I’ve been using HAproxy, but I want to run Authentik so I need to switch over to NGXPM. I’m running Authentik and NGXPM in a docker(as well as Nextcloud and Vaultwardern) on my OMV server. However, when I turn HAproxy off and forward 443 to the NGXPM docker my proxies work from outside my home network, but if i’m on my wireguard vpn(running on my pfsense box) i can only access the services if I use the local ip address. If i try to use the domain names(through cloudflare) I can’t connect to any of the servers. I set NAT to pureNAT and have NAT reflection turned on like I’ve seen posted here. Any ideas?
First thing to check is that the DNS resolves to the right address internally.
Sorry, I meant to put that in my first post. I’m using the DNS resolver and it seems to work with HAproxy but not NGXPM
It should be set to “Pure NAT” and while you can set that globally under System → Advanced → Firewall & NAT you can also set it under each rule so make sure that is set.
https://docs.netgate.com/pfsense/en/latest/nat/reflection.html
I have some troubleshooting tips in this video cover DNS and Certs
So i have a question about my rules and port forwards.
Should I set a port forward or a rule for NGXPM, I originally tried a port forward( the yellow arrow) and I’m unable to resolve hostnames. Should I have that as a rule instead like I do with HAproxy(the red arrow) and since I’m asking do I need the port forward and the rule (the green arrow) or should I use one or the other?
It would help if I better understood the layout, but if you want access to something behind the pfsense, you need a port forward.
Well your video’s helped so I have it working now, not exactly sure which change fixed it, 
but I had some time last night to fiddle with it and got it working. Now I just need to figure out why it’s not sending me to authentik to log in but that’s a question for another forum. BTW you are AWESOME!, I know this probably isn’t the place and i’m sure you hear this all the time but, your videos are some of the best out there for people like me that want to host their own servers and control their own data which IMO a hot topic these days in light of all the data breaches. I would have never switched from DD-WRT on my linksys router to a dedicated computer based router with pfsense without your videos, until I found your series it was too daunting a task for me to attempt. Thank you so much and keep at it, your support is greatly appreciated!
1 Like