currently I’m running umbrelOS on my RaspberryPi 5 locally on my home server.
My goal was to access installed apps from the internet with SSL and a valid (sub-)domain like so:
https://wordpress.example.com
routing to local umbrel IP and Port of wordpress or any other app you want to install ->
http://192.168.1.25:8567Here is how to do it:
⚙️ Prerequisites
- umbrelOS installed and running (e.g., on Raspberry Pi or Debian server)
- Zoraxy installed as an Umbrel app (via Umbrel App Store)
- A domain or dynamic DNS address (e.g.,
example.comorumbrel.example.com) - Access to your router for port forwarding
- Basic understanding of local IPs and ports
Small warning before you start:
⚠️ Security Risks
Opening your home server to the internet can expose it to constant scanning and automated attacks. Hackers often target weak passwords, outdated apps, and misconfigured reverse proxies. A single exposed port or forgotten app could give attackers access to your entire system.
🔐 Privacy Concerns
Self-hosting gives you control, but also full responsibility. Any mistake in network or DNS configuration could accidentally leak private information or make internal services publicly visible.
If you don’t know what you are doing then please first get comfortable with network security.
Funny story:
I set this up yesterday, and when i checked Zoraxy this morning I already saw multiple unknown IP addresses from various countries which where trying to scan my local setup.
If you want to be on the safe side you can check out Cloudfare Tunnel.
🔌 Step 1: Configure Router Port Forwarding
To make Zoraxy reachable from the internet, you’ll need to forward two ports in your router:
| External Port | Internal Port | Target Device | Description |
|---|---|---|---|
| 80 (HTTP) | 41080 (Zoraxy) | Umbrel IP | Redirects to HTTPS |
| 443 (HTTPS) | 41443 (Zoraxy) | Umbrel IP | Secure access |
⚠️ Important:
Don’t forward any other ports (like 8567 or 22). Zoraxy will handle the routing internally.
⚙️ Step 2: Access Zoraxy Dashboard
- On your local network, open
http://umbrel.local:8000
(or by local IP, e.g.http://192.168.1.42:8000) - Login with your Zoraxy admin credentials.
- Go to Create Proxy Rules.
Step 3: Add the domain for your App
Example of domain matching keyword:aroz.org
Any acess requesting aroz.org will be proxy to the IP address below
Subdomain
Example of subdomain matching keyword:s1.aroz.org
Any request starting with s1.aroz.org will be proxy to the IP address below
- Enter your Umbrel IP as Target IP with the Port assigned to the App you want to access e.g.:
192.168.1.42:8567
Step 4: Add SSL Certificate
Go to:
HTTP Proxy -> your site -> TLS / SSL -> Get Certificate
Enabled ACME Auto-Renewer
🧱 Step 5: Keep Umbrel Private
Zoraxy should be the only service exposed to the internet.
Umbrel’s web dashboard (port 80) must not be publicly accessible.
If you notice your example.com points directly to Umbrel’s login page, update your router’s port forwarding to send port 80/443 to Zoraxy, not Umbrel directly.
🛡️ Step 6: Secure and Monitor
To keep your setup safe:
- Use strong admin passwords (Umbrel + Zoraxy + WordPress)
- Keep Umbrel and Zoraxy updated
- Enable Zoraxy’s built-in rate limiting and auth protection
- Consider using Fail2Ban or UFW firewall on the host OS
🥳 Step 7: Enjoy!
You can now access your WordPress installation at:
https://wordpress.example.com
Leave a Reply