Port forwarding NPM and HA docker

1

Hey Guys,

Currently I’m stuck with Nginx Proxy Manager and the correct port forwarding.

I’ve had it working for serveral years, but I had to reset my router (lost my password). And now it’s seems like I can’t get my ports correct.

While requesting the SSL in de NPM Managers it keeps on failing. When I go to [my-external-domain.com] it forwards correct to HA but it keeps on loading and than I get a browers “ERR_FAILED” message.

My situation:

  • HA and NPM are running on a RPI and in Docker
  • I can reach HA via internal-ip:8123
  • I can reach HA via my home IP on home-ip:433
  • In my router (Ziggo Connectbox) I’ve forwarded external port 433 to 8123

Should I also forward the external 80 port? I tried it with forwarding external 80 to internal 81 but no success. Can somebody help me?

Thanks guys!

2

Hi, I am no nginx specialist but based on my Syno revproxy… what I see as incorrect is your routing:
external = https = 443 and this should route to your nginx 443, nginx then send it to http 8123

1 Like
3

In my NPM manager I’ve still have the same settings as before. So destination http://[localIP]:8123

The NOM is running local on port 81. When forward port 433 to 81 in my router, the npm manager shows up.

Or how do you see your port forwarding?

4

I donot use any port when coming from https…it automatically uses 443 … I guess that forwarding 8123 should also work then

5

Tried several thinks with port 8123 and 433 but cant get it correct… any more suggestions?

6

I’m afraid I cannot help as it seems nginx or HA setup trick
I added a route 8123 > 443 (revp) > 8123 (ha) and this works too (aside the non-port url)
Note that there are a plethora of posts around issues setting up NGINX

7

Not sure what’s going on here but the setup I have is…

Domain points in dns to my homes external IP address

Open 80 and 443 on router to the box running npm.

In npm the ha subdomain points to http (local ip for ha) 8123.

8

I think Im mixing up things… lets see. You say open port 433 and 80 to the npm. Say I make 2 port forward rules on my router?

One from external 433 to internal 81 (port from npm)
One from external 80 to internal 81?

But you cant send 2 different external ports to same internal or am I wrong?

Thanks for thinking allong!

9

You’ll want to open 80 <—> 80 and 443<—>443

image
image1170×980 72.4 KB

Then in npm the domain it set to forward to port 8123

image
image1170×1962 139 KB

These both assume the ip address to be pointing to both npm and home assistant on the same box. 192.168.0.100

You need not expose port 81. If you ever wanted to you could put npm open to the internet (I wouldn’t recommend) by making an entry for npm in npm!

Hope this helps!

10

You keep mentioning port 433, HTTPS is port 443 not 433 (notice it’s two fours then a 3, not four then two threes). I am not sure that’s your issue but could it be just that?

11

Thanks mate, thats it! It sound logic but due all the info I found I got confused Inthink and mixed up things.

12

Why would 80 be needed? For as far as I know, this is usually http and therefore allowing non-secure access from outside

13

Letsencryot suggest it: Best Practice - Keep Port 80 Open - Let's Encrypt

Yes you can turn off 80 rather than force all traffic over, but it’s hardly less surface area.

You can also use dns to get your certs instead of http too. I’m helping answer a specific question in getting up and running to someone new

14

Ah true… it is needed to refresh the certificates… which is actually odd… to create a thing that increases security you have to decrease access checks :slight_smile: