[Support] Nginx Proxy Manager (NPM) Official

[mgutt]

9 minutes ago, AlexB_BN said:

http://192.168.178.99:8666/ now opens File Browser

BUT https://192.168.178.99:8666/ as well as my duckdns domain leads to 502 openresty error page.

 

I don't really understand what you try to accomplish, but I think this is absolutely correct. File browser listens to port 8666 and supports only http. 

 

Note: Each port can only support http OR https, not both.

 

I think you want to file browser through the Internet and you are having a subdomain at duckdns like filebrowser.duckdns.org. Did you already add this domain to NPM and did you set the target to 192.168.178.99 with the port 8666 and the protocol http? Then you should be able to open http://filebrowser.duckdns.org and if you claimed the SSL certificate through this hosts settings, than you should be able to open https://filebrowser.duckdns.org

 

Maybe you think you need to use https between npm and your file browser container?! Then no. This is irrelevant for a secure access as NPM communicates locally (inside unraid) with your file browser container.

[alturismo]

@AlexB_BN may also read the german answers where you asked for help too about https and http

 

may also easier for you to follow in german, currently you run in a circle with http and https and the basic understanding from a reverse proxy, @mgutt explained it in detail and you try local https which aint working as described.

 

[Keglerz]

Trouble with generating SSL using letsencrypt for cloudflare

anyone encountered any issue?

[benjaminmue]

18 hours ago, Keglerz said:

Trouble with generating SSL using letsencrypt for cloudflare

anyone encountered any issue?

Same issue. Fresh install. Seems to be related to: 

Update:
Went through the Reddit post and executed the commands as mentioned in this post:

First step is unnecessary. 

After running the commands It seems to be working.

Edited June 29 by benjaminmue
Update

[PassTheSalt]

I haven't touch nginx for a bit, but just updated the container and now it seems to start but constantly spams

nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/npm-2/fullchain.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/letsencrypt/live/npm-2/fullchain.pem, r) error:10000080:BIO routines::no such file)

and i can't access the webUI on port 81     get a "Refused to connect" error
i checked that location and theres nothing in the npm-2 folder.  Whats supposed to be there? is this a new feature of the latest version?

Edited July 1 by PassTheSalt

[Masterwishx]

Want to migrate to Official this container , why we need 3000 port ?

[Masterwishx]

is any specific needs for migrate from NginxProxyManager by jlesage ? 

[Mainfrezzer]

25 minutes ago, Masterwishx said:

Want to migrate to Official this container , why we need 3000 port ?

you dont need the port, its just for the API

[just-magic]

hello, i am having problems extending my certificates. I can create new certificates without any problems.

This is in the logfile:

 

 

[7/2/2024] [8:01:27 PM] [SSL      ] › ℹ  info      Renewing Let'sEncrypt certificates for Cert #6: sub.domain.de
[7/2/2024] [8:01:27 PM] [SSL      ] › ℹ  info      Command: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-6" --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation
[7/2/2024] [8:01:27 PM] [Global   ] › ⬤  debug     CMD: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-6" --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation
[7/2/2024] [8:01:33 PM] [SSL      ] › ✖  error     Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Failed to renew certificate npm-6 with error: Some challenges have failed.
All renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/npm-6/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

[Kilrah]

Make sure you don't keep any certs for which the domain isn't active anymore.

[just-magic]

all my certificates belong to active domains. That cannot be the problem.

[Masterwishx]

15 hours ago, Mainfrezzer said:

you dont need the port, its just for the API

 

Not sure what API ? cant see it in Dockerfile of NPM 

[mgutt]

36 minutes ago, Masterwishx said:

Not sure what API ?

This API port is not mentioned by the dev. I randomly found it because I had a conflict with a different container try to use port 3000. That's why I added to the container template so nobody else hits this problem. But finally I don't know why it even exists.

 

A discussion related to this port:

https://github.com/caprover/caprover/issues/1194

[Masterwishx]

38 minutes ago, mgutt said:

This API port is not mentioned by the dev. I randomly found it because I had a conflict with a different container try to use port 3000. That's why I added to the container template so nobody else hits this problem. But finally I don't know why it even exists.

 

A discussion related to this port:

https://github.com/caprover/caprover/issues/1194

 

Thanks for the info , im sorry found in log on my vps server where im using this container : 

 

[Finnicely]

I have a few docker containers running on my unraid. many of them with web interfaces. i now wanted to put all these containers in their own docker network and only make nginx manager lan accessible via which all these containers can then be reached.

i have created my own "dockernet" for this and now i see that these ports are still simply bridged into my lan. but i don't want that at all.

how can i configure the containers appropriately? how can i configure the nginx container so that it can reach everything in this dockernet as well as from the lan?

 

[Masterwishx]

Finally migrated to this Official image is it looks OK ? :

 

 

if i need to put Logs to `/mnt/user/Logs/NginxProxyManager` is it right also host errors  ?

 

[schreibman]

In Unraid 6.12.10,  Trying unsucessfully to route [fqdn] to 3 ip addresses.  Trying this but fqdn gets sent to the default page.  Status under Proxy Hosts of  fqdn  http://backend_servers:8080 is 'unknown',

not seeing errors in the logs.

In :Details
[fqdn]
http backend_servers : 8080 

In: Advanced -Custom Nginx Configuration
include /data/nginx/custom/loadbalancer.conf;

note: in \nginx\proxy_host\there is no [x].conf for this entry.

nginx/custom/loadbalancer.conf is:
upstream backend_servers {
    server 10.1.1.186; # internal IPs
    server 10.1.1.189;
    server 10.1.1.190;
}

location / {
    proxy_pass http://backend_servers;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

[mgutt]

54 minutes ago, schreibman said:

note: in \nginx\proxy_host\there is no [x].conf for this entry.

Did you delete it, to only use your loadbalancer.conf? Then I would say you missed to pass the traffic:

 

proxy_pass $forward_scheme://$server:$port;

 

EDIT: sorry, now I have seen your proxy_pass setting. Hmmm strange.

 

EDIT2: AI says you need to put the location block inside a server block like so:

 

server {

    listen 80;

    location / {

[Mainfrezzer]

On 7/3/2024 at 9:27 AM, mgutt said:

This API port is not mentioned by the dev. I randomly found it because I had a conflict with a different container try to use port 3000. That's why I added to the container template so nobody else hits this problem. But finally I don't know why it even exists.

 

A discussion related to this port:

https://github.com/caprover/caprover/issues/1194

I found out, by accident, that the whole admin interface relies the API port. If you block communication with the port 3000, the administration page just breaks.

Edit: the accident being - host mode and iptables rules to block all incoming communication, so if you ever decide to block that port within the scope of the container, be sure that you include an allow for it

Edited July 7 by Mainfrezzer

[Biolaxy]

How can i change the Ports of the Docker Container, in the Setup i changed the http port to 1880 und https to 4443 but aufter installation the ports are default 80 / 443

[JonathanM]

2 hours ago, Biolaxy said:

How can i change the Ports of the Docker Container, in the Setup i changed the http port to 1880 und https to 4443 but aufter installation the ports are default 80 / 443

Make sure you are in bridge mode.

[Prinler]

Recently I have been having my NPM go belly up on me. When i look at the logs in docker (right click logs) i get no indicator its not working but NONE of my stuff will work. Error from Cloudflare telling me it cant connect to nginx basicly. I reboot the docker container and it worked for 20 seconds. I haven't changed ANYTHING on this docker so I'm not sure what has changed. I have recently installed Teslamate, Teslamate-graphana, Postgres11, and mosquitto-1 but i cant imagine how that would effect anything on this side. I was able to find 1 obscure page where someone added more workers and all it does for me is extend the amount of time before it goes belly up to a minute or so. I have recently added another line that gives it even more... and it stays up for 2 days now before I need to restart the docker. I have force updated the docker to rebuild it but nothing seems to help. Anyone have any ideas what i could do to fix this?

[Hawkins12]

SO I have been using SWAG for some time but would like to transition to NGINX PM for various reasons (really ease of use).  When I installed and went to set up the proxy, I got the error that the domain was already in use.  I tried revoking my certificates via SWAG/Cert Bot however, I still wasn't to fix the issue.  Do you have or are you aware of the stops on how to migrate from SWAG to NGINX PM?  Particularly, I am using SWAG for Nextcloud. 

[karola]

Is it possible to make a game server such as Minecraft accessible via my domain name? I would like to operate the Minecraft Docker not via unRaid Bridge but via a Proxy network that has no access to the Internet. Port forwarding from the router to NGINX and then?

[Aeloth]

The only way I've found that works for me is: Port mapping on router 25565:25565, and on dns set - A, CNAME, SRV record unfortunately this is outside of nginx but I have docker in a separate proxynet. I strongly recommend making a whitelist in minecraft.