Appreciate the high praise!

Nice to know it worked for you. Thanks for watching hopfully you will find future videos just a helpful.

Thanks!! I'm happy you found it useful.

Yeah, nextcloud can take some time!

That is what I am aiming for! Thanks.

I also had issues with unbound it seems to be a common issues people have had in the comments in my case I was able to switch over to dnsmasq. I know it isn't fixing the problem but avoiding it, but for me it was the solution I needed at the time I am still looking into issues concerning unbound, but I have quite a bit to learn about it before I can give a perfect answer. Thanks for the feedback.

Glad you enjoyed it! Thanks for the feedback and motivation to continue making videos!

I do believe that it is auto renewed. Thanks for the feedback!

I do believe that they do. I should know the answer, but in preparation for staring KZbin I was constantly blowing away my lab so I haven't made it long enough to test it. Sorry for the untested answer.

⁠Thank you for your response. One more question, i have using macvlan, after deploy the nginx proxy manager, how to change IP and set it as static IP?

That I am not sure about. Sorry for not being a help.

These certs are setup without exposure to the Internet so in this case you can add any LAN service you would like. I showed local DNS just for completeness. I am not using local DNS records. Pihole is only being used as a service many people like to have in there home lab. It is not required for SSL certs. I am not using these certs for external access, I am using them mostly for removing warning as and as a local DNS of sorts. You can use them for external access but I would setup a domain with cloudflare and you would want to setup some firewall rules to only accept connections from cloudflare. Personally I feel like a vpn I ls a better way to access homelab stuff. kzbin.info/www/bejne/nWepqmWNi99pm80si=ZX6RAl4pXWEzbgDG is a link to my video on should you expose your homelab to the Internet. I show how to setup tailscale VPN access to your lan. The certs should be renewed automatically. Thanks for the feedback! I hope I answered your questions! If not let me know.

@@perkelatorZ79 Many thanks, I really appreciate.

Thanks! Glad to hear it helped you out.

how to do it?

@@r3tr0n17 kzbin.info/www/bejne/jaLKq4yrfdmhf68

Ayyyy my guy, nice to see. I for a while was doing soundwave and Mini-Cassettes then that fell though when I got a mini cassette bigger than soundwave so now I just go to the wiki page and copy paste at this point.

Turn off DNS Rebind protection or whitelist them so your router lets them through Thank you for that. It could explain issues other have been having I appreciate this finding!

I've diagnosed my similar situation while using Tailscale & npm. It's not called 'rebinding' but the intent is clear. Without it, I'm in ❤ with npm (setup is simple & it works!). With it, all forwards fail.

Days....DAYS I tell you I have been pounding my head on the wall trying to figure out why this wasn't working!!!! One small little tick box in OPNsense and, boom, works as it was supposed to. I'm so happy and frustrated at the same time!!! Thank you fine person for bringing this to my attention!!!

I do not believe you would need to. In my experience with this setup I have 3 different proxmox nodes all running different services and only one is running ssl for everything.

I wouldn't use just this to give access I would personally used some kind of a VPN like wireguard or tailscale. I feel it is more secure than allowing it just on the open internet. You can use this for public access there are plenty of tutorials for it, it consist of port forwarding the proxy and a few other steps I haven't personally done this so I can't give details out of ignorance.

Yes, this is for local lan use only. You are basically using a valid letsencrypt certificate using the public dns api to create certificates that will resolve properly within your local network.

@@azazahamed Thank you for your response! That makes sense, I just got confused. I appreciate your time. I've watched all of the videos in this series and they were really helpful!

@@HowlYeYe You're very much welcome! Glad I could be of help!

I would recommend using a VPN like in this video kzbin.info/www/bejne/nWepqmWNi99pm80 . I personally do not recommend exposing services anyway other than via VPN access. You can, but it requires a bit of network knowledge to do so. You would need to open up nginx proxy manager to the internet normally using port forwarding.

@@perkelatorZ79 thanks so much for this. This was basically exactly what I was looking for explained in great detail. Previously, I was only able to access my emby server off my home network unsecured and I didn’t want to leave it like that.

@@perkelatorZ79 do you also happen to have any advice or suggestions for trying to setup making my services accessible using a vpn tunnels with a paid vpn service?

@@petrosposiedon3210 you can split it so that your network traffic like watching a KZbin video will be over a paid VPN and still have access to your services it is called a split tunnel and it is just a bit of configuration depending on what VPN and VPN service that is used.

Could you time stamp the code you are talking about please? Right click the video after you pause and copy video URL at current time and reply back please. You should not have to use Pihole for DNS resolution for internal service. We are using Nginx Proxy Manger to almost replace DNS in a way. Since the DNS entry is on the internet it just points to your internal IP address then the proxy tells the browser where to go. You can still setup local DNS records if you would like and I believe you could use that instead of an IP address when adding something to the proxy. Hope this helps.

@@perkelatorZ79 it's the code you have the in the description but it's at 18:07 kzbin.info/www/bejne/qYOsZYuersqXrZY

Thanks sorry about that. Without it when we attempt to go to pihole we can not, we will get an error. This is because we need to go to pihole's admin page not just to the ip/port. Normally pihole would automatically redirect us, but for some reason it does not. If we set this in the UI it doesn't seem to work either. So this is the work around. All the code is doing is redirecting us to IPADDRESS:PORT/admin. it is also passing some of the information pihole needs to pihole.

So two things here. First I messes up a bit here. You can enable Force SSL I should have. All force SSL does from my understanding is make it so if someone goes to the http address instead of https it will "force" ssl by redirecting to https. Secondly, I used http because the service that I am point to is using http. Using http redirects to port 80 where as https redirects to port 443. If I use https on a service without https it will point to the right ip, but not the correct port. In this case think I could have used either since nginx proxy manager I believe supports https as well. I used http in this case to just show that it will work with http and make it a https address when visiting. I should have caught this. You have great attention to details!

I can't say exactly. Is it all services or just one. I have had some services not play well due to needing to be redirected to a specific location like www.example.duckdns.org/service/admin/ where the service has to be point to /serivce/admin/ or it results in an error. Also on a side note the green dot seems to be misleading quite often for me. I have yet to see other talk about it, but sometimes I can point it to something that just doesn't exist and it will still report online despite not having a service at that location.

Thank you for the response, honestly i figured it out, basically i missed the part where i had a dns resolver to do the job, a lot of guides talked about pihole, but since i dont use it, i just had to add a dns override entry in the router, that pointed to the npm machine, after that , everything worked flawlessy, once again thank you so much for taking your time answering me. I'm gonna leave this hear hoping someone will find it helpful @@perkelatorZ79

Not dumb at all, asking to learn can never be dumb. Dumb would be to not know and not ask. Yes you can install NPM inside of an LXC container. With a bit of google-fu I found this bobcares.com/blog/nginx-proxy-manager-lxc/ it may be of use to you. I am not saying it is perfect instructions as I have not personally validated it, but it looks pretty close.

I am not 100% sure as I do not know your setup fully however. I would suspect maybe a firewall on other machines. I would check firewall and verify they are on the same subnet. I am not really sure without details about the setup.

same. 2nd video on the topic. I can get the SSL on NPM. I use cloudflare. I point to to the correct subdomain/IPaddress with HTTPS and port number. Even have a PTR record on my windows server. Still does not work on Proxmox, Opnsense, or Portainer.

Same story here. Working with Cloudflare, but can't seem to get it up and running on other instances but the NPM system itself (which gets the certificate). Not sure why the other systems are irresponsive...

@@ralph4370 Same story here. Have you ever found a solution?

did you find any solution guys? im stuck at the same problem, the hosts shows up as online on npm with a green dot, but it doesnt work when i click on it, the subnet is the same...

ah no, ok, looking closely at the video and the comments I saw that to have access from the outside I have to use port forwarding or VPN. While for the other question, if my IP changes, is it better to have the DuckDNS container installed or is it not needed?

Yes, how this is setup. You can make it work for public services as well, but I would recommend using a VPN to share out resources instead. It minimizes security risk using a VPN over just having it out on the public internet. Hope this helps!

You should be able to ignore local DNS and treat this as local DNS, but I have very little experience with unbound. Local DNS can't be used with let's encrypt from what I understand so your local DNS records shouldn't matter.

@@perkelatorZ79 I'm having the same issue. Not sure what you mean when you say "You should be able to ignore local DNS and treat this as local DNS". I'm using a Pihole as well. I have the DNS for the Pihole set in my router.

I have this setup as well, but noticed that it does not makes a difference when you disable the pihole. So it seems the pihole is not a problem.

This is a link to how to visit unsafe sites from google: support.google.com/chrome/answer/99020?hl=en&co=GENIE.Platform%3DDesktop It should have a details button, click it then click visit unsafe site.

You should not have to portforward anything. At the time of the video I have only a minecraft server open to the world. I am not sure why it would happen providing it is the same error. I am sorry not to be of more help.

It is not accessible from outside the local network. Part of it is so you do not have to remember ports/ip addresses, but it is also for good practice and to remove the warning that may services give when no SSL is present. As explained in the video you do not have to install it in both ways, the video is intended so that one can use either Docker-Compose or Portainer depending on which is easier. Knowing how to do something in more than one way can be useful. In this case the install is very similar, but I do not want to assume that the person watching knows that or has experiences with either. Thanks for your feedback hope I answered your question.

@@perkelatorZ79 Aha ok thnx i was asking to be sure what i understood 😊

I got the same issue - could you find a solution?

So this works because the proxy is handling traffic not DNS. So once it contacts the proxy the proxy returns the correct site. So the DNS only has to be pointing at NPM. We use a wildcard DNS record so that all the subdomains for say example.com can be used. This is done using a * as the subdomain. With *.example.com it means that say megatron.example.com and starscream.example.com will return the same address. From there NPM will return the correct site based off the subdomain. So this working kind of how you suggested, but the cname is says every subdomain points to the same address if that makes sense. My first assumption would be that the DNS isn't set as a wildcard subdomain, but that could be wrong. Hope this was helpful! Let me know.

This could be quite a few things what service are you trying to add? It could be pointing at the wrong port. May need to add a location like /admin or /example.

@@perkelatorZ79 I figured it out. I had to add a host header under the advanced tab. I realized that when I saw you adding on for pihole. :). Thanks a ton! :)

Esto es a través del traductor de Google, pero sí, creo que es correcto.

So this will not work how I have it setup over the open internet. Personally if you are just setting up vaultwarden for personal use I would just use a VPN into your network over exposing it to the internet. You would still get access and have much more minimal attack surface from what I understand.