I followed this guide: https://notthebe.ee/blog/easy-ssl-in-homelab-dns01/

But my Nginx Proxy Manager is running on a VPS that is connected to my local network through a WireGuard tunnel. Could that be an issue? I don’t know why it’s not working?

My NPM is also accessible to the local IP of my homeserver on which WireGuard is running.

  • @citizen@sh.itjust.works
    link
    fedilink
    English
    31 year ago

    Yeah I looked at tutorial. Port 81 is only for management (NPM admin gui). Then you have your traffic ports for proxy services. Those would be 80 and 443 normally. You would need to expose those ports to the Internet if you want to access NPM/proxy your service. Port 81 shouldn’t be exposed on your public interface make sure it isn’t or at least have firewall rule to allow only local network (ideally management network/vlan)

    • DataproletOP
      link
      fedilink
      English
      11 year ago

      Ah I see. As I’ve said the proxy is working for my domain and is available from the internet. So that shouldn’t be an issue…

      This is the output of the openssl command:

      spoiler
      # openssl s_client -connect 127.0.0.1:443 -showcerts
      
      CONNECTED(00000003)
      80DB1D0BDC7F0000:error:0A000458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name:../ssl/record/rec_layer_s3.c:1586:SSL alert number 112
      ---
      no peer certificate available
      ---
      No client certificate CA names sent
      ---
      SSL handshake has read 7 bytes and written 297 bytes
      Verification: OK
      ---
      New, (NONE), Cipher is (NONE)
      Secure Renegotiation IS NOT supported
      Compression: NONE
      Expansion: NONE
      No ALPN negotiated
      Early data was not sent
      Verify return code: 0 (ok)
      ---
      
      spoiler
      # openssl s_client -connect 127.0.0.1:80 -showcerts
      
      CONNECTED(00000003)
      809B89C5DB7F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:354:
      ---
      no peer certificate available
      ---
      No client certificate CA names sent
      ---
      SSL handshake has read 5 bytes and written 297 bytes
      Verification: OK
      ---
      New, (NONE), Cipher is (NONE)
      Secure Renegotiation IS NOT supported
      Compression: NONE
      Expansion: NONE
      No ALPN negotiated
      Early data was not sent
      Verify return code: 0 (ok)
      ---