Nginx Manager

Guide to Port Forwarding, Cloudflare Integration, and Nginx Proxy Manager


Introduction

Deploying a website and making it accessible to the public involves several crucial steps to ensure security, performance, and proper configuration. This article will guide you through the process of setting up port forwarding, configuring Cloudflare, and utilizing Nginx Proxy Manager to securely host your website.

1. Port Forwarding

Port forwarding is essential for allowing external traffic to reach your web server. To set up port forwarding:

  1. Access your router’s administration panel (typically by entering 192.168.0.1 or 192.168.1.1 in your browser).
  2. Locate the port forwarding section (may be under “Advanced Settings” or “NAT/QoS”).
  3. Create a new rule:
  • External port: 80 (HTTP) and 443 (HTTPS)
  • Internal port: 80 and 443
  • Internal IP address: Your web server’s local IP address
  1. Save the changes and reboot your router if necessary.

2. Obtaining Your Public IP Address

To make your website accessible from the internet, you need to know your public IP address. You can find this by visiting websites like ipify.org or whatismyip.com.

3. Cloudflare DNS Configuration

Cloudflare offers various benefits, including DDoS protection and CDN services. To set up Cloudflare:

a. Create a Cloudflare account and add your domain.
b. Update your domain’s nameservers to Cloudflare’s nameservers (provided during setup).
c. In the DNS section of Cloudflare:

  • Add an A record pointing to your public IP address.
  • Set the proxy status to “Proxied” (orange cloud icon).

4. Cloudflare Proxy

Enabling Cloudflare’s proxy provides additional security and performance benefits:

a. In the DNS section, ensure the proxy status is set to “Proxied” for your A record.
b. Go to the “SSL/TLS” section and set the encryption mode to “Full” or “Full (strict)” for enhanced security.

5. Nginx Proxy Manager Configuration

Assuming Nginx Proxy Manager is already installed, configure it as follows:

a. Access the Nginx Proxy Manager web interface.
b. Add a new proxy host:

  • Domain Name: Your website’s domain
  • Scheme: http
  • Forward Hostname / IP: Your web server’s local IP address
  • Forward Port: The port your web application is running on (e.g., 3000 for Node.js)
    c. Enable SSL:
  • Select “Request a new SSL Certificate”
  • Choose “Use a DNS Challenge”
  • Select Cloudflare as the DNS provider
  • Enter your Cloudflare Global API Key or API Token

6. Cloudflare DNS Token for Verification

Since your domain is proxied through Cloudflare, use a DNS token for verification:

a. In Cloudflare, go to “My Profile” > “API Tokens”
b. Create a new token with “Zone:DNS:Edit” permissions for your specific domain
c. Use this token in Nginx Proxy Manager’s Cloudflare DNS challenge settings

7. Cloudflare Security Settings (Free Tier)

Cloudflare offers several security features, even on the free tier:

a. SSL/TLS: Set to “Full” or “Full (strict)”
b. Security Level: Set to “Medium” or “High” based on your needs
c. Enable “Always Use HTTPS” to redirect all HTTP traffic to HTTPS
d. Bot Fight Mode: Enable to mitigate bot attacks
e. Browser Integrity Check: Enable to block potentially malicious requests
f. Enable Email Address Obfuscation to protect email addresses on your site
g. Server-side Excludes: Enable to protect sensitive content from being cached
h. Hotlink Protection: Enable to prevent unauthorized use of your images
i. User Agent Blocking: Configure to block specific user agents if needed

8. UFW Firewall Configuration

Properly configuring your firewall is crucial for security:

a. Allow incoming traffic on ports 80 and 443:
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

b. Enable the firewall:
sudo ufw enable

9. Secure Remote Access with Tailscale

Instead of exposing SSH, use Tailscale for secure remote access:

a. Ensure Tailscale is running on your server and client devices
b. Use Tailscale’s IP address to SSH into your server:
ssh user@tailscale-ip

Conclusion

By following these steps, you’ve securely deployed your website using port forwarding, Cloudflare integration, and Nginx Proxy Manager. Remember to regularly update your systems and monitor your configurations to maintain a secure web presence.