I’ve been working on setting up SSL certificates for my home server but keep running into issues. My setup includes a Linux Mint machine running CasaOS with nginx proxy manager on port 81 and vaultwarden running on port 9090.
My network configuration:
- OPNsense router at 192.168.1.1 (gateway)
- Main server at 192.168.1.20
- Raspberry Pi running Pi-hole for DNS
- DuckDNS subdomain with wildcard SSL cert from Let’s Encrypt
The problem is that whenever I create a proxy host in nginx proxy manager, it keeps redirecting to my OPNsense login page instead of the intended service. For example, when I configure a proxy host with my DuckDNS domain pointing to 192.168.1.20:9090 for vaultwarden, clicking the generated link just brings up the router’s web interface.
I have Pi-hole configured with DNS entries pointing my subdomain to 192.168.1.20, and I can confirm DNS is working since Pi-hole shows blocked queries from network devices. The wildcard SSL certificate appears to be properly configured in nginx proxy manager.
Has anyone encountered similar redirect issues with nginx proxy manager? What could be causing the traffic to hit OPNsense instead of my intended services?
This sounds like a port forwarding configuration issue on your OPNsense router. When you access your DuckDNS domain from inside your network, the traffic is likely getting intercepted by the router before reaching your nginx proxy manager. I had a similar setup and found that OPNsense was capturing HTTPS traffic on port 443 for its own web interface. Check your firewall rules and make sure you have proper port forwarding configured to direct incoming traffic on ports 80 and 443 to your nginx proxy manager at 192.168.1.20. Also verify that OPNsense isn’t configured to use the same ports for its management interface. You might need to change the OPNsense web interface to use different ports like 8080/8443 to avoid conflicts. Another thing to check is whether you have NAT reflection enabled in OPNsense, which is often necessary for accessing internal services via external domains from within your local network.
I encountered something very similar when setting up my home lab environment. The redirect behavior you’re describing typically happens when nginx proxy manager isn’t properly binding to the correct network interface or when there’s a DNS resolution issue at the local level. Since you mentioned Pi-hole is handling DNS, double-check that your local DNS entries are pointing to the correct IP and that there aren’t any conflicting A records. What solved it for me was ensuring that nginx proxy manager was configured to listen on all interfaces (0.0.0.0) rather than just localhost. Also verify that your proxy host configuration in nginx proxy manager has the correct scheme selected - if vaultwarden is running HTTP internally but you’re trying to proxy HTTPS, make sure the forward scheme is set to HTTP in the proxy host settings. The fact that you’re getting the OPNsense login suggests the traffic is being intercepted before it reaches your server, which could also indicate a misconfigured default gateway or routing table issue on your server.
check if opnsense is using port 443 for its webui - that’s probly whats happening here. i had this exact issue and had to change opnsense to use port 8443 instead. also make sure your nginx container can actually reach vaultwarden on 9090, try curling from inside the nginx container first