First post so hopefully it’ll make sense. I’ve been fighting this for days and am giving up and asking for help from the Internet. I’m not new to networking and server management, but am relatively new to self-hosting/docker. I am trying to work toward local only home automation with Home Assistant and while building a ESP32 microphone was advised that it’ll only work if I’m using SSL. So here we go.
After watching several YouTube tutorials, for example https://www.youtube.com/watch?v=qlcVx-k-02E&t=377s, I figured I could give it a go with a domain, NGINX Proxy Manager, and a Let’s Encrypt cert.
I want to set up internal subdomains for my services using the reverse proxy to bypass both the “unsecure” error as well as CORS errors when trying to use service APIs (for example Portainer or Pihole autologin from Homer, proxmox stats, etc.) which should also allow me to use SSL with Home Assistant. Also, I want it to be internal access only (no port forwarding from my WAN) so my internal URLs would look like this:
- proxy.home.mydomain.com -> 192.168.1.100:81 (NPM admin page)
- portainer.home.mydomain.com -> 192.168.1.100:9443 (Portainer console)
- proxmox.home.mydomain.com -> 192.168.1.200:8006
- and so on
I can get things set up with no errors, but the reverse proxy entries just never work. Below are the steps I’ve taken/configuration. Any help would be greatly appreciated.
External DNS Setup:
- Registered mydomain.com (example) with Namecheap
- A record - host: mydomain.com, value: 192.168.1.100
- A record - host: home, value: 192.168.1.100
- CNAME - Host: *, value: mydomain.com
Internal network setup:
- Docker/Portainer set up on 192.168.1.100 with standard ports
- nginx-proxy-manager (from jc21) container up and running with 80/443/81 directly mapped
- Internal DNS is provided by 2x local PiHoles, though I don’t think this should be a problem?
NPM docker-compose.yml:
version: '3.8'
services:
app:
container_name: nginx-proxy-manager
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:- '80:80'- '81:81'- '443:443'
volumes:
- ./nginx-proxy-manager/data:/data
- ./nginx-proxy-manager/letsencrypt:/etc/letsencrypt
networks:
default:
name:
nginx-proxy-manager
At this point the container works I can login to npm at 192.168.1.100:81, and a normal request to 192.168.1.100 shows the “Congratulations” NPM default page. Good so far. However, I feel like at this point, accessing home.mydomain.com from my internal network should also display the “Congratulations page,” right? My DNS request to Namecheap should respond with the internal IP in the A Record for home.mydomain.com but it doesn’t. I get a “This site can’t be reached” with a DNS_PROBE_FINISH_NXDOMAIN error which I suspect may be the problem, perhaps something to do with how I have my Namecheap DNS records set up, but I don’t know how to fix it.
Let’s Encrypt Certificate creation:
Domain Names: home.mydomain.com *.home.mydomain.comEmail address: [my email]Use DNS ChallengeNamecheap with correct username and API token
The cert generates fine.
From here I can create my proxy hosts, eg. proxy.home.mydomain.com and map them to the correct IP/ports as well as select the SSL cert with Force SSL and HTTP/2 Support options checked, but nothing works. I’ve watched 10+ YT videos and read about a dozen articles but those all work flawlessly. Any help is greatly appreciated.