NGINX Proxy Manager Setup

SYSTEM INFORMATION
OS type and version AlmaLinux 9.5
Webmin version 2.202

I’ve setup NGINX Proxy Manager (the gui version https://nginxproxymanager.com/). I’ve also read the faq on setting up a reverse proxy and for the most part everything works. I’ll describe my network setup below - im not giving my real ip addresses for obvious reasons. Just want to point out that this is not a homelab but I PLAN to host various projects, dev and production (Im a software developer)

Here is my network setup in case you need to understand how everything is put together
Bare metal server from Hetzner with two ip addresses 49.11.44.6 and 49.11.44.19
I have a proxmox hypervisor setup for all my vms and containers and an opnsense firewall for port forwarding everything else sits on 192.168.1.xx
Proxmox uses 49.11.44.19 and my WAN is 49.11.44.6 and NGINX sits seperately in its own container (lxc) and handles all the http/https traffic.

Issues: First issue was setting up Webmin behind a proxy. Most everything works well except the usermin/webmin port redirects. NGINX proxy manager handles the Lets encrypt part and stores the certificates on its own container 192.168.1.103 while my webmin sits on 192.168.1.120.
There is no need for me to use the virtualmin le certificates (wil that be a problem?) and if so can I turn it off (server templates? or do I have to go into the config?). Everytime I setup a website it tries to create the cert - don’t need this anymore.
The other issue is NGINX doesn’t like the 10000 and 20000 port redirects - certs don’t work and I can’t log in because it says insecure/not trusted and password fails on http. To overcome this I created usermin.domain.com in nginx that points to 20000. That allows me to log in but won’t load emails- to overcome this I went into usermin configuration and added the new domain to Trusted referrers. BUT when logging in on usermin it automatically redirects to :20000 after successful login — Can I turn this off? I already have a domain pointing to 20000 so would like to prevent this redirect -how and where to disable?

Now referring to the faq here: FAQs | Webmin
How to handle the certs in the HostBlock? Is it necessay to create a host block for this configuration?

If the HTTPS connection is terminating at the proxy, you should not have HTTPS enabled when creating domains in Virtualmin.

Also, this is a bunch of different questions. I would encourage you to split this up into concise questions about specific problems, not the whole project of running behind a proxy. You’re not going to get good or concise answers when there are so many questions in one topic.

https://forum.virtualmin.com/guidelines

When I create a Virtual server there is no option to disable HTTPS. By disabling HTTPS do you mean this from web configuration?

No, I mean Apache SSL Website in the Create or Edit forms:

It’s also a Feature in Features and Plugins, if all of your domains will be setup behind a proxy that terminates TLS connections. You’ll need to disable it on all existing domains before disabling it on the Features and Plugins page.

Note that this means any other services hosted on the system will not be able to use Let’s Encrypt certs managed by Virtualmin. If you’re doing anything else on this system besides host websites, you’ll most need to solve certificate management yourself. For stuff like Webmin/Virtualmin itself, I would probably recommend a non-proxied name that can be used to fetch LE certs. That may or may not be appropriate for other services.

Step 1 Disable Default for Apache SSL website

Step 2 Disable on the Virtual server (it will be visible now.)

Thanks Joe and Stefan…will implement as suggested