Proxy Management & Cloudflare Tunnels#

What Was Established#

There are multiple layers of proxying available in the homelab, ranging from edge protection (Cloudflare) to local routing (OPNsense/Nginx Proxy Manager).

Nginx Proxy Manager (NPM) Troubleshooting#

• Redirect Loops & Timeouts: Often caused by misconfigured upstream servers or aggressive timeout settings in NPM’s web UI. Resolving a redirect loop may expose underlying connectivity issues that manifest as timeouts.
• Docker Compose Pattern: NPM is deployed with network_mode: host to bind directly to host ports (80, 443, 81), bypassing Docker’s NAT for direct host network access.
• Verification Steps:
  1. Check container health: docker ps | grep nginx-proxy-manager (ensure healthy status).
  2. Verify port bindings: sudo netstat -tulpn | grep :80 / :443 (requires net-tools package).
  3. Inspect NPM Web UI: Access at http://<host-ip>:81 to review Proxy Host settings, specifically timeout values and upstream server addresses.
• Port Conflicts: Use netstat to identify which container owns a specific port (e.g., docker-proxy vs nginx: master). In this setup, port 8000 was observed bound to docker-proxy, indicating another service in the compose stack.
• Co-located Services: The same Docker Compose stack hosts cloudflare-ddns (for dynamic IP updates) and netbird (for mesh networking), requiring careful port management to avoid conflicts.

Key Decisions#

• Use network_mode: host for NPM to simplify port mapping and ensure direct access to host network interfaces.
• Rely on net-tools (netstat) for quick port binding verification in host-networked Docker containers.

Current Configuration#

• Docker Host: iluvatar@proxy (192.168.1.208)
• NPM Web UI: http://192.168.1.208:81
• Ports: 80 (HTTP), 443 (HTTPS), 81 (NPM Admin UI)

Historical Notes#

• Troubleshooting session from 2025-11-17 resolved a redirect loop that subsequently turned into a timeout issue.
• net-tools installation was required to diagnose port bindings on the host.

Open Questions#

• Specific timeout values configured in NPM for upstream services.
• Whether netbird or cloudflare-ddns requires dedicated port exposure or can share the host network.

Related Pages#

• Cloudflare Integration: SSL & DNS
• OPNsense DMZ Firewall Rules for IoT
• Docker Host Configuration

Uptime Kuma - Configuration & Integrations

Sources#

• ingested/chats/105-Troubleshooting Nginx Redirect Loop Issue.md
• ingested/chats/100-Setting Up Nginx Proxy Manager for Jellyfin.md
• ingested/chats/027-User's System Setup and Coding Assistance.md
• DeepSeek conversation: Troubleshooting Nginx Redirect Loop Issue (2025-11-17)