r/nginx | reddlx

I've been using Nginx for a long time to reverse proxy a number of local servers.

Yesterday my Home Assistant server configuration stopped working while using the local FQDN with a 502 Bad Gateway. I changed to the IP in Nginx, and it started to work again.

I use Pihole for local DNS. Nginx, Pihole and HA are on Proxmox VMs.

I SSHed into the Nginx server. nslookup resolved the correct IP address for HA. I can ping both the FQDN and IP for HA from Nginx server. I tried Curl to both the FQDN and IP... and both work.

So, the Nginx server can see the home assistant server, but the reverse proxy only works using the IP address. I guess I'm ok with that as I don't expect to change the IP address any time soon, but why would this suddenly stop working?

I did change out my router and firewall (EdgrouterX to Unfi Gateway), but the server can still see the HA server. It seemed fine for a few days... and now it fails on the FQDN. Does Nginx use a different port/method for DNS than the underlying Linux server?

reddit.com

u/sandiegosteves — 6 days ago

▲ 47 r/nginx

Self-hosted certificate lifecycle platform with NGINX as a first-class deployment target. https://certctl.io

Every commercial CLM platform ships a control plane that natively integrates with maybe 60% of what the customer actually runs. The other 40%, the load balancers, the app servers, the in-house systems, the regional CAs, the niche issuance protocols, gets bridged via custom plugin frameworks. Those plugins exist *because the platforms didn't ship native connectors*. They get written by professional-services architects on the vendor's payroll, billed back to the customer at $250–$400/hr, hundreds of hours in year one alone, on top of a six-to-seven-figure license. The job titles vary by vendor. Solutions Architect, Implementation Architect, Accelerator Architect, Digital Trust Architect, but the work is identical: write the integration the platform should have shipped with.

The NGINX flow: agent on the box picks up a deployment job, writes the cert and key to disk, runs nginx -t to validate, then triggers a graceful reload. If nginx -t fails, the deploy aborts before reload and the previous cert keeps serving.

Cert sources: Let's Encrypt and any ACME CA via a built-in client, an embedded ACME server (RFC 8555 + RFC 9773 ARI) for pointing internal services at directly, a built-in local CA (with sub-CA mode for chaining under an existing enterprise root), step-ca, Vault PKI, EJBCA, AWS ACM PCA, Google CAS, DigiCert, Sectigo, GlobalSign, Entrust, plus an OpenSSL / shell-script adapter for anything custom.

Agent-based: private keys never leave the box. ECDSA P-256 keys generated locally on each NGINX server, CSRs submitted to the control plane, signed certs returned and deployed.

The same agent supports Apache, HAProxy, Caddy, Traefik, Envoy, IIS, Windows Cert Store, Java keystore, Kubernetes Secrets, AWS ACM, Azure Key Vault, SSH, Postfix, F5 BIG-IP alongside NGINX. Fifteen target types in one Go binary.

Renewal policies trigger automatically on configurable thresholds. Expiry alerts at T-30/14/7/1 days to email, Slack, Teams, PagerDuty, OpsGenie, or webhook. HTTPS-only control plane, TLS 1.3 pinned, fail-closed startup gate. PostgreSQL backend, React dashboard, REST API, CLI.

Quickstart on the website. 60 seconds to a seeded demo.

Try it

git clone https://github.com/certctl-io/certctl.git
cd certctl && docker compose -f deploy/docker-compose.yml up -d
open https://localhost:8443

BSL 1.1 license. Free to self-host and modify, you just can't resell as a hosted service. Every feature ships free under BSL.

Treat as alpha for production. Lab and dev testing reports filed as GitHub issues are the most valuable feedback right now.

u/certctl — 9 days ago

▲ 47 r/nginx+1 crossposts

Learn Nginx from the ground up with this complete guide and cheatsheet. From installing the latest version to configuration, security, and performance optimization.

u/obayed_opu — 7 days ago

▲ 2 r/nginx

I'm trying to self-host a website. I got a domain from Porkbun (let's say its "my.domain"), and I am trying to figure out why I can't access my website from the internet. When I forward ports 443 and 80, I can access my website from my public ip address but not from the domain name.

Here's my nginx.conf:

 server {
                listen [::]:443 ssl ipv6only=on;
                listen 443 ssl;

                server_name my.domain;

                ssl_certificate /etc/letsencrypt/live/my.domain/fullchain.pem;
                ssl_certificate_key /etc/letsencrypt/live/my.domain/privkey.pem;

                location / {
                        proxy_pass http://localhost:8088;
                }
        }

        server {
                if ($host = my.domain) {        
                        return 301 https://$host$request_uri;
                }
                listen 80 default_server;
                listen [::]:80 default_server;

                server_name my.domain;
        }

reddit.com

u/rosseg — 7 days ago

▲ 11 r/nginx

Hola.

Armé un script que instala y compila un stack completo de Nginx con:

- QUIC / HTTP3

- ModSecurity + OWASP CRS

- Brotli

- GeoIP2

- Módulo no_more_headers

Probado en:

- Ubuntu 22.04

- Ubuntu 26.04

⏱️ Tiempo de instalación:

~8 minutos (10 threads @ 4.0GHz, 4GB RAM, SSD)

---

Lo interesante:

- Mantiene rutas estándar tipo apt (/etc/nginx, /usr/sbin/nginx, etc)

- Usa fuentes oficiales (nginx + módulos desde GitHub)

- Integra ModSecurity funcional con reglas OWASP listas

- Detecta/instala PHP automáticamente para FastCGI

- Selección de núcleos para compilar

- Certificado TLS autofirmado.

---

Limitaciones:

- Si quieres actualizar Nginx → requiere recompilar

- No es compatible con repos tipo ondrej/php

- No está pensado para producción sin revisión previa

- Limpieza manual con flag despues de instalar:

sudo ./ngx-shield.sh --cleanup

---

╭┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈ ↷
│ ┆ ✐; UPDATES DE SCRIPT
│
│ ┆ ✐; Se espera que a mitad de mayo/2026 se integre selector de módulos
│
│ ┆ ✐; Se integre update automático con pre autorización
╰───────────────────────────

También dejo screenshots:

Compilación e Instalación

Request bloqueado y HTTP 403

ngx-shield

Cualquier feedback es bienvenido.

reddit.com

u/Funny_Rope977 — 9 days ago