That was helpful, thanks. Suggestion for a part 2 in the series would be a walk through on enabling geoip2 module for NGINX Proxy Manager to block problematic countries.
Don't fwd port and block all incoming traffic and you won't need any security measures like this. Use Tailscale instead for VPN-based access to your LAN from anywhere. This is the way.
This is how I USED to setup my NGINX....but now I have Cloudflare go to my Tailscale IP and I have closed off port forwarding completely on my router leaving my home network completely hidden from the public. Took a bit to get it working (cloudflare/tailscale/nginx/unraid) but loving it! It also makes adding Dockers easier because I have a single A record going to tailscale and nginx is the only place i need to configure the subdomains.
@evan6568 I don't. I just followed a bunch of tutorials and figured it out. The main one being from Tailscale themselves ...but they used Caddy, so I had to figure out how to use NPM instead.
@@Alex-td1pi Cause that's the only way I've been able to get my domain to work with it. Others have said the same thing and said I don't need Clouflare and when I follow their tutorials it never seems to work.
If traffic is going to be coming in from port 80 then you will need it open. When setting up a proxy you have two options, http and https, if you set the proxy to use http, you will need port 80 open. If you set it for https, then you will need port 443 open. If something FROM your network is REQUESTING something from a different port, it will get passed along even if the port is CLOSED, but if it's an OUTSIDE request, then it would get blocked. (Unless the port is open.)
I'm currently trying to work out if this a thing or an either / or as I cant seem to redirect unless i remove the tunnels, which makes me think it is or I am just a muppet! ;-)
That was helpful, thanks. Suggestion for a part 2 in the series would be a walk through on enabling geoip2 module for NGINX Proxy Manager to block problematic countries.
Don't fwd port and block all incoming traffic and you won't need any security measures like this. Use Tailscale instead for VPN-based access to your LAN from anywhere. This is the way.
This is how I USED to setup my NGINX....but now I have Cloudflare go to my Tailscale IP and I have closed off port forwarding completely on my router leaving my home network completely hidden from the public.
Took a bit to get it working (cloudflare/tailscale/nginx/unraid) but loving it!
It also makes adding Dockers easier because I have a single A record going to tailscale and nginx is the only place i need to configure the subdomains.
Do you happen to have a write-up or a guide you followed to accomplish this?
@evan6568 I don't. I just followed a bunch of tutorials and figured it out. The main one being from Tailscale themselves ...but they used Caddy, so I had to figure out how to use NPM instead.
That's a great idea! I'll have to look into making that into a video. Thanks!
@@orangewhipster why use cloudflare at all?
@@Alex-td1pi Cause that's the only way I've been able to get my domain to work with it.
Others have said the same thing and said I don't need Clouflare and when I follow their tutorials it never seems to work.
was Just working on this, the videos you have done are awesome i thank you
Such good timing, glad I was able to help!
So awesome! Thank you. Heard about your channel through Vyathan Design.
Thanks for the comment! Glad to be of service.
Matt does great work at Vyathan Design, tell him I say hello!
Awesome video (as always) 👏🏻
Thanks, I'm glad you liked it!
Helpful , as always sir ..
You are very welcome!
Great Video! wanted to do this for a Long time
I am glad I was able to help!
@@AlienTech42 I got it to work, but when I request the SSL certificate, an "internal error" pops up. Any idea on how to resolve this? thanks
mhmm waiting a day seems to work wonders. now it´s encrypted. anyways, please keep making such great videos and tutorials :)
Great video!
Thanks, glad you enjoyed it!
Can you make a follow-up video about how to further integrate CrowdSec into this setup?
Great video again, thankyou kind Sir :)
Sure thing! Thanks for the comment.
Big thanks ;) - can you do how to setup ssl?
When request for a new ssl is it mandatory that you have port 80 open on the router?
If traffic is going to be coming in from port 80 then you will need it open. When setting up a proxy you have two options, http and https, if you set the proxy to use http, you will need port 80 open. If you set it for https, then you will need port 443 open.
If something FROM your network is REQUESTING something from a different port, it will get passed along even if the port is CLOSED, but if it's an OUTSIDE request, then it would get blocked. (Unless the port is open.)
I see there are 3-4 NGINX Proxy Managers in UNRAID... what made you choose one over the others? Tested all?
I have been running that version for years on my main Unraid box. It has worked perfectly, so I just based the video off what I had success with.
I use a cloudflare tunnel to remote access my server. Should i use NGINX as well as the cloudflare tunnel?
Same question. I also have used tunneling. Is this an either/or thing (which is what I think I ultimately decided) or should I do both?
I'm currently trying to work out if this a thing or an either / or as I cant seem to redirect unless i remove the tunnels, which makes me think it is or I am just a muppet! ;-)
Waiting for tailscale videos now 😁
I have a Tailscale video coming soon, it's been recorded...
So, vs SWAG?
I might do a video on that. Swag is so much more work for the beginner, CLI has a tendency to scare people.
your IP shows at 6:18
Thanks for letting me know! I thought I had them all... I'll request and new one just to make sure it changed. Thanks again for looking out for me!
8:07