I'm trying to set up a domain to more easily access my services on my home network, using a vanity URL instead of IP:port. With my current setup, my browser is not able to see the server ('we can't connect to the server' at e.g. plex.mydomain.xyz).
I registered the domain through Cloudflare. In Cloudflare, I set up my DNS records (A - mydomain.xyz - content = 192.168.x.x; A - www; CNAME - *), and got my API token. Nginx is running in Docker (as are the services I am trying to access), using the jc21 container and their docker compose template. I used the API token to generate an SSL certificate in NPM with *.mydomain.xyz as the domain, then added a proxy host using the URL mentioned above as the Domain Name, the IP of the server that's running all my containers for the forward hostname/IP, and the appropriate port for forward port. Then in the SSL tab told it to force SSL and HTTP/2.
I'm not sure what I'm doing incorrectly, the only thing I have running that might interfere with the network service is a PiHole, and it appears to be sending the request on. Also tried using localhost (127.0.0.1) to no avail. I've seen some others say they had to restart NPM a few times, so I've tried that as well. Thanks for any help!
*Edit: My router had DNS rebind protection enabled which was blocking the local address. I discovered this by using NSLOOKUP on my home network, where I got a 'No internal type for both IPv4...' error (in Windows command prompt) and outside my home network, where it resolved correctly. Thanks to those who commented, appreciate your time.
TL;DR - don't do this. Plex on Cloudflare is a bad idea. Read my last notes. Get the Plex Remote Watch Pass instead.
So, regular Cloudflare DNS is not the answer here. Your homelab is almost always natted. As in, there's a public IP assigned to your home, but your internal network (192.168..) is... internal. Cloudflare doesn't know of it.
One solution is to expose a port on your router. That would mean that if you go to plex.mydomain.xyz, Cloudflare DNS will send it to your home's public IP and your router will send it to your internal computer based on that port request. This is NOT recommended. For one, your home's public IP can change at any time. It's your ISP's choice what IP they want to assign to you. They can and will change it when they want to. Second, this opens up your internal network to a barrage of attacks.
Seriously, don't do this.
A separate alternative is to use something like DynDNS (only if your router supports it). Then folks will go to yourplex.dyndns.io (or something) and that will send them to your router's public IP, no matter how many times it changes. But if you want to use plex.mydomain.xyz then DynDNS charges you money and, afaik, it's expensive. So no real point.
The better alternative is Cloudflared and Cloudflare Tunnels. This sits under https://one.dash.cloudflare.com/ → Networks → Tunnels.
Hit "Create a Tunnel" and select Cloudflared. Give it a name. Let's call it "homeserver" (it doesn't matter).
Once it's created, click on the name and click Edit. (or maybe the instructions vary if you're running it the first time). Select Docker, and it'll give you instructions to run cloudflared as a docker container. The command will look like -
docker run cloudflare/cloudflared:latest tunnel --no-autoupdate run --token CLOUDFLARE_ASSIGNED_TOKENThen, you'll have a tunnel. Once you have it up and running, go to Public Hostnames under the same "homeserver" tunnel edit option.
Add a Public hostname. Subdomain would be
plexand domain would bemydomain.xyz(from the dropdown). No path.For the "service" - type is HTTP mostly (unless you're running SSL inside your home). And the URL is the internal IP address and port for you. So for Plex it'll be
192.168.x.y:32400 (internal IP of the computer running Plex)
Once it's saved and Cloudflare has propagated the change (usually a few seconds), you can go to
plex.mydomain.xyzand it'll show your application 🙂What's going on here? Cloudflare's Tunnel solution sidesteps the Cloudflare DNS feature. You still need your domain attached to your Cloudflare account. Cloudflare gets the request, realizes it's a Tunnel request, finds the cloudflared container which you're running inside your network, establishes a secure connection all the way to it. From there, the connection is inside your home, from your cloudflared docker container to your Plex installation and back.
NOTE: Once you do this, everyone who can go to
plex.mydomain.xyz(basically the entire internet) will be able to see your Plex setup. Make sure to include strong login credentials. If you do not have any login credentials, you can easily end up with complete strangers streaming your Plex library.ALSO: This is against Cloudflare TOS. If you're just using it once in a while, you might get away with it. But if not, Cloudflare will find out and boot your domain and might even close your account.
So... If you are building this for friends and family, get the Plex Remote Watch Pass. It's $20/year and one possible way for you to give Plex access to people. In this method, you do not need to use cloudflare tunnels or expose a port. Everyone creates a free account on Plex (or you create one account for everyone, and they create their own profiles, whatever) and you grant them access to your libraries. Then they go to app.plex.tv instead of
plex.mydomain.xyz, login, and get to your content.Last Note: I use cloudflare tunnels a LOT. I use it for everything from RSS feeds to Calibre Web. All of my usecases are low traffic scenarios. Cloudflare is chill with those. Video streaming through their network is a whole different ballgame. Do NOT risk it.
This took me way too long to write. Cheers!