I’m struggling with this subject even after reading and videos. I’m trying to use nginx proxy to expose a handful of services to the public internet.

My domain is managed by Cloudflare and I believe I have Nginx setup properly with SSL api from cloudflare. Im struggling to understand the dns settings section of cloudflare.

Am I to make an A record with my domain and point it to my public IP? Then enable Cloudflare proxy service. Then a CNAME record would be the subdomain to whatever service I want and then setup properly in nginx proxy?

If I don’t have a static IP from my ISP is there a way to automatically update my dynamic IP in Cloudflare so I don’t loose access?

I’ve been trying to get this to work for the past two days now with very little success.

  • zfaB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Am I to make an A record with my domain and point it to my public IP? Then enable Cloudflare proxy service. Then a CNAME record would be the subdomain to whatever service I want and then setup properly in nginx proxy?

    That would work just fine. As long as you have the records in Cloudflare DNS and the domain is all set to proxy something in NPM you’re good to go. And yes, using a CNAME from the subdomain to your A record is the most elegant way so you only have to update that one IP address as your IP changes.

    If I don’t have a static IP from my ISP is there a way to automatically update my dynamic IP in Cloudflare so I don’t loose access?

    It’s a simple API call, or there’s lots of ‘my-first-script’ style project for this on github.

    To throw something out from leftfield though… if you’re going to be using Cloudflare to proxy all your (sub)domains, then if you have a dynamic IP you will be better off using a Cloudflare Tunnel (cloudflared) to get online. Doing so solves both the issue of creating your own CNAMEs and updating your dynamic IP record - you simply don’t ever do either as Cloudflare will take care of all the record creation and routing of traffic for you. GL.

    • ChiefLewusOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I guess I need to read more on cloud flare tunnels to truly understand them. It would replace my self hosted proxy manager and point to the ports on my server for only the instances I wanted to expose and be accessed by like service.example.com?

      • zfaB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        You can either point the Cloudflare Tunnel directly to the backend, or point it to the service on NPM and keep that in place proxying to the backends.

        Whilst the latter seems to duplicate functionality, it does allow you (down the track?) to have local access use the same hostname as public access by defining local DNS entries for subdomain.example.com which point to the NPM IP address (instead of resolving to Cloudflare’s IP address when looked up on public DNS servers).

        I would think most homelabber/self-hosters end up with that topology as opposed to having everything have to go through Cloudflare even when its purely local access at home.

        • ChiefLewusOPB
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Thank you! I’ll do a little studying on tunnels and try and implement it.

          • zfaB
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            No worries, HMU if you need anything else but the docs are stellar and once you get your head around the concept and have a play I’m sure you’ll find it just set and forget. GL.