You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Additional router/firewall setup will allow Nginx Proxy Manager to set up and maintain automatic HTTPS/TLS certificates.
The compose port bindings in stacks/delivery/compose.yml accessible outside your local network...
You can add Plex's default port, :32400 in this step if you want.
IPv4
Forward ports :80 and :443 to your Docker host.
IPv6
If you have a global IPv6 address issued via prefix delegation, use a firewall rule to allow the world to connect to ports :80 and :443 on your docker host's IPv6 address.
From your docker host, run curl -6 ifconfig.io. If this returns a value immediately, and you see that value in the output of ip -6 addr show scope global, use that address to create a firewall rule allowing all IPv6 traffic to that IP and ports :80 and :443. Use that value to set your public DNS AAAA record as well.
Recommended setup (manual setup once docker containers are running)
I recommend using an Access List in Nginx Proxy Manager to ensure that you don't expose any private services to the outside world. I use an IP access list to ensure that NPM only allows my local network subnets.
You can get the docker network subnet(s) for 'content' with docker network inspect content | jq -r '.[] | .IPAM.Config | map(.Subnet) | .[]'. Add those subnets to the Rules tab so your containers can communicate. If you get an error because you don't have jq installed, you can just run docker network inspect content and examine the JSON output for .IPAM.Config[*].Subnet.
If you add other networks down the line, just change 'content' to the new network name to print the subnet(s).
Details Tab:
Name: LocalSatisfy Any: noPass Auth to Upstream: noAuthorizations Tab:
# leave emptyRules Tab:
# run `ip -4 addr` from docker host# v4 address looks like...# => use this subnet value...# 192.168.1.x/24# => 192.168.1.0/24# 192.168.x.x/16# => 192.168.0.0/16# 192.x.x.x/8# => 192.0.0.0/8
- Allow: 10.1.0.0/16# run `ip -6 addr` from docker host# v6 address looks like...# => use this subnet value...# aaaa:bbbb:cccc:dddd:1111:2222:3333:4444/64# => aaaa:bbbb:cccc:dddd::0/64# aaaa:bbbb:cccc::1111:2222:3333:4444:5555/48# => aaaa:bbbb:cccc::0/48
- Allow: 2001:ffff::0/48# Allow other docker networks if necessary
- Allow: 172.0.0.0/8 # docker IPv4
- Allow: fdff::0/48 # docker IPv6 subnet(s)
Then, apply this Access List as you configure services in Nginx Proxy Manager GUI...
To set up qBittorrent's Web UI so you can access it, navigate to Hosts > Proxy Hosts and click "Add Proxy Host".
Use this template:
Details Tab:
Domain Names: qbittorrent.content.example.comScheme: httpForward Hostname / IP: content-qbittorrent-1# the same port number you chose for services.qbittorrent in stacks/content/compose.ymlForward Port: 8080# Pick the list you created in the previous stepAccess List: LocalCache Assets: YesBlock Common Exploits: YesWebsockets Support: YesCustom Locations Tab:
# leave emptySSL Tab:
SSL Certificate: Request a new CertificateForce SSL: YesHTTP/2 Support: Yes# Only enable this once you've verified everything worksHSTS Enabled: NoHSTS Sub-domains: No# Enable if you know your services are unable to be reached# from the outside world.Use DNS Challenge: No
If this works without error, you should be able to visit qbittorrent.content.example.com from your home network. If you want, you can serve plex through nginx proxy manager, too. Just add your chosen hostname(s) to Settings > Network > Custom server access URLs and include the port. For example: https://plex.content.example.com:443.
Nginx Proxy Manager is unable to connect to your containers. Make sure your Access Lists are set up correctly
Nginx Proxy Manager error when adding a new Proxy Host
Make sure your server is externally reachable from port :80 and :443 for IPv4 and IPv6 (if necessary) and that A (and AAAA) records resolve on public DNS.
qBittorrent Blocking/Restricting Traffic
cd stacks/content and run docker compose down. Then, edit stacks/content/config/qbittorrent/qBittorrent/qBittorrent.conf adding/editing these lines to the [Preferences] section
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters