Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Networking Help Requested with Unifi/NPM/Cloudflare

Featured Replies

Hey fellow friends on the internet. I am struggling hard with some networking issues on my end with setting up NPM and Cloudflare and could use some much appreciated help.

 

I have NPM installed and running, Cloudflare is active and looking at my IP address. However, for the life of me I can not get a LetsEncrypt Cert nor can i do the simple troubleshooting tasks outlined in here to verify that I have an open port 80. This includes using my mobile device to try to pull up my ip address and doing testing: http://unraid.yourdomain.com/.well-known/acme-challenge/ address while not on WIFI.

 

Setup:

Spectrum Internet - Residential /Dynamic DNS - Yes there information states it does not close port 80 or 443 off to the world. https://www.spectrum.net/support/internet/blocked-ports

Ubiquity UDM-Pro

Unraid 6.12.15

 

Currently I have port 80 open to the world (yes i know sketchy at best), and 443 open only to cloudflare based on their IP list Here. I am forwarding those ports to their respected port in Unraid which is what NPM is supposed to be listening to. I know port forwarding is working on Plex since i have that just being port forwarded not currently through NPM and it is working outside my house just fine.

 

I will take any suggestions that you have for me to hopefully get this working. See pictures below of the networking interfaces:

 

Cloudflare: - I do have a custom cert from cloudflare and saved on NPM.

Screenshot2025-02-02at22-26-19DNSRecordsgoldengamer.xyzJohmar57@gmail.comsAccountCloudflare.thumb.png.76495a2e4ca2ccdc981e8d18b344b8de.png

 

UDM-Pro

Port Forward:

Screenshot2025-02-04at20-45-18MadDreamMachine-UniFiNetwork.thumb.png.eb723e99d9a901e749144da3a70078e4.png

 

Firewall Rules:

Yes I realize that Port 80 Allow is off right now in the picture because I'm not leaving it on while testing.

Screenshot2025-02-04at20-47-18MadDreamMachine-UniFiNetwork.thumb.png.2426c9f035c7e22be6b9b313a53d6690.png

 

Shields Up Report:

I would expect 80 to be open with 443 closed only to Cloudflare

Screenshot2025-02-02at22-27-15GRCShieldsUP!CommonPortsProbe.thumb.png.07f1a4e337f97668e9664db2a5b88441.png

 

Unraid NPM Container:

Screenshot2025-02-02at22-25-52Madserver_UpdateContainer.thumb.png.26a13757ac15eebffad0ccf648ae48b2.png

 

Thank you so much.

-Neo

I only see https/ssh allowed and https blocked. If nginx is terminating SSL I seem to recall it has to also see http. You're forwarding but not letting it through the firewall. Also verify the ports you're forwarding to are right. They seem to be - do they work direct?

  • Author

I hope this helps, here are the firewall rules for allow/block. As far as I understand it, in Unifi it runs top down, so you need Allow before the block to let the traffic move in the system.

 

So it should be Allow 80 and 443 from cloudflare, then allow 80 from anyone, then block 80, 443 and 22 from everyone as long as it doesnt conflict with the first two rules. Now I have removed the 80 from this block before and still no luck. 

 

 image.png.fe48c01e33ff80bdb58fe26eefd47996.png

 

image.png.86f48e5a39786229a34feff677607c5f.png

 

image.png.dd3486255115d350eb4e63544c46c158.png

 

 

  • 2 weeks later...
  • Author

For anyone that stumbles across this and is just as confused as I was. I finally found the issue. For some reason the only change I ended up having to make was moving my Unraid GUI ports off of 80 and 443 then everything worked magically. Now I am on an IPV4 IP address so not sure why I had to do this as it states in the support page that only IPV6 is required to change ports.

 

If anyone has a reasoning for why. It would be great input to me for my own understanding!

 

Cheers, Neo

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.