I'm new to self hosting and home labs in general and I'm trying to understand how I can make some of my services accessible outside my network. At the moment I'm just experimenting with my Synology NAS (I know they have QuickConnect), but eventually I want to do it with JellyFin, Game Servers, NextCloud and various other things. My main priority is security.
I know there's multiple ways of doing this and I've watched a bunch of different videos but I'm struggling to get it working so I'm trying to understand the steps a little better. Here I'm attempting to use NGINX as a reverse proxy with Cloudflare.
-
I have my own domain name. I purchased it from Namecheap and I've set it up to use Cloudflare nameservers (for this, i'll just use example.net)
-
In Cloudflare DNS settings, I have two records:
(To my understanding, this should point my domain name plus any subdomains to my router)- Type: A
Name: @ (acts as root, so my root domain name e.g. example.net)
IPv4: My public IP address
Proxied: Yes
TTL: Auto - Type: CNAME
Name * (acts as wildcard)
Target: My domain name (e.g. example.net)
Proxied: Yes
TTL: Auto
- Type: A
-
Now, I believe this will route all traffic to my router but my router won't let it in, so I need to forward the correct ports.. I think this might be where I'm getting things mixed up.
NGINX is running in a docker container on 192.168.0.15 with published ports:
40080:80
40081:81
40443:443
So on my router, I'm allowing all inbound traffic on 40080 and 40443 and directing to 192.168.0.15.
Which I "think" routes traffic to my home network to NGINX? Though I might have misunderstood how that works. -
In NGINX I've set up a Let's Encrypt SSL certificate for domains example.net and *.example.net and I've set "Use a DNS Challenge" using Cloudflare and the token I copied earlier. That adds successfully so I assume that worked.
-
Finally I go to "Add Proxy Host" and add a domain called nas.example.net and forward it to http 192.168.0.2 (my nas) with port 5000. This is what I can use to access the interface locally.
So that's what I'm doing, and what I'm getting as a Cloudflare Connection Timed out Error 522 so something's not working somewhere but I'm not sure where.
I also tried opening ports 80 and 443 on my firewall and directing traffic to 192.168.0.15 and I get a 521 server down error which I'm not sure whether is an improvement or not?
I imagine it's just my misunderstanding one of the steps, likely around which ports I need to forward but I've tried all sorts and I'm not getting anywhere.
Apologies for the long post.
Any help?
I wouldn't expose ports like that.
If security is a concern I would go with something like Nebula.
https://m.youtube.com/watch?v=94KYUhUI1G0
If you look into it, you can host your lighthouses for free using Oracle Free Tier.