Hi folks,
I’m trying to setup HTTPS for my local services on my home network. I’m gotten a domain name mydomain.tld
and my homeserver is running at home on let’s say 192.168.10.20. I’ve setup Nginx Proxy Manager and I can access it using its local ip address as I’ve forwarded ports 80 and 443 to it.
Hence, when I navigate on my computer to http://192.168.10.20/
I am greeted with the NPM default Congratulations screen confirming that it’s reachable. Great!
Next, I’ve setup an A record on my registrar pointing to 192.168.10.20
. I think I’ve been able to confirm this works because when I check on an online DNS lookup tool like https://centralops.net/CO/Traceroute
as it says 192.168.10.20 is a special address that is not allowed for this tool.
. Great!
Now, what I’m having trouble with, is the following: make it such that when I navigate to http://mydomain.tld/
I get to the NPM welcome screen at http://192.168.10.20/
. When I try this, I’m getting the firefox message:
Hmm. We’re having trouble finding that site. We can’t connect to the server at mydomain.tld.
Strangely, whenever I try to navigate to http://mydomain.tld/
it redirects me to https://mydomain.tld/
, so I’ve tried solving this using a certificate, using the DNS-01 challenge from NPM, and setting up a reverse proxy from https://mydomain.tld/
to http://192.168.10.20/
and with the wildcard certificate from the challenge, but it hasn’t changed anything.
I’m unsure how to keep debugging from here? Any advice or help? I’m clearly missing something in my understanding of how this works. Thanks!
0x01@lemmy.ml 7 hours ago
You set the A record to your internal ip address from within your router?
Nginx configs have a lot of options, you can route differently depending on the source context
So a couple questions:
If you don’t know what you are doing and have a good firewall setup do not make this service public, you will receive tons and tons of attacks just for making a public a record.
TheHobbyist@lemmy.zip 7 hours ago
The A record was set on my registrar, so on a public DNS, so to speak.
0x01@lemmy.ml 6 hours ago
Then next I would examine the redirect and check your stack, is it a 302, 304, etc, is there a service identifying header with the redirect?
After that I would try to completely change your setup for testing purposes, greatly simplify things removing as many variables as possible, maybe setup an api server with a single route on express or something and see if that can be faithfully served
If you can’t serve with even a simple setup then you need to go back to the drawing board and try a different option