Nginx Proxy Manager - ACCESS LIST protection for internal services

I cannot get wazuh to work with nginx proxy manager. If you could make a video of it that would be great. I changed the port from 443 to 442 in docker-compose.yaml for single-node and the dashboard doesn't load.

it seems that Access Lists work best with IPv4. if your network is behind CGNAT and you want to bypass it by using IPV6, it wouldnt work as smoothly. am I wrong?

Bei mir geht das nicht, immer wenn ich mich ein anmelden will kommt dieses andere Access Login wo er sag das es Falsch sei.

You have NPM and Bitwarden working together - is this on the same server? I have had real problems working through this - would make the suggestion for a future video being - How do you set-up Bitwarden and Proxy Manager on the same server - (they are both Nginx and there are complications that I have not actually finished working through yet!!)

Hi, Thanks for this tutorial. Do you know if is possible to create an access list selectively for different self-hosted services? Were some services dont need (example) a double authentication as they already have one. Es.: I rather not have extra auth on a Nextcloud service but I like to have it on services with poor o no authentication.
Thanks

Obrigado Christian! Você salvou minha vida. / Thanks Christian you saved my life.

Hi Christian, is it possible to block access to Nginx Proxy Manager login page if it is reached by public ip and port? Also is it possible to return a 404 status if you try to access a certain host that I don't want to show?

thank you so much!! that bug where you have to update the host has had me done in for a fair few hours.

The major downside of access list based on IP: It checks the public IP of your ISP always. So you have to take the IP which your router has. Allowing your local network is pointless, cause it is never checked.

Buen video pelado

Regarding Bitwarden...When you set a user/password for access... How does this work with the Bitwarden phone app in your example (with no IP entries)? Does the app trigger a sign-in popup? Thank you!

Many thanks for the tip in updating the proxy host after updating there access list credentials! That was driving me and trying to work out what was going on! :-)

just wanted to say my thanks! finally confident enough to broadcast my apps to the public cloud. what i did was whitelist all cloudflare ip addresses ONLY. with cloudflare in front and npm behind, i should be safe enough ? or am i missing something else...

So... say you dont have a static IP and you locked yourself out after the IP changed... how would you unlock it? haha =(
Btw, awesome video.

Well done! Exactly what I want. keep going.

This was exactly the info I was looking for. I want to use nginx proxy manager to point to portainer but don't want exposed to the external Internet and I can do that now! Thanks!

one thing i found with this user auth (without IP, and selecting any of the two condition) is that when you apply the access list on the NGINX PM itself to restrict access to its web interface i was not able to get through to NGINX PM even though i am 100% sure that i used the correct user credentials,

and when i remove the access list from the NGINX PM web interface and applied it on another proxy host and it worked with the same user credentials, not sure if this is some sort of a bug, but lucky for me I had internal access using which i removed the Access list that was applies on the NGINX PM itself

and when I re-applied the access list on the NGINX PM this again didnt work and broke my access to the other proxy host, so i removed it again from NGINX PM

Good one. Thanks for sharing

not bad, but the BW addon (on firefox) also stopped to work. Ergo useless if you use the add on

Hey. Thanks for this. Just 2 questions:
1. What happens to apps when it's set up this way? For example, bitwarden windows/Android app? Or is this only for the web app?

2. How would you set it up for dynamic ip address as would be the case for most of the users?

This was exactly the info i needed, Thanks

Question: When i put in my WAN IP i still get a forbidden page when i tried to enter my proxy website. Any ideas? :)

Would this protect against GET, POST requests?

Another great video about NPN! This channel is just amazing... Thanks.

Another thing worth noting is that password given in "Authorization" tab cannot have special characters in them. Just takes alphabets and numbers (as far as I know but may be it does allow some symbols but not all!).

Thanks Christian, do you know how I would make an access list for my Tailscale network? So that only devices on that network could connect to a service?

Hi Christian, once more a quite good tutorial 👋 What do you think about Authelia together with NPM? This adds the possibility to protect services with 2fa, that have no or only single factor authentication. Good stuff for a further video? Would be nice!

Hi I wanted to ask if there is a way of using IP based ACL with a dynmaic ip in nginxproxyamanager, only issue is for i cannot keep updating my access list with a new ip each time as i have a dynamic IP

Hi, for public ip adress do we need to write /subnet mask? or just public ip adress is good? Also if i added a allow ip here a few minute later can not access to the host, i see cloudflare ssl issue (looks like also cloudflare can not access to check ssl certificate)

How can i quick add multiple ip (more than 1000) :(( or allow a country?

Hey! Just discovered your channel and I'm loving the content already! I have a question regarding this setup. I've used the Access Lists to secure my nextcloud drive. However, this is now preventing me from connecting on my desktop/mobile app. Any idea how to solve this issue? Thanks!

Thanks for the guide, your help me XD

is there a bug? i can not get the access list to work with ip... added my public ip, my home network but still get forbidden 403... i have no idea why...

I miss the Methode to use dyndns as resolver for IP access. This has only apache.

I'm looking for a way to use Nginx load balancing via the Nginx Proxy Manager. Is there any native way in the proxy manager to load balance? Or I was thinking of using regular Nginx to load balance and then use the Proxy Manager in front of that for public facing, would that even work ? Thanks for the videos you make, they are really helpful..!!

Might want to add somewhere that there's a bug with Custom Locations whereby access lists defined within the GUI do not apply to those locations. You have to define the configuration settings yourselves for each custom location within the "Advanced Settings" cog.

Do the other options like Redirection, 404, and Stream Hosts. I've been using NPM for about a year. I don't use my top level domains and like to redirect them to other sites that I don't own to give them free traffic. All of that recently stopped working and I don't know how to do it now. NPM has zero documentation for these features.

Is there any way to stop local users bypassing the reverse proxy by going straight to the IP address of the machine instead?

Good guide. I use NPM but was not thinking about this feature until now.

Fantastic tutorial! I am really liking this channel!

good