this post was submitted on 04 Jul 2023
3 points (80.0% liked)

Selfhosted

40241 readers
1435 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Hey all,

I'm sure I'm massively overlooking something, but wondered if someone could help me out, please?

I'm trying to switch from Traefik to Nginx Proxy Manager on my Synology NAS, and I've opted to run NPM via a bridge network and a macvlan, so as to not have to mess around with ports 80 and 443 on the NAS (usually reserved for Synology services).

I've got the following:

Bridge network (npm_bridge):

  • Subnet = 192.168.10.0/24
  • IP range = 192.168.10.2/32
  • Gateway of 192.168.10.1.

Macvlan network (npm_network):

  • Subnet = 192.168.1.0/24 (same as my LAN)
  • IP range = 192.168.1.216/32
  • Gateway = 192.168.1.1 (same as my LAN).

NPM is connected to these two networks, and I have a MariaDB container connected to the host - everything works great with NPM and MariaDB - no issues.

However, I have a third network, medianet:

  • Subnet = 192.168.96.0/24
  • Gateway = 192.168.96.1.

Connected to that network I have a Gluetun container (via docker-compose).

I then have multiple other containers that run through the Gluetun container (several "arrs" and Portainer) using network_mode: service:gluetun.

What I used to have via Traefik was a local hostname I created (let's say, nas.local for posting's sake) and I could simply create labels in my docker-compose for each service to assign ports. I could then access all of these containers via nas.local/portainer, nas.local/sonarr, etc. and they would be accessible via the VPN container.

However, I'm completely stuck on how to do this via NPM. I've tried all kinds of combinations via the Proxy Host configuration, but I don't know how to set it up.

  • Do I need an overarching nas.local entry as the top level? If so, what hostname/IP and port combination do I use?
  • Do I think setup Custom Locations behind it, one for each service, i.e. Portainer? If so, what is the hostname/IP and port for this?
  • Or do I create a new Proxy Host per entry, i.e. portainer.nas.local?
  • Do I even need to have Portainer behind the VPN as well, or do I add that direct to the medianet network, and then somehow link NPM to the medianet network as well?

I'm really at a loss, and as it stands all my containers are offline at the moment because I can't figure out how to connect them (except Homebridge and MariaDB - they're both up as they're connected to the host network).

Any help would be very, very much appreciated.

top 5 comments
sorted by: hot top controversial new old
[–] [email protected] 3 points 1 year ago (2 children)

nas.local

In case you actually have a DNS server serving the .local TLD, don't, it's reserved for mDNS

[–] [email protected] 1 points 1 year ago

Yeah choose something not reserved. I was gonna use .local too untill I read it was used for mDNS. So I went with .home for all my local stuff (using piHole as the DNS server)

[–] schmurnan 1 points 1 year ago

Thanks. Yeah, .local was just an example for the sake of posting something on here. In reality, I would be using ds1618plus.home. But good to know .local is reserved!

[–] wigol 1 points 1 year ago (1 children)

Not sure if something changed recently, but lack of straightforward support for subfolders was the main reason I switched to traefik from NPM. IIRC it was doable with custom directives, but a bit complicated.

[–] schmurnan 1 points 1 year ago

Thanks. Yeah I originally had plain ol’ NGINX (granted, without the additional networking I have now) and using

location /xyz {
$proxy_pass http://a.b.c:123
}

(I forget the exact syntax now) was pretty easy to route stuff around.

But that was all done under an initial

server :80 {
...
}

section, which might be the part I’m initially struggling with. It just doesn’t seem as intuitive in NPM despite me seeing lots of people preferring it over plain NGINX and Traefik.

NPM is why I have the macvlan and bridge networks in there in the first place, because ports 80 and 443 are in use on the Synology NAS. Otherwise, I could revert back to running a script that frees up those ports on boot-up and use NPM within the same network as all my other containers.