Nginx Proxy Manager App and internal DNS

[unholyeyebrows]

Hi

I have Nginx Proxy Manager running as an app on TrueNAS Scale to reverse proxy a few public web services. My router is set to forward https traffic to port 30002 (which is the port the proxy manager receives https) of my TrueNAS server and it all works fine.

However I also want some internal friendly URLs on my LAN but can’t figure out how to set this up. I would like to configure my pihole with some local DNS records to point to the reverse proxy which I know will work as I had this set up previously with a Traefik VM, along the lines of:

My.service.local -> ip.of.reverse.proxy

However Nginx Proxy Manager does not have a unique IP but instead is on a port on the server, meaning I cannot setup local DNS to point to it as DNS only works with IP addresses and not ports.

So looking for advice from anyone who has managed to achieve this setup. Thanks in advance.

 

[danb35]

I can see a couple of ways to make this work:

• Set up NPM the way the TrueCharts folks recommend setting up Traefik, listening on 80/443. This can be either on the NAS IP itself (in which case you'd set the NAS to listen on 81/444 and have NPM proxy the NAS as well), or on a separate IP. Then point the DNS entries to that IP and you're set.
• If your router supports hairpin NAT (OPNsense does), point the DNS entries to your external IP, which will then be forwarded to the IP/port of your NPM instance.

If you're using TrueCharts apps, I don't see the benefit of NPM over Traefik--but if you aren't, it's more obvious.

 

[unholyeyebrows]

Many thanks. That makes sense. I’ve now installed Traefik from truecharts but have no idea where the traefik.yml and dynamic config are located. Any tips? Thanks again.

 

[unholyeyebrows]

And one other question about the Nginx Proxy Manager is that is does now allow ports to be set lower than 9000 so my hope of a quick fix to set them to 80 and 443 (after moving the TrueNAS gui to 81 and 444) is scuppered. I’m really struggling to see how the NPM app can really be of any real use if you cannot give it a unique IP or move it’s ports to the defaults.

 

[unholyeyebrows]

I’ve not tried this yet but seems like a way to get this to work. Basically deploying this as a docker image directly rather than installing as an app. From what I can tell the 9000 port restriction is a kubernetes limit not specific to TrueNAS:

TrueNAS Scale Use Docker without Port 9000 limit

IN TODAY'S VIDEO TrueNAS Scale does not let you map ports below port 9000. I show you how to get around that. I will deploy Nginx container and expose port...

youtu.be

 

[unholyeyebrows]

I can confirm this works (i.e. install the official Docker image manually rather than install the app). Here are my notes for reference:

Reference:

Nginx Proxy Manager

Docker container and built in Web Application for managing Nginx proxy hosts with a simple, powerful interface, providing free SSL support via Let's Encrypt

nginxproxymanager.com

First create 2 new datasets:
npm-data
npm-letsencrypt

Next create the docker container:

TrueNAS Scale -> Apps -> Launch docker Image

Name: npm-docker
Version: leave default
Image repository: jc21/nginx-proxy-manager
Image Tag: latest
Networking: Add external interfaces:
host: br0
IPAM: Static IP
IP: 192.168.68.101/24
Storage: Volumes:
Mount Path: /data
Dataset: npm-data
Mount Path: /etc/letsencrypt
Dataset: npm-letsencrypt

Start the container and then access with:

http://192.168.68.101:81/login

It is also listening on ports 80 and 443, so next port forward port 443 from my router to 192.168.68.101 and then start configuring the proxy using the NPM GUI.

 

[danb35]

I’ve now installed Traefik from truecharts but have no idea where the traefik.yml and dynamic config are located.

You'd never be dealing directly with those files. If you're using Truecharts app, the Ingress settings for that app will handle the Traefik configuration for it. If you want it to proxy for something else, you'd use the "external service" app to do that, as they document here for the TrueNAS UI:

TrueNAS Web GUI via Traefik | TrueCharts

If you followed the instructions in Installing Traefik, your TrueNAS Web GUI will now be served on custom ports (port 81 and 444 in the video guide).

truecharts.org

Basically deploying this as a docker image directly rather than installing as an app. From what I can tell the 9000 port restriction is a kubernetes limit not specific to TrueNAS:

Truecharts have figured out a way around this restriction; not sure why iX haven't.

 

[unholyeyebrows]

A huge thanks @danb35 for all the advice. Whilst I have now a fully working reverse proxy (for my needs anyway) using NPM I will give the TrueCharts traefik a go as your description of how to configure it makes sense to me now and it looks like the most elegant solution. Many thanks agian!

 

[jhon.almeida]

Hi, I have a very similar case and I need your help.

I have installed truenas scale and installed the nextcloud app. As you all know nextcloud opens from the web browser like http://ip_servidor_truenas:9001 without any problem. In my DNS management platform I created a subdomain pointing to the ip of my nextcloud, but it does not let me specify the port 9001, so if I leave only the nextcloud ip when I enter from the web http://nombre.dominio.com it opens the truenas page and not the nextcloud application.

How can I make truenas listen to the request and internally redirect the request to the nextcloud ip followed by the port ?

Translated with www.DeepL.com/Translator (free version)

 

[danb35]

How can I make truenas listen to the request and internally redirect the request to the nextcloud ip followed by the port ?

That's a large part of the purpose of a reverse proxy, like Nginx Proxy Manager (which is the subject of this thread), Traefik, HAProxy, Caddy, etc.

 

[robohacker]

I can confirm this works (i.e. install the official Docker image manually rather than install the app). Here are my notes for reference:

Reference:

Nginx Proxy Manager

Docker container and built in Web Application for managing Nginx proxy hosts with a simple, powerful interface, providing free SSL support via Let's Encrypt

nginxproxymanager.com

First create 2 new datasets:
npm-data
npm-letsencrypt

Next create the docker container:

TrueNAS Scale -> Apps -> Launch docker Image

Name: npm-docker
Version: leave default
Image repository: jc21/nginx-proxy-manager
Image Tag: latest
Networking: Add external interfaces:
host: br0
IPAM: Static IP
IP: 192.168.68.101/24
Storage: Volumes:
Mount Path: /data
Dataset: npm-data
Mount Path: /etc/letsencrypt
Dataset: npm-letsencrypt

Start the container and then access with:

http://192.168.68.101:81/login

It is also listening on ports 80 and 443, so next port forward port 443 from my router to 192.168.68.101 and then start configuring the proxy using the NPM GUI.

@unholyeyebrows

Thank you for sharing these instructions. I followed these steps, yet still can not make the reverse proxy to work.

1. I created a bridge network through the only NIC on the server, and called it br0. It works well (nothing is broken).
2. For the static IP, I assumed you meant that we should use the same static IP setting as the bridge itself, right? For my case the bridge is set to 192.168.4.146/22 (no DHCP), hence I use that value to configure the custom NPM docker application.

The app seems to be running, however there is no response from 192.168.4.146:80/81/443 (I've already moved the TrueNAS web ui to ports 88 and 444).

I see in your instruction that you did not set any port forwarding. If I attempt to set port-forwarding from ports 80/81/443 to node ports -> 9080, 9081, 9443, the whole TrueNAS system goes into a few minutes of downtime on the very first attempt to open 192.168.4.146:9080 in the browser. The system recovers itself after a few minutes. I am not sure where in logs I should be looking to find hints on what made the system panic.

Do you mind sharing more information about your setup? Maybe screenshots from the networking configuration page as well as the custom app installation page? Thank you!