impulsivefps
/
homarr-dashboard
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
homarr-dashboard/REMOTE_NPM.md

3.5 KiB
Raw Blame History

🌐 Remote NPM Configuration Guide

Your NPM is on a different machine. Here are your options:

Option 1: NPM → Host IP (Recommended)

Since ports are exposed on the host, configure NPM to proxy to this machine's IP.

Step 1: Find This Machine's IP

# On the Homarr machine
ip addr show | grep "inet " | head -5
# or
hostname -I

Example: 192.168.1.50

Step 2: Configure NPM

In your NPM (on the other machine), add these Proxy Hosts:

Dashboard (Homarr)

Setting Value
Domain Names dashboard.lemonlink.eu
Scheme http
Forward Hostname/IP 192.168.1.50 (Homarr machine IP)
Forward Port 7575
Cache Assets
Block Common Exploits

System Monitor (Dash.)

Setting Value
Domain Names system.lemonlink.eu
Scheme http
Forward Hostname/IP 192.168.1.50 (Homarr machine IP)
Forward Port 3001

SSL Tab: Request SSL certificate, Force SSL

Step 3: Firewall

Ensure the Homarr machine allows connections from NPM machine:

# On Homarr machine (if using UFW)
sudo ufw allow from NPM_MACHINE_IP to any port 7575
sudo ufw allow from NPM_MACHINE_IP to any port 3001

# Or allow from local network
sudo ufw allow from 192.168.1.0/24 to any port 7575
sudo ufw allow from 192.168.1.0/24 to any port 3001

Option 2: Cloudflare Tunnel (No NPM Needed)

If you don't want to use NPM at all, use Cloudflare Tunnel:

Step 1: Create Tunnel in Cloudflare

  1. Go to Cloudflare Zero Trust
  2. Access → Tunnels → Create Tunnel
  3. Choose Cloudflared
  4. Name: homarr-tunnel
  5. Copy the token (looks like: eyJh...)

Step 2: Configure Stack

Edit portainer-stack.yml:

  1. Uncomment the cloudflared service section
  2. Add tunnel token to environment variables

Step 3: Add Public Hostnames

In Cloudflare dashboard, add:

Public Hostname Service
dashboard.lemonlink.eu http://homarr:7575
system.lemonlink.eu http://dash:3001

Option 3: Tailscale/WireGuard Mesh

If both machines are on Tailscale:

  1. Find Homarr machine's Tailscale IP: tailscale ip -4
  2. Use that IP in NPM instead of LAN IP
  3. More secure - encrypted tunnel

🔒 Security Considerations

With Remote NPM

  • Use firewall rules to restrict port access
  • Consider VPN/Tailscale between machines
  • Don't expose ports 7575/3001 to internet directly

Recommended: Bind to Specific Interface

If you want to be extra secure, edit portainer-stack.yml:

ports:
  - '127.0.0.1:7575:7575'  # Only localhost (need reverse proxy on same machine)
  # OR
  - '10.0.0.5:7575:7575'   # Bind to specific internal IP only

Checklist

  • Find Homarr machine IP
  • Add Proxy Hosts in NPM
  • Configure firewall rules
  • Test access via domain
  • Enable SSL certificates

🆘 Troubleshooting

Connection refused from NPM

# On Homarr machine, check if ports are listening
ss -tlnp | grep -E '7575|3001'

# Check if binding to all interfaces or just localhost
docker inspect homarr | grep -A 5 "Ports"

Firewall blocking

# Check UFW status
sudo ufw status verbose

# Check iptables
sudo iptables -L -n | grep 7575

Wrong IP in NPM

Make sure you're using the IP that's reachable from the NPM machine:

  • Same LAN: Use local IP (192.168.x.x)
  • Different networks: Use Tailscale IP or VPN IP