NginxProxyManager
Please help~ loosing my marbles here
Hello! non developer here, I barely understand what I am doing and the terminology please help me understand something.
I am trying to set up paperless-ngx.
I have a Toshiba laptop (let's call it "server"). On this laptop i have installed Debian 13. I set up the domain on this laptop to be home.arpa, because that's what i read online i should do.
If i do hostname -I i get 2 IP's 192.168.1.44 and 172.17.0.1 hostname -i i get 127.0.1.1
I want to install paperless-nxg on this laptop. I want this laptop to be a "server" (?) for paperless-ngx so that my mom can use her laptop or her phone to access paperless-ngx interface and use it, in the local network (in my home) as well as outside the home (over the internet). Obviously i am trying to have a "secure" setup where my mom can access paperless-ngx interface just typing a name in the browser not an IP (does this means DNS resolve? ) which from what i understand requires a domain and a certificate. Also apparently i need to get a domain (i am using duckdns) and some how do something with NPM and that domain and Pihole.
Long story short i got stuck into the "Pihole Nginx Proxy Manager Reverse Proxy paradigme" and i feel like i 'm goanna lose my marbles. I tried any possible tutorial on youtube, nothing works.
I tried docker compose and i tried installing pihole on "baremetal" ? i manage to get pihole to work, i manage to get NPM to start on docker, but i can't access the NPM interface, no matter what.
I even managed to have pihole on port 81 and NPM on port 80. I added unbound to this hole mess, and still, can't access NPM.
Now, here's the thing, i am begin to suspect i don't really now what i am trying to obtain. I think i want to self host a service (paperless-ngx) on my own server (my Toshiba laptop with Debian 13) in my local home network which has a standard router that connects my 3 laptops to the internet via wireless. There are 3 laptops. A windows 10 one and 2 linux ones. The Toshiba laptop (server) is connected to the router with a cable.
If some one can help me out understand what i am trying to do and how i could do it, i would be amazingly grateful. Please don't suggest solutions that require to buy a NAS or a pi or something. This is my setup and i have to use it as it is.
You don't need pihole. You need to simply get NPM set up and working then you can add things like pihole later if you choose. I assume you have docker installed and functioning. If so, you should be able to get NPM running using the docker-compose.yml file from their install instructions in the readme. Make sure on your router to port forward ports 80 and 443 to your 192.168.1.44 IP address AND set an address reservation on that MAC address so it doesn't change. This lets the outside world talk to NPM so it can proxy subdomains where you want them in your internal LAN.
Once it is up, hit the ui at http://192.168.1.44:81 and set up your proxy host for paperless-ngx at the duckdns.org subdomain you choose for it, for example paperless.myduckdns.duckdns.org might be your subdomain. I assume paperless-ngx is on the same dockerhost, if not adjust the IP address, but you forward the paperless subdomain to scheme: http IP : 192.168.1.44 and port: 8000
Assuming no errors, you should be able to get to paperless-ngx at http://paperless.myduckdns.duckdns.org
You can add SSL if you chose once you get this working.
@sleighton Thank you kindly for your response. I actually managed to make the reverse proxy with NPM and Pi-hole in the end. The issue was a mistake in the docker-compose.yaml file of my project, where i used a wrong syntax for the volumes:. Docker compose would start the container and create the network without any error message but kept resetting. I found the error in the docker container log. I can now enter NPM web UI from my windows laptop by typing the duckdns domain name in the browser and i can log in with ssl.
It's working for now as a test, but i am afraid that setting up paperless will be a new adventure. First i don't know what's the better way to install it. Bare metal or using docker compose?
I would prefer just installing it directly on my server because it's easier for me as i am not that familiar with docker and docker compose. But i presume i would have to connect it with NPM which currently is running in a docker container because i don't know how to install NPM on the machine. I can find info on how to install Nginx with sudo apt install nginxPlus there are a lot of other servers that need to be started like Redis Broker and databases and users and so on. I will have to do a deep dive in the manuals.
What would be a better approach as to have best security and be able to integrate with databases and Redis and all that, install everything baremetal or using docker compose?
I hope you would be so kind to give me your feedback. I understand this is not paperless-ngx github, but it's difficult to find good advice and i hope you'll get back to me again if you don't mind. Trying to learn linux and networks and webadmin trough internet research and youtube tutorials is pure madness and your advice is very helpful.
@marioteodoru Glad to hear you got it working. Personally, it's a no brainer to me, I would use docker to install paperless. That makes it simple AND easy to keep all the pieces up to date. The github site has compose files that are all set up for whatever database backend you decide to use, simply make your decision, follow the instructions and you are in business. I'd probably use mariadb but you have choices. https://github.com/paperless-ngx/paperless-ngx/tree/main/docker/compose
Good luck!
Another comment on security: If you currently struggle with setting up all those things, I would recommend to not open a port and giving access to everybody out there to your paperless instance and in worst case even more. Even though there is a login screen and so on. Instead I would recommend to start with a running a VPN, like WireGuard, on your "server" or if your router supports it maybe directly there. FritzBox has such a feature for example. This should be easy to setup in a way so that you and your family can use the VPN to access your hostet services, but no one else. And I think many can be configured in a way that only when you access your home server, the tunnel is used and for other traffic it goes directly to the "internet".
Also ensure to have backups for paperless and other services.
For further basic questions I recommend using an AI of your choice to describe your needs and what you have. They can esily setup docker compose files or help you identifying issues. And there are lots of them out there for free. And if one has reached its free limit you can just continue with another one ;)
@Peyos Thank you kindly for your advice. I did had to port forward 80 and 443 to my server so i could connect with my NPM over the internet. I did this in the router.. I presume it has some sort of a firewall or something. It has a port forward panel. I guess that's what is there for so i didn't thought too much about it. honestly, i have no idea what that did, except now i can connect with NPM from a different laptop. Anyway, I don't have any data on this laptops it's just bare OS. Nevertheless, I will do VPN thing.
Regarding AI, I've been using AI since this whole thing started back in 2020. I would not recommend it! In my personal experience, AI will give you wrong, hallucinated instructions, with the confidence of lieutenant Data freshly promoted to ship captain . I consider myself experienced in using LLM's, because as i said been tinkering with it for 5 years and except some nice images, I have to say I couldn't get AI to do anything. I wasted 3 months of my life trying to do a project in Python using various AI's and let me tell you, for me, never again.
I mean it's irrational, to use a tool that we clearly know it can hallucinate and it will hallucinate by design, and we all know this and still we try to use it. Madness.
