this post was submitted on 21 Nov 2023
2 points (100.0% liked)

Self-Hosted Main

515 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

First post so hopefully it'll make sense. I've been fighting this for days and am giving up and asking for help from the Internet. I'm not new to networking and server management, but am relatively new to self-hosting/docker. I am trying to work toward local only home automation with Home Assistant and while building a ESP32 microphone was advised that it'll only work if I'm using SSL. So here we go.

After watching several YouTube tutorials, for example https://www.youtube.com/watch?v=qlcVx-k-02E&t=377s, I figured I could give it a go with a domain, NGINX Proxy Manager, and a Let's Encrypt cert.

I want to set up internal subdomains for my services using the reverse proxy to bypass both the "unsecure" error as well as CORS errors when trying to use service APIs (for example Portainer or Pihole autologin from Homer, proxmox stats, etc.) which should also allow me to use SSL with Home Assistant. Also, I want it to be internal access only (no port forwarding from my WAN) so my internal URLs would look like this:

  • proxy.home.mydomain.com -> 192.168.1.100:81 (NPM admin page)
  • portainer.home.mydomain.com -> 192.168.1.100:9443 (Portainer console)
  • proxmox.home.mydomain.com -> 192.168.1.200:8006
  • and so on

I can get things set up with no errors, but the reverse proxy entries just never work. Below are the steps I've taken/configuration. Any help would be greatly appreciated.

External DNS Setup:

  • Registered mydomain.com (example) with Namecheap
  • A record - host: mydomain.com, value: 192.168.1.100
  • A record - host: home, value: 192.168.1.100
  • CNAME - Host: *, value: mydomain.com

Internal network setup:

  • Docker/Portainer set up on 192.168.1.100 with standard ports
  • nginx-proxy-manager (from jc21) container up and running with 80/443/81 directly mapped
  • Internal DNS is provided by 2x local PiHoles, though I don't think this should be a problem?

NPM docker-compose.yml:

version: '3.8'
services:
app:
container_name: nginx-proxy-manager
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:- '80:80'- '81:81'- '443:443'
volumes:
- ./nginx-proxy-manager/data:/data
- ./nginx-proxy-manager/letsencrypt:/etc/letsencrypt

networks:
default:
name:
nginx-proxy-manager

At this point the container works I can login to npm at 192.168.1.100:81, and a normal request to 192.168.1.100 shows the "Congratulations" NPM default page. Good so far. However, I feel like at this point, accessing home.mydomain.com from my internal network should also display the "Congratulations page," right? My DNS request to Namecheap should respond with the internal IP in the A Record for home.mydomain.com but it doesn't. I get a "This site can't be reached" with a DNS_PROBE_FINISH_NXDOMAIN error which I suspect may be the problem, perhaps something to do with how I have my Namecheap DNS records set up, but I don't know how to fix it.

Let's Encrypt Certificate creation:

Domain Names: home.mydomain.com *.home.mydomain.comEmail address: [my email]Use DNS ChallengeNamecheap with correct username and API token

The cert generates fine.

From here I can create my proxy hosts, eg. proxy.home.mydomain.com and map them to the correct IP/ports as well as select the SSL cert with Force SSL and HTTP/2 Support options checked, but nothing works. I've watched 10+ YT videos and read about a dozen articles but those all work flawlessly. Any help is greatly appreciated.

โ€‹

you are viewing a single comment's thread
view the rest of the comments
[โ€“] noride@lemm.ee 1 points 11 months ago* (last edited 11 months ago)

Have you tried testing the record (home.mydomain.com) in your local host file to remove DNS as a possible culprit?

E. Also might be worth double checking where your containers are going for their DNS requests if you're getting an NXDOMAIN response.

E2. NXDOMAIN responses can poison your local DNS cache for the entire zone until the TTL expiry period elapses. Known as negative caching. Might be worth testing with nslookup pointed directly to public DNS services.