ChuskyX Posted May 7, 2022 Share Posted May 7, 2022 Hi! I have npm running as a rproxy for nextcloud and another services. It's running fine but i have problems with the docker.img file filling up. I identified NPM as the responsible because of the proxy_buffer features. Disable the buffer with "proxy_buffering off" fix the problem but npm becomes a bottleneck, so i need the buffer on. I tried to mount /tmp and /var/tmp from npm to unraid's /tmp folder for diagnostic purposes but the docker.img file still is filled to 100%, so buffers are not stored there. I tried the proxy_temp_path directive to force the use of /tmp folder but doesn't work, it still writes inside /var/lib/docker So, how can i do to force NPM to buffer out of the container? What path i need to mount? my config for nextcloud in npm is: { "id": 1, "created_on": "2022-05-03 19:42:40", "modified_on": "2022-05-07 18:31:07", "owner_user_id": 1, "domain_names": [ "cloud.mydomain.net" ], "forward_host": "192.168.10.182", "forward_port": 7880, "access_list_id": 0, "certificate_id": 1, "ssl_forced": true, "caching_enabled": true, "block_exploits": false, "advanced_config": "proxy_http_version 1.1;\r\n proxy_set_header Upgrade $http_upgrade;\r\n proxy_set_header Connection \"Upgrade\";\r\n proxy_set_header Host $host;\r\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\r\n#proxy_request_buffering off;\r\n#proxy_buffering off;\r\nproxy_buffering on;\r\nproxy_buffers 32 4k;\r\nproxy_max_temp_file_size 2048m;\r\nproxy_temp_file_write_size 32k;\r\nproxy_temp_path /tmp;", "meta": { "letsencrypt_agree": false, "dns_challenge": false }, "allow_websocket_upgrade": false, "http2_support": true, "forward_scheme": "http", "enabled": 1, "locations": [ { "path": "/.well-known/carddav", "advanced_config": "", "forward_scheme": "http", "forward_host": "192.168.10.182/remote.php/dav", "forward_port": 7880 }, { "path": "/.well-known/caldav", "advanced_config": "", "forward_scheme": "http", "forward_host": "192.168.10.182/remote.php/dav", "forward_port": 7880 } ], "hsts_enabled": true, "hsts_subdomains": false } Thanks 🙂 Quote Link to comment
mgutt Posted May 7, 2022 Author Share Posted May 7, 2022 16 minutes ago, ChuskyX said: docker.img Use docker folder instead of docker.img. This would be the easiest method. Another method is to search for the biggest files through the containers console. Is "find" available? Quote Link to comment
ChuskyX Posted May 7, 2022 Share Posted May 7, 2022 13 minutes ago, mgutt said: Use docker folder instead of docker.img. This would be the easiest method. Another method is to search for the biggest files through the containers console. Is "find" available? Yeah, i could do that. I guess i only need to copy the contents of docker.img to /var/lib/docker. I don't really understand why it's used a image in first place.. But beyond of that, i would like to find the problem, it's important to me to know what is wrong and how to fix that. The thing is that i used commands like "find . -type f -printf '%s %p\n' | sort -nr | head -10" inside npm container and directly in the container path. I couldn't find any new big file. Neither with "sudo du -a . | sort -n -r | head -n 20". If i check the size of containers using dockerman, the size of npm container doesn't grow. If i check the size of /var/lib/docker/containers using the above commands, it can't find any big files involved with npm 🤷♂️ Quote Link to comment
mgutt Posted May 7, 2022 Author Share Posted May 7, 2022 3 hours ago, ChuskyX said: I guess i only need to copy the contents of docker.img to /var/lib/docker Nope. The docker.img contains only "useless" data. After you changed to folder, you have to reinstall all containers (Add Container and select them through the Dropdown), but this only means downloading the software packages and installing the container OS, which were "cached" in the docker.img. The only important data are the files under appdata. PS The same "reinstall" happens everytime you update a container. 3 hours ago, ChuskyX said: inside npm container That's the only filesystem the container is able to write to. So it must find something if NPM is the reason of the growing size. Try find in /var/lib/docker. It contains the content of the docker.img. 3 hours ago, ChuskyX said: I couldn't find any new big file Maybe they aren't huge?! Maybe they are tiny, but a huge amount if them?! You could try find /var/lib/docker -type f -mmin 60 to show the modified files of the last 60 minutes. Quote Link to comment
xxbryantd Posted May 8, 2022 Share Posted May 8, 2022 Is there a way to get the real ip from visitors in my stats logs, instead of getting flooded with the cloudflare ips? Quote Link to comment
ChuskyX Posted May 9, 2022 Share Posted May 9, 2022 13 hours ago, xxbryantd said: Is there a way to get the real ip from visitors in my stats logs, instead of getting flooded with the cloudflare ips? When you use a reverse proxy to access your webapps, only your proxy do the real connection. You need to pass the real ip through the http headers. You need to google the headers your webapp is looking for. More common headers for that: proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; You have to put them in the Advanced tab of your host. Quote Link to comment
BeardElk Posted May 12, 2022 Share Posted May 12, 2022 I'm kinda new to all this, and just switched over from swag bc this just looked so much easier to use. But I got on quick question, can I run npm on my unraid server, and have it redirect to other stuff on my local network? I've got a 3d printer with octoprint running on a raspberry pi on my network, and npm can see the device and everything "should" work, but I dont even get the welcome page... Just this a "page is unreachable". Quote Link to comment
mgutt Posted May 13, 2022 Author Share Posted May 13, 2022 14 hours ago, BeardElk said: can I run npm on my unraid server, and have it redirect to other stuff on my local network? Yes 14 hours ago, BeardElk said: but I dont even get the welcome page... Follow the debug 5xx error section: https://forums.unraid.net/topic/110245-support-nginx-proxy-manager-npm-official/?do=findComment&comment=1011152 Quote Link to comment
Abigel Posted May 19, 2022 Share Posted May 19, 2022 (edited) hi maybe this is a nginx problem? https://forums.unraid.net/topic/121075-support-paperless-ngx-docker/?do=findComment&comment=1128306 Edited May 19, 2022 by Abigel Quote Link to comment
aarontry Posted June 5, 2022 Share Posted June 5, 2022 (edited) Hi, I am using GoAccess to visualize NPM logs and I have 7 proxies set up in NPM with only 2 disabled. That leaves me 5 proxies in use but in the log folder it only has files for 4 proxies. Among those files only 2 proxies have actual log entries. So the 5 services are 2 PhotoPrism, Guacamole, Bookstack and Ghost. Only 1 Photoprism instance and Bookstack have actual content in the access log. What could be the problem? Am I missing any configurations? Edited June 5, 2022 by aarontry Quote Link to comment
mgutt Posted June 5, 2022 Author Share Posted June 5, 2022 8 minutes ago, aarontry said: What could be the problem? I don't know. Ask your question in the GitHub page of NPM. Quote Link to comment
Renegade605 Posted June 7, 2022 Share Posted June 7, 2022 Hey there, I've been using NPM for quite a while without issue, but I have a weird one that just came up. Some proxy hosts return HTTP 500, but only to certain clients. For example, one host will not work on my desktop, but works fine on my work computer and phone on the same WiFi or on cellular. A different host won't work on my work computer, but does work on my home desktop and my phone. I can't see where to find any logs that would help me track this down. Clicking logs in Unraid shows me the container's logs but there isn't anything that applies to incoming connections and why they fail. (ie. I restarted the container at 12:27, and there are log entries about that, and then when I load a page that works or that errors at 12:34, there are no new log entries for success or failure.) Can anyone help with this? Quote Link to comment
mgutt Posted June 7, 2022 Author Share Posted June 7, 2022 4 minutes ago, Renegade605 said: container's logs but there isn't anything that applies to incoming connections and why they fail Interesting question. At the moment I don't know an answer, but please try to open the following url with your work computer: https://yourdomain.com/.well-known/acme-challenge This URL is NOT forwarded by NPM to your container. Instead it serves it itself (it's usually used by Let's Encrypt, to verify SSL certificates). By that we could find out if NPM is throwing the error 500. If you instead see something as follows, than NPM itself is reachable: Maybe the container is returning the error 500 and not NPM. Another thing you should test is http instead of https. This means you need to disable "force SSL" if it's set in the host settings (if you enabled HSTS, you need to use a different browser after disabling HSTS, as your browser stores this info for several months). Quote Link to comment
Renegade605 Posted June 7, 2022 Share Posted June 7, 2022 7 minutes ago, mgutt said: Interesting question. At the moment I don't know an answer, but please try to open the following url with your work computer: https://yourdomain.com/.well-known/acme-challenge I'm unable to do this from work as mydomain.com is not pointed to my home servers, but to a different live site hosted commercially. I could do this later from home by overriding the hosts.etc file. 8 minutes ago, mgutt said: By that we could find out if NPM is throwing the error 500. If you instead see something as follows, than NPM itself is reachable: I believe it's safe to say that NPM is reachable, since for example, from my work computer: edi.unraid.mydomain.com - Functions properly gd.unraid.mydomain.com - Error 500 Also both are functioning properly from my phone at the exact same time. 10 minutes ago, mgutt said: Maybe the container is returning the error 500 and not NPM. This would be odd but not impossible, since it loads properly on other devices. I also thought of this, but there are no logs in Unraid (these hosts proxy to Unraid GUI) to indicate a failure either. 12 minutes ago, mgutt said: Another thing you should test is http instead of https. I'll have to try this later from home. Should NPM be logging errors and/or successful connections? Is there a container var that could enable more verbose logging? Quote Link to comment
Adonis Posted June 9, 2022 Share Posted June 9, 2022 Hello, Not sure if anyone an help me with the infamous 502 bad gateway openresty error, I tried all the solutions in the last 2 days. What I need is to access a worpress docker site from internet using nginx proxy manager. The wordpress docker is running fine, is accessible from local network, the nginx proxy docker is also working fine, there are also another 2 dockers that works fine from the internet. I attached some printscreens with everything and the error in nginx log is: 2022/06/09 14:01:05 [error] 366#366: *281 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client: 86.xxx.xxx.xx, server: promotionale.example.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://10.10.0.177:8081/favicon.ico", host: "promotionale.example.com", referrer: "https://promotionale.example.com/" not sure if is apache server not accessible by nginx Can anyone figure it out? Thanks! 3.txt default_host.txt Quote Link to comment
mgutt Posted June 10, 2022 Author Share Posted June 10, 2022 22 hours ago, Adonis said: Can anyone figure it out? You are using https as target. The wordpress container listens to http. Using https inside the same local container network raises only the cpu usage without any benefit. Thats the reason why most of the containers do not even support https (port 443). Quote Link to comment
Adonis Posted June 10, 2022 Share Posted June 10, 2022 48 minutes ago, mgutt said: You are using https as target. The wordpress container listens to http. Using https inside the same local container network raises only the cpu usage without any benefit. Thats the reason why most of the containers do not even support https (port 443). I tried without the https and it's just adding the port at the end of it. Same result on different browsers or pc. Quote Link to comment
mgutt Posted June 10, 2022 Author Share Posted June 10, 2022 1 hour ago, Adonis said: just adding the port A proxy usually listens only to the ports 80 (http) and 443 (https). Depending on the used domain, the traffic is forwarded to a custom target. In your case 10.10.0.177:8081. This means if you open https://wordpress.example.com, it will forward this traffic to 10.10.0.177:8081. If you instead open https://wordpress.example.com:8081 it will reach nothing as NPM does not listen to this port. PS http://example.com and http://example.com:80 are completely the same. The same is valid for https://example.com and https://example.com:443. Conclusion: http and https are only shortcuts for those ports. Quote Link to comment
Adonis Posted June 10, 2022 Share Posted June 10, 2022 The only open ports to this unraid server are 80 and 443, that are used by nginx to redirect traffic to the specified internal ports. 8081 is the wordpress container but the port is not opened on router. cloudflare dns is pointing the https://wordpress.example.com to the external fixed ip address and nginx should redirect to the worpress container. that's why is weird that browser is adding the 8081 port at the end of the link. this is not the first time doing this, but this time I have no ideea why is not working, i did this before last unraid update, not sure that is the cause. i did reinstall wordpress container, nginx container, nothing changed, they are on the same network it's probably me, but I just can't figure it out Quote Link to comment
Adonis Posted June 14, 2022 Share Posted June 14, 2022 I managed to make it work by deleting all, delete custom bridges, and recreate from scratch. Thanks for advices! Quote Link to comment
jackwan1 Posted June 18, 2022 Share Posted June 18, 2022 (edited) Hi have been running in the docker container for several months without a problem. Now I need to migrate the proxy manager to another unix host. Want to check out if move the container is good enough or some thing else needs attention. Edited June 18, 2022 by jackwan1 Soelling Quote Link to comment
Ricardo Maranhao Posted June 18, 2022 Share Posted June 18, 2022 My NPM can't connect with the qbitorrent. NPM is in a custom docker netwok (infamous). The qbitorrent is in a wireguard docker network (wg0). So when i try to acess my domain (cloudflare + npm) the qbitorrent doesn't acess. The error is: Error 502 Bad gateway All the other contaneir that are in the same network can acess. Is there anything i can do? I need the torrent in the wg0 network, to use my PrivateVPN account with the wireguard killswitch if the vpn goes down. It's a lot safer to download. Quote Link to comment
mgutt Posted June 18, 2022 Author Share Posted June 18, 2022 So NPM uses a different network? Then you could try to add the custom network as a second network to NPM: docker network connect wg0 Nginx-Proxy-Manager-Official Quote Link to comment
Ricardo Maranhao Posted June 18, 2022 Share Posted June 18, 2022 13 minutes ago, mgutt said: So NPM uses a different network? Then you could try to add the custom network as a second network to NPM: docker network connect wg0 Nginx-Proxy-Manager-Official I added NPM to wg0 as a second network but it didn't worked, the log: root@Matrix:~# docker network inspect wg0 [ { "Name": "wg0", "Id": "fd1589ad816d6df8920bba867b7e5369b988abe4e845430abf81613739098e9f", "Created": "2022-06-17T07:39:30.659947081-03:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "172.31.200.0/24" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "07361606c2cb4742581aeabcdc22ae9a30853201e5fe8fbadbb0c5bc869f32d7": { "Name": "Firefox", "EndpointID": "1c743ba9593a2fdb5e805a5acc22db69c3e2683cedeae906199396a22cf64114", "MacAddress": "", "IPv4Address": "172.31.200.3/24", "IPv6Address": "" }, "0edc1cf543b477594e7a4b1f83b3eb6a06d9f78c467b8289ec1fe86825bd22b4": { "Name": "Nginx-Proxy-Manager-Official", "EndpointID": "8cbef963f8f24e72bcadedd8b05b1e60b6aa4978e7a3060278afb41b8c1219cb", "MacAddress": "", "IPv4Address": "172.31.200.4/24", "IPv6Address": "" }, "e530259583366654dd0b33404dba652acd15fda16ee213e9750244eff8c1f358": { "Name": "qbittorrent", "EndpointID": "e0020699fe027f83dfbf20ab96f09fc1f87b20d2b3d17f532fa608391fc5de2d", "MacAddress": ", "IPv4Address": "172.31.200.2/24", "IPv6Address": "" } }, "Options": {}, "Labels": {} } ] Quote Link to comment
mgutt Posted June 19, 2022 Author Share Posted June 19, 2022 6 hours ago, Ricardo Maranhao said: but it didn't worked What didn't work? NPM is in the list?! Try to ping qbittorrent through NPMs console. Should work. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.