mgutt Posted October 20, 2021 Author Share Posted October 20, 2021 13 hours ago, azkall said: Neel help reseting admin password! https://github.com/jc21/nginx-proxy-manager/issues/1172 https://github.com/jc21/nginx-proxy-manager/issues/230 Quote Link to comment
jafi Posted October 22, 2021 Share Posted October 22, 2021 Sorry if the problem is not with NPN. I have problem with nextcloud & NPN. I get this warning with nextcloud: Quote The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗. My config file for nextcloud for NPN: server { set $forward_scheme https; set $server "192.168.1.10"; set $port 2443; listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; server_name cloud.myserver.com; ssl_certificate /data/custom_ssl/npm-1/fullchain.pem; ssl_certificate_key /data/custom_ssl/npm-1/privkey.pem; include conf.d/include/assets.conf; include conf.d/include/block-exploits.conf; add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; include conf.d/include/force-ssl.conf; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_http_version 1.1; access_log /data/logs/proxy-host-1_access.log proxy; error_log /data/logs/proxy-host-1_error.log warn; location / { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_http_version 1.1; include conf.d/include/proxy.conf; } include /data/nginx/custom/server_proxy[.]conf; } But this does not work. Quote Link to comment
mgutt Posted October 22, 2021 Author Share Posted October 22, 2021 1 hour ago, jafi said: My config file for nextcloud for NPN: Usually changes are made through the GUI. How do you access your config file?! Quote Link to comment
jafi Posted October 22, 2021 Share Posted October 22, 2021 6 hours ago, mgutt said: Usually changes are made through the GUI. How do you access your config file?! /mnt/user/appdata/nginxproxymanager/data/nginx/proxy_host/1.conf Sorry, did not find any way to configure the issue via GUI. Quote Link to comment
jafi Posted October 22, 2021 Share Posted October 22, 2021 4 minutes ago, jafi said: /mnt/user/appdata/nginxproxymanager/data/nginx/proxy_host/1.conf Sorry, did not find any way to configure the issue via GUI. Damn I'm stupid. There is advanced-tab. Trying with that. Quote Link to comment
azkall Posted October 22, 2021 Share Posted October 22, 2021 On 10/20/2021 at 1:45 PM, mgutt said: https://github.com/jc21/nginx-proxy-manager/issues/1172 https://github.com/jc21/nginx-proxy-manager/issues/230 those are for mysql with external database. but NPM use sql lite I dont know how to access the database. Quote Link to comment
braydination Posted October 28, 2021 Share Posted October 28, 2021 I'm really pulling my hair out here. I had NGINX Proxy Manager setup months ago, but something happened and I needed to reset my router, and ever since then it stopped working. After trying to fix it for a while, I never managed to, so I decided to remove the docker and start all over again. I followed the guides by Ibracorp on YouTube to the T and just have not been able to get it working again. I made sure that I disabled my ISP port blocking I forwarded the ports 80 and 443 in my router I created a certificate from Cloudflare directly and imported into NGINX I keep getting 522 Errors now and I honestly don't even know where to try and troubleshoot this from. I really need to get it fixed as by Bitwarden and Nextcloud services can no longer be updated with this down. I don't know if there is a problem with Cloudflare, my router, unRAID, or NGINX. I did get the following errors/warnings in the NGINX logs: Duplicate relation "access_list" in a relation expression. You should use "a.[b, c]" instead of "[a.b, a.c]". This will cause an error in objection 2.0 [10/28/2021] [7:45:48 PM] [Express ] › ⚠ warning Command failed: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-6" --agree-tos --authenticator webroot --email "*****@gmail.com" --preferred-challenges "dns,http" --domains "sonarr.*****.com" Quote Link to comment
mgutt Posted October 28, 2021 Author Share Posted October 28, 2021 On 10/22/2021 at 5:49 PM, azkall said: those are for mysql with external database. but NPM use sql lite I dont know how to access the database. Ok, then you have an SQLite file at /mnt/user/appdata/Nginx-Proxy-Manager-Official/data/database.sqlite You can open this file through https://sqlitebrowser.org/. Simply stop the container, download the file, edit the relevant lines and overwrite the file again. Of course you should create a backup first. Quote Link to comment
mgutt Posted October 28, 2021 Author Share Posted October 28, 2021 6 hours ago, braydination said: I honestly don't even know where to try and troubleshoot this from Check this new how-to, to debug connection problems: https://forums.unraid.net/topic/110245-support-nginx-proxy-manager-npm-official/#:~:text=Debug Server Errors 5xx 7 hours ago, braydination said: Duplicate relation "access_list" in a relation expression. You should use "a.[b, c]" instead of "[a.b, a.c]". This will cause an error in objection 2.0 Please show your access list rules. Maybe you should remove them temporarily. 7 hours ago, braydination said: [10/28/2021] [7:45:48 PM] [Express ] › ⚠ warning Command failed: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-6" --agree-tos --authenticator webroot --email "*****@gmail.com" --preferred-challenges "dns,http" --domains "sonarr.*****.com" Your subdomain "sonarr" uses an lets encrypt ssl certificate which couldn't be validated. This could mean that lets encrypt was not able to reach NPM through "http://sonarr.example.com" (maybe because of your access list rule?!), which is a requirement to validate that your domain is controlled by you. You could try to re-new the certificate manually through the SSL Certificates tab, but at first check the above mentioned how-to, to validate, that NPM can be reached through the internet. Quote Link to comment
RedReddington Posted October 28, 2021 Share Posted October 28, 2021 Having issues with Vaultwarden. With nginx it works perfectly fine, but when using NPM as proxy I get a 502 gateway error. Anthing special to configure? Quote Link to comment
mgutt Posted October 30, 2021 Author Share Posted October 30, 2021 On 10/28/2021 at 11:36 PM, RedReddington said: Anthing special to configure? Follow the steps to find the problem: https://forums.unraid.net/topic/110245-support-nginx-proxy-manager-npm-official/#:~:text=Debug Server Errors 5xx Quote Link to comment
rcjk Posted November 14, 2021 Share Posted November 14, 2021 Hello all, I have an ongoing issue for sometime and hoping I can get some help to see if NPM is the source of the issue or if I should look else where. I set up a reverse proxy for Nextcloud and Vaultwarden, following all the steps with port forwarding, hairpin NAT enabled etc. When I access the domain names via my cell phone network (outside server network), I can connect to both applications with the domain name perfectly fine. My issue comes to when I try to connect inside my network via these domain names, it will hang up and give this site can not be reach, took to long to respond. I can connect to the two applications if I type the IP address of the server with port into my browser not using https. While I am not versed in networking, I used wireshark to see if I can get a clue to what exactly is going on. Port 4443 is what I use for NPM and what my router forwards 443 to. Reading this in RST error image, it appears the request is sent to my public IP which my router then sends back to 192.168.7.5:4443. The source IP (192.168.7.5) replies back with the reset flag raised. I wonder if this is related to NPM due to the port being 4443, is that a correct assumption? I took a look at the logs for NPM and saw the error attached although I am not sure what it means and if this is root cause to my issue. Any help in isolating issue to NPM or eliminating NPM as source is appreciated, thanks! Quote Link to comment
mgutt Posted November 14, 2021 Author Share Posted November 14, 2021 3 hours ago, rcjk said: My issue comes to when I try to connect inside my network via these domain names, it will hang up and give this site can not be reach, took to long to respond. Is this only valid for your smartphone or all local clients? It would be much easier to find the reason with a usual client. At first you should try to ping the domain to find out if it returns the correct public IP: ping -c1 example.com The next step would be to overwrite the domains IP through your client's host file against the local IP of NPM. Example: <local_ip_of_npm> example.com At first repeat the ping command. Does it now return the local IP? If yes, open the domain in your browser. Do you see Nextcloud? If yes, then your hairpinning does not work. If no, then you shouldn't be able to open NPM's status page (not the WebGUI) through "http://<local_ip_of_npm>:<npm_port_for_incoming_http_traffic>", or? Quote Link to comment
rcjk Posted November 15, 2021 Share Posted November 15, 2021 Thanks for the reply Mgutt, Quote Is this only valid for your smartphone or all local clients? This error is valid for anything connected to my network including the smartphone. If I disconnect WIFI and use the T-Mobile connection and IP address, I can access all domains fine without issue. I think I found another clue that is now leading me to my ISP. My mother-in-law, who lives next door has same company for internet but a different public IP then mine. Interestingly when I connect to her WIFI with my smart phone, I get the hang up error. If I switch back to T-Mobile, I can access the domains fine. I also called my friend in a different state who was able to access both nextcloud and bitwarden fine with the domain names. For the pings following your steps: 1. First ping (from computer on my network) returns public IP 2. I assumed it was the host IP I needed to add to my hosts file on my computer (not UNRAID server) which I added as your notation. 3. I pinged domain and get 192.168.7.5 4. When I open the domain in my browser, it takes me to the login for UNRAID server not nextcloud I am leaning towards my ISP and may have to research if there is something in the router (they gave me the password for it) set up wrong/not set up or call them directly. Does this sound like the cause, my ISP/their router? Quote Link to comment
mgutt Posted November 15, 2021 Author Share Posted November 15, 2021 4 hours ago, rcjk said: When I open the domain in my browser, it takes me to the login for UNRAID server not nextcloud Did you forgot to add the port 8080 (for http)? 6 hours ago, rcjk said: My mother-in-law, who lives next door has same company for internet but a different public IP then mine. Interestingly when I connect to her WIFI with my smart phone, I get the hang up error Does your router really have a public IPv4 or does it start with 10, 172 or 192? Quote Link to comment
rcjk Posted November 15, 2021 Share Posted November 15, 2021 I tried both mydomain.duckdns.org and mydomain.duckdns.org:8080 if that syntax is right, do not understand why that is. If I revert back to IP address with port then it works fine. Yes I am sure it is a public IP, it is in the 200's. I think it is safe to say that NPM is working as expected and it is an issue with the ISP or how they set up the router. I turned on a VPN this morning and was able to access all sites fine from the same PC I have been using. I think I will have to look into that direction now. Quote Link to comment
mgutt Posted November 15, 2021 Author Share Posted November 15, 2021 25 minutes ago, rcjk said: I tried both mydomain.duckdns.org and mydomain.duckdns.org:8080 When you set your local unRAID IP through your hosts file, then the first variant without port must show unRAID and the second must show NPM. It's absolutely impossible to see unRAID on Port 80 and 8080. Repeat your test. It has nothing to do with your ISP. This is a direct connection through your local network. Quote Link to comment
rcjk Posted November 16, 2021 Share Posted November 16, 2021 I tried again with both nextcloud and vaultwarden domain added to my hosts file, here are the results: Valutwarden: vault.duckdns.org - Unraid login screen vault.duckdns.org:8080 Valutwarden login screen Nextcloud: cloud.duckdns.org - Unraid login screen cloud.duckdns.org:8080 Unraid login screen cloud.duckdns.org:4443 Unraid login screen cloud.duckdns.org:444 Nextcloud login screen It appears that if I try to go through NPM, I am re-directed to the Unraid login screen Quote Link to comment
mgutt Posted November 16, 2021 Author Share Posted November 16, 2021 14 minutes ago, rcjk said: Nextcloud: cloud.duckdns.org - Unraid login screen cloud.duckdns.org:8080 Unraid login screen cloud.duckdns.org:4443 Unraid login screen cloud.duckdns.org:444 Nextcloud login screen Did you add two entries to your hosts file? You must add cloud.duckdns.org and vault.duckdns.org as separate entries. One entry for duckdns.org does not work (which would be verified through the ping). Does ping to cloud.duckdns.org return your local unRAID IP? cloud.duckdns.org:8080 should never return the unRAID WebGUI. If you open it, are you forwarded to cloud.duckdns.org:8080/Dashboard or does the Port disappear? If it disappears, then it's a redirect, if not, then your proxy host is not properly setup. Quote Link to comment
rcjk Posted November 16, 2021 Share Posted November 16, 2021 Quote Did you add two entries to your hosts file? Yes like this 192.168.7.5 vault.duckdns.org cloud.duckdns.org Quote Does ping to cloud.duckdns.org return your local unRAID IP? When I ping could.duckdns.org, it returns from vault.duckdns.org (192.168.7.5) Quote are you forwarded to cloud.duckdns.org:8080/Dashboard or does the Port disappear? The port disappears and the new url looks like this: https://cloud.duckdns.org/login (line through https) Quote Link to comment
mgutt Posted November 16, 2021 Author Share Posted November 16, 2021 2 hours ago, rcjk said: The port disappears and the new url looks like this: https://cloud.duckdns.org/login (line through https) Did you use HSTS in the past? This forces the browser to redirect every access to this domain to https = port 443. How to delete: https://appuals.com/how-to-clear-or-disable-hsts-for-chrome-firefox-and-internet-explorer/ Quote Link to comment
imyourdaddy Posted November 16, 2021 Share Posted November 16, 2021 Hello, Sorry for the newb question(s), but I'm running into issues getting what I need to work, working. Here's the run down: Group of Splunk search heads (SH) (each has own IP on LAN) that I want load balanced (basically same application running on multiple server instances Access above Splunk SHs (sticky session) via a single IP (no DNS setup right now) Have the load balancer (LB) randomly select one of the Splunk SHs when the above IP is entered in a web browser Sticky session(s) as this is recommended by Splunk I was able to get the stream working, but that only pushes to a single IP (Splunk SH) from a single port (8000, which is same on each Splunk SH), and not rotate between them all. Am I going about this all wrong, and/or is this not able to do what I'm attempting to accomplish? Any and all help is greatly appreciated!! Quote Link to comment
mgutt Posted November 17, 2021 Author Share Posted November 17, 2021 6 hours ago, imyourdaddy said: Have the load balancer (LB) randomly select one of the Splunk SHs when the above IP is entered in a web browser And where is the LB located? In front or after NPM? Quote Link to comment
rcjk Posted November 17, 2021 Share Posted November 17, 2021 Quote Did you use HSTS in the past? I may have, I have tried many things over the last 4 months on and off. I followed the instructions but when I query for cloud.duckdns.org or just duckdns.org nothing came up. I went ahead and inputted both in the delete anyway. Normally I use brave but I tried the could.duckdns.org:8080 on konqueror and got the same result. I changed in my hosts file from cloud.duckdns.org to testing.home and inputted testing.home:8080 and get Congratulations! You've successfully started the Nginx Proxy Manager. If you're seeing this site then you're trying to access a host that isn't set up yet. Log in to the Admin panel to get started. So it seems something is redirecting that specific domain to unraid login and saves it? The difference between vaultwarden and nextcloud is http verse https; should I still have no issues in network using https? Quote Link to comment
mgutt Posted November 17, 2021 Author Share Posted November 17, 2021 31 minutes ago, rcjk said: changed in my hosts file from cloud.duckdns.org to testing.home and inputted testing.home:8080 and get Congratulations! That's what we want. Now add a proxy host with Nextcloud as target (without SSL certificate). You should see Nextcloud loading (probably the forbidden page, as you use an unallowed Domain, but it works). If this works, then you probably have the problem of a still active HSTS rule. Maybe you try it with a new DuckDNS Subdomain (and not enabling HSTS). I don't know how long the HSTS rule is active. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.