https://homelab.nbkelley.com/tags/tunnels/ Recent content in Tunnels on homelab Hugo en Fri, 01 May 2026 00:00:00 +0000 https://homelab.nbkelley.com/docs/networking/proxy-management/ Fri, 01 May 2026 00:00:00 +0000 https://homelab.nbkelley.com/docs/networking/proxy-management/ <h1 id="proxy-management--cloudflare-tunnels">Proxy Management &amp; Cloudflare Tunnels<a class="anchor" href="#proxy-management--cloudflare-tunnels">#</a></h1> <h2 id="what-was-established">What Was Established<a class="anchor" href="#what-was-established">#</a></h2> <p>There are multiple layers of proxying available in the homelab, ranging from edge protection (Cloudflare) to local routing (OPNsense/Nginx Proxy Manager).</p> <h2 id="nginx-proxy-manager-npm-troubleshooting">Nginx Proxy Manager (NPM) Troubleshooting<a class="anchor" href="#nginx-proxy-manager-npm-troubleshooting">#</a></h2> <ul> <li><strong>Redirect Loops &amp; Timeouts</strong>: Often caused by misconfigured upstream servers or aggressive timeout settings in NPM&rsquo;s web UI. Resolving a redirect loop may expose underlying connectivity issues that manifest as timeouts.</li> <li><strong>Docker Compose Pattern</strong>: NPM is deployed with <code>network_mode: host</code> to bind directly to host ports (80, 443, 81), bypassing Docker&rsquo;s NAT for direct host network access.</li> <li><strong>Verification Steps</strong>: <ol> <li>Check container health: <code>docker ps | grep nginx-proxy-manager</code> (ensure <code>healthy</code> status).</li> <li>Verify port bindings: <code>sudo netstat -tulpn | grep :80</code> / <code>:443</code> (requires <code>net-tools</code> package).</li> <li>Inspect NPM Web UI: Access at <code>http://&lt;host-ip&gt;:81</code> to review Proxy Host settings, specifically timeout values and upstream server addresses.</li> </ol> </li> <li><strong>Port Conflicts</strong>: Use <code>netstat</code> to identify which container owns a specific port (e.g., <code>docker-proxy</code> vs <code>nginx: master</code>). In this setup, port 8000 was observed bound to <code>docker-proxy</code>, indicating another service in the compose stack.</li> <li><strong>Co-located Services</strong>: The same Docker Compose stack hosts <code>cloudflare-ddns</code> (for dynamic IP updates) and <code>netbird</code> (for mesh networking), requiring careful port management to avoid conflicts.</li> </ul> <h2 id="key-decisions">Key Decisions<a class="anchor" href="#key-decisions">#</a></h2> <ul> <li>Use <code>network_mode: host</code> for NPM to simplify port mapping and ensure direct access to host network interfaces.</li> <li>Rely on <code>net-tools</code> (<code>netstat</code>) for quick port binding verification in host-networked Docker containers.</li> </ul> <h2 id="current-configuration">Current Configuration<a class="anchor" href="#current-configuration">#</a></h2> <ul> <li><strong>Docker Host</strong>: <code>iluvatar@proxy</code> (192.168.1.208)</li> <li><strong>NPM Web UI</strong>: <code>http://192.168.1.208:81</code></li> <li><strong>Ports</strong>: 80 (HTTP), 443 (HTTPS), 81 (NPM Admin UI)</li> </ul> <h2 id="historical-notes">Historical Notes<a class="anchor" href="#historical-notes">#</a></h2> <ul> <li>Troubleshooting session from 2025-11-17 resolved a redirect loop that subsequently turned into a timeout issue.</li> <li><code>net-tools</code> installation was required to diagnose port bindings on the host.</li> </ul> <h2 id="open-questions">Open Questions<a class="anchor" href="#open-questions">#</a></h2> <ul> <li>Specific timeout values configured in NPM for upstream services.</li> <li>Whether <code>netbird</code> or <code>cloudflare-ddns</code> requires dedicated port exposure or can share the host network.</li> </ul> <h2 id="related-pages">Related Pages<a class="anchor" href="#related-pages">#</a></h2> <ul> <li><a href="https://homelab.nbkelley.com/docs/security/cloudflare_integration/">Cloudflare Integration: SSL &amp; DNS</a></li> <li><a href="https://homelab.nbkelley.com/docs/networking/opnsense_dmz_iot_firewall/">OPNsense DMZ Firewall Rules for IoT</a></li> <li>Docker Host Configuration</li> </ul> <p><a href="https://homelab.nbkelley.com/docs/services/uptime-kuma/">Uptime Kuma - Configuration &amp; Integrations</a></p>