Skip to main content

Create Records to Point to your Home Server on Cloudflare Using Nginx Progy Manager

Please refer to the "Setup your Domain with Cloudflare" page before getting started here.

This works best for those who have either a static IP address or a long lease. We have Verizon FioS and have never seen our WAN IP change and we do not pay for a static IP. Maybe we are just lucky. But either way, I will set this up so if our IP does change, all we have to do is change one record for all the rest to follow suite.

We will be using Nginx Proxy Manager for keeping track of our hosts and SSL certificates. I found it is the most user friendly application for this purpose. More specifically, I use the jlesage/docker-nginx-proxy-manager docker image.

Before We Begin With Nginx Proxy Manager

Part 1

I want to preface this by expressing that it is best to run Nginx Proxy Manager on a dedicated machine, VM, container or the likes. This way we have access to port 80 and 443 on the machine so we won't have any conflicts with ports. Port 80 and 443 are the ONLY ports we have to expose on our router to get this setup and working. This allows us to create more services on our network and expose them to the internet WITHOUT opening more ports for those services to be accessed remotely. Pretty rad isn't it?

Another thing to note is if this machine goes down, all of the hosts will go down with it. That's why it is a good reason to separate this from your other shenanigans.

I run Nginx Proxy Manager on a LXC container in Proxmox but I won't be discussing that aspect of the setup.

Part 2

Nginx Proxy Manager works in conjunction with Docker. Docker allows us to install services and applications and assign ports during installation. These ports are what we use to route our traffic when exposing them using Nginx Proxy Manager. This guide assumes you already know how to use Docker. It's important that you understand the fundamentals and basics of Docker before moving forward.

Creating the Docker container

Begin by executing the following compose command. I use Portianer for easier management, but you can just as easily toss the compose file on your machine and run a docker-compose up -d.

docker run -d \
    --name=nginx-proxy-manager \
    -p 8181:8181 \
    -p 80:8080 \
    -p 443:4443 \
    -v /docker/appdata/nginx-proxy-manager:/config:rw \
    jlesage/nginx-proxy-manager

Once this is finished installing, you can access the web UI on port 8181 where you will be asked to login.

Default Administrator Account

After a fresh install, use the following credentials to login:

  • Email address: admin@example.com
  • Password: changeme

You should immediately change the login credentials before moving forward.

Router Configuration

Now that this is done, we have to configure our router to point the ports to this machine. So take note of the local IP where Nginx Proxy Manager is installed. You can find the ip by typing

ifconfig

Then you will see it there, usually number 2 in the list or next to your NIC ID.

So in my case I have to point ports 80 and 443 to 192.168.1.165 in my router. I assume you already knew this but just in case...

There are tons of different routers out there however, most of them are quite similar when it comes to port forwarding. I can't assume you all have a FioS gateway like I do but this is what it looks like. To access your router you will have to know the IP address of the router to get to the administration. Then login. Again, this guide assumes you already know how to do that.

Here you can see I added 2 rules for port 80 and 443 to the IP of the machine Nginx Proxy Manager is hosted on. Now, from here on out, Nginx Proxy Manager will act as our "pseudo router" where we only need to route the traffic to the domain rather than opening more ports.

Again, Please refer to the "Setup your Domain with Cloudflare" page before getting started on this next section. If you did not do this first, the following will not work.

Creating the A Record

  1. Log into your Cloudflare CP and go to the DNS page and click Add record
  2. Select Type A
  3. Put your domain name in
  4. Add your WAN IP go here to see it
  5. Make sure Proxy status is DNS only (for now)
  6. Save the record.

The reason we have to leave the proxy disabled (for now) is so Let's Encrypt can assign the certificate. Once the Host is setup. we can return here and cloak the IP by enabling the proxy status. If you will not be using the root domain, you can go ahead and proxy it now, otherwise create the Host in NPM first.

Add the Host

For this part, we have to have a service in mind that we want to expose. It's best to only expose services that have authentication. Such as a Wordpress blog.

In Nginx Proxy Manager got to Hosts

Click on Add Proxy Host button (upper right)