[Support] Nginx Proxy Manager (NPM) Official

[rcjk]

So I tried that forwarding to port 444 in NPM, tired HTTP only then HTTPS (all without certificate) and the server just sends RST every time. So I went ahead and swapped the ISP router with my personal linksys router and I now can access valutwarden through my domain! I tried nextcloud, had some issues but I need to re-configure it back to square 1 but I am out of time and need to leave for work. It appears that the ISP router was blocking or re-routing? If I can get it all to work I will probably return their router and just use mine. 

 

 

update: I saw one thing I messed up, now nextcloud is working by accessing on my domain. All in all this was a router issue/settings that I am not familiar with. I really appreciate the help and hanging in there with me!

Edited November 17, 2021 by rcjk

[imyourdaddy]

15 hours ago, mgutt said:

And where is the LB located? In front or after NPM?

I have unraid server w/this docker installed. I also have a bunch of VMs (linux) on unraid as well. 

 

Honestly, not sure what/where the NPM is located, or the LB in the architecture.

Edit: I'm an idiot...NPM=nginx proxy manager

 

So again, the NPM and Linux VMs are all on my unraid server.

Edited November 17, 2021 by imyourdaddy

[jafi]

I'm too stupid to figure it out myself.

 

I use NPN & Nextcloud, I use subdomain nextcloud.

I get warning from nextcloud: "The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds."

 

I tried to add "add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";" to Advanced-tab, but did not work. After that I noticed "Please note, that any add_header or set_header directives added here will not be used by nginx. You will have to add a custom location '/' and add the header in the custom config there."

 

But I have subdomain, not "/".

[mgutt]

30 minutes ago, jafi said:

After that I noticed "Please note, that any add_header or set_header directives added here will not be used by nginx.

I think this is false.

 

Try this in advanced:

location / {

  add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;

  proxy_set_header Upgrade $http_upgrade;

  proxy_set_header Connection $http_connection;

  proxy_http_version 1.1;

  # Proxy!

  include conf.d/include/proxy.conf;

}

 

By that the default NPM "location /"-rule is completely replaced by your own.

 

[jafi]

23 hours ago, mgutt said:

I think this is false.

 

Try this in advanced:

location / {

  add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;

  proxy_set_header Upgrade $http_upgrade;

  proxy_set_header Connection $http_connection;

  proxy_http_version 1.1;

  # Proxy!

  include conf.d/include/proxy.conf;

}

 

By that the default NPM "location /"-rule is completely replaced by your own.

 

 

Thank you.

 

For some reason this does not work. I have tried to edit add_header Strict-Transport-Security value for several different ways, but it does not seem to help.

 

There is line in the config files that says: "# HSTS (ngx_http_headers_module is required)"

 

I connected the docker and checked nginx -V and can't find that module. I need to add it?

[mgutt]

2 hours ago, jafi said:

it does not seem to help.

How did you verify it? Check through Chrome's Network Monitor and not Nextcloud internal check.

[jafi]

On 11/21/2021 at 5:12 PM, mgutt said:

How did you verify it? Check through Chrome's Network Monitor and not Nextcloud internal check.

 

Problem was cloudflare, damn I'm stupid. It's fixed now.

Thank you for you patience and great software!

Edited November 22, 2021 by jafi

[Lorien31]

How can i disable TLS 1.0 for all Hosts that run through nginx proxy manager ?

[Cicatrix]

Hey there,

 

I absolutely do not know how to move on. I have a unRaid server with Jellyfin and some other stuff and - of course - Nginx. I want my domain biedie.eu (Cloudflare) be forwarded to Home Assistant on a RPi4 with SSL (for Google cast bla bla).

RPi4 with hass.io:
192.168.178.32:8123
homeassistant.local:8123

NAS with Nginx:
192.168.178.2:81

I opened Ports 80 & 443 in my router (Fritzbox). 

Settings in Nginx attached (hope you can read it). Together with Cloudflare certificate. 

NPM conatiner is working and online (get the congratulations-page). NPM reaching target (file attached).

No errors in error.log or letsencrypt.log and I still recieve a "400: Bad Request". Does anyone can help me, please?  

 

[mgutt]

3 minutes ago, Cicatrix said:

400: Bad Request

Sounds like an error page from Home Assistant or similar. Please show a screenshot of the error page.

 

Does your domain have a public or local ip? If it's local, then you need to put your domain in the allow list of the DNS rebind protection of your router.

[Cicatrix]

Not much to see, there are no Other information. Allowed my Domain in rebind Protction and Had for a Second a 522 Error, but now the 400 again.

 

Public IP via Cloudflare-DDNS Container.

 

Edit: OK, found the Problem. Because Nginx is running on another Machine i Had to trust my Server IP in HA. Now IT Is running. Thank you.

 

Edited December 6, 2021 by Cicatrix

[patrickstigler]

Hello, I am looking for a way to block subfolders for requests outside of my network.

 

External:

domain.com/ - forward to docker

domain.com/admin - block

 

Internal: 

domain.com/ - forward to docker

domain.com/admin - forward to docker

 

Is that possible? At least I haven't found the option for that?

[ruhrpotter]

Hi,

 

I'm experiencing issues now with /etc/resolv.conf.

Seems like unraid always adds %br0 at the end of the ipv6 nameserver. Seems to happen even when it's running, not only after reboot.

 

nginx complains that it's not a valid adress, unless I remove the %br0.

 

Is there any way to either tell nginx to ignore the file or tell unraid to not put the br0?

I've looked in all folders for nginx but I cannot even find any reference to /etc/resolv.conf, so I wonder if it's even using this file. 

It seems to point to /etc/nginx/conf.d, but there is no resolver.conf file...

 

Any ideas?

[alexleohy]

On 9/14/2021 at 12:45 AM, mgutt said:

That happens, because NPM talks to an online API to get the recent list of this IP addresses. As you can see here, it tries to access three different URLs:

https://github.com/jc21/nginx-proxy-manager/blob/b39a59ce72eb032d5b725dce90dd6f3cf08b7d29/backend/internal/ip_ranges.js

 

And this is done every 6 hours, so it will happen again even if you don't restart the container😒

 

Maybe you should try to open all three URLs through your PC and solve the captcha (if it hopefully will be shown) to "unlock" your public ip address for accessing them:

https://ip-ranges.amazonaws.com/ip-ranges.json
https://www.cloudflare.com/ips-v4
https://www.cloudflare.com/ips-v6

 

Or try to lock the file with the following command:

su
chattr +i /etc/nginx/conf.d/include/ip_ranges.conf

 

A file with the "i" flag can't be modified or deleted.

 

Optional: If you need to make it editable again:

chattr -i /etc/nginx/conf.d/include/ip_ranges.conf

 

 

I also encountered this problem, when I run this command it prompts me

【/tmp # chattr -h
sh: chattr: not found
/tmp # su
/tmp # whoami
root
/tmp # chattr +i /etc/nginx/conf.d/include/ip_ranges.conf
ash: chattr: not found
/tmp # 】

[mgutt]

5 hours ago, alexleohy said:

chattr: not found

It seems to be missing. Try to install it. I'm not sure which Linux is used. Try:

apt-get update

apt-get install e2fsprogs

 

Or try "apk install e2fsprogs"

[sakistech]

When I try to log in for the first time, I get the following error message: No relevant user found

[mgutt]

It's example.com

[sakistech]

shame on me. Thank you. 😀

[sakistech]

I forward my Domain internally using dnsmasq (Pihole) to my Nginx proxy manager, which then uses DNS-Challange (Cloudflare) to create real Lets Encrypt certificates that are only available in my Home Network without opening port 80 and 443 on my router. If I want to access my services from outside, I use Wireguard. So far everything works great.

 

If I enter my Unraid Server and Plex in NPM, e.g. server.domain.com and plex.domain.com then I get the following error message when I call up the pages.

 

 

 

all other services like Nextcloud etc work perfectly. only Unraid and Plex give the above error message.

Does anyone have any idea why this might be?

 

[mgutt]

31 minutes ago, sakistech said:

Does anyone have any idea why this might be?

 

Check the section "Debug Server Errors":

https://forums.unraid.net/topic/110245-support-nginx-proxy-manager-npm-official/?tab=comments#comment-1011152

 

[sakistech]

unfortunately I couldn't find the bug.

As I wrote, everything works fine, only the domain server.domain.com (unraid server) gives the error message 502 Bad Gateway

Do I have to enter something in pihole?

 

Edit: I solved my problem by setting in the Unraid Webgui under "Settings" -> "Docker" -> "Host access to custom networks:" to "Enabled".

 

Edit2: now the following entries are written in pihole.log every two seconds:

...
Dec 26 19:56:33 dnsmasq[2690]: config server.example.com is 192.168.20.110
Dec 26 19:56:33 dnsmasq[2690]: query[A] pihole.example.com from 192.168.20.21
Dec 26 19:56:33 dnsmasq[2690]: config pihole.example.com is 192.168.20.110
Dec 26 19:56:35 dnsmasq[2690]: query[A] server.example.com from 192.168.20.21
Dec 26 19:56:35 dnsmasq[2690]: config server.example.com is 192.168.20.110
Dec 26 19:56:35 dnsmasq[2690]: query[A] server.example.com from 192.168.20.21
Dec 26 19:56:35 dnsmasq[2690]: config server.example.com is 192.168.20.110
Dec 26 19:56:37 dnsmasq[2690]: query[A] server.example.com from 192.168.20.21
Dec 26 19:56:37 dnsmasq[2690]: config server.example.com is 192.168.20.110
Dec 26 19:56:39 dnsmasq[2690]: query[A] server.example.com from 192.168.20.21
Dec 26 19:56:39 dnsmasq[2690]: config server.example.com is 192.168.20.110
...

is that right or do you have to add something in Pihole?

 

edit3:

I entered in the 

/etc/dnsmasq.d/07-nginx-proxy.conf

this

address=/example.com./192.168.20.110
host-record=server,server.fritz.box,server.example.com,192.168.20.200
local-ttl=9 

the host-record and local-ttl solved the problem.

192.168.20.110 is my NPM and 192.168.20.200 is my Unraid-Server.

Edited December 27, 2021 by sakistech

[plxmediasvr]

unable to use Custom SSL if you click on SSL Certificates and then choose Custom rather than LetsEncrypt it does absolutely nothing.

 

app broken on 2 seperate unraid servers. to verify its not on my end and the app backend itself I have done the following:

 

Restarted.

Uninstalled

Reinstalled

Unsinstalled Again.

Removed the App XML from Flash

Deleted the /appdata installation

Reinstalled 3rd time

 

Uninstalled

Reinstalled the other guys NGINX PROXY MANAGER by djoss'

 

same thing

 

pulled out a NUC

created brand new Flash drive.paid another 1129 for license

set unraid to use 8008 and 8443. set to Auto, and pulled down LetsEncrypt USB SSL

 

now that 80/443 not in use, went into router and changed the ip to the new USB.

 

Rinse and repeat of all the steps above

 

the Custom was working, and then I did a docker update and it broke.

 

but different computers, different flash drives, different apps (NGINX REVERSE PROXY MANAGER + NGINX REVERSE PROXY MANAGER OFFICIAL)

 

I HAVE HSTS ON and set to 1 YEAR for all my domains, meaning I am unable to change back to port 80, and grey the lock out on CFLARE and use LetsEncrypt

 

I have been using CFLARE with Custom Domain Certs provided from CLFARE using SSL: Full (Strict) until last night

 

 

 

 

[mgutt]

2 hours ago, plxmediasvr said:

unable to use Custom SSL if you click on SSL Certificates and then choose Custom rather than LetsEncrypt it does absolutely nothing.

 

https://github.com/jc21/nginx-proxy-manager/issues/1676

 

You have to change the repository name of the container to the following to get this update and clean your browser cache:

jc21/nginx-proxy-manager:github-pr-1677

 

 

But don't forget to remove this in a month or so, to get further updates or you are stuck with this version.

 

[Candle]

Hiya - getting this error in Fix Common Problems Plugin suddenly - issue with my docker or something in common problems?

 

Template URL for docker application Nginx-Proxy-Manager-Official is not the as what the template author specified.The template URL the author specified is https://raw.githubusercontent.com/mgutt/unraid-docker-templates/master/mgutt/Nginx-Proxy-Manager-Official.xml. The template can be updated automatically with the correct URL.

[mgutt]

3 hours ago, Candle said:

issue with my docker or something in common problems?

I had the same with a different container. Don't know why. I let the plugin "fixed" the error.