Secure Local Domains Easily with Pi-hole & Nginx Proxy
Vložit
- čas přidán 3. 05. 2024
- Join this channel to get access to perks:
/ @techdox
Buy Me a Coffee if you enjoyed! - www.buymeacoffee.com/techdox
Tired of seeing 'This connection is not private' warnings when accessing your self-hosted services? In this video, I'll show you how to use Pi-hole and Nginx Proxy Manager to set up HTTPS connections and custom domain names for your local network. With these tools, you can bypass those annoying browser warnings and enjoy secure access to your services with encrypted traffic and intuitive domain-level filtering. Follow along to upgrade your self-hosting setup today!
Nginx Proxy Manager Setup - • Let's Install: Nginx P...
PiHole Setup - • How To Install Pi-Hole...
Links:
Techdox Docs - docs.techdox.nz/
Discord Channel - / discord - Věda a technologie
If you want to add Pihole to Nginx Proxy Manager, here's a guide - docs.techdox.nz/pihole-on-npm/
This video is the first time I have been able to use nginx proxy manager. I have struggled for years to learn how it works. The best video out there right here. Thanks.
You’re more than welcome
This solved my problem with proxy hosts being unreachable after turning DNS Rebind Check and Browser HTTP_REFERER enforcement back on in pfSense. I had the DNS records in Pi-hole associated with the proxy host IPs when I should of had them pointed at the Nginx IP address instead. Of course I still had to add pfSense and Nginx to the Alternate Hostnames or else I'd get the block page from pfSense. Thanks a bunch.
Awesome demo, thanks for the info and config.
You’re more than welcome
Interesting way to accomplish this. The only issue I can see is if you have a wild card resolve from Cloudlfare DNS to your public IP and you don't want the app publicly accessible.
I do something very similar without Pi-Hole. The way I accomplish this type of access is to have the wildcard DNS entry in Cloufflare point to my local IP of NPM. No need for the double entry for the app in both Pi-Hole and NPM. Nginx config is all that is needed since locally Cloudflare will point to the local Nginx Proxy Server. Outside access is handled, in my case is with another domain name. I also spin Authentik in there too for added security. But that is the beautiful thing about what we do. There's more than one way to do things and if it works, it's not wrong.
Good videos, keep it up.
Yeah, 100%! That’s why I added “How I fix this” as like you mentioned there’s so many different ways :)
You're a star! Thanks 👍
Glad I could help!
Would NPM work if i have CG-NAT? NPM always give me an error during sll cert request. And yes 443 & 80 is open
So to accomplish that particular task you have to own a domain, right? What if I don't have any? How to add ssl cert to each of my containers then?
To get let's encrypt SSL certificates, yeah you need to own a domain name
Just wondering if you have a way to make nginx a forward proxy with a whitelist?
Would wireguard be the thing you look for?
Great video, thanks!
But do I really need to enter each service/server on Pi Hole one by one?
I can’t really see how else it would know what where to send the traffic. You need to tell it this name goes to this IP in some shape or form
@@Techdox I found out that you can do it via CLI, creating a file on /etc/dnsmasq.d/, there you can use a wildcard for the domain, this way it works for all addresses from that domain.
Example:
adress=/*.DOMAIN/NGINX_IP
then run pihole restartdns
Any preference doing via NPM as compared to Cloudflared tunnel ?
I use cloudflare tunnels for services I want made public, and private I keep out of Cloudflare.
@@Techdox So this method allows services to remain local. If you want them public, then configure them in CF? That right? (excellent video btw. finding a solution to this has been on my backlog for years!)
@@-nepherim that’s correct :)
How you did the ssl?
Using the Let’s encrypt feature within Nginx Proxy Manager
how make that 3:29 homepage beautifull? any source?
Jump into the discord and I can help you :)
@@Techdox link please
@@joeshelby3352 discord.com/invite/8mX2KRxDw8