The way I did it I like it because I don’t have to open any ports other than the one for the VPN and I don’t have to do anything on any device because with Nginx Proxy Manager take care of all that by itself. I don’t get any warnings and don’t have to import anything.
Usually NPM require port 80 open to be able to generate/refresh SSL certificate.
Maybe mine was already open because it got through without any problem… generating certificate was flawless the only thing I had to do was install certbot in my system it was not installed and I got an error there but after that no problem.
What about the automated backup option… any advice?
How did you generate the certificate? Usually this is a build in function of NPM and there is no other software needed. NPM is a docker container and should have everything inside.
You can use dietpi-backup to store whole system backup on an external device.
Yeah I did it with NPM as it was in a docker container. It was easy the only thing I needed to add was in unbound as I had to edit the config file and add a private-domain because I was getting bad gateway…
I would need a script I guess to run diet-backup with a scheduled time set right?
Not sure what you did with unbound, but your primary DNS server should be AGH. There configuration would need to be done if you need to resolve local domains.
dietpi-backup has built in scheduler already
well to be able to reach a ddns in this case DuckDNS I wanted to set in NPM that adguard.myservername.duckdns.org was reachable but it was not getting through and the problem was with Unbound… I searched and I saw a post that a private-domain had to be set inside the config and that did the trick for me… in AGH the only thing I did was to add 127.0.0.1:5335 as upstream DNS then in my router I pointed to my pi system as primary DNS and every device goes through AGH…
Great thanks for the backup advice I just saw a post about it… do you think its safe to back it up to a cloud or not?
Something that should have been automatically set by our installer if you install AGH+Unbound together using dietpi-software.
For me the wrong place to configure local DNS request. Probably i misunderstood your configuration. At least it seems you have public ddns name with private address. Ayway its your configuration and its working for you. All good for you.
dietpi-backup has no feature to store a backup within a cloud. We support local or NFS target location only.
For me the wrong place to configure local DNS request. Probably i misunderstood your configuration. At least it seems you have public ddns name with private address. Ayway its your configuration and its working for you. All good for you.
Yes on duckdns I set it up to my local IP address 10.0.0.5 for example and then I can reach all my services that I add inside NPM without the IP as i created a rule for *.customname.duckdns.org
As already mentioned, I find your setup strange or rather I don’t understand it. You are using an external DDNS service to resolve an internal local IP address. This could have been done more easily via your local DNS server or /etc/hosts. Then no changes to the unbound configuration would have been necessary. Furthermore, I don’t understand how you could issue a real valid SSL certificate. At least this should not be possible via NPM. Because as far as I know NPM uses Letsencrypt and that actually requires a real external IP address to validate the DDNS domain. And this should not be possible with the internal IP address that you have stored with DuckDNS. It’s also strange that you had to install Certbot. This is actually not necessary when using NPM. You also mentioned Cloudflare somewhere above. I therefore assume that you created the certificate in another way and then imported it into NPM.
And if you really created the certificate yourself somehow, you could have skipped the configuration of NPM and used it directly in Vaultwarden.
Maybe I really don’t understand the whole thing.
Anyway, your setup seems to work. So there is nothing more to add here.
1 Like
Check this: https://www.youtube.com/watch?v=qlcVx-k-02E
Thats what I did.
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.