Nginx Unbound Help

[ptmuldoon]

I have Nginx Proxy Manager installed in a Proxmox Container, with ports 80 and 443 passed over.  And I can access my VM's with xxx.mydomain.com, etc.   But now I am having trouble accessing those same VM's while on my lan via the ip addresses of 192.168.x.x   

I think this has to do with setting the correct Unbound or something else, but can't seem to figure it out.

So how do get NPM to work correctly with both allowing use of your xxx.mydomain and the local ip on the lan at the same time?

[meyergru]

You don't.

I assume that your domains are protected by HTTPS and that the Nginx Proxy Manager terminates the TLS traffic. Thus, the internal sites will most probably be HTTP without TLS. You would have to use HTTP for the IP-based local access, which many browsers refuse to do these days.

Even if this was possible, many websites create internal links with a full URL, so knowing they are xxx.mydomain.com, they will generate such links as well when you use them as http://192.168.x.x, leading to problems on the first click and also for references to stylesheets and other ressources.

And if you created a DNS alias to point xxx.mydomain.com to 192.168.x.x when you access that site from your LAN, then you would connect directly to the web service, without the reverse proxy, so you would not get presented the (correct) certificate, if the real web service can talk HTTPS at all.

As you can see, NPM is not even involved once you directly contact the web service at 192.168.x.x.

It would not work either, if you instead used the IP of the NPM manager instead, because it would have to present a valid TLS certificate for 192.168.x.x - which would have to be created using an internal CA and imported to the browser's trust store. Even if it did, the problem of internal links may persist.

What some people do is to create a DNS alias for xxx.mydomain.com for the internal IP of the NPM manager in order to avoid having do to NAT hairpinning to access the WAN IP. That of course works.