Skip to content

Setup SSL using Nginx for Homelab Services

By setting up SSL encryption using Nginx Proxy Manager, you ensure a secure, compliant, and performant connection for your homelab services.

Prerequisites

  1. Nginx Proxy Manager: Installed and running on your server. You can install it using Docker or a native installation.
  2. Domain name: You have a registered domain name and access to DNS settings of this domain.
  3. Services: You have services like Proxmox, Portainer, Jellyfin, etc. running on your server with their respective ports.

This can be done in two modes.

  1. Private: Accessible via Private IP and not exposed to public internet
  2. Public: Assessible via public Internet.

Steps

Step 1: Create DNS Records in Domain Provider

  1. Login to your domain provider and navigate to dns record section of your domain.
  2. Add following two records to Public IP or Private IP depending on the mode you want.
    • A Record for subdomain.domain.com to IP
    • A Record for *.subdomain.domain.com to same IP for reverse proxy on any *.subdomain to work.
  3. Private Mode: Reverse proxy would only work when you are in your home network directly or via VPN and internet is needed for domain routing.
  4. Public Mode: In addition to setting up IP, you'll also need to open required ports in your home network to internet or you can use cloudflare tunnels.

Step 2: Generate SSL in Nginx via Let's Encrypt

  1. Click on the "SSL Certificates" tab in the top navigation menu.
  2. Click the "Add SSL Certificate" button.
  3. Select "Let's Encrypt" as the certificate provider.
  4. Enter your email address and agree to the terms of service.
  5. Add both the domain names you created in Step 1.
  6. Enable DNS Challenge and add domain provider API token(permission to edit dns entries)
  7. Click "Save" to obtain an SSL certificate.

Step 3: Create Proxy Host

  1. Click on the "Proxy Hosts" tab in the top navigation menu.
  2. Click the "Add Proxy Host" button.
  3. Fill in the required information:
    • Domain: Enter your domain name.
    • Scheme: Select "https/http" as the scheme.
    • Target URL: Enter the URL of your service (e.g., http://localhost:8006 for Proxmox).
    • Target Port: Enter the port number of your service (e.g., 8006 for Proxmox).
  4. Click on the three dots next to your proxy host and select "Edit".
  5. Scroll down to the "SSL Certificate" section.
  6. Select the SSL certificate you obtained in Step 3.
  7. Click "Save" to create the new proxy host.

Use Proxy Host entry to route to Nginx IP:Port

Before adding anything else, its good idea to use nginx to route to nginx UI using domain and https. Basically, npm.subdomain.domain.com -> nginx-ip:port and select SSL certs while setting this.

Step 4: Test Endpoint

  1. Open a web browser and navigate to https://your-domain-name (replace your-domain-name with your actual domain name).
  2. You should see the login page of your service (e.g., Proxmox).
  3. Log in to your service to verify that everything is working correctly.
The content provided is generated with the help of artificial intelligence (AI) and may contain inaccuracies or outdated information due to the limitations of AI. While I strive to review and validate the content, some errors or inaccuracies may still be present in the final output. Please use this content as a general guide only and verify any critical information through reputable sources before relying on it. I appreciate your understanding and feedback in helping us improve the accuracy and quality of our AI-generated content."