I’m new to self hosting and home labs in general and I’m trying to understand how I can make some of my services accessible outside my network. At the moment I’m just experimenting with my Synology NAS (I know they have QuickConnect), but eventually I want to do it with JellyFin, Game Servers, NextCloud and various other things. My main priority is security.

I know there’s multiple ways of doing this and I’ve watched a bunch of different videos but I’m struggling to get it working so I’m trying to understand the steps a little better. Here I’m attempting to use NGINX as a reverse proxy with Cloudflare.

  1. I have my own domain name. I purchased it from Namecheap and I’ve set it up to use Cloudflare nameservers (for this, i’ll just use example.net)

  2. In Cloudflare DNS settings, I have two records:
    (To my understanding, this should point my domain name plus any subdomains to my router)

    1. Type: A
      Name: @ (acts as root, so my root domain name e.g. example.net)
      IPv4: My public IP address
      Proxied: Yes
      TTL: Auto
    2. Type: CNAME
      Name * (acts as wildcard)
      Target: My domain name (e.g. example.net)
      Proxied: Yes
      TTL: Auto

  3. Now, I believe this will route all traffic to my router but my router won’t let it in, so I need to forward the correct ports… I think this might be where I’m getting things mixed up.
    NGINX is running in a docker container on 192.168.0.15 with published ports:
    40080:80
    40081:81
    40443:443
    So on my router, I’m allowing all inbound traffic on 40080 and 40443 and directing to 192.168.0.15.
    Which I “think” routes traffic to my home network to NGINX? Though I might have misunderstood how that works.

  4. In NGINX I’ve set up a Let’s Encrypt SSL certificate for domains example.net and *.example.net and I’ve set “Use a DNS Challenge” using Cloudflare and the token I copied earlier. That adds successfully so I assume that worked.

  5. Finally I go to “Add Proxy Host” and add a domain called nas.example.net and forward it to http 192.168.0.2 (my nas) with port 5000. This is what I can use to access the interface locally.

So that’s what I’m doing, and what I’m getting as a Cloudflare Connection Timed out Error 522 so something’s not working somewhere but I’m not sure where.

I also tried opening ports 80 and 443 on my firewall and directing traffic to 192.168.0.15 and I get a 521 server down error which I’m not sure whether is an improvement or not?

I imagine it’s just my misunderstanding one of the steps, likely around which ports I need to forward but I’ve tried all sorts and I’m not getting anywhere.

Apologies for the long post.

Any help?