pirateMonkey

I know this is a week old, but thanks for your input. I hadn't seen Avahi before, and that's a cool option, so thanks for sharing it. Part of why I wanted to do things this way was an excuse to practice with running a web server before setting up Foundry, so it's mostly just testing things out. Of course, if it was just a regular web server, I wouldn't have had this issue because DNS rebind protection on my router ended up being the problem.

Part of the idea here is to get comfortable with what's happening here in a safe/unexposed environment before trying something that I would expose to the internet, and I'm of the understanding that you can do it this way (pass it to the internet, which will then return that internal IP that Nginx should route appropriately.

Yes, I'm using this container: https://github.com/NginxProxyManager/nginx-proxy-manager using the compose file as written (except I'm naming it nginx instead of app). It maps ports 80 and 443 for traffic and 81 for the manager, which is running.

Yep, that makes sense. Thank you!

Thanks for that flow on how to troubleshoot.

When I try nslookup on the server, it doesn't seem to be working at all (nslookup google.com returns ** server can't find nslookup: NXDOMAIN). On Windows, it doesn't return any IP (*** No internal type for both IPv4 and IPv6 Addresses records available). Looking at my Pi-hole query log, I do see that address was queried and allowed. *ETA - I do notice that the Windows nslookup returns a URL for Server and my router's IP address for Address, while Linux returns the router's IP address for Server and that address with #53 appended for Address.

How can I check what Cloudflare is seeing (because as I understand that's the next link in the chain)? I'm not seeing any logs there, but only created my account Saturday... *edit to add it's obviously in the link in the sidebar that says analytics and logs, but not seeing any activity on any of those, so it seems to not be getting past the Pi-hole?

Even without full understanding, I think you're a few steps ahead of me! I was also under the impression that it would be fairly straightforward, but getting lessons in how to troubleshoot (and I appreciate them!)

I was testing with 127.0.0.1 earlier, so that's makes sense on one level, but not port 3000.

Is my understanding correct that the upstream connection was refused means that it went to Cloudflare who then sent it back to my server, and it was rejected there?

I'm still very much in a learning mode here, so forgive my ignorance - which logs? Nginx? I'm seeing a fallback_error and fallback_access (which has nothing interesting). There are also some empty files for the host I have set up (proxy-host-1_access/error)

2025/09/01 12:34:54 [error] 193#193: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.181, server: nginxproxymanager, request: "GET /api/ HTTP/1.1", upstream: "http://127.0.0.1:3000/", host: "192.168.1.196:81", referrer: "http://192.168.1.196:81/nginx/certificates"

Where, presumably obviously, 196 is the server and 181 is a laptop. FWIW I don't see the directory it's mentioning, /nginx/certificates, but I'm looking at the host's directory rather than in the container.

Yeah, just looking for internal access right now so I don't have to remember the correct port for every service. Will use a VPN (leaning toward Tailscale) for remote access once I get this set up.