Secure Your Domain with NGINX Proxy Manager and CloudFlare (Including Uptime Kuma Demonstration)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey guys how's it going hope everybody's doing well out there today uh my original plan for today was to show you how to set up a system status page so that you can monitor different services whether it's on your network or other websites things like that you can basically monitor whatever you want with a service or a docker container called uptime kuma however uh recently i've been getting several comments in the comment sections of different videos saying that people are having a hard time getting nginx proxy manager to work properly with their system so uh today we're going to kind of do a twofer uh i'm going to first this video is going to be kind of done in a few different parts and i will have time stamps below where you can skip around and find the parts that you're looking for the first part of this video is going to be how to set up uptime kuma in a docker container using portainer or docker compose stacks however you want to say that we're going to do this in portainer but once that uh that is set up and and i've kind of shown you how to use it that sort of thing then we're going to jump into the process of setting up nginx proxy manager in such a way that we can access uptime kuma from a domain name so um i think that's going to kind of cover everything again there will be timestamps in the description down below for the different chapters of this video so with that being said let's go ahead and take a look at how to set up uptime kuma as a service status page in docker using portainer so first off here is uh uptime kuma this is uh kind of the behind the scenes the the dashboard that you have to log in in order to see um so basically we can see that we've got uh three services that we're monitoring here uh we can see that all of these are green they've all been up there's been no issues if there was an issue at any point you would see that here somewhere in in one of those dots with the corresponding time frame in fact if you hover over one of those you can see a little time frame thing pops up with the status in that case it was 200 meaning okay things are good to go um so if we can actually go a little bit further we can see uh statuses here we've got we've like it says here three records that we're following uh if we wanted to we could uh open one of these up and get a a a status page of that particular domain that service whatever where you can see current response times average response times up times for 24 hours up time for the last 30 days as well as when the certificate will expire so some good information here and again all of this you can kind of see a historical log of all of those response times when the service was pinged so all of the stuff that we're seeing right now is only accessible via login as far as just real granular data however there is a public facing page that we can take a look at as well uh so let's go ahead and take a look at the status page now this could be open to the public if you wanted it to be uh by default it is you could obviously put this behind uh you know a password or something using nginx proxy manager which again we'll take a look at here in a little bit um but basically here you can kind of get a rough idea uh just a quick glance what's going on uh if there were any incidents uh down here you could you could show those as well also if you were running this and and you knew that other people were going to be looking at it so we'll go ahead and click on edit status page and we could then create an incident right here uh we could say uh our maintenance um needed to reboot for updates or or whatever uh below that we can uh we can either post it we can cancel it or we can set a specific type of incident uh here whether it's just informational it's a warning danger preliminary light dark light or dark i don't know why anyway uh so we could just say hey this is this is just information so by default that turns to blue then we can post so now we can see that if somebody were to come here they would see this and they would understand why there was an incident because you've explained it to them pretty simple so below this we can see all of the services that are currently being monitored on this page uh currently i've got all of them uh set up and and working here i don't have any uh that aren't being displayed on this page so what we'll want to do here is actually go over here to uh the dashboard and that's fine we can just go ahead and leave that we're just going to add a new monitor so uh on this page we can see that there are uh there's a bunch of stuff to take a look at here so across the top are we going to do http https uh do we want to ping a tcp port uh or sorry do we want to take a look at a tcp port you want to ping something uh do we want to do uh keywords or dns we can kind of pick and choose what we want to do there we're going to keep it simple for the sake of this tutorial we're just going to say http we're going to call this google and we'll just do oops google.com now how often do we want to check by default 60 seconds uh you could um have a certain number of retries before it actually fails uh heartbeat retry interval how often do you want to retry uh that that uh do we want to ignore ssl or tls requests for the uh http website um this one this one's kind of weird it's upside down mode meaning if the service responds then there's a problem so you could check that box as well uh maximum redirects we've got accepted code statuses of 200 to 299 so that's like earlier i said that you know that we had a status of 200 meaning things were okay uh so so anything in that status range we could absolutely uh qualify as okay if you wanted to you could put in other status codes for different things but i think 200 to 299 is what most people are going to use here and then tags if you wanted to add tags to that you absolutely could um so basically we've got everything that we need to do here except that up at the top right we can say hey do we want to get notifications when there's an issue with this so uh you can turn that on and off as necessary let me just go down here so now we've got google right here uh it looks like everything looks good google is up 200 okay good deal there so now let's actually go back to our status page we can then edit the status page and right here says add a monitor so what i'm going to do is click that and automatically that google pops up right there and here we can see now we've added that and we can click save so now we've got the option to uh that or that's how we would go through the process of adding additional uh services to the status page so very very simple stuff there let's go back to the dashboard let's take a look at the settings up here and then here we've got some some different options as far as appearance themes light dark whatever time zone allow indexing or not i would say if you're going to be self-hosting you don't want google's to index does so discourage search engines from indexing the site entry page you can say dashboard or status board so when you go to uh the url for this service um do you want to go to the dashboard or the status board you can pick and choose there you change your password um uh you can enable uh two-factor authentication which uh if you're gonna self-host i highly encourage uh if you had this and you wanted to move it to a different server uh you could actually export your your your current settings uh and then import them into a new instance which i've actually done uh very successfully uh and it's a very slick process for doing that again here's where you would import that and then advanced you can disable off you can log out or you can clear all of your statistics if you wanted to do that up here at the top right we've got notifications now this is where i really dig this system it's because we can set up notifications and there are a bunch of different types of notifications that we can use um i i have mine set up through email um and and basically just looks like that uh so you would put in you know like uh gmail alerts and then you do smpp.gmail.com and wow i just cannot type today and then 587 we're going to use a ttls then you put in your email address your password for your email address for google so that way you can log in to send the email you can set your from email your to email you want a cc or bc see anybody on this you can do that do you want this alert to be enabled by default for uh all upcoming new services that you add also do you want to add this to existing uh services that you're monitoring so there's a lot of good stuff in here of course there are different options as far as how uh you can receive your notifications whether it's through discord telegram slack you can kind of pick what you want to do there and you'll get your notifications that way pretty easily so overall it's a very very uh cool system very easy to use and set up and and i've i've actually i've been able to do things like monitor whether or not my tv is on or off uh based on using a tcp ping um so i was able to do that i also learned that with my my roku tcl 4k hdr tv that uh even if it's turned off it's still connected to the network um so in order for me to actually get the the the error message that i was looking for while i was testing this i actually had to go in and unplug the television in order to get it to disconnect from my network and thus return an error so learned something about some of the hardware in my own house uh that even if they say they're off they're not really off just a new thing with technology i guess so that is uh uptime kuma in a nutshell as far as how to use it um i of course this is a very quick overview because that's not what i really want to focus on in this video but before we move on to the next uh section where we're talking more specifically about nginx proxy manager what i want to do is actually show you how to install this um so let's jump over here to fortener right here is uh the stack that we're using uh it came by default it's 3.3 it doesn't need to be 3.3 but there you go uh volumes i've just set up a volume here um you could map this to a specific mount point if you wanted to do that if you had a specific like configuration folder that you wanted to put this in you could absolutely do that but for the sake of this particular uh server that i that i'm working with right now um it just made more sense to just do this volume and be done with it so below that of course you've got services there's gonna be uptime kuma images um is uh louis lambs uptime kuma container name again because we're doing this important this line doesn't matter but if you're going to deploy this via command line using a docker compose file that would be very very important so you can leave that remove it depending on what you're going to do again volumes we declared our volume up here right there so that's what we're using right there and then our port is 3001. if you got to change it only change the first half uh leave that second half as as it currently is at 3001. and then once you're once you've got all of that set up it really just is as is as simple as pressing deploy the stack and that's how easy it is to set up uh when you first go there you'll be asked to create a a password do that log in and then you'll basically be here with no services to monitor add your services and you're good to go so in this part of the video what i want to cover is domain names name servers a records things like that that we're going to need in order to get nginx proxy manager set up so here we are we're logged into my godaddy account i've only got one domain here because uh porkbun doesn't support ch domains at this time so unfortunately i have to keep this one domain here that's super frustrating but i've talked to porkman about this they just don't support ch domains yet so here we are we're in godaddy we're taking a look at uh the dns management for db te.ch that's my link shortening url that i've had for a couple of years now um so here we can see that i've got my name servers set up to go to gabe.ns.cloudflower.com and gene.ns.cloudflair.com and that is because i use cloudflare for all of my hosting uh dns management whether i'm hosting on on you know one-on-one self-hosting whatever i always use cloudflare as an intermediary uh for some additional security that they provide for free so as it says on this page uh it says we can't display your dns information because your name servers aren't managed by us and that's that's where this comes in down below um so i can't actually do anything with my dns here because i pointed everything to cloudflare in a moment we'll take a look at cloudflare and kind of the process of getting that set up so what i wanted to show next is actually pork bun there's a couple of different screens on here that i want to show uh as far as pork bun is concerned so here we go um we're going to take a look at this dbtech.click domain if you want to pick up a dot click domain i will have some information in the description down below where you can pick up up to three dot click domains for 99 cents a piece for the first year there is a limit to three per account so so basically here you can also see there are seven records in here but the authoritative name servers again are for cloudflare so anything i do in here won't matter um not because the dns is pointed somewhere else uh they just have it set up so you can still see your dns here uh even if you're pointed somewhere else and i actually prefer this to the way godaddy does things because if i wanted to set up all of my records here and then point back i would have less downtime than the way godaddy has things set up so um but because uh like i said uh all of my dns stuff is pointed to cloudflare i can't do anything here so let's come over to here uh here i've got uh tutorialserver.xyz i bought this a while ago thinking i was going to do something with it never did here we are but you can see that the dns records here there are eight of them also the authoritative name servers are pointed to pork bond so anything i do in the dns records on here will be reflected when the dns propagates from pork buns so if i were to come into here i would have all of my uh my dns set up through pork buns dns manager uh if i wanted to uh basically right now we've got aliases we've got c names we've got mx records we've got srv records we've got text records the one thing we don't see here is an a record so an a record is is what you would use to point uh a domain or a subdomain to an iep address uh this is very very common this is kind of how things work so if i wanted to set up an a record let's say i wanted to set up a demo uh dot and we just we just type in the sub domain we don't put the dot or the http or any of that stuff here we only put the first part of the domain name here uh because it's already got this and again this specific layout is is for pork bun they're all going to be a little different so right here is where you put in the ip address for your home right here where it says answer that of course is not my ip address that's just numbers i typed in now when you're using a a first party dns solution whether it's godaddy pork bun wherever you buy your domains from there will almost always be a delay um and so when if i were to click add right now and then ping that uh that demo. tutorial server to xyz it may take anywhere from four to 24 hours for that ip address to show up in the ping and that's another reason that i like to use uh cloudflare for my dns management now the one thing i do want to say about using a first party solution like this whether again whether it's a godaddy pork bun whoever you buy your domain names from if you just set this up as it currently is like this the problem that you're going to run into is that if somebody were to ping your domain name your ip address would show up so if i were to set this up and click ping or go to my command terminal type in ping dot tutorial server to xyz i would get a result of 123.45.65.78 um in that case that would actually be my home ip address and i don't want that um because um you end up running into an issue where people could ddos your iep and bypass your domain name there are lots of different things that they could do uh with your ip address um so so i don't advise using uh anything other than cloudflare to be completely honest with you so um so in this case what i would want to do i like we've seen over here on this dbtech.click the name servers are pointed to cloudflare so let's take a look at cloudflare and i can kind of give you a better idea of what's going on here so right here is cloudflare and um i'm i'm logged in i've already got this dbtech.click uh setup and here it's a very simple process when you add a domain name to it it will tell you what your name servers need to be so you would put in your your domain name on a page click go it would scan that domain name figure out what its current records are import them and they give you the opportunity to change them um before it actually goes live and does its thing so here we've got an a record now again this is an a record again let's us point a domain name to an ip address uh so here we've got dbtech.click and my ip address that you can't see so if i were to open this up let's do just cmd um and type in you know ping db tech dot click and hit go that 172.67.203.151 is not my ip address it is it is actually a cloudflare ip address uh that kind of obfuscates your ip address um and gets routed through cloudflare where they do things like ddos protection again ip obfuscation dns caching lots and lots of really cool stuff to help keep you safe plus allow you to have a much faster dns response so what do i mean by a faster dns response so for the sake of this tutorial what i want to do is set up a record here so we've already got an a record set up for db. or dbtech.click and if i wanted to i could uh set up an a record here and i could say status and then with with their system with cloudflare i can actually just type in at um and it will automatically fill in the dbtech.click that way there's absolutely no chance of you accidentally fat fingering your domain name it's just it's really just that simple so here we've got our our a record set up for status.dbtech.click we've got a proxy status over here so what proxied means is it will point your domain name to a cloudflare ip address again you want this for security purposes however when you're setting up a domain name for nginx proxy manager you want to turn this off the reason for that is when you use nginx proxy manager to set up an ssl you'll most likely use let's encrypt and let's encrypt wants direct access to your ip address for authentication purposes so in order to make sure that let's encrypt can access your your actual ip address we turn proxy status off so then i can click save and now our domain name is basically set up and ready to go oops except that i forgot with a records you actually have to type in the ip address of uh your your server um so let's just go ahead and do this right we're gonna set up status.dbcla dbtech.click to point to that ip address uh we're gonna say dns online we'll click save so now if i come over to here and i say ping status.dbtech.click okay so nothing is happening there it can't actually ping it but what you will notice here is that the ipi address that i've got in cloudflare is what i'm what's returning here so that's how quickly that domain name uh or that dns for that subdomain propagated that's why i like using cloudflare because it's basically instant rather than that 4 to 24 hour wait period that you'll often get with domain registrars so what i like to do instead of setting up an a record for all of my sub domains what i like to do is this let's delete that let's come over here and click delete and click delete they like to put in lots of safeguards so you don't accidentally delete something you don't mean to delete there so what we're gonna do is we're going to uh create a record this time so the reason that i like to use cnames instead of a records uh for subdomains and things like that is because uh a c name points to a canonical url so whatever your.com.net.whatever it's going to point to your main a record there and uh basically what happens is if your let's say your home ip address changes you've got a your isp changes your ip address every 30 days or whatever um then you only have to go and update the a record and all of the cname records update automatically you don't have to go in and manually update all of those a records because there's only one and all of these cname records just automatically point to that single a record it makes management a ton easier in that case now on the flip side of that if you wanted to set up a subdomain to point to a different ip address on a different server uh and then be in a different location or whatever you would absolutely set up an a record for that subdomain to point to that different location but uh because we're we're dealing with home servers uh self-hosting uh you're probably only gonna have one ip address at your location so an a record for your domain name and a c record for your subdomains is really the best course of action in almost all situations instead we're going to create a c name uh we're gonna we're still gonna call this status and our target in this case will be at i misspoke earlier but in this case i know very well that we can use at here so again if i want um nginx proxy manager to use s or let's encrypt for our ssl we want to make sure that we turn off uh our proxy status to dns only and click save so let's go ahead and uh let's ping that again oops i lie let's do an ipconfig slash flush dns so right there is my real ip address and i'm going to block that so you can't see it but i will show a couple of the numbers so you can see that they are different also this is all in real time and that's how quickly cloudflare lets you manage your dns it really is basically in real time so now that we have our subdomain pointed to our home's ip address now we can actually jump over to nginx proxy manager of course this tutorial is kind of dependent on whether or not you've got nginx proxy manager set up i will have a couple of links in the description on how to set that up both for x86 as well as raspberry pi platforms that'll all be in the description down below so what we can do now uh like i said is go over here to nginx proxy manager and here we can see that i've got a bunch of stuff in here some of them are online some of them are disabled i do a lot of testing in here so what i want to do is actually add a proxy post so what i'm going to do is type in status.dbtech.click and i'm going to leave this scheme as http now if you had a container that also had a self-signed certificate in it for instance you may have a container that's got like 480 and port 443 as uh its default uh in that case you could refresh or reset this to https and point to uh the the the secure port over there uh on this section right here uh however this particular uptime kuma container does not have that so what we're gonna do is just leave that as http i'm gonna type in the ip address of my server that this is on we can come back over here and see this is 192.168.1.183 and we're on port 3001. so the next thing i want to do is add 3001 to right there um it's always good to block common exploits and each container is going to be a little bit different in how it's built some containers will require web socket support some won't you may have to play around with that a little bit in order to see if your container will work with or without it now i've already tested this without it this uptime kuma and it does not work without web socket support it actually throws up an error message that says hey websocket couldn't be contacted or whatever so i came back in here and turned this on and then everything worked just fine so if we wanted to we could create an access list so that you would have to have an a username and password to access anything on this container and then again another username and password to administrate or to administer the container um so you you can absolutely do that down here uh set up an access list uh that way um but we're just gonna keep this as simple as possible here so what i'm gonna do next is come over to this ssl tab i'm going to come down to here i'm going to request a new ssl i'm going to force ssl and an http to support if you had your domain set up with hsts you could do that in fact there is uh some information about that we're not going to do that we're also not going to do a dns challenge if you wanted to you absolutely could however i'm just going to say i agree because let's encrypt terms of service and i'll click save and if everything goes correctly here in a minute this page is going to reload um and then we'll have access to uh our domain name a few moments later okay so here we are just a moment later and uh and it refreshed with no issues no error messages anything like that so um because i've got this uh blurred out for uh for my own or for security purposes so you can't see what uh domain names i've got set up on my home server now what we're going to do is just look for the created date of september 27th which is right there we can also see the ip address and port right there and if i were to click this it would probably work but before we do that there's a couple of things that we want to do first the first being we want to come over here and click on edit this is just one of those weird little things with nginx proxy manager that if you do this you usually have to come back in here and reforce ssl and http 2 support so we'll click save there and then we'll come over here we're going to edit this in cloudflare we're going to click dns only switch that to proxied and then we're going to go ahead and click on save and basically that's going to make sure that our ip address is obfuscated that that domain name is getting ddos protection uh we're getting all of the stuff that we would want for protection that you would expect to get from cloudflare even on their free plan so let's go ahead and uh come back over to here uh right here is that domain name like we had mentioned before so i'm gonna click that oops fix fix fix fix fix so so if we click this uh here it's gonna throw an error and the reason for that is because i am dumb and i fat fingered something there that is not an ip address so let's fix that real quick uh let's actually add a dot one into there like so and click save give that a moment now we can click it there we go so now we have uh our dashboard here we've got status.dbtech.click slash dashboard so let me get logged in like so and now we've got all of that set up and ready to go um so definitely be careful when you're typing in your ip addresses uh that you don't accidentally miss an entire octet of your ip address there so now that we've done all of that let's take another look at this so before when we did a uh when we ping status on dbtech.click uh my home ip address showed up and we don't want that so let's again click that and right there now we've got 104.21.58.113 even though nothing changed other than me toggling this box right here and that's how you can do that and obviously get your ip address to make sure that nobody is able to ddos you directly as long as you're very careful about where you share your home's ip address which should only be with your dns management solution so i know this video was kind of long um and and i kind of apologize that for that but i kind of don't i had too many people saying hey i'm having a hard time uh getting an ssl to work on my system using engine x proxy manager and cloudflare and all of this stuff um so so i really wanted to kind of dive a little deeper and explain a bit more thoroughly than i had in the past on how to get a domain name to work through cloudflare and nginx proxy manager and that sort of thing of course all of this does require you to have port 80 and port 443 uh port forwarded from your modem uh to your server now um i'm not going to show how to do that because um because my situation is a little different than than a lot of people out there i've got you know a modem from um from my isp i've got an xfinity modem uh and then i've got my own ubiquity uh network solution um in the middle between my modem and the rest of my network so what i have to do is forward from my modem to my router from my router to my server so there's multiple jumps in there um that i don't want to have to try to explain because it's going to be different for everybody i just know that you will have to get ports 80 and 443 from your internet provider to your actual server whatever steps are required to do that you'll have to figure out for yourself but just know that there may be multiple jumps if you've got multiple levels of hardware in between your modem and your server so hopefully this video kind of helped clear up some confusion that sort of thing of course if you've got questions leave that in the comment section down below try to be as detailed as possible in your in your comment in your question just saying something like it doesn't work doesn't tell me anything it just tells me that it doesn't work and i don't know what you've tried i don't know what your setup is i don't know anything about what your what your situation is and if you just say it doesn't work you're going to get a video response of a rant that i went on a few years ago about how to get tech support so be descriptive in your comments your questions that sort of thing if you want a good solid answer but i think this video has really gone on long enough so i'm gonna go ahead and wrap this up i do want to however give a big shout out to my channel members my patrons if you guys would like to support the channel um definitely there are links in the description down below as well as that membership button right below this video where you can support the channel that way um so if you want to support the channel in any way uh definitely go ahead down to the description area find all kinds of different ways to do that but with that being said i'm gonna go ahead and wrap this up as always thanks for your time i always appreciate your support and i'll talk to you the next video [Music] [Music] you
Info
Channel: DB Tech
Views: 6,156
Rating: undefined out of 5
Keywords: DB Tech, DBTech, how to install nginx proxy manager, how to configure nginx proxy manager, how to use nginx proxy manager with cloudflare, how to use cloudflare dns, how to setup cloudflare cname, how to setup cloudflare a record, how to pull ssl with nginx proxy manager, how to secure a domain with nginx proxy manager, how to secure a domain with cloudflare, cloudflare proxy status
Id: rj7DZdWMK2k
Channel Id: undefined
Length: 31min 27sec (1887 seconds)
Published: Tue Sep 28 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.