Best and easiest solution to access OMV away from home

Zitat von Sandro_Rocha

Ask me a question, please. For example, being my DuckDNS domain "teste123.duckdns.org", if I want to configure Emby on NPM, do I put teste123.duckdns.org with port 8096 on the NPM hosts or do I put emby.teste123.duckdns.org? Looking at some videos I was in doubt because the examples suggested that I would need to create a domain for each service on DuckDNS.

Ask you a question about what? Why do I have to ask you a question when I have given you the list of settings you have to do. You just simply have to correct the entries to match your setup. (ie. fixing the yourdomain portion of the example to match your domain and fixing the IP address of the server to match your server.

Lets start at the beginning.

A reverse proxy routes the traffic based on your sub-domain (the emby in the example) while duck DNS routes based on your domain.

This means from the internet a query for anything that uses your duckdns domain as part of it's address gets sent to your router, your router forwards anything coming in on port 80 and 443 to NPM, NPM then looks at the full request address, which also includes the sub-domain (emby in the example) and then sends that to the IP address and port that emby uses (the emby portion is not entered in the duckdns servers, as a sub-domain it only exists in NPM), and if you have ssl enabled it converts everything over to port 443 for ssl encryption.

To put the whole service and domain/sub-domain thing in another light, think of it as a piece of regular snail mail with an address like this

person's name = sub-domain (emby)

street address, city, country, postal code = domain (yourdomain.duckdns.org)

These are combined to make the full address of emby.yourdomain.duckdns.org,

The mail man (duckdns) has no idea who the person (emby) is because the person is not a construction, does not have a permanent civic address and may move, so he ignore's the person's name, but he does know where the street/city/country/postal code civic address is, so anything with that address get's sent to the same place (your WAN IP address). The person who takes the mail out of the mailbox (your router) gives it to someone else (NPM) to sort. When NPM looks at the mail, he does know who the person (sub-domain) in the address is, so he gives it to the right person when he sees the name.

The domain points to your house/WAN IP/router, the sub-domain points to the service, and NPM is the guy that sorts it all out.

I am attaching 3 screen grabs that outline the example configuration. All the fields are self explainitory. The two files labeled host-1.png and host-2.png (from the host menu section) are where you set up the entry (host-1.png) and where you can attach or request a new ssl certificate (host-2.png). The 3rd one (ssl_pre_creation.png) is from the ssl menu section, where you can create a certificate before you make a host if you want. If a certificate is already made, the settings in host-2.png can be adjusted to select the already made certificate instead of requesting a new one.

There are many pieces of information you have not offered up, such as: I have no idea what your LAN IP addresses are, what services you are running, how they are installed, what ports you have them on, if you have port forwarded from your router correctly, if your port routing in your containers are correct, and the list goes on.

The only answers to my instructions I got back from you was that you have it all set up, the containers are all working right, but there is no connection. If it was all set up as per the instructions, it would be working.

Without details I can't give you back details or help find a problem, all I can give you is general instructions on what you have to set up and hope you can follow them. There are also some things that I can't give you details on, such as how to do the port forwarding in your router, as every router is different, with different menus and different options, and often these even change from year to year from the same manufacturer. In such cases, all that I can offer is the general instruction. You may find some additional guidance on the internet at portforward.com, but it's always better that you understand what you are doing than to blindly follow a set of written instructions. Understanding brings knowledge and the ability to identify problems, while blindly following a set of instructions may get you there, but also won't help you if something is different along the way.

I don't mean to sound rude, but your question about how to enter the domain information into NPM tells me that you don't understand the basics of what you are trying to do and may be in a little over your head, which is why I used that mail analogy above. I know you said you had things set up on another NAS but based on your statement I suspect it was probably a system like a QNAP or TrueNAS that does most of the setup for you via plugins and probably doesn't offer a reverse proxy option.

Remember, I can't sit in front of your system and do it for you, but I can help you understand what you are doing so you can then take control and do the same thing for all of your services. Hang in there and we will get you going.

thank you, it's very well explained guide. one question on behalf of a firend, he has a community fibre and they do not allow port forwarding, is there any way around it.

Thanks

Zitat von musharaf

thank you, it's very well explained guide. one question on behalf of a firend, he has a community fibre and they do not allow port forwarding, is there any way around it.

Thanks

If he can't port forward, then no there is no way around it in a traditional sense that I am aware of as port forwarding is required for incoming connections. The only solution the give him remote access would be to use some kind of remote access service such as teamviewer, anydesk, dwservice, etc, since they use a server in between you and the other end of your connection and both ends need to establish outgoing connections to that server in the middle, but that still would not allow for access via a reverse proxy like I explained, as it is designed for peer to peer remote access. If he is looking to stream media, it would likely be pretty poor performance also.

Tailscale may also be able to negotiate this kind of setup to allow for a VPN connection, but I have never used it so I am not sure.