catrock Posted August 31, 2020 Share Posted August 31, 2020 I am facing a problem which I can no longer solve without your help. I need for my Unraidserver SSL Cert (Emby, Nextcloud .. ) For my Reverse Proxys i use Nginx Proxy Manager and for DNS Cloudflare. So, i create on Cloudflare a CNAME and set On WITH PROXY On the Proxy Manager i type in my IP and the Port. Turn HTTPS On and create a SSL Cert with Letsencrypt. Everything is finish And I'm trying to get to my website with the subdomain. But here I am told that the connection is not secure and that he is using the root certificate. How can I now use my certificate so that my future subdomains are encrypted with SSL? I hope someone here can help me. Quote Link to comment
xorso Posted September 1, 2020 Share Posted September 1, 2020 (edited) It sounds like you are terminating the SSL endpoint with cloudflare using the WITH PROXY. This will use the IP address of one of the cloudflare servers. You are then trying to SSL back to your Unraid Proxy Manager. So cloudflare may be giving that error because cloudflare is not trusting your certificate by let's encrypt because it doesn't have it stored (which I think cloudflare handles on it's own). So it sounds like your setup looks like this: subdomain.example.com:443 -(ssl)> cloudflare -(ssl)> proxymanager:443 -> subdomain.internal:8080 I am currently trying to work on a similar solution but haven't gotten as far yet. If you want to try and test this out switch the cloudflare DNS setting to DNS ONLY instead of WITH PROXY and see if that works out. That setup would like like this: subdomain.example.com:443 -(ssl)> proxymanager:443 -> subdomain:internal:8080 Some one with more experience may be able to set me straight as well though. Edited September 1, 2020 by xorso Fixing grammer Quote Link to comment
catrock Posted September 1, 2020 Author Share Posted September 1, 2020 (edited) okay, i deactivated the proxy. should I also turn off the cloudflare's ssl encryption? I just tried it with letsencrypt docker. everything entered for nextcloud and i can't get on the server. http://next.mysubdomain.eu only work till login page Https://next.mysubdomain.eu Not work Edited September 1, 2020 by catrock Quote Link to comment
xorso Posted September 1, 2020 Share Posted September 1, 2020 So there should be no SSL until you hit your NGINX Proxy Manager instance. If you can't get HTTPS to work make sure your firewall is appropriately port forwarding to your NGINX Proxy Manager SSL port. The forwards should look something like this if you are using the Proxy Manager App in Unraid: Firewall -> Internal Port 80 -> <ip of unraid host>:1880 443 -> <ip of unraid host>:18443 Quote Link to comment
catrock Posted September 1, 2020 Author Share Posted September 1, 2020 I use a FritzBox On the Port Tab i have set the Internel Port 80 to extern 1880 and port 443 to 18443 (I Add a Screenshot) and After That, the Same Problem. The docker use Bridge Mode as Network. maybe that could be the problem? Quote Link to comment
xorso Posted September 1, 2020 Share Posted September 1, 2020 I am not too familiar with Fritz box but I think you have the ports mixed up. You need the external port (WAN side) to be 443 and the internal port (the one pointing to NPM, LAN side) to be 18443 Quote Link to comment
catrock Posted September 1, 2020 Author Share Posted September 1, 2020 .... ok .. this fix my problem .. THX U ❤️❤️ 50 minutes ago, xorso said: I am not too familiar with Fritz box but I think you have the ports mixed up. You need the external port (WAN side) to be 443 and the internal port (the one pointing to NPM, LAN side) to be 18443 Quote Link to comment
Snipe3000 Posted April 14, 2021 Share Posted April 14, 2021 Does anyone know a good way to debug NGINX PROXY MANAGER and its failing letsencrypt? I have the ports forwarded correctly, but the logs say Challenge failed for the subdomain I'm trying to add into cloudflare. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.