That was the solution: UFW was blocking internal traffic. Running ufw allow from 172.16.0.0/12 fixed it.
Hello!
So until now, I’ve been self-hosting at home with my own machines, and this is the first time I’m working with a VPS.
I’m running Nginx Proxy Manager (NPM) and my application in separate Docker containers on my AlphaVPS VPS with the IP address 100.100.10.10. I’ve configured UFW to secure my server, and I’m trying to access my application through a domain using NPM, but I’m getting a 504 Gateway Timeout error.
Here’s what I’ve done so far with UFW:
1. Block All Incoming Traffic by Default
ufw default deny incoming
ufw default allow outgoing
2. Allowed Specific IPs
I’ve allowed specific IPs which are my home and work IP:
ufw allow from 100.100.10.11
ufw allow from 100.100.10.12
3. Allowed Ports for Nginx Proxy Manager
I’ve opened the necessary ports for HTTP (80) and HTTPS (443) to be accessible from the outside:
ufw allow 80
ufw allow 443
What I did in Nginx Proxy Manager:
- I created an A record for sub.domain.comthrough my registrar, pointing to the VPS IP (100.100.10.10).
- In Nginx Proxy Manager, I added a Proxy Host for the domain sub.domain.com, set the IP address (100.100.10.10), and the port of my application inside Docker (e.g., 8000).
- I also enabled SSL and requested a new certificate for sub.domain.com.
Issue:
Even after setting up everything, I’m facing a 504 Gateway Timeout error when trying to access my application through the domain name.
Could someone help me troubleshoot why I’m getting the 504 Gateway Timeout error? I might have done something wrong as my understanding of this is very basic. Could it be a problem with the UFW setup, or is there something wrong with the Nginx Proxy Manager configuration?
Thanks in advance for your help!
- Docker completely ignores UFW rules. If you check your ip tables you’ll see docker rules are put in before UFW. For the 504 though, it sounds like traffic is not getting to NPM. Have you routed ports 80 and 443 to the docker container? - Thanks for your answer. - So if Docker completely ignores UFW rules, how am I supposed to protect my VPS ? I’ve never done this before and I’m puzzled. - As for NPM, here’s the “ports” part of my docker-compose - ports: - '80:80' - '81:81' #GUI - '443:443'- The rules still apply to the host, just not inside the container. Docker is just ignoring the rules. If you block all ports but then have port 81 open like you do in that section of docker compose, you would think that UFW would block docker but thats not the case. Going to http://yourip:81/ will show then NPM gui, even if you specifically use ufw to block 81. If you only expose port 80 and 443, you should be fine. Your NPM container would have to be compromised then they would have to break out of the container. - Also I think your issue is with your DNS. You should have an A record for the IP pointing to example.com and then a CNAME record pointing to sub.example.com 
 
 


