# 🌐 Remote NPM Configuration Guide Your NPM is on a different machine. Here are your options: ## Option 1: NPM → Host IP (Recommended) Since ports are exposed on the host, configure NPM to proxy to this machine's IP. ### Step 1: Find This Machine's IP ```bash # On the Homarr machine ip addr show | grep "inet " | head -5 # or hostname -I ``` Example: `192.168.1.50` ### Step 2: Configure NPM In your NPM (on the other machine), add these Proxy Hosts: #### Dashboard (Homarr) | Setting | Value | |---------|-------| | Domain Names | `dashboard.lemonlink.eu` | | Scheme | `http` | | Forward Hostname/IP | `192.168.1.50` (Homarr machine IP) | | Forward Port | `7575` | | Cache Assets | ✅ | | Block Common Exploits | ✅ | #### System Monitor (Dash.) | Setting | Value | |---------|-------| | Domain Names | `system.lemonlink.eu` | | Scheme | `http` | | Forward Hostname/IP | `192.168.1.50` (Homarr machine IP) | | Forward Port | `3001` | **SSL Tab:** Request SSL certificate, Force SSL ✅ ### Step 3: Firewall Ensure the Homarr machine allows connections from NPM machine: ```bash # On Homarr machine (if using UFW) sudo ufw allow from NPM_MACHINE_IP to any port 7575 sudo ufw allow from NPM_MACHINE_IP to any port 3001 # Or allow from local network sudo ufw allow from 192.168.1.0/24 to any port 7575 sudo ufw allow from 192.168.1.0/24 to any port 3001 ``` --- ## Option 2: Cloudflare Tunnel (No NPM Needed) If you don't want to use NPM at all, use Cloudflare Tunnel: ### Step 1: Create Tunnel in Cloudflare 1. Go to [Cloudflare Zero Trust](https://one.dash.cloudflare.com) 2. Access → Tunnels → Create Tunnel 3. Choose **Cloudflared** 4. Name: `homarr-tunnel` 5. Copy the **token** (looks like: `eyJh...`) ### Step 2: Configure Stack Edit `portainer-stack.yml`: 1. Uncomment the `cloudflared` service section 2. Add tunnel token to environment variables ### Step 3: Add Public Hostnames In Cloudflare dashboard, add: | Public Hostname | Service | |-----------------|---------| | `dashboard.lemonlink.eu` | `http://homarr:7575` | | `system.lemonlink.eu` | `http://dash:3001` | --- ## Option 3: Tailscale/WireGuard Mesh If both machines are on Tailscale: 1. Find Homarr machine's Tailscale IP: `tailscale ip -4` 2. Use that IP in NPM instead of LAN IP 3. More secure - encrypted tunnel --- ## 🔒 Security Considerations ### With Remote NPM - Use firewall rules to restrict port access - Consider VPN/Tailscale between machines - Don't expose ports 7575/3001 to internet directly ### Recommended: Bind to Specific Interface If you want to be extra secure, edit `portainer-stack.yml`: ```yaml ports: - '127.0.0.1:7575:7575' # Only localhost (need reverse proxy on same machine) # OR - '10.0.0.5:7575:7575' # Bind to specific internal IP only ``` --- ## ✅ Checklist - [ ] Find Homarr machine IP - [ ] Add Proxy Hosts in NPM - [ ] Configure firewall rules - [ ] Test access via domain - [ ] Enable SSL certificates --- ## 🆘 Troubleshooting ### Connection refused from NPM ```bash # On Homarr machine, check if ports are listening ss -tlnp | grep -E '7575|3001' # Check if binding to all interfaces or just localhost docker inspect homarr | grep -A 5 "Ports" ``` ### Firewall blocking ```bash # Check UFW status sudo ufw status verbose # Check iptables sudo iptables -L -n | grep 7575 ``` ### Wrong IP in NPM Make sure you're using the IP that's reachable from the NPM machine: - Same LAN: Use local IP (192.168.x.x) - Different networks: Use Tailscale IP or VPN IP