[GH-ISSUE #1901] NPM to enable https access to docker conainers inside my home network only using letsEncrypt certificates #1383

New issue

Closed

opened 2026-02-26 07:30:45 +03:00 by kerem · 10 comments

kerem commented 2026-02-26 07:30:45 +03:00

Owner

Copy link

Originally created by @queen4me on GitHub (Mar 1, 2022).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1901

I don't want to expose my home network directly to the internet but connect via VPN when I'm not at home or access a Docker container via NPM and https from a client in my home network.
At the moment I'm completely stuck understanding how to access a docker container from inside my network using NPM for https.

I'd like to use the integrated and existing automatism for upgrading letsEncrypt SSL-certificates directly from NPM and with my internet connection (outgoing) but instead of accessing the docker container from the internet using the domain name and NPM I'd like to configure NPM for internal access only.

I've withdrawn every alternative like using pi-hole and local DNS records because this won't help me at all.

Hopefully somebody reads this post and shows me a solution with the existing NPM and the "correct" usage/configuration for my use case.

Thanks a lot for helping and by the way the creators and maintainers of NPM did a great job!!!

Originally created by @queen4me on GitHub (Mar 1, 2022). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1901 I don't want to expose my home network directly to the internet but connect via VPN when I'm not at home or access a Docker container via NPM and https from a client in my home network. At the moment I'm completely stuck understanding how to access a docker container from inside my network using NPM for https. I'd like to use the integrated and existing automatism for upgrading letsEncrypt SSL-certificates directly from NPM and with my internet connection (outgoing) but instead of accessing the docker container from the internet using the domain name and NPM I'd like to configure NPM for internal access only. I've withdrawn every alternative like using pi-hole and local DNS records because this won't help me at all. Hopefully somebody reads this post and shows me a solution with the existing NPM and the "correct" usage/configuration for my use case. Thanks a lot for helping and by the way the creators and maintainers of NPM did a great job!!!

kerem 2026-02-26 07:30:45 +03:00

• closed this issue
• added the
  enhancement
  stale
  labels

kerem commented 2026-02-26 07:30:46 +03:00

Author

Owner

Copy link

@LePresidente commented on GitHub (Mar 3, 2022):

You can set up a access-list with your local IP range in the allow and the default rule deny. then add that rule to your acess list in each proxy host.

<!-- gh-comment-id:1057829532 --> @LePresidente commented on GitHub (Mar 3, 2022): You can set up a access-list with your local IP range in the allow and the default rule deny. then add that rule to your acess list in each proxy host.

kerem commented 2026-02-26 07:30:46 +03:00

Author

Owner

Copy link

@ssrahul96 commented on GitHub (Mar 3, 2022):

@queen4me may i know why pi-hole does not work for you case?, The SSL certificates are issues for domain names not ip. in that case you definetly need a dns record for the same, (local or public depending upon ur needs)

<!-- gh-comment-id:1058043325 --> @ssrahul96 commented on GitHub (Mar 3, 2022): @queen4me may i know why pi-hole does not work for you case?, The SSL certificates are issues for domain names not ip. in that case you definetly need a dns record for the same, (local or public depending upon ur needs)

kerem commented 2026-02-26 07:30:46 +03:00

Author

Owner

Copy link

@queen4me commented on GitHub (Mar 4, 2022):

Thank you folks.

@LePresidente
You mean I can keep the DNS "untouched" and access is only possible from my internal network because internal devices have an internal IP.
Setting up an access-list with allow 192.168.178.0/24 and adding this ACL to the proxy-host.

@ssrahul96
I'm struggeling with my PiHole because local DNS records like container1.mydomain.de 192.168.178.6 and using https://container1.mydomain.de in my browser have not been successfull at all.

<!-- gh-comment-id:1059389974 --> @queen4me commented on GitHub (Mar 4, 2022): Thank you folks. @LePresidente You mean I can keep the DNS "untouched" and access is only possible from my internal network because internal devices have an internal IP. Setting up an access-list with allow 192.168.178.0/24 and adding this ACL to the proxy-host. @ssrahul96 I'm struggeling with my PiHole because local DNS records like container1.mydomain.de 192.168.178.6 and using https://container1.mydomain.de in my browser have not been successfull at all.

kerem commented 2026-02-26 07:30:46 +03:00

Author

Owner

Copy link

@ssrahul96 commented on GitHub (Mar 5, 2022):

Thank you folks.

@LePresidente You mean I can keep the DNS "untouched" and access is only possible from my internal network because internal devices have an internal IP. Setting up an access-list with allow 192.168.178.0/24 and adding this ACL to the proxy-host.

@ssrahul96 I'm struggeling with my PiHole because local DNS records like container1.mydomain.de 192.168.178.6 and using https://container1.mydomain.de in my browser have not been successfull at all.

could you do a nslookup and ensure that its pointing to your pihole dns, i am using adguard, i think both of these does the same job.

<!-- gh-comment-id:1059715224 --> @ssrahul96 commented on GitHub (Mar 5, 2022): > Thank you folks. > > @LePresidente You mean I can keep the DNS "untouched" and access is only possible from my internal network because internal devices have an internal IP. Setting up an access-list with allow 192.168.178.0/24 and adding this ACL to the proxy-host. > > @ssrahul96 I'm struggeling with my PiHole because local DNS records like container1.mydomain.de 192.168.178.6 and using https://container1.mydomain.de in my browser have not been successfull at all. could you do a nslookup and ensure that its pointing to your pihole dns, i am using adguard, i think both of these does the same job.

kerem commented 2026-02-26 07:30:46 +03:00

Author

Owner

Copy link

@queen4me commented on GitHub (Mar 5, 2022):

@LePresidente
I now re-configured everything and my container is now accesible usind DDNS but if I enable the access-list I get an error 403. After disabling the access list everything works but I think I'm accessing over internet instead of my home network directly.

<!-- gh-comment-id:1059723123 --> @queen4me commented on GitHub (Mar 5, 2022): @LePresidente I now re-configured everything and my container is now accesible usind DDNS but if I enable the access-list I get an error 403. After disabling the access list everything works but I think I'm accessing over internet instead of my home network directly.

kerem commented 2026-02-26 07:30:46 +03:00

Author

Owner

Copy link

@ssrahul96 commented on GitHub (Mar 5, 2022):

access list

could you share your access list config, vpn subnet and npm subnets?

<!-- gh-comment-id:1059753174 --> @ssrahul96 commented on GitHub (Mar 5, 2022): > access list could you share your access list config, vpn subnet and npm subnets?

kerem commented 2026-02-26 07:30:46 +03:00

Author

Owner

Copy link

@queen4me commented on GitHub (Mar 8, 2022):

@ssrahul96

I use PiHole as DNS and Adguard on my client as well. Could this be a/the problem?
nlsookup with my actual setup:

`nslookup container.mydomain.ddnss.de
Server: Unknown
Address:

Not authorised response:
Name: mydomain.ddnss.de
Address:
Aliases: container.mydomain.ddnss.de`

Like I've written without any PiHole local DNS settings just DynDNS with ddnss.de and two portforwarding on my internetrouter for port 80 and 443 to my NPM-Container IP.

<!-- gh-comment-id:1062056391 --> @queen4me commented on GitHub (Mar 8, 2022): @ssrahul96 I use PiHole as DNS and Adguard on my client as well. Could this be a/the problem? nlsookup with my actual setup: `nslookup container.mydomain.ddnss.de Server: Unknown Address: <IP v6 Address> Not authorised response: Name: mydomain.ddnss.de Address: <IPv4 from my internet router> Aliases: container.mydomain.ddnss.de` Like I've written without any PiHole local DNS settings just DynDNS with ddnss.de and two portforwarding on my internetrouter for port 80 and 443 to my NPM-Container IP.

kerem commented 2026-02-26 07:30:46 +03:00

Author

Owner

Copy link

@queen4me commented on GitHub (Mar 8, 2022):

Problem is solved. My Fritzbox has a problem with DHCP clients and setting the IP of the PiHole.
After setting the DNS manually to the PiHole IP everything is fine now.

Thanks a lot for helping folks.

<!-- gh-comment-id:1062057851 --> @queen4me commented on GitHub (Mar 8, 2022): Problem is solved. My Fritzbox has a problem with DHCP clients and setting the IP of the PiHole. After setting the DNS manually to the PiHole IP everything is fine now. Thanks a lot for helping folks.

kerem commented 2026-02-26 07:30:46 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Feb 22, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:1958514168 --> @github-actions[bot] commented on GitHub (Feb 22, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented 2026-02-26 07:30:46 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Apr 7, 2025):

Issue was closed due to inactivity.

<!-- gh-comment-id:2781853555 --> @github-actions[bot] commented on GitHub (Apr 7, 2025): Issue was closed due to inactivity.

kerem referenced this issue 2026-02-26 08:30:36 +03:00

[PR #1383] [CLOSED] FIX: libc.musl-x86_64.so.1: cannot open shared object file: No such file or directory #3426

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#1383

No description provided.