I’m new to self hosting and home labs in general and I’m trying to understand how I can make some of my services accessible outside my network. At the moment I’m just experimenting with my Synology NAS (I know they have QuickConnect), but eventually I want to do it with JellyFin, Game Servers, NextCloud and various other things. My main priority is security.
I know there’s multiple ways of doing this and I’ve watched a bunch of different videos but I’m struggling to get it working so I’m trying to understand the steps a little better. Here I’m attempting to use NGINX as a reverse proxy with Cloudflare.
-
I have my own domain name. I purchased it from Namecheap and I’ve set it up to use Cloudflare nameservers (for this, i’ll just use example.net)
-
In Cloudflare DNS settings, I have two records:
(To my understanding, this should point my domain name plus any subdomains to my router)- Type: A
Name: @ (acts as root, so my root domain name e.g. example.net)
IPv4: My public IP address
Proxied: Yes
TTL: Auto - Type: CNAME
Name * (acts as wildcard)
Target: My domain name (e.g. example.net)
Proxied: Yes
TTL: Auto
- Type: A
-
Now, I believe this will route all traffic to my router but my router won’t let it in, so I need to forward the correct ports… I think this might be where I’m getting things mixed up.
NGINX is running in a docker container on 192.168.0.15 with published ports:
40080:80
40081:81
40443:443
So on my router, I’m allowing all inbound traffic on 40080 and 40443 and directing to 192.168.0.15.
Which I “think” routes traffic to my home network to NGINX? Though I might have misunderstood how that works. -
In NGINX I’ve set up a Let’s Encrypt SSL certificate for domains example.net and *.example.net and I’ve set “Use a DNS Challenge” using Cloudflare and the token I copied earlier. That adds successfully so I assume that worked.
-
Finally I go to “Add Proxy Host” and add a domain called nas.example.net and forward it to http 192.168.0.2 (my nas) with port 5000. This is what I can use to access the interface locally.
So that’s what I’m doing, and what I’m getting as a Cloudflare Connection Timed out Error 522 so something’s not working somewhere but I’m not sure where.
I also tried opening ports 80 and 443 on my firewall and directing traffic to 192.168.0.15 and I get a 521 server down error which I’m not sure whether is an improvement or not?
I imagine it’s just my misunderstanding one of the steps, likely around which ports I need to forward but I’ve tried all sorts and I’m not getting anywhere.
Apologies for the long post.
Any help?
You must log in or register to comment.
I wouldn’t expose ports like that.
If security is a concern I would go with something like Nebula.
https://m.youtube.com/watch?v=94KYUhUI1G0
If you look into it, you can host your lighthouses for free using Oracle Free Tier.
Simplify it first:
Go to “ipchicken.com” and write it down.
Make sure the service you want to connect to on your nas is running. I’m assuming you’re able to log in to 192.168.0.5:80 and it possibly redirects to 192.168.0.5:443.
If you can be on your network and access either one via chrome or firefox, or whatever, keep reading.
Assuming your setup is like this:
Modem --> router --> switch --> nas
or
Modem --> router --> nas
If it’s either one, open port 80 and 443 on your router and tie it to 192.168.0.5.
Go here: https://portchecker.co/
Pop in your IP and test for port 80 then 443.
If one or both are closed, you’ve got bigger issues. Restart everything first. Modem then router.
If the ports are open after the reboot, then start complicating your set up.