Hi all,
the last week I tried to set-up a reverse proxy for SSL/TLS certificate without open any ports(no port forwoarding).
I got a domain [mydomain.com] on namecheap and I’m using cloduflare for DNS.
In cloduflare I have set-up the following DNS record:
| Type | Name | Content | Proxy Status |
|---|---|---|---|
| A | ddns | MyPublicIPAddress | DSN only |
| CNAME | * | mydomain.com | DSN only |
In PFSenese I have set-up in: Services/DynamicDNS a client:
- Service Type: Cloudflare
- Interface to monitor: WAN
- Hostname: ddns.mydomain.com
- Cloudflare Proxy: Un-check
- Username: zoneID (found in cloduflare)
- Password: API Key ( token create with DNS Zone Edit permissions)
Everything until now is working fine couse the IP that I get at https://whatismyipaddress.com/ is the same that i get both in PFSense and Cloduflare
After that I have set-up NginxProxyManger in docker (port 80, 443, 81) and add an SSL Certificate with DNS challange:
- Domain Names: *.mydomain.com
- Use a DNS Challange: Check
- DNS Provider: Cloduflare
- dns_cloudflare_api_token = MyApiToken (same Api Token that I have used in PFSense)
- Propagation Second: 30 (or I get an error)
Also here everything seemed fine to me because I got my certificate for *.mydomain.com
After that in NginxProxyManger I created a ProxyHost:
- Domain Names: homepage.mydomain.com
- Scheme: http
- Forward Hostname/IP: homepageIPAddress (IP of the docker-net of homepage)
- Forward Port: 3000
- Chache Assets, Block Common Exploits, Websocket Support: Un-Check
- SSL section --> SSL Certificate --> *.mydomain.com
- Forse SSL, HTTP/2 Support: Check
I am using Pi-Hole for local DNS an it’s setup like that:
- Local DNS:
- A record:
- Domain: npm.mydomain.com
- IP: myIPAddress (IP address of the VM where docker run)
- CNAME record:
- Domain: homepage.mydomain.com
- Target: npm.mydomain.com
- A record:
Setting, DNS:
- Custom 1: myIPAddress (point to PFsense)
- Interface settings: Bind only to interface
Now if I surf at: myIPAddress:3000 (IP address of the VM where docker run) I access to my homepage dashboard (with no SSL certificate) but if I surf at homepage.mydomain.com I get: ERR_CONNECTION_TIMED_OUT
In a windows machine if I lunch a tracert at homepage.mydomain.com I get:
- IPAddress of PFSense DHCP server (gateway)
- npm.roghouse.com [IPAddress] (IP address of the VM where docker run)
The local DNS in the windows machine point to Pihole
If I surf to npm.mydomain.com from the windows machine I get:
" Congratulations!
You’ve successfully started the Nginx Proxy Manager.
If you’re seeing this site then you’re trying to access a host that isn’t set up yet.
Log in to the Admin panel to get started."
My scope is to obtain the homepage.mydomain.com with and SSL/TLS certificate
Thanks in advance for your help
/r/NginxProxyManager exists