starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-28 10:55:54 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #1147] More than one port by domain #945

New issue
Closed
opened 2026-02-26 06:35:06 +03:00 by kerem · 13 comments
kerem commented 2026-02-26 06:35:06 +03:00
Owner
Copy link

Originally created by @jgfurlan2 on GitHub (Jun 2, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1147

Is your feature request related to a problem? Please describe.
Maybe. I created a gitlab container, the same on the site releases ports 80, 443 and 22, in the proxy dashboard I informed to redirect the domain "gitlab.mydomain.com" to port 80 of the gitlab container, however when trying to use ssh for push it didn't work, only with http that works, then I thought it's because port 22 isn't listening to the domain and therefore never receives requests.

Describe the solution you'd like
The possibility of a domain redirecting to more than one port would probably solve the problem.

Originally created by @jgfurlan2 on GitHub (Jun 2, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1147 **Is your feature request related to a problem? Please describe.** Maybe. I created a gitlab container, the same on the site releases ports 80, 443 and 22, in the proxy dashboard I informed to redirect the domain "gitlab.mydomain.com" to port 80 of the gitlab container, however when trying to use ssh for push it didn't work, only with http that works, then I thought it's because port 22 isn't listening to the domain and therefore never receives requests. **Describe the solution you'd like** The possibility of a domain redirecting to more than one port would probably solve the problem.
kerem 2026-02-26 06:35:06 +03:00
kerem commented 2026-02-26 06:35:07 +03:00
Author
Owner
Copy link

@apainter2 commented on GitHub (Jun 2, 2021):

DNS does not work that way, domain names are simply a phone-book of IP addresses :)

So as long as the SSH instance you're trying to connect to, is hosted on the same server that the webserver instance is listening on it should be fine.

Example:
example.domain.tld points to 1.2.3.4
Your host NPM on the server server that also has the SSH and webservers (on a different port) example:
https://example.domain.tld points to 1.2.3.4 which then proxies you to the actual web-server 1.2.3.4:8080 AND the SSH server is hosted on the same server it would work, as the SSH instance would also be listening on IP 1.2.3.4.

If your using NPM as a front-door (public-facing) instance then forwards the HTTP(s) requests to another back-end instance via a different IP address, then use the streams option to forward SSH connections to that same backend server instance.

Example:
example.domain.tld points to 1.2.3.4
Your server on 1.2.3.4 only has NPM deployed to it, and is acting as a front-door/gatekeeper/proxy host only.
NPM is configured to forward HTTP(s) traffic meant for example.domain.tld to IP 6.7.8.9 then when you try to connect to SSH at example.domain.tld it is trying to connect to the SSH instance on 1.2.3.4. To forward SSH (normally port 22) to 6.7.8.9 reconfigure the SSH instance on server 1.2.3.4 to use a different port, then configure a stream on the NPM server to stream port 22 to server 6.7.8.9.

Does this make sense? Hopefully, it does.

Thanks,

<!-- gh-comment-id:853320910 --> @apainter2 commented on GitHub (Jun 2, 2021): DNS does not work that way, domain names are simply a phone-book of IP addresses :) So as long as the SSH instance you're trying to connect to, is hosted on the same server that the webserver instance is listening on it should be fine. Example: example.domain.tld points to 1.2.3.4 Your host NPM on the server server that also has the SSH and webservers (on a different port) example: https://example.domain.tld points to 1.2.3.4 which then proxies you to the actual web-server 1.2.3.4:8080 AND the SSH server is hosted on the same server it would work, as the SSH instance would also be listening on IP 1.2.3.4. If your using NPM as a front-door (public-facing) instance then forwards the HTTP(s) requests to another back-end instance via a different IP address, then use the streams option to forward SSH connections to that same backend server instance. Example: example.domain.tld points to 1.2.3.4 Your server on 1.2.3.4 only has NPM deployed to it, and is acting as a front-door/gatekeeper/proxy host only. NPM is configured to forward HTTP(s) traffic meant for example.domain.tld to IP 6.7.8.9 then when you try to connect to SSH at example.domain.tld it is trying to connect to the SSH instance on 1.2.3.4. To forward SSH (normally port 22) to 6.7.8.9 reconfigure the SSH instance on server 1.2.3.4 to use a different port, then configure a stream on the NPM server to stream port 22 to server 6.7.8.9. Does this make sense? Hopefully, it does. Thanks,
kerem commented 2026-02-26 06:35:07 +03:00
Author
Owner
Copy link

@jgfurlan2 commented on GitHub (Jun 2, 2021):

But I'm using one machine only, only one machine is with the gitlab and proxy container, I know it's probably not the most correct way and that the proxy should be in a separate instance.

The best way in this case would be for me to create another VM, I use lightsail, just for the proxy and then use the internal ips to redirect to the right container on the right port, eg:

1.2.3.4:81 - http gitlab
1.2.3.4:811 - ssh gitlab

and so on the vm of the proxy I add in "proxy hosts" the domain "gitlab.mydomain.com" pointing to 1.2.3.4:81 and create a "stream" of "80" and "443" to 1.2.3.4:811 TCP . That?

<!-- gh-comment-id:853330611 --> @jgfurlan2 commented on GitHub (Jun 2, 2021): But I'm using one machine only, only one machine is with the gitlab and proxy container, I know it's probably not the most correct way and that the proxy should be in a separate instance. The best way in this case would be for me to create another VM, I use lightsail, just for the proxy and then use the internal ips to redirect to the right container on the right port, eg: 1.2.3.4:81 - http gitlab 1.2.3.4:811 - ssh gitlab and so on the vm of the proxy I add in "proxy hosts" the domain "gitlab.mydomain.com" pointing to 1.2.3.4:81 and create a "stream" of "80" and "443" to 1.2.3.4:811 TCP . That?
kerem commented 2026-02-26 06:35:07 +03:00
Author
Owner
Copy link

@apainter2 commented on GitHub (Jun 2, 2021):

Does AWS Lightsail only allow ssh connections via certificate keypairs?

source: https://lightsail.aws.amazon.com/ls/docs/en_us/articles/understanding-ssh-in-amazon-lightsail

You need to configure the SSH client such as Putty to work and connect directly to the SSH server instance, using the relevant private key. If you have access, you could enable passwords by editing the sshd_config file and restarting the SSH daemon. I would not recommend doing this, and stick to using key pairs to authenticate to the SSH server.

I am making the following assumptions here:

  1. Your gitlab is not a docker container
  2. Your IP of 1.2.3.4 is the docker host IP address which is running the following:
    • NPM (running as a docker container) and is configured to listen to requests on ports 80 and 443
    • GitLab is hosted directly on the same VM instance
    • SSH is enabled on the server and can be directly connected to via an SSL client such as PuTTy or ssh.exe (windows 10), and port 22 is accessible via the internet.

I would redirect all HTTP traffic to HTTPS on the front end, unencrypted HTTP traffic's days are now numbered).

So I recommend trying this:

Your web-instance:
Create a proxy host using the following options:

[Details]
Domain Name: example.domain.tld (your FQDN)
Scheme: http (this presumes you are running HTTP on the backend instance only)
Forward Hostname / IP: 1.2.3.4
Forward Port: 81
Cache Assets: Enable

[SSL]
SSL Certificate: Select the relevant LE certificate
ForceSSL: Enable
HSTS Enabled: Enable
HTTP/2 Support: Enable

NOTE: If you do not wish to use HTTPS, set this section to 'None'.

Stream option:
Incoming Port: 22 (standard SSH port - ensure that the hosting provider is not blocking this port)
Forward IP: 1.2.3.4
Forward Port: 811
TCP Forwarding: Enable
UDP Forwarding: Disable

<!-- gh-comment-id:853361003 --> @apainter2 commented on GitHub (Jun 2, 2021): Does AWS Lightsail only allow ssh connections via certificate keypairs? source: https://lightsail.aws.amazon.com/ls/docs/en_us/articles/understanding-ssh-in-amazon-lightsail You need to configure the SSH client such as Putty to work and connect directly to the SSH server instance, using the relevant private key. If you have access, you could enable passwords by editing the sshd_config file and restarting the SSH daemon. I would not recommend doing this, and stick to using key pairs to authenticate to the SSH server. I am making the following assumptions here: 1. Your gitlab is not a docker container 2. Your IP of 1.2.3.4 is the docker host IP address which is running the following: - NPM (running as a docker container) and is configured to listen to requests on ports 80 and 443 - GitLab is hosted directly on the same VM instance - SSH is enabled on the server and can be directly connected to via an SSL client such as PuTTy or ssh.exe (windows 10), and port 22 is accessible via the internet. I would redirect all HTTP traffic to HTTPS on the front end, unencrypted HTTP traffic's days are now numbered). So I recommend trying this: Your web-instance: Create a proxy host using the following options: [Details] Domain Name: example.domain.tld (your FQDN) Scheme: http (this presumes you are running HTTP on the backend instance only) Forward Hostname / IP: 1.2.3.4 Forward Port: 81 Cache Assets: Enable [SSL] SSL Certificate: Select the relevant LE certificate ForceSSL: Enable HSTS Enabled: Enable HTTP/2 Support: Enable NOTE: If you do not wish to use HTTPS, set this section to 'None'. Stream option: Incoming Port: 22 (standard SSH port - ensure that the hosting provider is not blocking this port) Forward IP: 1.2.3.4 Forward Port: 811 TCP Forwarding: Enable UDP Forwarding: Disable
kerem commented 2026-02-26 06:35:07 +03:00
Author
Owner
Copy link

@apainter2 commented on GitHub (Jun 3, 2021):

@sigmagf any news?

<!-- gh-comment-id:854157747 --> @apainter2 commented on GitHub (Jun 3, 2021): @sigmagf any news?
kerem commented 2026-02-26 06:35:07 +03:00
Author
Owner
Copy link

@jgfurlan2 commented on GitHub (Jun 3, 2021):

Sorry, hadn't seen it yet.

In my case now I use gitlab and NPM on the same machine and both in the docker, and in case the docker doesn't let me activate port 22 of the gitlab container.

I'm still opting for a way to do it using the same instance as lightsail.

This alternative you gave me is using two instances and installing, as you said, gitlab directly on the instance, right?

<!-- gh-comment-id:854187370 --> @jgfurlan2 commented on GitHub (Jun 3, 2021): Sorry, hadn't seen it yet. In my case now I use gitlab and NPM on the same machine and both in the docker, and in case the docker doesn't let me activate port 22 of the gitlab container. I'm still opting for a way to do it using the same instance as lightsail. This alternative you gave me is using two instances and installing, as you said, gitlab directly on the instance, right?
kerem commented 2026-02-26 06:35:07 +03:00
Author
Owner
Copy link

@neatgz commented on GitHub (Jun 7, 2021):

Hello,
I want to reverse proxy some service on my QNAP nas.

For example:
https://nas.domain.com:1111 <---> http://127.0.0.1:5678
https://nas.domain.com:2222 <---> http://127.0.0.1:1234
https://nas.domain.com:3333 <---> http://127.0.0.1:4321

I really can't find how to configure using Nginx Proxy Manager.

For some personal reason, I donnot want to do like this:
https://a.domain.com <---> http://127.0.0.1:5678
https://b.domain.com <---> http://127.0.0.1:1234
https://c.domain.com <---> http://127.0.0.1:4321

Can Nginx Proxy Manager works like the first example?
Can you help me?
thanks a lot

<!-- gh-comment-id:855681441 --> @neatgz commented on GitHub (Jun 7, 2021): Hello, I want to reverse proxy some service on my QNAP nas. For example: https://nas.domain.com:1111 <---> http://127.0.0.1:5678 https://nas.domain.com:2222 <---> http://127.0.0.1:1234 https://nas.domain.com:3333 <---> http://127.0.0.1:4321 I really can't find how to configure using Nginx Proxy Manager. For some personal reason, I donnot want to do like this: https://a.domain.com <---> http://127.0.0.1:5678 https://b.domain.com <---> http://127.0.0.1:1234 https://c.domain.com <---> http://127.0.0.1:4321 Can Nginx Proxy Manager works like the first example? Can you help me? thanks a lot
kerem commented 2026-02-26 06:35:07 +03:00
Author
Owner
Copy link

@apainter2 commented on GitHub (Jun 7, 2021):

@neatgz This would not be possible by using a reverse proxy, what you are looking at is using an internal DNS solution to do this.

I would recommend Pi-Hole, as it now allows as well as network level ad-blocking, also local DNS resolution options.

<!-- gh-comment-id:855996740 --> @apainter2 commented on GitHub (Jun 7, 2021): @neatgz This would not be possible by using a reverse proxy, what you are looking at is using an internal DNS solution to do this. I would recommend Pi-Hole, as it now allows as well as network level ad-blocking, also local DNS resolution options.
kerem commented 2026-02-26 06:35:07 +03:00
Author
Owner
Copy link

@apainter2 commented on GitHub (Jun 7, 2021):

Sorry, hadn't seen it yet.

In my case now I use gitlab and NPM on the same machine and both in the docker, and in case the docker doesn't let me activate port 22 of the gitlab container.

I'm still opting for a way to do it using the same instance as lightsail.

This alternative you gave me is using two instances and installing, as you said, gitlab directly on the instance, right?

@sigmagf , yes my solution uses two instances, you generally can not access the SSH instance within a docker container, as generally it does not exist. You can however SSH onto the VM instance, and use docker exec -it NAMEOFCONTAINER COMMAND commands.

<!-- gh-comment-id:855998450 --> @apainter2 commented on GitHub (Jun 7, 2021): > > > Sorry, hadn't seen it yet. > > In my case now I use gitlab and NPM on the same machine and both in the docker, and in case the docker doesn't let me activate port 22 of the gitlab container. > > I'm still opting for a way to do it using the same instance as lightsail. > > This alternative you gave me is using two instances and installing, as you said, gitlab directly on the instance, right? @sigmagf , yes my solution uses two instances, you generally can not access the SSH instance within a docker container, as generally it does not exist. You can however SSH onto the VM instance, and use `docker exec -it NAMEOFCONTAINER COMMAND` commands.
kerem commented 2026-02-26 06:35:07 +03:00
Author
Owner
Copy link

@jgfurlan2 commented on GitHub (Jun 7, 2021):

I tried to do the same as you said, I created another vm, the lightsail itself has bitnami's gitlab, and I directed it to its ip, went to streans and configured it to redirect "22 ->2222" which is the port I defined, but it still doesn't works, my user is still not authorized.

eg:

domain Names: gitlab.example.com
scheme: http
ip: 1.2.3.4
port: 80

steams:
incoming port: 22
ip: 1.2.3.4
forward port: 2222

<!-- gh-comment-id:856054278 --> @jgfurlan2 commented on GitHub (Jun 7, 2021): I tried to do the same as you said, I created another vm, the lightsail itself has bitnami's gitlab, and I directed it to its ip, went to streans and configured it to redirect "22 ->2222" which is the port I defined, but it still doesn't works, my user is still not authorized. eg: **domain Names:** gitlab.example.com **scheme:** http **ip:** 1.2.3.4 **port:** 80 steams: **incoming port:** 22 **ip:** 1.2.3.4 **forward port:** 2222
kerem commented 2026-02-26 06:35:07 +03:00
Author
Owner
Copy link

@apainter2 commented on GitHub (Jun 7, 2021):

@sigmagf I'll have to spin up a test environment on my VM Host to see whats the issue. Can you provide links to the application stacks your using. Thanks.

<!-- gh-comment-id:856065033 --> @apainter2 commented on GitHub (Jun 7, 2021): @sigmagf I'll have to spin up a test environment on my VM Host to see whats the issue. Can you provide links to the application stacks your using. Thanks.
kerem commented 2026-02-26 06:35:07 +03:00
Author
Owner
Copy link

@jgfurlan2 commented on GitHub (Jun 7, 2021):

my gitlab real url?

My gitlab url is gitlab.furlansoftware.com

<!-- gh-comment-id:856068018 --> @jgfurlan2 commented on GitHub (Jun 7, 2021): my gitlab real url? My gitlab url is gitlab.furlansoftware.com
kerem commented 2026-02-26 06:35:07 +03:00
Author
Owner
Copy link

@jgfurlan2 commented on GitHub (Jun 7, 2021):

Apparently even configuring to redirect 22 to 1.2.3.4:2222 or 22 to 1.2.3.4:22 doesn't work, I used the ip of the vm directly that is in gitlab and it worked.

stream
hosts

<!-- gh-comment-id:856102050 --> @jgfurlan2 commented on GitHub (Jun 7, 2021): Apparently even configuring to redirect 22 to 1.2.3.4:2222 or 22 to 1.2.3.4:22 doesn't work, I used the ip of the vm directly that is in gitlab and it worked. ![stream](https://user-images.githubusercontent.com/49654105/121066238-0bb46a80-c7a0-11eb-8d10-4e4842917722.png) ![hosts](https://user-images.githubusercontent.com/49654105/121066246-0d7e2e00-c7a0-11eb-9429-cd9c731fcdeb.png)
kerem commented 2026-02-26 06:35:07 +03:00
Author
Owner
Copy link

@mgutt commented on GitHub (Jul 9, 2021):

NPM Proxy Hosts listen by default only on Port 80 and 443. Through the advanced settings you can add additional ports:

listen 22;

But this does not work for every type of traffic. I don't know if it works with SSH. Please test it and return feedback.

<!-- gh-comment-id:877256869 --> @mgutt commented on GitHub (Jul 9, 2021): NPM Proxy Hosts listen by default only on Port 80 and 443. Through the advanced settings you can add additional ports: ``` listen 22; ``` But this does not work for every type of traffic. I don't know if it works with SSH. Please test it and return feedback.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/prod-minor-updates-5edfafad3a
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#945
No description provided.