SSL Certificates on EVERYTHING! (DDNS, Local Domains, Cloudflare) – Full Walkthrough Guide Pt.3
Big thanks to my VPN alternative Twingate for sponsoring this video! Checkout the Zero Trust Network Access solution here:
Twingate Guide:
Part 3 of my full Proxmox server setup. In this one I’m ditchin ye-ol IPs and Ports and giving everything its own domains with SSL.
Everything Here:
🏆FOLOW TECHHUT
X (Twitter):
MASTODON:
INSTAGRAM:
👏SUPPORT TECHHUT (all links below this line will earn us commission)
BUY ME A COFFEE:
AIRVPN:
HOSTINGER:
YOUTUBE MEMBER:
📷MY GEAR (PAID LINKS)
MinisForum Tablet:
Beelink N200:
LattePanda Sigma:
Raspberry Pi 5:
00:00 – exposing myself
00:50 – Twingate (Sponsor)
01:36 – Our Setup
03:03 – Check the Github!
04:20 – compose.yaml explained
08:07 – Cloudflare DDNS Setup
11:20 – Spin up the stack and check DDNS
12:10 – Port Forwarding
14:05 – Generation SSL Certificates
15:30 – Creating our first Proxy
16:36 – Jellyfin Example
18:12 – Custom Locations
19:33 – LOCAL Top-Level Domain
22:58 – Accessing Local Domains with Twingate (Sponsor)
26:46 – My Setup n’ Tips
[ad_2]
source
Thanks so much for this video as the part with the cloudflare ddns saved me so much time as now it will just keep it updated on its own after my restarts.
do you have any guides on key management for VM/LXC containers on proxmox? best way to ssh / manage them. I've a buttload of VMs & containers and I keep either forgetting the password or misplacing the private keys..
Now I want to register a domain for my internal network, I just need to find something really short and easy to type.
I have setup everything now, thanks for the help. I have static IP so I never used DDNS but NGINX Proxy Manager I was scratching my head for a long time until this. So big thanks from me to you.
I was in the same position you were for streaming through cloudflare. My solution was gettign an always free instance in oracle cloud and adding it to tailscale. Pointed all my stream domains to the IP of my VPS and use NPM to route it to the local ip of my host because tailscale is magic. You can do the same but with twingate. Oracle will handle DDOS on the IP of the instance and this solution is 100 percent free.
Thanks, this is awesome, I’ve been meaning to do this, but been lazy. Now I can set it up properly. NPM is great, but have you considered also using Traefik. Have a great day
How many more videos do you think you'll make in this series? Thanks for this btw.
Why not cloudflare Tunnel ?
Which browser are you using?
Why Twingate when you can use Cloudflare tunnels?
Are you running all your services on the same nginx-proxy-manager instance (internal and external)? If that's the case I can see a big security flaw that would allow anyone with your main domain to hop into any of your internal services 😬
loving this guide!
Would you give a tutorial for using tunneling? some people are not able to use port forwarding because of isp
For handling the stream/ anything that can't be run thought CF.
Thee options:
1. create an intranet using twingate/tailscale/netbird/etc. Pro: secure, no portforwarding needed. con: requires you to add each device outside the network as a node on the intranet.
2. Get a $5 VPS, point the domain to it, and proxy the connections back to you home network. Pro: don't expose your home IP, can limit connection to only those coming from the VPS, Can kill the VPN if your getting DoS'ed. Con: cost money, may require sending the connection to another city and back
3. uses a domain not traceable back to you, and limit the knowledge of it to need to know. Pro: easiest solution. Con: Only offer security though obscurity, and no protection from DoS'ed attacks.
option 3 is effectively whats being show here.
Edit: added additional con for op2
Ahh love your videos but that mic is really bad. At the end it is much better. This is boarder line re-record worthy. 😢
Nice Video, thanks!
I'm currently in search for a new reverse proxy with a WebUI to replace NPM since it kinda lost my trust.
It currently has 1.4k open issues and I found it to be somewhat buggy.
For example, it limits how many domains you can enter in one single SSL Cert. I assume (correct me if I'm wrong) because of a Database limitation. So Let's Encrypt would not be the problem.
Also, I once deleted an SSL Cert and forgot it was used in one rout, which rendered NPM unusable because it would just crash on startup.
Are these problems acceptable for you in your use case, or didn't you know about this?
Also, do you know of an alternative which does provide a UI to configure routs?
I gave Traefik a look. It's most certainly is a grate alternative with many features and therefore perfectly capable to replace NPM, but sadly it does not offer a configuration UI and i did not find any project which could generate a config file.
Doesn't Cloudflare disallow using their services for media servers? That kinda eliminates a huge reason I would go through this…
thank you very much i have been looking for exactly this video content 👍👍
Need a better mic!
W techhut