I recently configured my NAS server with OpenMediaVault and docker for some services like Nextcloud, Jellyfin, etc. I want to access them from outside my local network, so I am using Nginx Proxy Manager and my duckdns subdomain. The problem is that I have on the router open ports 80 and 443, but I can't access any of the services I have installed. I have npm configured with a wildcard for my duckdns subdomain ex: *.mydomain.duckdns.org. > nextcloud.mydomain.duckdns.org. Also I have configured to update my public ip with the tutorial of the duckdns website, and if I try to enter with my public ip and the port of the service (having it open) if I access without problems. Am I missing something or I have not configured correctly?
No external access with duckdns and Nginx Proxy manager
-
- OMV 6.x
- gelöst
- cl0v3r_404
-
ryecoaaron
Hat das Thema freigeschaltet. -
use swag instead of NGINx proxy ( is the same), and configure in your router ports
You need to redirect port 443 external to port 450 of your nas IP
and port 80 external to port 90 of your NAS IP.
Tis is and working example of swag docker:
Code
Alles anzeigenversion: "3" services: swag: image: linuxserver/swag:latest container_name: swag networks: my-net: cap_add: - NET_ADMIN environment: - PUID=$PUID - PGID=$PGID - TZ=$TZ - URL=$URL # copiar como variable env - SUBDOMAINS=mysubdomain1, mysubdomain2,etc.. - VALIDATION=duckdns # - DNSPLUGIN=cloudflare #optional - DUCKDNSTOKEN=bbbbbbb-492c-9dca-xxxxxxxx - EMAIL=$email #optional - DHLEVEL=2048 #optional - ONLY_SUBDOMAINS=true #optional #- EXTRA_DOMAINS=<extradomains> #optional - STAGING=false #optional - MAXMINDDB_LICENSE_KEY=$MAXMINDDB_LICENSE_KEY #Maxmind.com GeoIp database Key user r Pass= xxxx - DOCKER_MODS=linuxserver/mods:swag-dashboard volumes: - /$ConfigPath/swag:/config ports: - 450:443 - 90:80 #optional - 81:81 #swag console restart: unless-stopped networks: my-net: external: trueon global env section use apropiate asociation like PUID=1000
or PGID= 100, email=myemail.google.com etc...
my-net is a previosly created net on compose webGUI to use on all your dockers to resolve names ( bridge network)
-
I recently configured my NAS server with OpenMediaVault and docker for some services like Nextcloud, Jellyfin, etc. I want to access them from outside my local network, so I am using Nginx Proxy Manager and my duckdns subdomain. The problem is that I have on the router open ports 80 and 443, but I can't access any of the services I have installed. I have npm configured with a wildcard for my duckdns subdomain ex: *.mydomain.duckdns.org. > nextcloud.mydomain.duckdns.org. Also I have configured to update my public ip with the tutorial of the duckdns website, and if I try to enter with my public ip and the port of the service (having it open) if I access without problems. Am I missing something or I have not configured correctly?
I know they say it works, but personally, I've had issues with NPM and wildcards.... (was never an issue with swag)
Usually, I set it to pull a cert for (example)
nextcloud.my-domain.xyzThen when I go to add a new subdomain (say calibre)... I set it up, then when it comes time to pull a cert, my "nextcloud" cert is in the list, and i just choose it, this then causes my nextcloud and calibre setups to use the same cert.
YMMV
Edit: I should note, I don't think I've ever tested that with duckdns, but it works through my Namecheap domains that I purchased just fine. I'll have to test duckdns at some point.
-
Tried to help a friend configure NPM and just gave up.
I even followed BernH well written guide but I couldn't figure out how to use wildcard sub.subdomain.
Helped him prep SWAG with wildcard/duckdns and in less than 10 minutes he was reverse-proxying jellyfin and qbittorrent.
I'm still not convinced with NPM and it's GUI,
-
Alles anzeigen
Tried to help a friend configure NPM and just gave up.
I even followed BernH well written guide but I couldn't figure out how to use wildcard sub.subdomain.
Helped him prep SWAG with wildcard/duckdns and in less than 10 minutes he was reverse-proxying jellyfin and qbittorrent.
I'm still not convinced with NPM and it's GUI,
Challenge accepted.
-
Code
Alles anzeigenversion: '3' services: app: image: 'jc21/nginx-proxy-manager:latest' container_name: nginx-proxy restart: always ports: - '8980:80' - '8981:81' - '8943:443' environment: PUID: YOUR-PUID PGID: YOUR-GID DB_MYSQL_HOST: "db" DB_MYSQL_PORT: 3306 DB_MYSQL_USER: "npm" DB_MYSQL_PASSWORD: "MY-PASSWORD" DB_MYSQL_NAME: "npm" volumes: - /srv/dev-disk-by-uuid/PATH-TO-CONFIG:/data - /srv/dev-disk-by-uuid/PATH-TO-CERTS:/etc/letsencrypt db: image: 'jc21/mariadb-aria:latest' container_name: nginx-database restart: always environment: MYSQL_ROOT_PASSWORD: 'MY-PASSWORD' MYSQL_DATABASE: 'npm' MYSQL_USER: 'npm' MYSQL_PASSWORD: 'MY-PASSWORD' volumes: - /srv/dev-disk-by-uuid/PATH-TO-DATABASE:/var/lib/mysqlOn your router you need to open ports like this example:
PORT FORWARD:
Public port: 80
Forward to: 8980
Public port: 443
Forward to: 8943
----
Inside NPM:
Proxy Hosts
Add Proxy Host
Domain name: subdomain.yourdomain.xyz
Scheme: http
Forward Hostname / IP: Ip of your container
Forward Port: Port of your container
Block Common Exploits: ON
Access List: Publicy Accessible
----
SSL
Select "Request a new SSL certificate
Force SSL: ON
Click on save, then select "edit" on your new subdomain and check if SSL is "ON"; if not, activate it then save.
Done.
-
To configure a wildcard domain in Nginx Proxy Manager and duckdns you just have to do this:
- Configure a domain in duckdns and point to the router's public IP. Check this on https://www.whatsmydns.net/
- Open ports 443 and 80 of the router and direct them to the IP of the server on the local network.
- In the NPM GUI go to the SSL Certificates tab and click the Add SSL Certificate button. Configure it as in the following image, specifying the duckdns token:
If it is with another provider, it is necessary to select the provider in the DNS Challenge.
-
To configure a wildcard domain in Nginx Proxy Manager and duckdns you just have to do this:
- Configure a domain in duckdns and point to the router's public IP. Check this on https://www.whatsmydns.net/
- Open ports 443 and 80 of the router and direct them to the IP of the server on the local network.
- In the NPM GUI go to the SSL Certificates tab and click the Add SSL Certificate button. Configure it as in the following image, specifying the duckdns token:
If it is with another provider, it is necessary to select the provider in the DNS Challenge.
When I do it that way i get a cert error when it tries to pull
-
When I do it that way i get a cert error when it tries to pull
I just tried it and it worked for me. I don't know what the difference will be. Maybe you already have that a subdomain set up on that domain? If so, you must delete it first. That happened to me the first time and after deleting the one I already had it worked.
-
I never actually use this, I just tried it out of curiosity but I was able to access a service configured on a subdomain of the wildcard.
-
I just tried it and it worked for me. I don't know what the difference will be. Maybe you already have that a subdomain set up on that domain? If so, you must delete it first. That happened to me the first time and after deleting the one I already had it worked.
nope, clean install of NPM
-
nope, clean install of NPM
In that case I couldn't tell you what the problem is.
-
y but I was able to access a service configured on a subdomain of the wildcard.
Not disputing ou.. that's the error i get.
-
well now I'm getting loopy from exhaustion. i'll come back to this.
-
that's the error i get.
I got a very similar error (maybe the same one) the first time I tried. After that I deleted the certificate that I had configured on a subdomain example.examplesubdomain.duckdns.org and on the next try it worked.
-
I got a very similar error (maybe the same one) the first time I tried. After that I deleted the certificate that I had configured on a subdomain example.examplesubdomain.duckdns.org and on the next try it worked.
Weird, i had nothing configured.
-
Alles anzeigen
Tried to help a friend configure NPM and just gave up.
I even followed BernH well written guide but I couldn't figure out how to use wildcard sub.subdomain.
Helped him prep SWAG with wildcard/duckdns and in less than 10 minutes he was reverse-proxying jellyfin and qbittorrent.
I'm still not convinced with NPM and it's GUI,
NPM does not handle wildcard certificates very well from my experience, and it can be a little erratic. I personally use a different certificate for each subdomain. But according to this, wildcards are possible.
Wildcard Let's Encrypt certificates with Nginx Proxy Manager and Cloudflare – jverkamp.com
-
I personally use a different certificate for each subdomain.
I do the same, a certificate for each subdomain. Among other reasons because it is a purchased domain and I did not want to complicate it. I just wanted to try the wildcard certificate with duckdns and it worked.
-
Alles anzeigen
use swag instead of NGINx proxy ( is the same), and configure in your router ports
You need to redirect port 443 external to port 450 of your nas IP
and port 80 external to port 90 of your NAS IP.
Tis is and working example of swag docker:
Code
Alles anzeigenversion: "3" services: swag: image: linuxserver/swag:latest container_name: swag networks: my-net: cap_add: - NET_ADMIN environment: - PUID=$PUID - PGID=$PGID - TZ=$TZ - URL=$URL # copiar como variable env - SUBDOMAINS=mysubdomain1, mysubdomain2,etc.. - VALIDATION=http # - DNSPLUGIN=cloudflare #optional - DUCKDNSTOKEN=bbbbbbb-492c-9dca-xxxxxxxx - EMAIL=$email #optional - DHLEVEL=2048 #optional - ONLY_SUBDOMAINS=true #optional #- EXTRA_DOMAINS=<extradomains> #optional - STAGING=false #optional - MAXMINDDB_LICENSE_KEY=$MAXMINDDB_LICENSE_KEY #Maxmind.com GeoIp database Key user r Pass= xxxx - DOCKER_MODS=linuxserver/mods:swag-dashboard volumes: - /$ConfigPath/swag:/config ports: - 450:443 - 90:80 #optional - 81:81 #swag console restart: unless-stopped networks: my-net: external: trueon global env section use apropiate asociation like PUID=1000
or PGID= 100, email=myemail.google.com etc...
my-net is a previosly created net on compose webGUI to use on all your dockers to resolve names ( bridge network)
I have tried to change npm by swag and nothing, locally with the url (eg jellyfin.mysubdomain.duckdns.org) if you let me access, but externally there is no way.
Alles anzeigenCode
Alles anzeigenversion: '3' services: app: image: 'jc21/nginx-proxy-manager:latest' container_name: nginx-proxy restart: always ports: - '8980:80' - '8981:81' - '8943:443' environment: PUID: YOUR-PUID PGID: YOUR-GID DB_MYSQL_HOST: "db" DB_MYSQL_PORT: 3306 DB_MYSQL_USER: "npm" DB_MYSQL_PASSWORD: "MY-PASSWORD" DB_MYSQL_NAME: "npm" volumes: - /srv/dev-disk-by-uuid/PATH-TO-CONFIG:/data - /srv/dev-disk-by-uuid/PATH-TO-CERTS:/etc/letsencrypt db: image: 'jc21/mariadb-aria:latest' container_name: nginx-database restart: always environment: MYSQL_ROOT_PASSWORD: 'MY-PASSWORD' MYSQL_DATABASE: 'npm' MYSQL_USER: 'npm' MYSQL_PASSWORD: 'MY-PASSWORD' volumes: - /srv/dev-disk-by-uuid/PATH-TO-DATABASE:/var/lib/mysqlOn your router you need to open ports like this example:
PORT FORWARD:
Public port: 80
Forward to: 8980
Public port: 443
Forward to: 8943
----
Inside NPM:
Proxy Hosts
Add Proxy Host
Domain name: subdomain.yourdomain.xyz
Scheme: http
Forward Hostname / IP: Ip of your container
Forward Port: Port of your container
Block Common Exploits: ON
Access List: Publicy Accessible
----
SSL
Select "Request a new SSL certificate
Force SSL: ON
Click on save, then select "edit" on your new subdomain and check if SSL is "ON"; if not, activate it then save.
Done.
I tried before switching to swag this port forwarding and nothing, it keeps loading and at the end it gives connection error.
-
I have tried to change npm by swag and nothing, locally with the url (eg jellyfin.mysubdomain.duckdns.org) if you let me access, but externally there is no way.
Post the exact steps you did and the CODE used to launch SWAG.
Hide sensible data from it (email, URL etc... )
If using duckdns, you only need to have port 443 open on the router.
If you use also port 80, it will conflict with OMV unless you change the OMV GUI port.
Jetzt mitmachen!
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!
