Super Simple Cloudflare and Nginx Proxy Manager Setup Using YOUR Domain

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments

That was a really good video, its something ive been wanting to do, but never took the time to learn. Good easy steps, and for a beginner youtuber? Well done mate. Good audio, clean visuals, cut together nicely.

πŸ‘οΈŽ︎ 3 πŸ‘€οΈŽ︎ u/runew0lf πŸ“…οΈŽ︎ Aug 20 2020 πŸ—«︎ replies

The video is well-done, but…

Can you really put a single Nginx server in the same realm as a CDN with thousands of servers around the world?

πŸ‘οΈŽ︎ 2 πŸ‘€οΈŽ︎ u/fromYYZtoSEA πŸ“…οΈŽ︎ Aug 20 2020 πŸ—«︎ replies

Thanks for the video. Few questions:

  1. Why not use Cloudflare certs? What's the benefit of using Let's encrypt.
  2. Why not use CNAME for NAS instead of A record if it's subdomain of geeked.me ?
πŸ‘οΈŽ︎ 2 πŸ‘€οΈŽ︎ u/ASouthernBoy πŸ“…οΈŽ︎ Aug 20 2020 πŸ—«︎ replies

Thanks for making this, I was getting frustrated with SSL certs and this solved that for me. Now it's super easy to setup a new subdomain and get that secured. Great flow and sound quality. Subscribed!

πŸ‘οΈŽ︎ 2 πŸ‘€οΈŽ︎ u/Kinudin πŸ“…οΈŽ︎ Aug 28 2020 πŸ—«︎ replies

You want to expose your self-hosted services but want to do it securely using your own domain? Start with the basic Cloudflare and Nginx Proxy Manager options and see just how easy it is to setup! Don’t forget to forward ports 80 and 443 to the IP of the machine your Nginx Proxy Manager is on.

Do this in your router or gateway. Find the IP by opening a terminal and type β€œifconfig”. If that doesn’t work install net tools by typing β€œsudo apt install net-tools” then run the ifconfig command again.

πŸ‘οΈŽ︎ 3 πŸ‘€οΈŽ︎ u/nashosted πŸ“…οΈŽ︎ Aug 19 2020 πŸ—«︎ replies

Thanks for the video. I would really like to implement this myself but I have two questions:

  1. Why do you use Cloudflare? Is it "only" for the DDos protection or for the masking of your real ip and wouldn't it be sufficient to have an A-Record on your domain pointing to your port-forward?
  2. Since you proxied your service through cloudflare, what happens when Nginx Proxy Manager whants to renew your Cert through Lets Encrypt? If ACME here uses DNS-verification it could break and if it uses HTTP-verification you would need to port forward 80/443 to the Nginx Proxy Manager, right?

Thanks a ton for your help.

πŸ‘οΈŽ︎ 1 πŸ‘€οΈŽ︎ u/Grusim πŸ“…οΈŽ︎ Aug 20 2020 πŸ—«︎ replies

Good content Dude

πŸ‘οΈŽ︎ 1 πŸ‘€οΈŽ︎ u/Ford_GT πŸ“…οΈŽ︎ Aug 20 2020 πŸ—«︎ replies

Nice video btw

πŸ‘οΈŽ︎ 1 πŸ‘€οΈŽ︎ u/valdecircarvalho πŸ“…οΈŽ︎ Aug 21 2020 πŸ—«︎ replies

Great content!

Any idea how to use access lists? :D I could not find any guide.

πŸ‘οΈŽ︎ 1 πŸ‘€οΈŽ︎ u/camper87 πŸ“…οΈŽ︎ Aug 24 2020 πŸ—«︎ replies
Captions
what's what's with all this proxy reverse engine x engineering is it even no nginx yeah that's right what about cloudflare i mean these are terms you see thrown around out there if you're getting into home labing and self-hosting there's a lot of things that can be really really overwhelming and if you're browsing subreddits like self-hosted or tech forums and stuff like that these are terms you're going to see a lot of when you start wanting to expose services over the internet when it's coming to your home ip the stuff can be important and it is very important because you don't want to open ports on your router you want to hide your ip address you want to use your own domain name in today's video i'm going to walk you through how to set up cloudflare and nginx proxy manager so let's get started so this is cloudflare this is where we're going to be controlling our domain name so you'll need to sign up with an email address and it'll be a free account and once you sign up you will have to previously have a domain name purchased and ready to go it could be through godaddy it could be through hostgator or pork bun in my case i'm using pork bun it's a great uh company but uh we will actually add our website by adding the domain name here just eat dot me click enter we'll go go ahead and click this free account right here confirm plan and since i previously already had this domain on cloudflare there it's already it already found some dns records but you probably will see some different things in here but for me it shows my ip because i already added some things in here so i'll click continue and this is where you will see the current name servers that you'll need to change out for the name servers down here where it says replace with our name servers so we'll do that now and then i will go to pork bun if you're not using pork bun this will obviously look different for you i'm not really sure what it looks like on the other registrars but for me it's right here i just click edit and remove these name servers and just paste in one and now i'll go back to cloudflare and grab the other one so here it is right here we'll copy this go back to pork bun and paste this one in here like that then click submit and we'll go back to cloudflare now all we have to do is just click done check name servers so this could take a little bit to to do or we'll just click get started that's okay this is actually a very important step um usually when you're talking about ssl and tls encryption mode um setting it to full is your best option because if you set it to full strict you might run into some issues with let's encrypt so leaving it on full is good sometimes when you start out it'll be flexible and you won't be able to get your ssl certificates to work with that either so just switch it to full for the best performance is what i found so click save there i like to always use https which means this will basically force any http whenever you type in http rather than https it'll automatically convert it to https for you so there we go click save on that just leave that how it is beat up the page load times this this can be can be good and then we'll click finish it says it's now queued up to be rechecked please check back in a few hours and you will get an email to your inbox when it says that it has been completed and your site will be controllable by cloudflare so keep that in mind as well that when it is done you will see that in your inbox so while we're waiting for that to resolve we can go ahead and set up nginx proxy manager and by the time we're done doing that it should be ready to go so we can use them in conjunction so let's go ahead and set it up and we'll go from there okay so some full cam real talk really quick here how am i going to be installing nginx proxy manager for those of you who were wanting to see me do this on synology nas i'm sorry but that's not how i do it and that's how i've never done it i've never actually installed npm on a synology nas and i don't recommend it and i'll tell you why there's a couple reasons i don't want to go into this too much because i could be here all day talking about it one of them is because ports 80 and 443 need to be used to it used for npm and they're not freed up on synology nas because it uses those for web services and the second reason is efficiency i like to tinker a lot and because i like to tinker a lot i make mistakes and this is how i learn using a home lab is i use different smaller machines on a proxmox node for my tinkering and that way i can make really quick backups and i can do snapshots as well so if i screw something up i can just click roll back and go right back to where i started and i can have all of my certificates and all of my services right back to where they were without an issue i can't do that on synology i just love the efficiency of being able to use this with proxmox so with that being said if you have a small pc around with at least eight gigs of ram throw proxmox on it load up ubuntu and put nginx proxy manager on that so that's how i'll be installing it so you know moving forward let's go so this is the nginx proxy manager website it basically explains to you in kind of a little overview of what it is it says expose your services easily and securely and you can get free ssls through let's encrypt this is the backbone of our services right here and this is what we're going to be using to tell our router and tell our domain where the traffic is going on our network so we're going to be bringing traffic in from outside and we're telling it where to go so we don't have to open ports on our router that's what nginx proxy manager is going to be doing so let's get it installed on ubuntu on docker on proxmox don't worry if you don't want to use proxmox if you have a machine laying around that you can throw ubuntu on put ubuntu on it install docker i've got a video on how to install docker on ubuntu on my channel so go check it out and get back to me this is mx linux and it's a deviant flavor so the commands will be the same we're only using one command anyways and that command is over here on the docker hub page for nginx proxy manager this is it right here this is just the command we're going to be running and really all we're going to be changing are these ports right here so i just popped open a text editor and pasted this command in here and what i'm going to do is just change these ports from four four four three to just four four three then 80 80 to 80 and then 81.81 to just 81. now we will make sure we put sudo at the beginning because if you're not in his route you're going to need that so now we will copy this and toss it into our terminal launch it anyway and then we will paste that in there and run it and this will take a couple minutes to pull the image down um since i'm on a proxmox vm it's going to take a little bit longer so once everything pulls down and we get it up and running this should do the trick so i'll get back to you guys once this is done and it has completed so this means we need to open the ip of our nginx proxy manager server so whatever machine you installed it on you'll go to that ip the local ip and then port 81 so let's go there now wham here it is this is the nginx proxy manager web ui login so you will log in your first time using admin at example.com if i can type and then the password is change me and you don't want to save that and then here you can click you can put in your name mine's jeremy uh nickname i'll say geeked and then it's last hosted which is what i usually use and then click save you need to change the password the current one is change me then put in a super secret one and click save you have successfully set up nginx proxy manager that was so easy all it was was tossing a command into your terminal just don't forget that you have to install docker first otherwise this won't work so if you struggled with installing this without installing docker first that's probably why because you didn't install docker and i did mention in earlier in the video that you can go check out my video on how to install docker on ubuntu in less than two minutes all right i'm getting excited now uh we've got npm set up here so cloudflare should be good to go now we set that up previously so our dns and everything should be good to go i've got the email saying that hey we're ready to control your domain so let's go over there and create an a record and find a service that we can uh expose and try to access remotely bingo it says right here at the top on the cloudflare dashboard great news cloudflare is now protecting your site so this is good let's go to the dns dashboard i need to think of a service that i want to expose first and i think i know what i'm going to do in my last video i did my synology nas so i think that would probably be a good fit for this so i'm gonna go ahead and do that now so here i am on my synology nas on dsm there's a couple things here that we need to take note of and that is the local ip which is the lan ip which is 192.168.1.110 and the https port the secure port which is 6301 and you can change these the default one in fact is 5001 and the http will be 5000 i highly recommend changing these for a little more added security but let's take note of what these are because this is the information we're going to have to enter into nginx proxy manager but before we do that we have to create an a record in cloudflare for our domain name so this is kind of like giving your service a name through your domain so let's just go ahead and call this nas we'll create a a new record and since we're sending traffic to our nas we'll call it nas and then it'll give you an example here it'll say nas.geek.me which is what we want the ipv4 is going to be your home address so unfortunately if you don't have good long lease or a static ip you don't really need a static ip i don't have a static ip i just have good long leases on my ip so i've never had my ip change unless i either change my router mac or get a new gateway and i've never had that happen so if you do have that happen this probably won't work for you so sorry about that you might need to go the ddns route go ahead and put your home ip in here and then you want to uncheck this right here and you need to uncheck this because when you have that orange it cloaks your domain name with a cloudflare ip address when you're trying to assign your certificate in nginx proxy manager to this domain name it needs to see your home ip so it can figure out where to forward that traffic through nginx proxy manager oh that sounds so confusing i know and then once we do that through nginx proxy manager we can come back here and re-enable the proxy to cloak your ip so right now you need to have that turned off and then put your home ip in here and click save all right now we are ready to head back to nginx proxy manager to set up our proxy host let's do that now look i get it if you've made it this far in the video i understand that this is confusing a lot of back and forth this and that trust me i know but it is important at the same time that these things are done in order let's jump back into it and create our first proxy host here so by clicking on dashboard and then go click on the proxy host here there's a nice fancy green button we can click and add our domain that we just created nas.keep me and we'll press enter on your keyboard we'll change the scheme to https you don't have to always do this but if you're using a secure port then you have to change this if you're not using a secure port and you're just using a different port then the scheme will always stay as http so know that going forward the ip if you remember was 192.168.1.110 that's the ip of my nas and the secure port was 6301 because i changed it block common exploits for a little extra security i don't need websocket support now i just need to go ahead and snatch the certificate from let's encrypt so click on ssl certificate it'll say none click on none and request a new ssl certificate you want to make sure always force ssl is turned on sometimes it's good to enable http and to support but for this one i'm not going to enable that and then just agree to the terms and click save this will take a couple seconds because let's encrypt needs to go ahead and verify that it can see the traffic and once it finishes it will bring you back to the dashboard here where you can see your proxy host and let's go ahead and make sure that it's secure sometimes this bugs out you'll have to click on the little three dots and click edit go back to ssl and make sure force ssl is enabled because we want to make sure that it uses ssl every time that domain is accessed so let's click save again and you shouldn't have to do that ever again after that now we should be able to access our nas by just clicking this proxy host here so let's do that now and here we are so i can go ahead and log in using my dsm username and password oops i almost put the wrong one in it's kind of a long password all right so it sometimes can take a couple seconds to process all right and here it is and another thing i wanted to mention really quick is the two-step authentication always very important to enable this where you can and thankfully synology has this option and i'll show you guys how to enable that right here so here i am on my synology nas i will go to control panel to click on user this is where you're going to find that so you'll click user then here at the top you will click on the advanced tab and scroll down to two-step verification and if you don't have this enabled and you're doing this for the first time and you click this to enforce it it'll have you set up a notification where you'll have to put in an email then once you do that it'll allow you to set this up and it will take you through a quick process where you have to find an app on the app store most of them are free you can find tons of them that are really good i use authy it's spelled a-u-t-h-y then it'll ask you to scan a qr code through that app and then you'll be done and if for whatever reason you forget your phone or you lose your phone there is a fail-safe option for this as well so a very good option to have if you expose your synology nas over the internet so one last thing i want to do before we close this off is go back to cloudflare and i didn't forget about this you want to make sure you edit the entry that you made and we want to go ahead and make sure we click this to make it orange so it says proxied and then click save whenever someone does ping that domain it'll come back as a cloudflare ip address don't forget to do that it does take about five minutes to take effect so if you ping it and it still gives your home address don't worry eventually about five minutes from now it will show up as a cloudflare ip give it some time it'll work okay that's gonna wrap up the video and i think i owe you guys an apology because this video should have been what the last video was unfortunately it's not i'm kind of new to youtube if you haven't noticed already i don't have a ton of subscribers and i tend to do things out of order sometimes sorry for that i'll try not to make that a common occurrence here on this channel if you did learn something from this video and you love what i do be sure to give me a thumbs up and if you have any questions or concerns about this be sure to let me know in the comments below if you're not subscribed consider subscribing i'd love to have you on board click the bell icon if you want to know when the videos drop it'll send you a push notification on your phone saying yo geek just dropped a video go check it out i would love that that is going to be it for today thank you so much for watching bye for now [Music] you
Info
Channel: Geeked
Views: 44,891
Rating: undefined out of 5
Keywords: 2020, synology domain, setup synology with reverse proxy, synology, cloudflare, synology and cloudflare, networking, selfhosting, self-hosted, self hosting, geeked, homelab, geekedtv, install nginx proxy manager, using cloudflare with your domain, grablab
Id: cI17WMKtntA
Channel Id: undefined
Length: 14min 38sec (878 seconds)
Published: Wed Aug 19 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.