New Router (Netgear Orbi RBR850) - nginx proxy manager now stopped

Currently reading
New Router (Netgear Orbi RBR850) - nginx proxy manager now stopped

34
7
NAS
DS920+
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. Android
  2. iOS
Hi All,

All excited, I replaced my BT SmartHub2 with the Netgear Orbi Mesh Wifi to get the new Wifi 6. I had a set up working perfectly fine for me with all the reverse proxy.
I have my npm set up on a raspberry Pi and all the docker containers on Synology.
Did the port forwarding for both 80 and 443 on the Orbi router pointing to the npm on Pi. The DNS is from Cloudflare and the usual certs from LetsEncrypt.

All the subdomains now get back with a 522 error:
1641931971026.png

A lot of digging around feels like the port forwarding is not working. I am not sure though because I followed the steps correctly. The public IP is correctly shown on the router and also cloudflare is updated with the correct IP. ANy ideas? Any suggestions please.
1641932076544.png

When I try using CanYouSeeMe.org I get a
Error: I could not see your service on 123.123.123.123 on port (80)
Reason: Connection timed out

Any ideas? Any suggestions please.
 
1. disable the 80 port forwarding and use NPM settings to avoid troubles with unsecured comm. And never use this port from WAN.

2. disable PROXiing in Cloudflare DNS settings for your subdomains
reason:
You cannot proxy (orange-cloud) traffic from certain CDN providers without causing connectivity errors.
and check it. When https will run, you have the answer now.
 
1. disable the 80 port forwarding and use NPM settings to avoid troubles with unsecured comm. And never use this port from WAN.

2. disable PROXiing in Cloudflare DNS settings for your subdomains
reason:

and check it. When https will run, you have the answer now.
Thanks jeyare.. I will get back on the diagnosis
 
You need to allow these IP addresses in your Firewall (secure Cloudflare DNS servers):
Useful also for DNSSEC and DNSCrypt-Proxy (customized in my Unifi router)


Another problem source is the badly defined SSL part in Cloudflare, which makes an impact on your host:
1. SSL encryption mode: full-strict is recommended from my side when you have a cert from a trusted CA (LE is sometimes problematic here). I have WC cert from trusted CA = no problem.
2. Always use HTTPS, HSTS, min ver TLS 1.2, allow TLS 1.3, HTTP/2, automatic HTTPS rewrites
right HSTS settings are the most important part of the setup.
Note: 100% of traffic to my sites is running over TLS1.3 ... follow a report from the CF
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

No. Just stay on top of things (updates, warnings, patching, etc), and it will be fine.
Replies
1
Views
902
  • Question
looking to setup adGuard home on a raspberry pi 4b to block ads for every client on LAN network. I use...
Replies
0
Views
1,201
Don't forget to run the Security Advisor, regularly. Default ports used by DSM and its packages. Some may...
Replies
2
Views
1,296
I’m running a website but I’m not using Wordpress, so I don’t know much about it. However, I believe that...
Replies
4
Views
1,357
  • Question
or, if you are able to configure the internal subnet, set it on your ISP router/modem to what it was on...
Replies
2
Views
966
Well there is no question if you can or can't host websites on the NAS, yes you can. The problem here is...
Replies
5
Views
2,073

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top