wes.crockett Posted September 12, 2023 Share Posted September 12, 2023 (edited) On 8/22/2023 at 10:57 PM, Kilrah said: If it's internal only you can use whatever domain name you want over http without even buying it. Containers on br0 cannot reach the server's IP unless you enable "Host access to custom networks" in Docker settings. You typically want NPM either on a bridge with the other containers it needs to route to or on Host for it to be able to access everything, for local access the latter, which requires you to change the ports for unraid's GUI. Thanks for the reply. That makes sense. I have enabled Host access to custom networks since I don't want to re-port Unraid. That said, I am still getting ERR_CONNECTION_REFUSED when trying to use the proxy server. I added invokeai.domainname.com. When pinging it, i get the IP for the reverse proxy container, but navigating to it doesn't redirect. EDIT: Made some config changes.: Network: Br0 (set to be able to connect to other networks) Set HTTP port to 80 Set HTTPs port to 443 Set domain.com -> DNS server Created A Record for proxy.domain.com -> NPM docker IP Create C-Name for invokeai.domain.com -> proxy.domain.com From the docker container, when I curl invokeai.domain.com I get: curl: (7) Failed to connect to invokeai.domain.com port 80 after 2 ms: Couldn't connect to server Same when I curl proxy.domain.com... It seems like the issue is with how the NPM package is being connected to. EDIT 2: What I noticed after the changes made in the previous edit was that the container was not respecting my port changes. I installed a different copy of NPM from the app store, put in port 80 and 443 and everything worked instantly. Edited September 13, 2023 by wes.crockett Resolved my issue Quote Link to comment
jarkle Posted September 19, 2023 Share Posted September 19, 2023 Thoughts on this error? [9/18/2023] [9:50:07 PM] [Express ] › ⚠ warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-2" --agree-tos --email "xxxxxxx" --domains "xxxxxxx" --authenticator dns-godaddy --dns-godaddy-credentials "/etc/letsencrypt/credentials/credentials-2" Traceback (most recent call last): File "/usr/bin/certbot", line 5, in <module> from certbot.main import main File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 6, in <module> from certbot._internal import main as internal_main File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 28, in <module> from certbot import crypto_util File "/opt/certbot/lib/python3.7/site-packages/certbot/crypto_util.py", line 42, in <module> from certbot import interfaces File "/opt/certbot/lib/python3.7/site-packages/certbot/interfaces.py", line 21, in <module> from acme.client import ClientBase ImportError: cannot import name 'ClientBase' from 'acme.client' (/opt/certbot/lib/python3.7/site-packages/acme/client.py) Quote Link to comment
Mainfrezzer Posted September 19, 2023 Share Posted September 19, 2023 (edited) 7 hours ago, jarkle said: Thoughts on this error? [9/18/2023] [9:50:07 PM] [Express ] › ⚠ warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-2" --agree-tos --email "xxxxxxx" --domains "xxxxxxx" --authenticator dns-godaddy --dns-godaddy-credentials "/etc/letsencrypt/credentials/credentials-2" Traceback (most recent call last): File "/usr/bin/certbot", line 5, in <module> from certbot.main import main File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 6, in <module> from certbot._internal import main as internal_main File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 28, in <module> from certbot import crypto_util File "/opt/certbot/lib/python3.7/site-packages/certbot/crypto_util.py", line 42, in <module> from certbot import interfaces File "/opt/certbot/lib/python3.7/site-packages/certbot/interfaces.py", line 21, in <module> from acme.client import ClientBase ImportError: cannot import name 'ClientBase' from 'acme.client' (/opt/certbot/lib/python3.7/site-packages/acme/client.py) Its a python issue which theres only a manual work around for it now. You would need to execute /opt/certbot/bin/pip install acme==1.32.0 inside the container Edit: As alternative workaround: Quote Use the docker shell, updated /global/certbot-dns-providers.js to set the required version of "certbot-dns-godaddy" to "~=2.6.0". https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3103#issuecomment-1686519852 Ive modified the Quote since the original github mention is wrong. Edited September 19, 2023 by Mainfrezzer Added alternative 1 Quote Link to comment
Bushibot Posted September 22, 2023 Share Posted September 22, 2023 (edited) Yesterday it was working fine now I see in the log [9/22/2023] [3:08:15 PM] [SSL ] › ✖ error Error: Command failed: /usr/sbin/nginx -t -g "error_log off;" nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/npm-10/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/npm-10/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) nginx: configuration file /etc/nginx/nginx.conf test failed If I try to setup a new proxy fails with internal error. Existing proxies say off line. I didn't change anything ARGH How to fix and where should I be digging for data? Edited September 22, 2023 by Bushibot Quote Link to comment
Mainfrezzer Posted September 22, 2023 Share Posted September 22, 2023 6 minutes ago, Bushibot said: Yesterday it was working fine now I see in the log [9/22/2023] [3:08:15 PM] [SSL ] › ✖ error Error: Command failed: /usr/sbin/nginx -t -g "error_log off;" nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/npm-10/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/npm-10/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) nginx: configuration file /etc/nginx/nginx.conf test failed If I try to setup a new proxy fails with internal error. Existing proxies say off line. I didn't change anything ARGH How to fix and where should I be digging for data? did you delete the certificate in the npm-10 folder at any point? Quote Link to comment
Bushibot Posted September 22, 2023 Share Posted September 22, 2023 11 minutes ago, Bushibot said: Yesterday it was working fine now I see in the log [9/22/2023] [3:08:15 PM] [SSL ] › ✖ error Error: Command failed: /usr/sbin/nginx -t -g "error_log off;" nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/npm-10/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/npm-10/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) nginx: configuration file /etc/nginx/nginx.conf test failed If I try to setup a new proxy fails with internal error. Existing proxies say off line. I didn't change anything ARGH How to fix and where should I be digging for data? tried removing the container and reinstalling but still not starting with: ❯ Starting nginx ... nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/npm-10/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/npm-10/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) Quote Link to comment
Mainfrezzer Posted September 22, 2023 Share Posted September 22, 2023 (edited) 2 minutes ago, Bushibot said: tried removing the container and reinstalling but still not starting with: ❯ Starting nginx ... nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/npm-10/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/npm-10/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) Of course that doesnt work. that path would be mapped, by default,to /mnt/user/appdata/Nginx-Proxy-Manager-Official/letsencrypt/live/npm-10/ in unraid Thats one of the persistent files. Edited September 22, 2023 by Mainfrezzer Quote Link to comment
Bushibot Posted September 22, 2023 Share Posted September 22, 2023 7 minutes ago, Bushibot said: tried removing the container and reinstalling but still not starting with: ❯ Starting nginx ... nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/npm-10/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/npm-10/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) Total strip out and reinstall. Fortunately only a couple certs where setup, but jeez feels like i'm on windows or something. Quote Link to comment
Bushibot Posted September 22, 2023 Share Posted September 22, 2023 7 minutes ago, Mainfrezzer said: Of course that doesnt work. that path would be mapped, by default,to /mnt/user/appdata/Nginx-Proxy-Manager-Official/letsencrypt/live/npm-10/ in unraid Thats one of the persistent files. I didn't change where anything was mapped. What is it you are suggesting should be working differently, complete default install expect providing a private IP. Quote Link to comment
Mainfrezzer Posted September 22, 2023 Share Posted September 22, 2023 10 minutes ago, Bushibot said: I didn't change where anything was mapped. What is it you are suggesting should be working differently, complete default install expect providing a private IP. what are you even talking about? All i said is that the file, the "/etc/letsencrypt/live/npm-10/fullchain.pem" is to be found in the appdata share of Unraid /appdata/Nginx-Proxy-Manager-Official/letsencrypt/live/npm-10/fullchain.pem if that file is gone, as nginx reports, it certainly hasnt vanished by itself. You could have a look, if its still there, along with npm-1, npm-2, npm-3, npm-4, npm-5, npm-6, npm-7, npm-8, npm-9, npm-11 or how many other certificates you have set up. Quote Link to comment
kicsrules Posted September 23, 2023 Share Posted September 23, 2023 Hello, i'm currently trying to access cloud commander via https.... anyone knows if cloud commander supports this ? since accessing via proxy i have to redirect it to http only, even then it keeps prompting for login when doing anything Quote Link to comment
tshorts Posted September 23, 2023 Share Posted September 23, 2023 How do I add other than http or https? I'd like to add irc:// Quote Link to comment
Mainfrezzer Posted September 23, 2023 Share Posted September 23, 2023 35 minutes ago, tshorts said: How do I add other than http or https? I'd like to add irc:// That would be done over streams instead of the proxy 1 Quote Link to comment
mgutt Posted September 24, 2023 Author Share Posted September 24, 2023 7 hours ago, tshorts said: I'd like to add irc:// On Port 80 or 443? Not possible as Nginx can't recognize other traffic than http. You could add a different port as a stream host, but then you could even forward the used irc port directly to your irc server without using nginx at all. If your provider allows only forwarding 80 and 443 you would need to use an additional container in front of Nginx like this one: https://github.com/yrutschle/sslh By that you could forward by the used protocol to the nginx or irc container. 1 Quote Link to comment
manofoz Posted September 25, 2023 Share Posted September 25, 2023 (edited) Hello, I am struggling to configure the nginx_status so I can wire up a prometheous exporter and have some data. I was able to check the configure arguments of the container and I see that --with-http_stub_status_module is present. Now I am stuck trying to configure nginx to expose the endpoint. I am using the files imported by nginx.conf as documented here: https://nginxproxymanager.com/advanced-config/#custom-nginx-configurations. I think the http section is the best spot from what I've read so I tried the top and bottom to add many variations of the following: server { listen 127.0.0.1:80; server_name 127.0.0.1; location /nginx_status { stub_status on; allow 127.0.0.1; deny all; } } None seem to work (trying the servers IP, port 8010, commenting out the location restrictions, etc.) I've read that you can configure this in nginx.con but I have also read that it should go into it's own file in conf.d like this artical states: https://docs.nginx.com/nginx-amplify/nginx-amplify-agent/configuring-metric-collection/. Anyone get this woking with prometheous and know where I'm going wrong? Thanks!!! Edit - Adding it to the advanced tab of a proxy host got it going: Edited September 25, 2023 by manofoz Quote Link to comment
Toby-ch Posted September 26, 2023 Share Posted September 26, 2023 Hallo zusammen Ich habe seit heute das Problem das ich mich nicht mehr Einlogen kann: Hello, everyone Since today, I have the problem that I can no longer log in: Ein restore von gestern habe ich versucht brachte jedoch nicht, die Eingabe ist Korrekt, copy past vom Passwortmanger. Meine Recherche führte mich zu diesem Comannd leider ohne erfolg: A restore from yesterday I tried but did not bring, the input is correct, copy past from the password maniac. My research led me to this Comannd unfortunately without success: Hat jemand eine Idee ? Does anyone have an idea? Quote Link to comment
SidM Posted September 26, 2023 Share Posted September 26, 2023 Hallo Zusammen, seit gestern habe ich mal wieder ein wenig Trouble mit Nginx. Ich habe für meine Nextcloud Instanz 2x DynDNs (Strato und DuckDNS) eingerichtet, falls mal eins von beiden nicht gehen sollte, ich immer noch über die jeweilige andere Domain gehen kann. (Ursprünglich hatte ich nur DuckDNS, da ich aber einen schöneren Namen für die Domain haben wollte, kam Strato dazu) Das ganze hab ich nun seit nen 3/4 Jahr soweit laufen und zugriff über https mit Zertifikaten von Let's Encrypt. Nun sind gestern mal wieder die Zertifikate abgelaufen und ich wollte diese im WebUI erneuern. Für die DuckDNS Domain hat dies funktioniert, aber bei der Strato Domain kommt die Meldung "Internal Error". Dies hatte ich beim Letzen mal auch schon gehabt, nur konnte ich dort das Zertifikat weder für die eine noch die andere Domain erneuern. Irgendwann hat es funktioniert, nur leider weiß ich nicht mehr was der Fehler war. Was habe ich getestet/kontrolliert: - DynDNS ist bei der Strato Domain aktiv - Wenn ich die aktuelle öffentliche IPv4 Adresse im Browser eingebe, komme ich auf die "Congratulations!" Seite von NGINX - In der Fritzbox sind die Ports 443 und 80 eingerichtet und zeigen auf NGINX - Im Log von NGINX steht "Another instance of Certbot is already running" ( Ich erinnere mich, dass diese Meldung beim letzten mal auch da stand. - Wenn ich den Proxy Host lösche und neu anlege funktioniert es ohne Fehler - Zusätzlich habe ich beim neu anlegen bemerkt, dass die Optionen "Force SSL", "HTTP/2 Support" "HSTS enabled" nach den speichern wieder deaktiviert wurden. Ich kann diese zwar dann nochmal aktivieren und er behält dieses mal die Einstellung, aber ist das Normal? Danke und viele Grüße! Quote Link to comment
Mainfrezzer Posted September 26, 2023 Share Posted September 26, 2023 3 hours ago, Toby-ch said: Hallo zusammen Ich habe seit heute das Problem das ich mich nicht mehr Einlogen kann: Hello, everyone Since today, I have the problem that I can no longer log in: Ein restore von gestern habe ich versucht brachte jedoch nicht, die Eingabe ist Korrekt, copy past vom Passwortmanger. Meine Recherche führte mich zu diesem Comannd leider ohne erfolg: A restore from yesterday I tried but did not bring, the input is correct, copy past from the password maniac. My research led me to this Comannd unfortunately without success: Hat jemand eine Idee ? Does anyone have an idea? https://github.com/NginxProxyManager/nginx-proxy-manager/discussions/1634#discussion-3723916 Quote Link to comment
jluerken Posted October 6, 2023 Share Posted October 6, 2023 The docker container is ignoring "server_tokens off;" from nginx.conf file. It is showing the version number in the login screen which is a potential security risk. Can someone double check and help fixing it please? Quote Link to comment
Mainfrezzer Posted October 6, 2023 Share Posted October 6, 2023 (edited) 6 hours ago, jluerken said: The docker container is ignoring "server_tokens off;" from nginx.conf file. It is showing the version number in the login screen which is a potential security risk. Can someone double check and help fixing it please? server_tokens off works as it should because its off by default. with it enabled The version on the "web admin" page is the version of the container and has nothing to do with nginx. Dont expose the "web admin interface", thats the real security risk. Edited October 6, 2023 by Mainfrezzer Quote Link to comment
Bushibot Posted October 11, 2023 Share Posted October 11, 2023 (edited) I have ongoing NPN issue where it just seems to stop routing traffic to the proxy hosts. Rebooting doesn't correct but if I go into the config of a proxy and turn off force ssl, save and then turn it back on everything starts working normally again. The only change is within NPN... any suggesting on how to troubleshoot? replaced dns address with dnsentry 2023/09/24 12:32:36 [warn] 279#279: *370 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/1/00/0000000001 while reading upstream, client: 192.168.1.1, server: dnsentry, request: "GET /api/v1/movie/569094 HTTP/2.0", upstream: "http://192.168.1.7:5055/api/v1/movie/569094", host: "dnsentry", referrer: "https://dnsentry" 2023/09/24 14:30:20 [warn] 204#204: *23 using uninitialized "server" variable while logging request, client: 167.248.133.127, server: dnsentry, request: "GET / HTTP/1.1", host: "dns:443" 2023/09/29 20:51:07 [warn] 380#380: *1037 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/9/52/0000000529 while reading upstream, client: 192.168.1.1, server: dnsentry, request: "GET /api/v1/movie/569094 HTTP/2.0", upstream: "http://192.168.1.7:5055/api/v1/movie/569094", host: "dnsentry", referrer: "https://dnsentry/" 2023/10/01 15:03:19 [warn] 300#300: *448 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/9/06/0000000069 while reading upstream, client: 54.229.225.204, server: dnsentry, request: "GET /login HTTP/1.0", upstream: "http://192.168.1.7:5055/login", host: "dnsentry" 2023/10/08 05:08:33 [warn] 5857#5857: *27602 using uninitialized "server" variable while logging request, client: 167.94.145.55, server: dnsentry, request: "GET / HTTP/1.1", host: "dnsentry:443" 2023/10/09 04:44:51 [warn] 596#596: *1230 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/0/51/0000000510 while reading upstream, client: 205.210.31.186, server: dnsentry, request: "GET /login HTTP/1.1", upstream: "http://192.168.1.7:5055/login", host: "dnsentry" 2023/10/09 08:24:51 [warn] 776#776: *1275 using uninitialized "server" variable while logging request, client: 162.142.125.221, server: dnsentry, request: "GET / HTTP/1.1", host: "dnsentry:443" Edited October 11, 2023 by Bushibot Quote Link to comment
Sejtan Posted October 13, 2023 Share Posted October 13, 2023 Hi. I get so fucking tired of the shit that it doesn't work after the update. The latest version does not start at all. Use 2.9.22, can install but cannot log in. I don't know if I should keep doing this every time after updates. 7 of 10 dockers don´t work after Proxy has crashed. Quote Link to comment
Divid Posted October 15, 2023 Share Posted October 15, 2023 On 10/13/2023 at 2:42 PM, Sejtan said: [...] Use 2.9.22, can install but cannot log in. I don't know if I should keep doing this every time after updates. [...] Same on 2.10.4. When I click "sign in", the button gets a spinner, and then it goes back to the label "sign in", without any message. Also no log messages. Sadly, this is my most problematic container while also being the most important one. Has someone experience with traefik and can report if it is more stable when new updates are deployed? Quote Link to comment
Kilrah Posted October 15, 2023 Share Posted October 15, 2023 For me NPM is stable BUT with the important caveat that should you ever remove a host or remove the global DNS entry for it you NEED to delete the certificate for it too. Quote Link to comment
adminmat Posted November 4, 2023 Share Posted November 4, 2023 How do I change the login page / index page to not say "Proxy Manager" This is causing public IP addresses to be blacklisted by Brightcloud. I spent an hour digging though the files and I can't find the index.html file. Thanks Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.