NGINX Proxy Manager - Docker Setup on FWG

Featured

Comments

11 comments

  • Avatar
    Firewalla

    Your port mapping on the yaml file is good.   Do you mean that 443 on the WAN is blocked? 

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Your yaml is mapping these ports, so they will be forwarded and mapped to your docker instance.  likely this is forwarding?

        ports:
    - '80:80'
    - '81:81'
    - '443:443'
    0
    Comment actions Permalink
  • Avatar
    Shane Lord

    OK - while waiting, I've done just that. Edited the docker-compose.yaml and changed this section:

        ports:
    - '80:80'
    - '81:81'
    - '443:443'

    to say

        ports:
    - '443:443'

    and I can still access the NGINX Proxy Manager internal url on port 81, and now only 443 is showing open on the WAN when I do a port scan.

    Seems I don't need to list the ports for LAN access.

    If someone else could set this up and test to ensure I'm correct that would be appreciated - then the instructions can be updated and used by all.

    Thanks,
    Shane.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Have you tried to map the port this way?  where x.x.x.x is the host IP?  

    From security perspective, you probably want to none standard ports say 8080 ... instead of 80.

    So in your case, your 80 will map to LAN IP and 443 map to the WAN IP

    ports:
    - "x.x.x.x:8080:80/tcp"
    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Okay great.  My docker knowledge is limited, so please excuse my bad suggestions :)

    0
    Comment actions Permalink
  • Avatar
    Shane Lord

    OK - updated instructions. Usable by others now.

    0
    Comment actions Permalink
  • Avatar
    Dustin Carpio

    I'm having an issue that I don't understand.

    pi@firewalla:~ (416 Home) $ sudo ip route add 172.16.0.0/24 dev br-$(sudo docker network inspect nginxproxymanager_default |jq -r '.[0].Id[0:12]') table wan_routable

    Error: No such network: nginxproxymanager_default

    Cannot find device "br-null"

    0
    Comment actions Permalink
  • Avatar
    Dustin Carpio

    I finally got it installed properly but I can't reach the gui at 172.16.0.2:81. Any ideas?

    0
    Comment actions Permalink
  • Avatar
    Shane Lord

    @Dustin - try running the commands in the file you created in step 5

    /home/pi/.firewalla/config/post_main.d/start_npm.sh

    They may be required before the network connections go live. If this works I'll update the instructions.

     

    0
    Comment actions Permalink
  • Avatar
    Dustin Carpio

    That worked! Thanks.

    0
    Comment actions Permalink
  • Avatar
    Shane Lord

    Awesome! I've added an extra step to ensure this is now covered. Thanks.

    0
    Comment actions Permalink

Please sign in to leave a comment.