I followed this guide: https://notthebe.ee/blog/easy-ssl-in-homelab-dns01/
But my Nginx Proxy Manager is running on a VPS that is connected to my local network through a WireGuard tunnel. Could that be an issue? I don’t know why it’s not working?
My NPM is also accessible to the local IP of my homeserver on which WireGuard is running.
deleted by creator
So I’ve followed the tutorial, added a wildcard certificate and tried to add a proxy host using the DuckDNS domain to point to NPM itself. When I open the mydomain.duckdns.org I get an error that I can’t connect to the site.
Besides that NPM is working and I easily set up my actual domain and it’s resolving to devices in my home network. For example cloud.myactualdomain.com is resolving to my Nextcloud running on a Raspi with a local IP with a valid SSL certificate. So NPM and the WireGuard tunnel are generally working as intended.
On which system should I try the openssl command and what’s the port?
deleted by creator
NPM should serve as both, but only issuing SSL certificates for my local network is the issue. Have you taken a look at the tutorial I’ve linked in the original post?
And what do you mean with the port I’ve exposed? Exposed where? NPM uses port 81.
deleted by creator
Ah I see. As I’ve said the proxy is working for my domain and is available from the internet. So that shouldn’t be an issue…
This is the output of the openssl command:
spoiler
# openssl s_client -connect 127.0.0.1:443 -showcerts CONNECTED(00000003) 80DB1D0BDC7F0000:error:0A000458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name:../ssl/record/rec_layer_s3.c:1586:SSL alert number 112 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 297 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) ---
spoiler
# openssl s_client -connect 127.0.0.1:80 -showcerts CONNECTED(00000003) 809B89C5DB7F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:354: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 5 bytes and written 297 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) ---
I think I had the same problem not so long ago. Every proxy host was working except NPM itself. My problem was that I just entered the wrong IP for the proxy host. I had to enter localhost or 127.0.0.1 to get it to work and everything else was like the tutorial you linked (I followed the same one)
Since you want NPM to proxy to itself but using the SSL certificate and the domain you set in the proxy host.
Thanks but no local proxy host is working.
I should have added that I am also using Pi-hole and Unbound. This seems to be the issue. I now added the following to my unbound.conf but it’s still not working unfortunately. Where domain.duckdns.org is my domain by DuckDNS and the IP points to the Nginx Proxy Manager.
local-zone: "domain.duckdns.org." static local-data: "domain.duckdns.org. IN A 192.168.178.123"