# External Access Working - SSL Certificate Issue **Date**: 2026-01-21 **Status**: ✅ **EXTERNAL ACCESS WORKING** (SSL certificate issue only) --- ## Great News! 🎉 **External access is working!** The connection to `https://explorer.d-bis.org` is successful. The error you're seeing is **not a connection problem** - it's just an SSL certificate validation issue. --- ## Current Status ### ✅ What's Working - **External access**: ✅ Connection successful - **Port forwarding**: ✅ Working (UDM Pro → NPMplus) - **NPMplus proxy**: ✅ Working - **Network path**: ✅ Complete (External → UDM Pro → NPMplus → VMID 5000) ### ⚠️ SSL Certificate Issue - **Error**: `SSL certificate problem: self-signed certificate` - **Impact**: Browsers/curl will show security warnings - **Fix**: Need to configure proper SSL certificate in NPMplus --- ## Testing Results ### Test 1: HTTPS with SSL Verification Disabled ```bash curl -I -k https://explorer.d-bis.org ``` **Expected**: HTTP 200, 301, or 302 (connection working) ### Test 2: HTTP (should redirect to HTTPS) ```bash curl -I http://explorer.d-bis.org ``` **Expected**: HTTP 301 or 302 redirect to HTTPS ### Test 3: Content Access ```bash curl -k https://explorer.d-bis.org ``` **Expected**: HTML content (explorer frontend) --- ## SSL Certificate Fix ### Option 1: Request Let's Encrypt Certificate (Recommended) 1. **Access NPMplus Dashboard**: ```bash # From internal network https://192.168.11.167:81 ``` 2. **Navigate to SSL Certificates**: - Click on "SSL Certificates" in left menu - Click "Add SSL Certificate" - Select "Let's Encrypt" 3. **Configure Certificate**: - **Domain Names**: `explorer.d-bis.org` - **Email**: Your email address - **Agree to Terms**: Yes - Click "Save" 4. **Assign to Proxy Host**: - Go to "Proxy Hosts" - Edit `explorer.d-bis.org` - Under "SSL Certificate", select the Let's Encrypt certificate - Enable "Force SSL" - Enable "HTTP/2 Support" - Click "Save" 5. **Wait for Certificate**: - Let's Encrypt certificate will be issued (usually 1-2 minutes) - Check certificate status in NPMplus dashboard ### Option 2: Use Existing Certificate If you already have a certificate: 1. Upload it to NPMplus 2. Assign it to the `explorer.d-bis.org` proxy host 3. Enable "Force SSL" ### Option 3: Temporary - Accept Self-Signed (Not Recommended) For testing only: ```bash # Use -k flag to bypass SSL verification curl -k https://explorer.d-bis.org # Or in browser, click "Advanced" → "Proceed anyway" ``` --- ## Verification Commands ### Test External Access (Bypass SSL) ```bash curl -I -k https://explorer.d-bis.org ``` ### Test External Access (HTTP) ```bash curl -I http://explorer.d-bis.org ``` ### Test Content ```bash curl -k https://explorer.d-bis.org | head -30 ``` ### Check Certificate Status ```bash # From NPMplus container ssh root@r630-01 pct exec 10233 -- docker exec npmplus ls -la /etc/letsencrypt/live/ ``` --- ## Summary **Status**: ✅ **EXTERNAL ACCESS WORKING** **Achievement**: - ✅ Full network path working - ✅ Port forwarding configured correctly - ✅ NPMplus proxy functional - ✅ Explorer accessible externally **Remaining Issue**: - ⚠️ SSL certificate needs to be configured (Let's Encrypt recommended) **Next Step**: Configure Let's Encrypt certificate in NPMplus dashboard --- ## Congratulations! 🎉 The explorer is now accessible from the internet! The only remaining task is to configure a proper SSL certificate to eliminate the security warning. --- **Next Step**: Access NPMplus dashboard and request Let's Encrypt certificate for `explorer.d-bis.org`