
@@isakolsen679 nope. I just gave up. lol
i have the same problem :(
If you're using Let's Encrypt then often this means LetsEncrypt is unable to verify your domain so it fails.
We prefer using Cloudlfare origin certificates for this.
Also, worth checking the logs when that error appears to help you figure out why.
Otherwise, the method is definitely still working.
I’d be really interested to know more about the custom bridge mode you set up for the network. It seems you prefer the custom one over just “bridge” so it would be great to know why and how to set that up! :)
It's your lucky day! We actually covered this here: ua-cam.com/video/7fzBDCI8O2w/v-deo.html
Be sure to check the pinned comment too
Really clean and well made guide. thanks alot!
Thanks Sammi! Really appreciate it
I checked - everything is clean
Thanks for the video, really clear explanations :)
My pleasure thank you for watching and subscribing :)
Brilliant - no fluff, just do it. got a subscriber.
That's how we do it here Abz. Thanks for subscribing!
i cant get jellyfin to get lets encrypt certificate. keeps saying internal error. I followed this to the T. Please help
How do you have your content empty at 14:12 when setting the www and @ for cloudflare? I'm prompted to use the server IP and unable to proxy it cause it isn't externally facing
Hey mate, good to hear an aussie accent on these tutorials. Hoping you can help if you have time. I have set up successfully with sonnarr and radarr. Seems to have no problem with other unraid dockers, but going to docker or web server on another VM is an issue. Currently having issues with a self hosted HUDU install. Works fine by direct IP or port forwarded to direct IP. Soon as I port forward to NPM I get redirect issues. Hudu has SSL (letsencrupt) built in so I have tried turning it off in NPM and various other configs that don't seem to work.
More info: Using Bridge network. If I select SSL-none I get http2 protocol error, and if I select SSL and ony check HTTP2 support I get too many redirects. Have also played with site config files and 'custom locations'. I spent weeks (maybe more) trying to build a reverse proxy server a couple of years ago and gave up. Really would like to get this working so I can host more than one thing. Any help is greatly appreciated. Even pointing me towards another vid or some conscise docs.
Did you ever find a solution to this?
@@notoryous2 Yes mate. Turns out I had completely missed a couple of settings. Scheme - HTTPS instead of HTTP and make sure the port is also correct... not always 80 or 443.
I cannot get the DNS and Cloudflare part to work. I have my DNS switched to use CLoudflare now and I get a 552 error when trying to navigate to the cname record I have configured. Now I am sure I am just missing something important.
I have an A record that points to my external IP then a CNAME record pointing to that A record. The rest of the config is the same as the video.
Do I need to have the docker containers I want to forward to also on a private network within UnRaid? Any guidance is appreciated.
Flawless. Amazing.
Got it working across a few subdomains/containers really great...
But for some reason I cant get an SSL for Jellyfin ("Internal Error" in NGINX when I try and create the proxy host) and can't get it to work without it either... Hmmm... Gonna have to keep digging.
IMPORTANT NOTE FOR FELLOW AUSSIES: One potential issue is your ISP blocking ports 443 and 80. Im with Aussie BB and they do indeed block them, a simple call to support gets them unblocked (also get out of cgnat as well if you haven't already). Took me 3 days of hair pulling to figure that out.
Cheers mate. You can also use CloudFlare tunnels for this purpose and to avoid opening ports altogether. Video on it on our channel
Does not get a certificate. Internal server error.
The next challenge is how to go about setting this up using non-standard ports!!
DNS TXT records is one way but I have not figured out how to do this with the UnRaid container
Use the CloudFlare tunnel and avoid ports all together (we did a video on it)
Otherwise 80 443 can be forwarded to a different port as long as that is what you set in the container for NPM
Why would you port forward the entire unraid server and not just that single docker container? Shouldn't it show up as its own host on your network that you port forward?
We don't forward to the 'whole unraid server'. We forward to the ip and port of the reverse proxy. In this case, the IP is the server, and port is NPM.
Alternatively, you can set up separate IP for the container or use a VM. Or use a tunnel, which is how we operate nowadays here and don't open any ports at all.
Great video. Currently using swag, this looks so much easier. I'm going to migrate 😄
Haha I thought you might. Enjoy
Haha. Yeah. And you can even run VM's through it 😁 2021 is the best year so far. Just installed a HassIO VM 😎 got some stuffs to do the weekend
Welcome to the club! Enjoy your weekend, I'll be putting up an Organizr video tonight too
Fixed: jumped straight to custom certificates ;)
Finaly fot some time to start working on this. When I add a proxy host following the video, clicking "save" gives an internal error on every CNAME I have. The line is added to the hosts, but when I clock the link, HOST gives an error, SSL certificate didn't pass validation. Is this a common thing or am I doing something wrong somewhere?
Proxy Hosts overview also shows HTTP Only under SSL. When I run everything on Swag, all works fine.
Allready transferred the DNS management to cloudflare.
Nice work! Enjoy
I tried to follow this setup while accessing my server remotely via tailscale (I am away from my home network for most of the week). I ran into problems right off the bat!
No matter what I try, I can't get the NGINX proxy manager webUI to load. I tried enabling tailscale in the nginx proxy manager settings and using the ip assigned to the container by tailscale, no dice. I've tried selecting "tailscale webUI from the docker menu, no dice. Any advice?
EDIT: I figured it out! In the docker setrings, you have to set "tailscale serve" to "serve" and then also enable https at the tailscale admin settings (whether or not you want to do that's up to you).
Thanks for the video. But why did we use "request a new ssl certificate" vs choosing the custom one we added to nginx? I wanna be able to understand.
I am getting the default landing page with the external IP. but having 522 cloudflare issues when trying to access with the domain name.
me too. on and off issue. not sure how to fix
@@ViscountJimmy yeah regardless of what app I try, I can access it from the local IP, but when I press the source in NPM it times out with a 522 error.
Please join our Discord if you need additional help
@@ViscountJimmy Hi James, thanks to the guys in the Discord I was able to fix it, let me know if you need help
@@IBRACORP the guys in the discord were amazing, so much support by the community, it was incredible to see
This is well explained but I have a question what happens if your ISP have blocked most of your ports as mine has would this still work ?
What if you dont have a domain and just want to access your dockers remotely?
is it possible to do it only in my home network? not outside... I have my own domain.
Hey there! I know lots may have changed, by I'm an unraid newbie here and wanted to know if the setup process changed. when I try to visit the UI after the first instal on the server, I'm treated with a plain with screen.
The process has changed a bit, but the principle is the same. You may need to update your browser or refresh the page to see the UI.
You skipped the part of adding the Cname im stuck on adding it because it requires I add an answer to the Cname which I dont know what to place
Gutes Ding, weiter so!
Danke
The proxy manager shows the proxy as online, but when clicking the link, I get "hmm we're having trouble accessing that site."
Love the video, I have almost the same setup as you here but am having problems when I try and do the certificate. I get an api communication error, do I need to do something in Cloudflare for the certificate request to work properly? I think the port forwarding and stuff is OK because if I don't use ssl I can access the site properly, but that's not ideal obviously.
Do I need to set the domain in Cloudflare from "Flexible" ssl settings to "Full" or something else in Cloudflare? I think the problem I am having is to do with the certificate not being issued properly.
Amazing walk-thru!
I've just started my Unraid journey with much help from illuminated nerd & spaceinvaderone. Now I'll be adding a 3rd source 😉😁🤘I'm slowly migrating from a Win10 box with emby/sonarr/radarr/unifi/etc and I've been using Caddy V2 as the reverse proxy for them.
The GUI and ease of use won me over right away with NPM. However my OCD is wondering if this is the same as Swag, minus the gui? 🤔
Thank you for watching and subscribing! Look it depends on preferences, SWAG has some different features such as Docker mods and much flexibility in it's functions. NPM is simpler but does a great job at what it needs to do.
Watch our SWAG video too and compare the pair !
@@IBRACORP awesome thanks! Will def check out the your Swag vid. 🤔 NPM being simpler is a good thing. My caddyfile is the shortest ever. 😆
Hi Ibra! I really like your videos, they're great and helped me so much with my unraid server.
One question here: I've been using letsencrypt, then swap and since I watched this video I've been trying NPM with no issues on hosting my docker services but, I've also configured some websites on swap pointing each one to a specific folder, tried to do it with NPM with no luck. What could I be missing?
Thanks in advance mate!
thanks for creating this! Quick question that I don't see an answer anywhere: would you advise against reverse proxying NPM itself so that it's webui isnt accessible remote, or it's fine to have that visible too?
Would never recommend it but if you choose to definitely lock it down with Authelia
@@IBRACORP Actually realized youre right. There's no point as I can just VPN in when I want to add. I'm just in install mode so constantly back and forth but after this lot is done, it's something I wouldn't need to touch often. Cheers!
Totally get that, done it myself too!
Thanks for the video. It's pronounced "Engine X" I believe though.
Thank you, yeah I've realised since making the last couple videos. Excuse me on that one
@@IBRACORP No worries mate, I def pronounce stuff wrong all the time and just appreciate the courtesy when someone corrects me in a gentle manner, haha.
@@JohnnieTech2 much appreciated. It was a lot more gentle than the last way I was told haha. Live and learn!
hello thank you for your video, just one question please, why do you not use dns challenge? are you able to explain what this does/is for?
Since we are using CloudFlare origin certificate we don't need to challenge against CloudFlare. When using a Let'sEncrypt certificate we do since it's a third party to CloudFlare
@@IBRACORP did you set it up this way in the video?
Grate Tutorial!!! one question con you redirect www to non www using NGNIX Proxy manager?
You can have both the WWW and non WWW in the proxy host. But this is best set on the domain level/DNS. A 301 permanent redirect of WWW to non WWW is best
doesnt this open up your unraid server to attacks?
Great video, I understand everything but one thing - why will the Let'sEncrypt fail with internal server error when I set the cname/a record in Cloudflare to "proxied"? It works fine when set to DNS only. Don't I loose a lot of security when Cloudflare is set to DNS only?
Hey, absolutely love the videos! Right on point with what many of us are trying to do... Keep it up. Instant subscribe. Best Regards from a Pom.
I hope you can help with a small problem.... I successfully have swag running and can access all my stuff remotely... but, trying to swap to NPM using your example with Overseer and keep running into an "Internal error" when I try and save a Proxy Host. Beating my brains out.... tried all sorts of permutations.... meanwhile Swag works serenely on!
Thank you Paul, I appreciate the great comment. Will definitely keep it up, more to come!
As for your issue, if you haven't spent too much time on it have you tried deleting NPM and it's config and reinstalled?
Yeh, tried that. I’ve tried installing NPM into my Home Assistant VM as well, but exactly the same issue.... “internal error” . I’m convinced it’s something on my side... swag and NPM dockers won’t interfere with each other on the same custom network will they?
Hmm well NPM will use ports 80 and 443 being forwarded from your router right?
@@IBRACORP ..... after hours of doubting everything I ever thought I knew..... and virtually starting from scratch..... it turned out that my Cloudflare DDNS docker had somehow been deleted.... It's 'A' record was still with my DNS records, so it wasn't obvious until I went back to square one... Re-installed and all is well with the world! Well, still struggling to get the HA VM sorted, but hey ho.... small steps!
One step at a time my friend happy to hear you worked it out! Welcome aboard :)
Accessing my subdomain works perfectly! However, when I attempt to access the domain itself - I get SSL handshake failed Error code 525 message. I'm guessing that's due to not having a web server running and hosting a site for the domain?
thanks! really useful!
You're welcome! Thanks for watching
After installing NPM I had to wait about 10 minutes before I could login with the default credentials. Not sure why but it kept giving me a bad user error (user not found, or something to that effect). I couldn't find that documented anywhere, but after about 10 minutes I could get in.
Also, I switched from swag container, and got errors when adding the proxy hosts. I switched to CF origin server cert and it took care of the issue. I think LE in NPM was conflicting somehow with certs I already had registered in swag
Yeah could be due to using similar details in the LE certificates which might return a failure as the certificates already exist elsewhere.
Using CloudFlare is the best way in my opinion anyway, great job getting it going
Thanks for the video it helped a lot! The only issue Im having is with enabling "Force SSL" option. If that is enabled I am not able to access the website. If it is disabled I have no issues. I am using CloudFlare and have HSTS and always use HTTPS enabled. Any thoughts on how I can get Force SSL working?
In my router, am I supposed to forward those ports to the proxy server? Is it actually serving as a relay server, or is it just translating the dns request and then passing the port number to request along? The tutorial is kinda fuzzy on how the routing of the traffic of the services themselves is actually handled.
fantastic video!
Hey I know this is an old vid but could you do a DDWRT video? Like what the best setting a home lab environment and such, greatly appreciate your contents!
this was all working great for me until, for some reason, certbot failed to renew the certs "Failed to renew certificate npm-1 with error: Some challenges have failed." Manually clicking the Renew Cert button in NPM also fails. Is it a port forwarding issue? Ive read that you need to have port 80 staying at port 80 elsewhere on the web. I think for this I had port 80 forwarded to 1880 for NPM in my pfsense.
I have a question, is my homenetwork exposed to the internet with this stuff? or am I safe and no open ports to the wan?
I install it, it says it installs fine... but it wont take the default credentials.... can't sign in... not sure what i'm doing wrong.
hey so its not entirely this subject but i have tried running pterocdactyl with nginx proxy manager by putting nginx cli on another port and redirecting via nginx proxy manager but im having a bit of issues getting error of too many redirects and cannot login like i opened a new icognito mode tab and tried to login with multiple emails doesnt work
I'd love to see a video about the move from spaceinvader one's let's encrypt (swag)/nginx reverse proxy setup to your setup and show us the benefits.. I think most of us have this setup.
Good point mate I think that's a good approach
im forwarding the ports as you shown (except for 18443, i had to put it as 1443 bc my router couldn’t do that with 443, saying not allowed) and my domain still links to the unraid web gui. I also did the A record of @ leading to my home IP and another A record of www leads to the server IP
@IBRACORP I have been struggling to get any reverse proxy to work. You being a UDM Pro user could the UDM be blocking something in this process? I tried with the tunnel as well and no luck.
Thanks for the info. I have Google Fiber and I think it's just not accessible on port 80/443 externally so I wasn't able to get this setup.
Try our video on CloudFlare Tunnels to bypass 80/443 blocks and close open ports altogether
great video. thank you
I like your video, but I wish it was that easy for me. My domain and DNS provider is namecheap, I am adding the subdomain there as an A Record, pointing to my public IP, I also have other A Records pointing to the same IP, but anyway... In NPM I am adding a new host, with my subdomain, when I follow your steps and click save I get the Internal Error message, at that point I cannot follow the suggestions other users have commented here because I am not using cloudfare. Also, I have tried with different network settings, host, bridge and custom with a static IP, nothing works... I have realized that sometimes I get the error "the domain already exist", so I go to hosts and I see the host there but it is not online, when I try to generate the ssl again and click save, the internal error comes back.
Now, I successfully generated a SSL cert for my root domain, however, when I try to open Home Assistant from NPM (yes I am using my root domain with home assistant), it doesn't load the website, I have to manually add the home assistant port at the end (5123), however that works only in my PC, if I load the Home Assistant Companion from my tablet using my root domain, it doesnt work. Home Assistant works when I redirect port 443 in my router to port 5123 in my Home Assistant Pi.
So at then I dont know what to do, I basically deleted the container for NPM, I went back and port forward my home assistant as it used to be, I cant use NPM for another application as I wanted (deemix) and I am in square one... I see everybody uses cloudfare and all videos or guides are made for that, but my case is different, I have had my domain for years with namecheap, I have used letsencrypt in VMs using the DNS method with namecheap without any issues, but I cant understand why is it so complicated with NPM. Any help is appreciated. Thanks.
Hoi, is there something else one have to do to reverse proxy for example a webcam stream on another computer, in this case, klipper webcam on a raspberry pi to successfully pass through nginx on unraid?
hey great video! but i have a problem, this guide work perfectly for NEXTCLOUD but when I try to do it to - radarr/obmi etc. it doest work with SSL and only HTTP, doest it's mean my server will be more vulnerable?
hello, I have followed your guide and I really want to thank you for all the efforts you put into this. however, after a couple of months that I had NGINX working, I am now facing a disaster... I am locked out... I can access all the services I added in NGINX but I can't access unraid itself (not even when I am at home and I try to connect locally)... do you have any clue, before I erase everything and I restart from scratch?... should have I made a subdomain for unraid too? should have I changed the default ports of unraid? please help!!!
Nice one, i spend a lot off time with SWAG. I think in this video u got missing part about duckdns :D And one question, how you can protect yourself when you opened your server to the internet? Which protection can be added to secure your domain names from someone else?
Hi Aleksejs, thanks for watching. You are correct, I intentionally left the duckdns part out as it's already covered by spaceinvaderone and I didn't want to double up on that. Keeping a dynamic DNS can be separate video for the future.
As for security, the safest bet in my opinion is having something like CloudFlare because the IP address shown to someone on the end is CloudFlare and not my own so it's takes that risk away
@@IBRACORP thanks:) it means i need to follow your instructions with setup, i think i will spend all day to change spaceinvader one to use cloudflare
Need elaboration on setting up access list info.
How to setup this fir homeassistant on another machine on another vlan in network.
You can do without the cloudflare, you just have to make a sub-sub-domain point to the sub-domain of your duck dns. (Id give an example but my comments been deleted 2 times already, probably because of the examples i gave) that would bw nice to have included if you ever do an updated version of this, not that it it out of date or anything, i just used it to get my setup running in about 30 min...
So ive done all of these steps, and I have used overseerr as well. When i load overseerr it says you are offline. and there is abutton to press that says reload. No matter what I do it just comes back to that screen.
I just switched from SWAG to Nginx Proxy Manager. Thank you for making this so clear. I am not familiar with how certificates work. I have successfully added nextcloud and got it to work (THANK YOU!!!) I'm trying to add other reverse proxies but I don't know if I can use the same nextcloud certificate from the dropdown list or do I need to create an individual certificate for each proxy? Thank you!!!
It's one certificate per domain. So if it's the same domain name then you can repick the same certificate 🙂
You're so welcome thanks for watching
I'm getting "Internal Error" when I attempt to request an SSL certificate (i.e. 18:47 mark). Any suggestions?
this keeps happening to me too i haven't figured it out yet. any help?
@@bibwambley7914 I believe it ended up being something in cloudflare where I had to toggle whether the security was "strict" or less secure and then I was able to request the cert, then moved it back to strict. This may be because of a bug somewhere.
That said.
I would recommend going through the steps of creating a custom cloudflare cert with the pem and key files. They last for 10 years and for me, worked a lot more easily since Cloudflare generated it.
It's the best way
@@IBRACORP could you show that in a video on how to do that 10 year cert with nginx and cloudflare?
Already did mate, check out our CloudFlare video 🙂
So this is an alternative to swag? Should I make the switch as this has a nice looking ui.
This is an alternative to SWAG. If it suits you and your needs then I can recommend it. A few people have made the jump and really like it. Others prefer SWAG for a variety of reasons so please weigh up what you'd prefer.
It's easy enough to make a container and try it, so why not?