DieFalse

That would not be feasible as the docker utilizes the host itself for the networking as there are no ports or adapters configured. The config should be adjustable for additional per the CloudFlareD Documentation, just havent tried it yet. I believe it would require a business or paid cloudflare plan though. The only way without a paid account I can see so far (or without multiple daemons) is to create a CNAME on the one domain that points to the other. The other alternative that appears to work is multiple containers with different names and appdata folders as Kira mentioned. - Given how lightweight the docker is, this seems to be the absolute best way.

I have this question also.

Secondary server - hard to access - non-critical error.

The hardware memory issue only exists in the secondary server - the issue existed in both servers. The memory issue has been present for the last 6 version releases.

I get a timeout error - it never loads. SSH / NFS works - however file transfers themselves do not. They timeout. I rolled back one of the two servers and its still experiencing the issue. I can access the server all ways except webgui on my primary pc. Wireshark pcap didn't reveal anything. ------- Strangely enough - today I can access and login to both servers webgui ---- with NOTHING changed Diag from when it wasn't working gsa-diagnostics-20210426-1109.zip

I was thinking it was in the release notes. Im wondering if for some reason it is blacklisting my desktop. Where can I check the Fail2Ban config / what is blocked or add any whitelist (IE My home subnet)

Ok - so I have made some progress - I can access the webgui from another device on the network. It seems my primary PC is blocked from accessing the WebGui.... Is there an Fail2Ban or similar item that would blacklist my connection to ports 80/443?

Thanks; I am having trouble pulling the diagnostics even with SCP. I will keep trying and once I can gain physical access again tonight will copy them manually also. CURL IP of host results in a time out also. root@GSA:/mnt/user/www# sha256sum /boot/bz* 7216239d48d9f276c65fd1bce5c80d513beadde63f125bbb48b97228f4e3db1c /boot/bzfirmware debc904556b518fc6ea2bf7c679b86d8b99ad978b321fad361c25d829ecb7460 /boot/bzfirmware.sha256 1a7dd82250acf93b711633bbf854cc90a03465bb32c3cec4d56a0355cfc10096 /boot/bzimage b9098fd8dc1f1e3fa594a54864a1e0ede7c2d41d750564e8168b2ab406c3ec3f /boot/bzimage.sha256 75be3470b4536272062f4673ef21726da1d54b7bde5e264254e5df77c87c40a0 /boot/bzmodules 9de395254b24ddb1c52c2d9f22e613567ef61659dab837777f41c25ae0bafa5b /boot/bzmodules.sha256 7692d002882cc96760d5f1a98b23e4c8872f6b8d2233bfcdec7e6331802b0cf1 /boot/bzroot 9fa3228cebfdd48eb5d78f44a1272231e9d1e0944b54e08c18f2aa315b8e148f /boot/bzroot-gui 52f7f3e9118f8b96db00ea8cbe795baf48bddb6ed2be08cf54af81e66ff17ab6 /boot/bzroot-gui.sha256 12ce4274dcb3f3422c1e0f9fcc37bc3f0aef9c834a19c25da06a21c2ce52303f /boot/bzroot.sha256 root@GSA:/mnt/user/www# head -n 1 /boot/changes.txt ## Version 6.9.2 2021-04-07

I have SSH and direct server connected GUI / Terminal access. The web pages will not load on either. The only change was upgrade to the latest stable release. I am beggining this ticket to see if its a known issue I may have missed in my search or if any generic steps are available - IE: how to check the default host webserver status etc? Diagnostics pending

Do not go with a r420 or Rx20 for your office if you need it to be quiet. These are made for datacenters and are not considered quiet. Mine are installed in an area I dont hear, and yes have way more than 16tb in each.

NX = No Execute Mode PSS = Power Supported State You can safely have both off.

Do you have Discord or some other online messenger? Can you PM me your info so I can troubleshoot directly with you. I feel we can solve this rapidly that way.

NAT Loopback and DNS Rebinding are completely different. Plex uses "HASH".plex.direct to create dns entries or proxy to your server. the domain.com/plex service uses this. You can verify this is being done by visiting the /plex location and reviewing the certificate, which you will find is issued to plex.direct. I feel that something is interrupting the connection to /plex (XML-Plugins-API) interface causing you this issue. Can you create another /anything and point it to a known working interface? sonarr/radarr/npm If this works, then the config is working and creating the location properly. It would show that its something needed in advanced config or your router. If its not working, it shows that its NPM not creating the location correctly. Notes: DNS Rebinding Some routers or modems have a feature known as “DNS rebinding protection”, some implementations of which can prevent an app from being able to connect to a Plex Media Server securely on the local network. For most users, this won’t be an issue, but some users of higher-end routers (or those provided by some ISPs) may run into problems. Similarly, some DNS providers (including some ISPs) may have this feature. DNS rebinding protection is meant as a security feature, to protect insecurely-designed devices on the local network against attacks. It provides no benefit for devices that are designed and configured correctly.

Hi Tucubanito07, The npm-01 that had the corrupt PEM would need its "conf" file deleted from the app data. You can copy the conf to another folder and review it to recreate that proxy host. When you delete that conf, NGINXProxyManager will load all but that host that is corrupted. (which sometimes can be more than one) you would then re-add that proxy host. Example: npm-01 = jimmy.domain.com Delete conf (/etc/letsencrypt/renewal/npm-1.conf) Load NPM Review hosts for missing one or review the conf file for the missing host info and re-add. However, if its multiple, then you will have to delete the others in the log with the same error of nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/npm-1/fullchain.pem": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) Alternatively you can go to each PEM (certificate folder) and check the fullchainX.PEM (x being whatever number it is in the dir) for validity. https://ma.ttias.be/nginx-ssl-certificate-errors-pem_read_bio_x509_aux-pem_read_bio_x509-ssl_ctx_use_privatekey_file/ openssl x509 -text -noout -in /etc/letsencrypt/live/npm-1/fullchain.pem

You're welcome. It appears somehow your fullchain.pem became corrupted (likely blanked out). Rebuilding would fix this.

As I have said, I have mine configured and working. One thing I am thinking you may have an issue with /plex/ goes to a ".plex.direct" url by translation. Do you have DNS Rebinding allowed for "plex.direct"? If not, ONLY IP:32400/plex will work. If so, then domain.com/plex/ will work.

Check certs 6,7,12,13,20 as those are erroring. Are those files there? I suspect not. In which case, you will have to delete those hosts and recreate or manually force those to regenerate.

/mnt/cache/appdata/NginxProxyManager/letsencrypt/archive/npm-20

Can you check the archive folder for the originals please?

Have you checked the "/etc/letsencrypt/live/npm-20/" or any of the //etc/letsencrypt/live locations to see if the fullchain.pem is there? It seems the symlinking is broken for them. Example: drwxrwxrwx 1 nobody users 94 Dec 9 17:01 ./ drwx------ 1 nobody users 138 Dec 11 16:39 ../ -rw-rw-rw- 1 nobody users 692 Jul 30 14:01 README lrwxrwxrwx 1 nobody users 29 Dec 9 17:01 cert.pem -> ../../archive/npm-1/cert3.pem lrwxrwxrwx 1 nobody users 30 Dec 9 17:01 chain.pem -> ../../archive/npm-1/chain3.pem lrwxrwxrwx 1 nobody users 34 Dec 9 17:01 fullchain.pem -> ../../archive/npm-1/fullchain3.pem lrwxrwxrwx 1 nobody users 32 Dec 9 17:01 privkey.pem -> ../../archive/npm-1/privkey3.pem

Have you created/configured "proxy.conf" and placed it where it wants it? An alternative to the proxy.conf file is setting those options in the advanced nginx settings of the advanced location (gear cog). However I am not proficient with how to format them for this location. client_max_body_size 10m; client_body_buffer_size 128k; proxy_bind $server_addr; proxy_buffers 32 4k; #Timeout if the real server is dead proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; # Advanced Proxy Config send_timeout 5m; proxy_read_timeout 240; proxy_send_timeout 240; proxy_connect_timeout 240; proxy_hide_header X-Frame-Options; # Basic Proxy Config proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_redirect http:// $scheme://; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_no_cache $cookie_session; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; client_max_body_size 10m; client_body_buffer_size 128k; proxy_bind $server_addr; proxy_buffers 32 4k; #Timeout if the real server is dead proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; # Advanced Proxy Config send_timeout 5m; proxy_read_timeout 240; proxy_send_timeout 240; proxy_connect_timeout 240; proxy_hide_header X-Frame-Options; # Basic Proxy Config proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_redirect http:// $scheme://; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_no_cache $cookie_session; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade";

@CorneliousJD I think I finally, through troubleshooting, figured out a fix that will work for your environment. In you Organizr SSO Setup point it to the local IP/Docker IP of plex. http://IP:32400/plex I was digging in my sso settings and any local comm's go through these on my setup, only externally clickable links etc do not.

I successfully have plex.domain.com setup and working. I also have plex.domain.com/plex working. 401 Unauthorized - is expected, IF you are not logged in for the /plex to work. However my /plex location is https not http, is yours?

You can add your TLD example.com and under custom locations point it to /plex.

I have updated and found that the Webgui now supports DNS challenge. Has anyone successfully gotten this to work with Ionos? (1and1.com)? I would really like a wildcard to be able to load to local resources.