[GH-ISSUE #1139] Domain with source port #934

New issue

Closed

opened 2026-02-26 06:35:03 +03:00 by kerem · 13 comments

kerem commented 2026-02-26 06:35:03 +03:00

Owner

Copy link

Originally created by @CyrosX on GitHub (May 30, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1139

I didn't find any notes about this:
I'm trying to achieve the following scenario:
https://DDNS:12345 -> Router forwards 12345 to 4848 on DOCKERHOST-IP
4848 (mapped to SSL Port of NPM) shall send it to DOCKERHOST-IP:port-of-container
Included is a SSL Certificate.
But it won't work :-/. I'll get NET::ERR_CERT_INVALID and the certificate is a dummy.

I've uploaded a Let's encrypt certificate, (key + domain.cer + ca.cer)

Originally created by @CyrosX on GitHub (May 30, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1139 I didn't find any notes about this: I'm trying to achieve the following scenario: https://DDNS:12345 -> Router forwards 12345 to 4848 on DOCKERHOST-IP 4848 (mapped to SSL Port of NPM) shall send it to DOCKERHOST-IP:port-of-container Included is a SSL Certificate. But it won't work :-/. I'll get NET::ERR_CERT_INVALID and the certificate is a dummy. I've uploaded a Let's encrypt certificate, (key + domain.cer + ca.cer)

kerem closed this issue 2026-02-26 06:35:03 +03:00

kerem commented 2026-02-26 06:35:04 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (May 30, 2021):

Can you provide your docker-compose file, please? Maybe also the host configuration?

Just to make sure, have you also set the proxy host to use your ssl certificate?

<!-- gh-comment-id:851025241 --> @chaptergy commented on GitHub (May 30, 2021): Can you provide your docker-compose file, please? Maybe also the host configuration? Just to make sure, have you also set the proxy host to use your ssl certificate?

kerem commented 2026-02-26 06:35:04 +03:00

Author

Owner

Copy link

@CyrosX commented on GitHub (May 30, 2021):

services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: always
    ports:
      # Public HTTP Port:
      - '8080:80'
      # Public HTTPS Port:
      - '4443:443'
      # Admin Web Port:
      - '8081:81'
    environment:
      DB_SQLITE_FILE: "/data/database.sqlite"
    volumes:
      - /volume1/docker/npm/data:/data
      - /volume1/docker/npm/letsencrypt:/etc/letsencrypt

The host is a Synology Diskstation, which also has the certificate for itself. - Currently I'm using its reverse proxy (working), but I want to replace it (NPM has more features)

<!-- gh-comment-id:851026612 --> @CyrosX commented on GitHub (May 30, 2021): ```version: "3" services: app: image: 'jc21/nginx-proxy-manager:latest' restart: always ports: # Public HTTP Port: - '8080:80' # Public HTTPS Port: - '4443:443' # Admin Web Port: - '8081:81' environment: DB_SQLITE_FILE: "/data/database.sqlite" volumes: - /volume1/docker/npm/data:/data - /volume1/docker/npm/letsencrypt:/etc/letsencrypt ``` <img width="500" alt="pic" src="https://user-images.githubusercontent.com/15161462/120112184-13a75580-c175-11eb-8772-7d82af5e36be.png"> The host is a Synology Diskstation, which also has the certificate for itself. - Currently I'm using its reverse proxy (working), but I want to replace it (NPM has more features)

kerem commented 2026-02-26 06:35:04 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (May 30, 2021):

Didn't you say port 4848? The docker compose file maps port 4443 to the ssl port of npm. I also think the domain names can not contain a port, you should just use url.example.com

<!-- gh-comment-id:851027575 --> @chaptergy commented on GitHub (May 30, 2021): Didn't you say port `4848`? The docker compose file maps port `4443` to the ssl port of npm. I also think the domain names can not contain a port, you should just use `url.example.com`

kerem commented 2026-02-26 06:35:04 +03:00

Author

Owner

Copy link

@CyrosX commented on GitHub (May 30, 2021):

Sorry - 4848 was just an example, that I've changed the normal port mapping of the NPM docker container.
Hm, so if there are multiple services, which shall be exposed, I'll have to create the same amount of DDNS domains?
In my case I'm mapping several source ports to forwarding ports on the same domain.

<!-- gh-comment-id:851071526 --> @CyrosX commented on GitHub (May 30, 2021): Sorry - 4848 was just an example, that I've changed the normal port mapping of the NPM docker container. Hm, so if there are multiple services, which shall be exposed, I'll have to create the same amount of DDNS domains? In my case I'm mapping several source ports to forwarding ports on the same domain.

kerem commented 2026-02-26 06:35:04 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (May 31, 2021):

Ah, now I understand. I am not very familiar with this as well, but you could try to use the advanced tab as seen in https://github.com/jc21/nginx-proxy-manager/issues/252. Though you won't be able to disable port 80 and 443 without editing the config manually. The GUI is just made for using subdomains or subfolders, not ports.

<!-- gh-comment-id:851275627 --> @chaptergy commented on GitHub (May 31, 2021): Ah, now I understand. I am not very familiar with this as well, but you could try to use the advanced tab as seen in https://github.com/jc21/nginx-proxy-manager/issues/252. Though you won't be able to disable port 80 and 443 without editing the config manually. The GUI is just made for using subdomains or subfolders, not ports.

kerem commented 2026-02-26 06:35:04 +03:00

Author

Owner

Copy link

@CyrosX commented on GitHub (May 31, 2021):

@chaptergy, thank you very much, spending your time to help me out here 😃.
Just to specify the last part - 4443 is 4848 in my first example.
So port nat-routing/proxying is everywhere (hopefully it's correct on a technical pov)

• ddns:1234 -IPv4-forwarding*-> npm-container:4443 -IPv4-rev.-proxying**-> 2nd-container:4321
• 443 is already used on docker host so: npm:443 <-IPv4-forward-> dockerhost:4443
  [*happens on network router/firewall] [**source port, destination port based]

Maybe I need to look up some best practices in regards of port based vs domain based routing and
secure docker services networking while exposing parts to the internet.
Docker internal DNS routing in its multiple network types to prevent double port exposition and disallowing the bypassing of the TLS-secured port, is something I'll need to learn about right now.

<!-- gh-comment-id:851332140 --> @CyrosX commented on GitHub (May 31, 2021): @chaptergy, thank you very much, spending your time to help me out here 😃. Just to specify the last part - 4443 is 4848 in my first example. So port nat-routing/proxying is everywhere (hopefully it's correct on a technical pov) - ddns:1234 -IPv4-forwarding*-> npm-container:4443 -IPv4-rev.-proxying**-> 2nd-container:4321 - 443 is already used on docker host so: npm:443 <-IPv4-forward-> dockerhost:4443 [*happens on network router/firewall] [**source port, destination port based] Maybe I need to look up some best practices in regards of port based vs domain based routing and secure docker services networking while exposing parts to the internet. Docker internal DNS routing in its multiple network types to prevent double port exposition and disallowing the bypassing of the TLS-secured port, is something I'll need to learn about right now.

kerem commented 2026-02-26 06:35:04 +03:00

Author

Owner

Copy link

@aab12345 commented on GitHub (May 31, 2021):

You would be best off opening only 80/443 on your router, let NPM handle the requests. These are really the only two ports you need to open to the public really. My NPM is served over the following;

https://subdomain.domain.com > NPM > let NPM handle your forward/proxy requests.

Your NPM config on docker-compose could be;

      # Public HTTP Port:
      - '80:80'
      # Public HTTPS Port:
      - '443:43'
      # Admin Web Port:
      - '81:81'

Hope this helps?

<!-- gh-comment-id:851376594 --> @aab12345 commented on GitHub (May 31, 2021): You would be best off opening only 80/443 on your router, let NPM handle the requests. These are really the only two ports you need to open to the public really. My NPM is served over the following;  https://subdomain.domain.com > NPM > let NPM handle your forward/proxy requests. Your NPM config on docker-compose could be; ``` # Public HTTP Port: - '80:80' # Public HTTPS Port: - '443:43' # Admin Web Port: - '81:81' ``` Hope this helps?

kerem commented 2026-02-26 06:35:04 +03:00

Author

Owner

Copy link

@CyrosX commented on GitHub (May 31, 2021):

@el-profesor926 thank you, too!
I've did this now in combination with CNAMES directing to the DDNS (domain based routing),
but NPM works also nice with my non-default ports. (443,80 are already in use on host)

<!-- gh-comment-id:851421245 --> @CyrosX commented on GitHub (May 31, 2021): @el-profesor926 thank you, too! I've did this now in combination with CNAMES directing to the DDNS (domain based routing), but NPM works also nice with my non-default ports. (443,80 are already in use on host)

kerem commented 2026-02-26 06:35:04 +03:00

Author

Owner

Copy link

@aab12345 commented on GitHub (May 31, 2021):

fantastic, it's very easy to get your head around once you leave only 80 and 443 open to let NPM manage everything. SSL will work because by default you have 80 and 443 open, which is web non SSL + web SSL ports.

<!-- gh-comment-id:851422365 --> @aab12345 commented on GitHub (May 31, 2021): fantastic, it's very easy to get your head around once you leave only 80 and 443 open to let NPM manage everything. SSL will work because by default you have 80 and 443 open, which is web non SSL + web SSL ports.

kerem commented 2026-02-26 06:35:04 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (May 31, 2021):

So you were able to get it working? If so, great! Let me know if you did, then I can go ahead and close this issue. (Or you can close this issue yourself)

<!-- gh-comment-id:851427270 --> @chaptergy commented on GitHub (May 31, 2021): So you were able to get it working? If so, great! Let me know if you did, then I can go ahead and close this issue. (Or you can close this issue yourself)

kerem commented 2026-02-26 06:35:04 +03:00

Author

Owner

Copy link

@CyrosX commented on GitHub (May 31, 2021):

Yeah, it‘s working very well! Thank you :)

<!-- gh-comment-id:851619345 --> @CyrosX commented on GitHub (May 31, 2021): Yeah, it‘s working very well! Thank you :)

kerem commented 2026-02-26 06:35:04 +03:00

Author

Owner

Copy link

@Macrisu commented on GitHub (Mar 10, 2023):

I have exactly the same problem...

rPI + docker.
rPI is behind a router (NAT)

In docker I run:

• Nginx Proxy manager (ports 80, 443, 81)
• EVCC (port 7070)
• PI-Hole (port 8082)
• Home Assistant (port 8123)

I can only use 443 for one service: EVCC, Pi-Home, or Home Assistant! ;(
I must open other ports on the Nginx Proxy manager docker container.
The problem still is that the domain source does not accept ports!

Any solution?

<!-- gh-comment-id:1463772588 --> @Macrisu commented on GitHub (Mar 10, 2023): I have exactly the same problem... rPI + docker. rPI is behind a router (NAT) In docker I run: - Nginx Proxy manager (ports 80, 443, 81) - EVCC (port 7070) - PI-Hole (port 8082) - Home Assistant (port 8123) I can only use 443 for one service: EVCC, Pi-Home, or Home Assistant! ;( I must open other ports on the Nginx Proxy manager docker container. The problem still is that the **domain source** does not accept ports! Any solution?

kerem commented 2026-02-26 06:35:04 +03:00

Author

Owner

Copy link

@bmmmm commented on GitHub (Mar 11, 2023):

@Macrisu is answered you in: https://github.com/NginxProxyManager/nginx-proxy-manager/discussions/2665

<!-- gh-comment-id:1464878863 --> @bmmmm commented on GitHub (Mar 11, 2023): @Macrisu is answered you in: https://github.com/NginxProxyManager/nginx-proxy-manager/discussions/2665

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#934

No description provided.