Secure Your Domain with NGINX Proxy Manager and Cloudflare (Including Uptime Kuma Demonstration)

Рет қаралды 50,736

Күн бұрын

My original plan for today's video was to show how to install Uptime Kuma, but I've been getting multiple comments saying that people are having a hard time getting NGINX Proxy Manager to work with Cloudflare and pulling SSLs.
By the end of the video you should have a better idea of how to setup Uptime Kuma AND how to get NGINX Proxy Manager and Cloudflare to work together to secure your domains.
So this video will be broken into a few chapters:
0:00 Intro
1:22 Demonstration
9:36 Installation
11:01 Domains and DNS
22:34 NGINX Proxy Manager
28:20 Outro
/=========================================/
Links:
Uptime Kuma GitHub:
github.com/louislam/uptime-kuma
Uptime Kuma Docker-Compose:
github.com/louislam/uptime-ku...
Uptime Kuma Docker Hub:
hub.docker.com/r/louislam/upt...
How to Install NGINX Proxy Manager:
x86 Platform
• Install NGINX Proxy Ma...
Raspberry Pi Platform
• Raspberry Pi Home Serv...
How to Update Cloudflare DDNS Automatically:
• CloudFlare DDNS - Upda...
/=========================================/
Get your .click domain!
URL: dbte.ch/porkbun
Info: $0.99 for up to 3 names per customer
Coupon: CLICK-DBTECH
/=========================================/
✨Join this channel to get access to perks:
✅ / @dbtechyt
✨Come chat in Discord:
✅ dbte.ch/discord
✨Find all my social accounts here:
✅ dbte.ch/
✨Services (Affiliate Links):
✅ Digital Ocean: dbte.ch/do
✅ Private Internet Access (PIA) VPN: dbte.ch/piavpn
✅ Amazon: dbte.ch/amazonaffiliate
✨Hardware (Affiliate Links):
✅ TinyPilot KVM: dbte.ch/tpkvm
✅ LattePanda Delta 432: dbte.ch/dfrobot
✅ Lotmaxx SC-10 Shark: dbte.ch/sc10shark
✅ EchoGear 10U Rack: dbte.ch/echogear10u
The hardware in my current home server is:
✔ Synology DS1621xs+ (provided by Synology): amzn.to/2ZwTMgl
✔ 6x8TB Seagate Exos Enterprise HDDs (provided by Synology): amzn.to/3auLdcb
✔ 16GB DDR4 ECC RAM (provided by Synology): amzn.to/3do7avd
✔ 2TB NVMe Caching Drive (provided by Sabrent): amzn.to/3dwPCxj
All amzn.to links are affiliate links.
/=========================================/
Remember to leave a like on this video and subscribe if you want to see more!
/=========================================/
Like what I do? Want to be generous and help support my channel? Here are some ways to support:
✅ Patreon: dbte.ch/patreon
✅ PayPal: dbte.ch/paypal
✅ Ko-fi: dbte.ch/kofi
/=========================================/
Here's my Amazon Influencer Shop Link:
✅ dbte.ch/amazonshop

Пікірлер: 103

@DBTechYT 2 жыл бұрын

Let me know what containers or services you'd like to see in upcoming videos!!

@77Blackwolf77 2 жыл бұрын

When I check my SSL on my server against the SSL certificate shown in my browser, they are different. Is cloudflare decrypting and then re-encrypting the traffic when proxying?

@juliopinillos6934 2 жыл бұрын

authelia with nginx and cloudflare can be great

@Symbiiotic 2 жыл бұрын

I would LOVE a video on setting up reactive resume container. I cant seem to find a good tutorial on it. Thanks DB Tech!

@DBTechYT 2 жыл бұрын

@Luis Rodriguez I've run across that before. Maybe a video for next week :)

@DBTechYT 2 жыл бұрын

@Robin The SSL on your server encrypts the data from your location to CloudFlare. Then CloudFlare's SSL takes over from the internet side of things.

@elliotwilliams8250 2 жыл бұрын

dont apologize for the long video. it is very detailed compared to before. keep up the good work dude!

@MRPtech 2 жыл бұрын

I was looing for something like Uptime-Kuma for days. Thank you !

@DBTechYT 2 жыл бұрын

YAY!!

@ConditionalBeanSprout 2 жыл бұрын

Just moved from route53 to cloudflare - this video was a huge help!

@DBTechYT 2 жыл бұрын

Awesome! Glad to hear it!

@metal-beard 2 жыл бұрын

If I'm doing this on a VPS, how can I secure access to port 81 of NGNIX Proxy Manager's web interface? It’s exposed and accessible from public IP of VPS! (I can hide the Uptime Kuma container port by giving it to the ngnixproxy network container).

@AnFv86 2 жыл бұрын

Very nice video. I've got some problem using Nginx Proxy Manager and Cloudflare with Home Assistant. If I enable the Cloudflare proxy I can't login using the domain name to my Home Assistant even if I have configured it with the list of proxies and I've enabled the websocket option in NGINX. Any idea?

@brettdent1540 Жыл бұрын

Awesome information! I appreciate your hard work!

@DBTechYT Жыл бұрын

I appreciate that!

@ywurri 2 жыл бұрын

Another great video, very helpful thanks

@hillbilly96582 2 жыл бұрын

I am trying to setup Uptime Kuma to monitor HTTP(s) monitor but the server keeps returning 302 found eventhough the service is down. I tried adding a firewall rule to disable Browser Integrity Check but that didn't work either :(

@sturdza7092 2 жыл бұрын

Im having trouble reaching dsm 7 from npm dsm 6 was working and any other apps are working too. Has anyone encountered this problem?

@krisdouglas6536 2 жыл бұрын

hi thanks you very much. im having a strange problem though, ive set it just like you did, and pointed to jellyfin on 8096. but it seems to always load the router web interface page ? very odd indeed as i didnt think port forwarding on the router was neccessary. Any ideas ?

@DBTechYT 2 жыл бұрын

Then you didn't sucessfully forward ports 80 and 443 from your modem/router to your nginx proxy manager server

@pashadavidson6808 2 жыл бұрын

I was wondering if you had to go to the Cloudflare SSL/TLS tab, and then toggle your encryption mode between Full/Off the same way you toggled the DNS proxy status. If not, what setting do you have it set to? Did you set it to that status prior to saving the proxy status? I actually watched your first video last year, and got close but no cigar, and am now trying it again.

@DBTechYT 2 жыл бұрын

I have created SSLs on CloudFlare and have installed them in NGINX Proxy Manager (kzbin.info/www/bejne/pqiuYn-kl7mcqqs) and use them for whatever domain I've created the SSL for. Once that is done, I leave Proxy Mode to "Proxied" all the time. I don't have to toggle that any more since we already have the SSL setup. Also, because I'm using a custom SSL installed on my local matching, my SSL/TLS encryption mode is Full (strict). Going this route has REALLY simplified my deployment process.

@Cloecher11 2 жыл бұрын

Do you have a video that goes over setting up docker and portainer? I tried looking through your past videos and couldn't find one. I've been struggling to get just a good starting point on docker to even begin getting nginx, or other services to work.

@DBTechYT 2 жыл бұрын

There's a whole playlist from start to wherever it is now: kzbin.info/www/bejne/d2bGnIdtpd2lhLs

@Kaltenbrunner2 6 ай бұрын

how do i install proxy manager ngninx?

@TheOnlyEpsilonAlpha Жыл бұрын

15:37 The Delay you mentioned is very simple explained. There is a value in your DNS Entries (especially if you install and config a DNS Server locally like BIND) which defines the TTL (Time to Life) of the entries. Here is set the "rhythm" in which the records will be refreshed. That strongly depends on your preferences, how often things change. i know some instances which have 3600 seconds on internal networks, but i know some have 43200 seconds or 86400 seconds. Which are the values for: 1 hr, 1 day and 2 days. If the provider manages that for you, you are out of luck. If you can manage that by yourself you should take in consideration that it would increase the load on the servers depending on the scale. Maybe you need to split up between multiple dns servers with various TTLs. Like a more "static" TTL for the "base systems" which don't change very often and a more "dynamic" TTL for the testlab where thing can change quickly ;) But from the best practices i read and i experienced by myself, you should not go under 3600 for that But the NGINX Proxy Manager looks interesting, i will try that for myself :)

@ammaralzhrani6329 2 жыл бұрын

Thanks for amazing tutorial. What is the type of cloudflare connection? I put it flexible and worked for me but others didn’t. Please help thanks

@DBTechYT 2 жыл бұрын

Once you get the SSL setup on your NGINX Proxy Manager, you should be able to set it to "Strict" and be good to go.

@vamshigupta7971 2 жыл бұрын

@Db Tech thank you for this video, would you suggest or do a video about NGINX proxy manager versus HA proxy?

@DBTechYT 2 жыл бұрын

I'll look into it

@DumReviewGRC Жыл бұрын

Do I have to disable proxyfying on Cloudflare each time when LE cert needs to be renewed?

@DBTechYT Жыл бұрын

Or you can generate and install SSLs from CloudFlare and avoid this issue: kzbin.info/www/bejne/pqiuYn-kl7mcqqs

@YevhenZhuchenko 2 жыл бұрын

Hey, thank you for your videos, they really helped me many times! I have a question regarding Cloudflare's proxy system. How to monitor domains that are being proxied? I faced the situation when the domain responses with the 200 code even if it's down because of Cloudflare's default answer, like on 27:19

@DBTechYT 2 жыл бұрын

You might need to go into CloudFlare and turn off the "Always On" option.

@zadekeys2194 2 жыл бұрын

Thank you for this! Love U.Kuma, busy with a oracle cloud free acc + CloudFlare +Ubuntu + docker + portainer + nginx r.proxy + kuma + Wazuh and a few other tools. 4x cores + 24GB Ram + 200GB disk. For . Free.

@ct6858 11 ай бұрын

Nice video. Is it possible to have nginx and lets encrypt working only locally? I don't want my services exposed publicly. I wish you had a video on that. 😅

@nickxyz001 2 жыл бұрын

When you say to port forward 80 and 443 to the server, are you forwarding to the NPM server or the actual server that you want accessible to the internet?

@DBTechYT 2 жыл бұрын

That's a good question I should have clarified on. Point 80 and 443 to your NPM server. You'll route your traffic from there :)

@oakfig 2 жыл бұрын

@@DBTechYT so it's the server that's hosting npm? Which could be the same server we want to access correct?

@DBTechYT 2 жыл бұрын

Point 80 and 443 to whatever the IP of the server hosting NPM is. When you setup a domain on NPM, you'll route the traffic from there to any other server on your network that has an application you want to be accessible from the internet.

@aasilmahesh 2 жыл бұрын

That was good explanation. however we need to choose the dns challenge in NPM while you request for a SSL. This would avoid disabling proxy on the cloud flare. In dns challenge select the cloud flare and create api and paste it in the npm. Let's encrypt would validate you by creating and deleting a text record in cloud flare using the api token. This would avoid disabling proxy on cloud flare every 3 months for ssl renewals.

@raylab77 2 жыл бұрын

Interesting, could @DB Tech do a vid on this?

@kjlw99 Жыл бұрын

My tunnels won't start no matter what I try... It keeps giving me an error about the quic protocol not being allowed outgoing. I can't find any information on-line. I'm wondering if this is b/c I have comcast's router blocking stuffs. So question is are your tunnels on your main subnet, or like mine behind a secondary router?

@DBTechYT Жыл бұрын

You'll need to forward ports 80 and 443 from your modem to your router and then to the server running nginx proxy manager

@kjlw99 Жыл бұрын

@@DBTechYT I have the modem to replace Xfi, but it's just a modem; so I have to wait for the DDWRT to act as Gateway so I can have the control I can't figure out with comcast... I'll let ya know when my hardware comes in. Make my Internet a dumb-net pipe. Comcast is driving me blocking things, that it won't say ANY details and the link that is suppose to explain it doesn't. Ugh... I was thinking about going with tailscale to give me static IP's for my future swarm/?kubernetes clusters & good 4 sharing specific server+services w/ TS. Where as I had planned for 4-6 internal tunnels to various nodes.= for public sharing services to get CF rev._proxy DDOS protection.

@jamiemchardie 2 жыл бұрын

A note for those receiving the error "too many redirects". Go to the Cloudflare SSL/TLS tab, then set your encryption mode to Full (strict)

@BenSmithuk Жыл бұрын

You star - thanks for this - was driving me mad!

@tchesnokovn 11 ай бұрын

this doesnt fix it for me and results in a 504 error.

@sayijalsurjoo4395 Жыл бұрын

Do I need a static public ip for creating a record in cloudflare

@DBTechYT Жыл бұрын

it helps. you could use a Cloudflare DDNS container to update your Cloudflare records. OR you could use this solution instead: kzbin.info/www/bejne/hXLIgqqae72mh7M

@sayijalsurjoo4395 Жыл бұрын

@@DBTechYT thank you good sir I shell give this video a watch

@neilcrew4893 2 жыл бұрын

So I created a new domain with Porkbun and switched it to Cloudflare. However, it has 200 CNAME records that I don't really want to delete one by one! Has anybody got any tips on how to remove these quickly?

@DBTechYT 2 жыл бұрын

I have run into that. Delete the domain from cloudflare, then wait a few minutes and add it back to cloudflare. I've had that work in the past.

@neilcrew4893 2 жыл бұрын

@@DBTechYT That did the trick - thanks!

@jasonmehlhoff8877 8 ай бұрын

Followed to a T and I get a big Red Deceptive site ahead warning and it just sits there then the cloudflare page Connection timed out and error where it shows my domain on their error screen.. I have literally been working on this for 3 days. So frustrating. I'm about to just give up. Every video is a little different so I don't know who to follow. I followed this one exactly just because it seemed the most straight forward. ugh haha. Thanks if anyone has any help! Jason

@DBTechYT 8 ай бұрын

a deceptive site warning has nothing to do with this. That has to do with Google thinking that your domain name is being used to scam people. You need to find out how to clear your domain's reputation

@fuba44 Жыл бұрын

i liked it, subbed

@DBTechYT Жыл бұрын

Thanks!!

@oakfig 2 жыл бұрын

This video that goes deep makes things so much clearer!

@DBTechYT 2 жыл бұрын

Glad to hear it!

@oakfig 2 жыл бұрын

Can I have more than 1 domain point to the same IP?

@DBTechYT 2 жыл бұрын

As many as you want

@afp2003d 3 ай бұрын

porkbun asks me for my ID verification. I am from Oman . Is it safe to provide my ID card to the website?

@DBTechYT 3 ай бұрын

I've ben using them for years and have had no issues.

@artemisa81 2 жыл бұрын

This does not seem to work with cloudflare, any workaround?

@DBTechYT 2 жыл бұрын

Please watch this video: kzbin.info/www/bejne/aJ7HoHuHob-obq8

@artemisa81 2 жыл бұрын

@@DBTechYT thanks great

@okanerdem 2 жыл бұрын

can be an performance issue for local servers? Always ping is cause this?

@DBTechYT 2 жыл бұрын

No. It's a simple ping that happens at whatever interval you decide. It could be every minute or every hour or whatever, but it's just a simple ping to see if the device responds and that's it.

@okanerdem 2 жыл бұрын

@@DBTechYT Thanks for the information

@okanerdem 2 жыл бұрын

@@DBTechYT By the way a small question about Cloudflare, we can use proxied for the connection to host, it'S possible just with cloudflare? I mean if we dont use cloudflare, there is another option like cloudflare to use proxied mode?

@Yuyoukyu Жыл бұрын

Hi David, I have a question with setting up the nginx proxy manager docker on my nas. I have setup everything, but when I tried to add proxy host to redirect url to some container, it only shows webstation page instead of actual container page. Do you know why this is happening?

@alanstedman6716 2 жыл бұрын

Don't forget to use your cloudflare updater if you don't have a permanent /static IP a home. Another great tutorial - thank you.

@DBTechYT 2 жыл бұрын

Great tip!

@alanstedman6716 2 жыл бұрын

@@DBTechYT I got this from your Pi4 series, and now use it regularly for any external access to the home network. Thankyou for many great videos, I have learnt a lot.

@ryanmalone2681 2 ай бұрын

I love Cloudflare. I wish NPM was even a small fraction as easy to use.

@DBTechYT 2 ай бұрын

Me too on all of that. I've quit using NPM entirely and have switched to Cloudflare Tunnels.

@ryanmalone2681 2 ай бұрын

@@DBTechYT I want to use Cloudflare which routes traffic into my firewall for IPS & IDS, then into NPM, and then onto the service with rules that only allow that route. I’m not comfortable with Cloudflare going direct to my published service.

@DBTechYT 2 ай бұрын

I get that. Lots of people have the same thought process as you. To each their own :)

@datawolk 2 жыл бұрын

Longer AiO videos are good!

@raylab77 2 жыл бұрын

How many got the itch to write: “it doesn’t work”? Lol, I know I did Good vid though, thanx again

@EmilionDK 2 жыл бұрын

1 frame, IP leak at 22:27 :P but you have probably changed your IP by now. :D

@HiltonT69 2 жыл бұрын

DNS doesn't propagate!

@DBTechYT 2 жыл бұрын

DNS propagation is the time period in which it takes updates to DNS records to be in full effect across all servers on the web. The reason changes aren't instantaneous is because nameservers store domain record information in their cache for a certain amount of time before they refresh

@ricksmith219 2 жыл бұрын

I am fairly certain that I followed directions completely however I cannot get the server up.. I am running docker with omv6 if that matters... here is the error in the logs 2022-03-20 12:32:31,965 fail2ban.configreader [1]: INFO Loading configs for filter.d/npm-docker under /etc/fail2ban 2022-03-20 12:32:31,966 fail2ban.configparserinc[1]: INFO Loading files: ['/etc/fail2ban/filter.d/npm-docker.conf'] 2022-03-20 12:32:31,966 fail2ban.configparserinc[1]: INFO Loading files: ['/etc/fail2ban/filter.d/npm-docker.conf'] 2022-03-20 12:32:31,969 fail2ban.configreader [1]: INFO Loading configs for action.d/cloudflare-apiv4 under /etc/fail2ban 2022-03-20 12:32:31,970 fail2ban.configparserinc[1]: INFO Loading files: ['/etc/fail2ban/action.d/cloudflare-apiv4.conf'] 2022-03-20 12:32:31,971 fail2ban.configparserinc[1]: INFO Loading files: ['/etc/fail2ban/action.d/cloudflare-apiv4.conf'] 2022-03-20 12:32:31,973 fail2ban.jailreader [1]: NOTICE No file(s) found for glob /log/npm/default-host_access.log 2022-03-20 12:32:31,974 fail2ban.jailreader [1]: NOTICE No file(s) found for glob /log/npm/proxy-host-*_access.log 2022-03-20 12:32:31,974 fail2ban.jailreader [1]: NOTICE No file(s) found for glob /log/npm/proxy-host-*_error.log 2022-03-20 12:32:31,975 fail2ban [1]: ERROR Failed during configuration: Have not found any log file for npm-docker jail 2022-03-20 12:32:31,977 fail2ban [1]: ERROR Async configuration of server failed Traceback (most recent call last): File "/usr/lib/python3.9/site-packages/fail2ban/client/fail2banserver.py", line 189, in start raise ServerExecutionException('Async configuration of server failed') fail2ban.client.fail2bancmdline.ServerExecutionException: Async configuration of server failed any thoughts?

@ricksmith219 2 жыл бұрын

sorry wrong video my bad...

@htcheroportugal 2 жыл бұрын

hi, i did what you did, but i got this message, when i tried to acess my subdomain NET::ERR_CERT_AUTHORITY_INVALID

@DBTechYT 2 жыл бұрын

Then use this method for your certs: kzbin.info/www/bejne/pqiuYn-kl7mcqqs

@normonly5636 2 ай бұрын

@@DBTechYT Hi I watch the video step by step, and still getting the same error every time I enter to my domain it says NET::ERR_CERT_AUTHORITY_INVALID.