Still one of the BEST NPM walkthrough's I've seen.

@perkelatorZ79

18 күн бұрын

Appreciate the high praise!

This is an awesome tutorial and I am thankful that I found it. I was able to recreate everything in just few minutes and now it is working without any problems at all. Clear instructions with a nice flow that it is really easy to follow, thanks a lot.

@perkelatorZ79

4 ай бұрын

Nice to know it worked for you. Thanks for watching hopfully you will find future videos just a helpful.

Great video, this has been really helpful and interesting in getting a base lab setup for SSL certs. I'm excited to dive in and look at setting up and generating internal certs for my lab in the future.

@perkelatorZ79

8 ай бұрын

Thanks!! I'm happy you found it useful.

Great tutorial, thanks.

@perkelatorZ79

8 ай бұрын

Glad you enjoyed it! Thanks for the feedback and motivation to continue making videos!

very good tutorial, thank you.

this was the simplest and working nginx tutorial among a few, thank you!

@perkelatorZ79

18 күн бұрын

That is what I am aiming for! Thanks.

It's a nice way and used it many times. But if you are trying to create SSL for local connections where there is no internet, you can create a certificate authority and trust the local certificates.

Thanks for that video. It helped me a lot with direction. I could even configure NextCloud based on the same container wwith Portainer as Nginx Proxy Manager, but at cost of 4-5 hours :)

@perkelatorZ79

18 күн бұрын

Yeah, nextcloud can take some time!

very nice video. thanks you bro, you really help. this tutorial is work nicely and very detail step

@perkelatorZ79

5 ай бұрын

Thanks! Glad to hear it helped you out.

Great video! Im an absolut newbie and want to set up my first ever Rasberry Pi homelab and have been researching for the oast month on how to set things up. This solves the question on how to get ssl certs for vaultwarden without opening any ports. Additionally, I want to set up Pi Hole (as you showed) but also unbound as a local recursive DNS. Will this somehow interfere with the local dns challange you set up with DuckDNS? (Sorry for the stupid question. Im still very unsure with all the IT-Terms and get cofused with how everything interacts with each other)

@perkelatorZ79

5 ай бұрын

I also had issues with unbound it seems to be a common issues people have had in the comments in my case I was able to switch over to dnsmasq. I know it isn't fixing the problem but avoiding it, but for me it was the solution I needed at the time I am still looking into issues concerning unbound, but I have quite a bit to learn about it before I can give a perfect answer. Thanks for the feedback.

Video is very well explained ! but when put "*" 13:12 in domains not work , not permit , any tip?

Awesome tutorial i only didn't got the proxy not working i put the ip of the container where NPM is running in the dns record from duckdns but when i create a proxy in NPM and i click on it i get a error that the server can not be found but when i use the normal ip of the server it does work (same is true when i add NPM to the proxy list and try with my domain from duckdns) Edit:my first comment disappeared so i hope this one stays. Edit 2: if you encounter the same problem as me so following the tutorial and not able to reach the server. turn off DNS Rebind protection or whitelist them so your router lets them through. well come to the 7 hour story of my life all because of DNS rebind protection :P

@perkelatorZ79

3 ай бұрын

Turn off DNS Rebind protection or whitelist them so your router lets them through Thank you for that. It could explain issues other have been having I appreciate this finding!

@WoodyWilliams

11 күн бұрын

I've diagnosed my similar situation while using Tailscale & npm. It's not called 'rebinding' but the intent is clear. Without it, I'm in ❤ with npm (setup is simple & it works!). With it, all forwards fail.

Really nice video.Do you know if the ssl certs is auto renewed by nginx proxy manager? I have not seen any option about it. Thanks for this kind of content.

@perkelatorZ79

7 ай бұрын

I do believe that it is auto renewed. Thanks for the feedback!

18:50 can you explain why for this particular entry you're leaving the scheme set to "http" instead of https and you're not enabling "Force SSL"?

@perkelatorZ79

5 ай бұрын

So two things here. First I messes up a bit here. You can enable Force SSL I should have. All force SSL does from my understanding is make it so if someone goes to the http address instead of https it will "force" ssl by redirecting to https. Secondly, I used http because the service that I am point to is using http. Using http redirects to port 80 where as https redirects to port 443. If I use https on a service without https it will point to the right ip, but not the correct port. In this case think I could have used either since nginx proxy manager I believe supports https as well. I used http in this case to just show that it will work with http and make it a https address when visiting. I should have caught this. You have great attention to details!

I got SSL to work only for ngnix, I have a pretty simple setup with proxmox running my containers for my other servers. and I have a container with docker installed where ngnix lives, would I have to install certbot in all of my other containers in proxmox to have this work as well or am I missing something?

@perkelatorZ79

5 ай бұрын

I do not believe you would need to. In my experience with this setup I have 3 different proxmox nodes all running different services and only one is running ssl for everything.

Hello, Thanks for a Great video and amazing explanation. I have questions though.. Without the internet, will I still be having certs on my LAN services? What about the domain name? This I asked because of your previous video on pihole setup with local dns. How can I get the best of both worlds, local and external access with ssl? Are the certs going to be updated automatically?

@perkelatorZ79

8 ай бұрын

These certs are setup without exposure to the Internet so in this case you can add any LAN service you would like. I showed local DNS just for completeness. I am not using local DNS records. Pihole is only being used as a service many people like to have in there home lab. It is not required for SSL certs. I am not using these certs for external access, I am using them mostly for removing warning as and as a local DNS of sorts. You can use them for external access but I would setup a domain with cloudflare and you would want to setup some firewall rules to only accept connections from cloudflare. Personally I feel like a vpn I ls a better way to access homelab stuff. kzread.info/dash/bejne/mWp625SQht2clc4.htmlsi=ZX6RAl4pXWEzbgDG is a link to my video on should you expose your homelab to the Internet. I show how to setup tailscale VPN access to your lan. The certs should be renewed automatically. Thanks for the feedback! I hope I answered your questions! If not let me know.

@maxxwellwalt

8 ай бұрын

@@perkelatorZ79 Many thanks, I really appreciate.

Amazing, very useful video and clear step. one question, certificate will automatically renew?

@perkelatorZ79

5 ай бұрын

I do believe that they do. I should know the answer, but in preparation for staring KZread I was constantly blowing away my lab so I haven't made it long enough to test it. Sorry for the untested answer.

@fahmi8999

5 ай бұрын

⁠Thank you for your response. One more question, i have using macvlan, after deploy the nginx proxy manager, how to change IP and set it as static IP?

@perkelatorZ79

5 ай бұрын

That I am not sure about. Sorry for not being a help.

What does the code do that you inserted in the Advanced section of Pihole? Do you need to configure anything in Pihole itself for DNS resolution for internal services?

@perkelatorZ79

5 ай бұрын

Could you time stamp the code you are talking about please? Right click the video after you pause and copy video URL at current time and reply back please. You should not have to use Pihole for DNS resolution for internal service. We are using Nginx Proxy Manger to almost replace DNS in a way. Since the DNS entry is on the internet it just points to your internal IP address then the proxy tells the browser where to go. You can still setup local DNS records if you would like and I believe you could use that instead of an IP address when adding something to the proxy. Hope this helps.

@somedude5353

5 ай бұрын

@@perkelatorZ79 it's the code you have the in the description but it's at 18:07 kzread.info/dash/bejne/pYZ9lrqhqcjKp5c.html

@perkelatorZ79

5 ай бұрын

Thanks sorry about that. Without it when we attempt to go to pihole we can not, we will get an error. This is because we need to go to pihole's admin page not just to the ip/port. Normally pihole would automatically redirect us, but for some reason it does not. If we set this in the UI it doesn't seem to work either. So this is the work around. All the code is doing is redirecting us to IPADDRESS:PORT/admin. it is also passing some of the information pihole needs to pihole.

Will this work for remote access like sharing jellyfin with family or is this only for your LAN? Edit: nevermind I just heard the beginning of the video again, but how would you go about configuring for public access?

@perkelatorZ79

3 ай бұрын

I wouldn't use just this to give access I would personally used some kind of a VPN like wireguard or tailscale. I feel it is more secure than allowing it just on the open internet. You can use this for public access there are plenty of tutorials for it, it consist of port forwarding the proxy and a few other steps I haven't personally done this so I can't give details out of ignorance.

As usual I seem to be missing parts because nothing ever works the 1st time. I followed everything step by step but it does not work for me on either my local machine it is installed on nor when trying to navigate to another machine on my same network. I can access my machine/service fine using just the ip address but not using the name i put under source.

dumb question and also just learning all this can I install an lxc container of nginx proxy manager without installing docker and this still work?

@perkelatorZ79

4 ай бұрын

Not dumb at all, asking to learn can never be dumb. Dumb would be to not know and not ask. Yes you can install NPM inside of an LXC container. With a bit of google-fu I found this bobcares.com/blog/nginx-proxy-manager-lxc/ it may be of use to you. I am not saying it is perfect instructions as I have not personally validated it, but it looks pretty close.

The video is very well explained, but for some reason i can't understand why it doesnt work in my case, i have installed nginx correctly, and duckdns is pointed to the correct ip of my subnet where nginx is installed, btw is the same of portainer since i have it installed on portainer, but for some reason, after i add the SSL certificates, if i create the host, it shows up as "online" with a green dot, but if i click on it, it can't resolve and redirect to my service, any suggestion on how to solve this? Thank's in advance for your help!

@perkelatorZ79

3 ай бұрын

I can't say exactly. Is it all services or just one. I have had some services not play well due to needing to be redirected to a specific location like www.example.duckdns.org/service/admin/ where the service has to be point to /serivce/admin/ or it results in an error. Also on a side note the green dot seems to be misleading quite often for me. I have yet to see other talk about it, but sometimes I can point it to something that just doesn't exist and it will still report online despite not having a service at that location.

@Sc0l4p4st4

3 ай бұрын

Thank you for the response, honestly i figured it out, basically i missed the part where i had a dns resolver to do the job, a lot of guides talked about pihole, but since i dont use it, i just had to add a dns override entry in the router, that pointed to the npm machine, after that , everything worked flawlessy, once again thank you so much for taking your time answering me. I'm gonna leave this hear hoping someone will find it helpful @@perkelatorZ79

Any idea how to setup this when I have Pi-Hole+unbound being used a local DNS?

@perkelatorZ79

8 ай бұрын

You should be able to ignore local DNS and treat this as local DNS, but I have very little experience with unbound. Local DNS can't be used with let's encrypt from what I understand so your local DNS records shouldn't matter.

@danr2513

7 ай бұрын

@@perkelatorZ79 I'm having the same issue. Not sure what you mean when you say "You should be able to ignore local DNS and treat this as local DNS". I'm using a Pihole as well. I have the DNS for the Pihole set in my router.

@nonkelsue

6 ай бұрын

I have this setup as well, but noticed that it does not makes a difference when you disable the pihole. So it seems the pihole is not a problem.

can't seem to make this work on other local machines, only works on services where nginx-proxy-manager is hosted, did i miss something?

@perkelatorZ79

8 ай бұрын

I am not 100% sure as I do not know your setup fully however. I would suspect maybe a firewall on other machines. I would check firewall and verify they are on the same subnet. I am not really sure without details about the setup.

@ralph4370

7 ай бұрын

same. 2nd video on the topic. I can get the SSL on NPM. I use cloudflare. I point to to the correct subdomain/IPaddress with HTTPS and port number. Even have a PTR record on my windows server. Still does not work on Proxmox, Opnsense, or Portainer.

@nonkelsue

6 ай бұрын

Same story here. Working with Cloudflare, but can't seem to get it up and running on other instances but the NPM system itself (which gets the certificate). Not sure why the other systems are irresponsive...

@nonkelsue

6 ай бұрын

@@ralph4370 Same story here. Have you ever found a solution?

@Sc0l4p4st4

3 ай бұрын

did you find any solution guys? im stuck at the same problem, the hosts shows up as online on npm with a green dot, but it doesnt work when i click on it, the subnet is the same...

Does it only work inside of the home network?

@perkelatorZ79

3 ай бұрын

Yes, how this is setup. You can make it work for public services as well, but I would recommend using a VPN to share out resources instead. It minimizes security risk using a VPN over just having it out on the public internet. Hope this helps!

Props to decepticon naming convention. Same at my home.

@perkelatorZ79

5 ай бұрын

Ayyyy my guy, nice to see. I for a while was doing soundwave and Mini-Cassettes then that fell though when I got a mini cassette bigger than soundwave so now I just go to the wiki page and copy paste at this point.

Can you show how to configure or setup for remote access outside my local network, please. I can’t seem to figure it out.

@perkelatorZ79

7 ай бұрын

I would recommend using a VPN like in this video kzread.info/dash/bejne/mWp625SQht2clc4.html . I personally do not recommend exposing services anyway other than via VPN access. You can, but it requires a bit of network knowledge to do so. You would need to open up nginx proxy manager to the internet normally using port forwarding.

@petrosposiedon3210

7 ай бұрын

@@perkelatorZ79 thanks so much for this. This was basically exactly what I was looking for explained in great detail. Previously, I was only able to access my emby server off my home network unsecured and I didn’t want to leave it like that.

@petrosposiedon3210

7 ай бұрын

@@perkelatorZ79 do you also happen to have any advice or suggestions for trying to setup making my services accessible using a vpn tunnels with a paid vpn service?

@perkelatorZ79

7 ай бұрын

@@petrosposiedon3210 you can split it so that your network traffic like watching a KZread video will be over a paid VPN and still have access to your services it is called a split tunnel and it is just a bit of configuration depending on what VPN and VPN service that is used.

For some reason I can't get the certificate. It always fails with the same error you showed. I have even tried after 24 hours, but same result. Do I need to open any ports on the ISP router?

@perkelatorZ79

4 ай бұрын

You should not have to portforward anything. At the time of the video I have only a minecraft server open to the world. I am not sure why it would happen providing it is the same error. I am sorry not to be of more help.

When i follow these steps and open link of the proxy host chrome browser blocks it with security error saying dangerous site. Can you help me with this?

@perkelatorZ79

5 ай бұрын

This is a link to how to visit unsafe sites from google: support.google.com/chrome/answer/99020?hl=en&co=GENIE.Platform%3DDesktop It should have a details button, click it then click visit unsafe site.

When I click on the newly added host entry, I get "502 Bad Gateway" :(

@perkelatorZ79

5 ай бұрын

This could be quite a few things what service are you trying to add? It could be pointing at the wrong port. May need to add a location like /admin or /example.

@EricOnYouTube

5 ай бұрын

@@perkelatorZ79 I figured it out. I had to add a host header under the advanced tab. I realized that when I saw you adding on for pihole. :). Thanks a ton! :)

no pueden tener un nombre de ssl distinto con la misma ip, tenganlo en cuenta

@perkelatorZ79

18 күн бұрын

Esto es a través del traductor de Google, pero sí, creo que es correcto.

Hello , Nice tut , i Have Questions ! the way u doing that .. its accusable from Outside network or u just using that way so u not write Port of any app that u are using?! because if its accusable from outside network ! how u enter ip 192.168.0.x ?! And Why u Installed Nginx proxy manager 2 time !

@perkelatorZ79

8 ай бұрын

It is not accessible from outside the local network. Part of it is so you do not have to remember ports/ip addresses, but it is also for good practice and to remove the warning that may services give when no SSL is present. As explained in the video you do not have to install it in both ways, the video is intended so that one can use either Docker-Compose or Portainer depending on which is easier. Knowing how to do something in more than one way can be useful. In this case the install is very similar, but I do not want to assume that the person watching knows that or has experiences with either. Thanks for your feedback hope I answered your question.

@mohamedatef8424

8 ай бұрын

@@perkelatorZ79 Aha ok thnx i was asking to be sure what i understood 😊

maybe I'm missing something, and I'm not using DuckDNS but another provider. I can get it all working, but I have to set the record in the DNS provider. Like at kzread.info/dash/bejne/pYZ9lrqhqcjKp5c.htmlsi=xwk1yKz-cja2Cxzv&t=959 you set up Megatron in NPM but how would it know what that resolves to without defining it in DNS. At the least I would think you'd need a CNAME record to point megatron.perkelator to perkalator (where the A record for perkalator is already defined). Don't you need to add a DNS entry for every entry in NPM or does DuckDNS do this automagically somehow? also great video!

@perkelatorZ79

5 ай бұрын

So this works because the proxy is handling traffic not DNS. So once it contacts the proxy the proxy returns the correct site. So the DNS only has to be pointing at NPM. We use a wildcard DNS record so that all the subdomains for say example.com can be used. This is done using a * as the subdomain. With *.example.com it means that say megatron.example.com and starscream.example.com will return the same address. From there NPM will return the correct site based off the subdomain. So this working kind of how you suggested, but the cname is says every subdomain points to the same address if that makes sense. My first assumption would be that the DNS isn't set as a wildcard subdomain, but that could be wrong. Hope this was helpful! Let me know.

Too bad my install of NPM is acting like a Piece of $h!t. It wont let me modify my access list, among other things. Thuis is a great tutorial, but im really frustrated with the process recently. I just want Vaultwarden to be served over HTTPS so its usable. ::sad face::

@perkelatorZ79

4 ай бұрын

So this will not work how I have it setup over the open internet. Personally if you are just setting up vaultwarden for personal use I would just use a VPN into your network over exposing it to the internet. You would still get access and have much more minimal attack surface from what I understand.