I’m trying to get SSL working on my home network setup. Here’s what I have:
Network layout:
ISP modem connects to TP-Link controller which feeds into Proxmox server
Running Pi-hole and Nextcloud as separate VMs
Got Nginx Proxy Manager in a container
I own a domain name but want to keep everything internal only. I’ve configured NPM with valid SSL certs for “internal.mydomain.com” and “*.internal.mydomain.com” through Cloudflare integration. The certificates show as valid and active.
I created a proxy host entry in NPM pointing to my Nextcloud instance. The status shows as online.
Since Pi-hole handles my DNS, I added these local DNS records:
When I visit “internal.mydomain.com” in my browser, I get the NPM welcome page successfully. My Nextcloud works fine when accessing it by direct IP address, but “cloud.internal.mydomain.com” just times out and won’t load.
What’s the missing piece here? I’m still seeing browser warnings about Nextcloud’s self-signed certificate.
The timeout issue is happening because your reverse proxy isn’t actually processing the cloud.internal.mydomain.com requests. I ran into this exact problem when setting up my own homelab. Your Pi-hole DNS entry for cloud.internal.mydomain.com should point to the NPM container IP, not the Nextcloud VM directly. Think of it this way - NPM needs to intercept the request first, then decide where to forward it based on your proxy host rules. Once you fix that DNS entry, double-check your NPM proxy host configuration to ensure the forward hostname field contains your Nextcloud VM’s internal IP and correct port. The self-signed certificate warnings will disappear once NPM is properly handling the SSL termination. I’d also recommend checking your Nextcloud’s trusted_domains array in config.php to include cloud.internal.mydomain.com, otherwise Nextcloud might reject the proxied requests even when everything else is configured correctly.
Your DNS configuration is creating a conflict. You’ve set up two different DNS entries for the same domain structure - one pointing to NPM and another pointing directly to Nextcloud. This is likely causing the timeout issue. Remove the direct DNS entry for “cloud.internal.mydomain.com” that points to your Nextcloud VM IP. Instead, keep only the “internal.mydomain.com” entry pointing to NPM, and let NPM handle the routing based on the subdomain. The browser warnings about self-signed certificates suggest NPM isn’t properly proxying the SSL connection. In your NPM proxy host configuration, make sure you’re using the Nextcloud VM’s IP address and port in the forward hostname/IP field, not the domain name. Also verify that the SSL certificate in NPM covers the exact subdomain you’re trying to access. If Nextcloud is running its own SSL, you might need to enable “Force SSL” in the NPM proxy host settings or configure NPM to terminate SSL and forward HTTP to Nextcloud instead.
looks like your pihole dns entries are messed up. you only need one entry pointing cloud.internal.mydomain.com to your NPM ip, not the nextcloud vm directly. the whole point of reverse proxy is everything goes thru npm first then it forwards to backend services. also check if nextcloud is blocking the connection - might need to add the subdomain to trusted domains in config.php