[Support] Nginx Proxy Manager (NPM) Official


Recommended Posts

Hi Sir,

 

I had some issue when use proxy host for qbittorrent.

 

All other container working great except qbittrrent.

 

It's show Unauthorized on browser and curl qbittorrent result as below:

curl: (6) Could not resolve host: qbittorrent

 

**EDIT**

ok... find the solution

I've tried to Uncheck Enable Cross-Site Request Forgery (CSRF) protection and... it works!

 

**EDIT2**

And again, find solution in github without uncheck Enable Cross-Site Request Forgery (CSRF) protection:

 

only need: proxy_set_header Referer '';

 

https://github.com/qbittorrent/qBittorrent/issues/6962#issuecomment-752961894

Edited by higundamhws
Link to comment

Hi,

 

This container intermittently just starts refusing connections for me after anywhere from five to 45 minutes of uptime.  It sometimes comes back with no intervention, but If I let it go on long enough, NPM itself stops responding too.  A restart starts serving files again, but always stops. 

 

Obviously, this is no good for prod or WAF.

 

Container is on the custom br0 network, in my normal subnet, as are the Wordpress and Nextcloud and everything else I'm trying to use this for.

 

Any ideas?  Logs?  Unraid's native logs say nothing, and neither do the proxy_access or _error logs except when it isn't down.

 

Thanks!

 

-P

Link to comment

Hello, 

 

Not sure what is going on with NPM, but as of today it no longer wants to work. I've had this running for over a year and have not had any issues until these past couple of days. I can no longer get ANY of my sites to connect, there are no errors in the logs for any of my dockers and they all work when accessed via the local web gui ... has anyone else been experiencing  issue with NPM? Anyone know what I need to check to get this back up and running? 

Link to comment
9 hours ago, SiRMarlon said:

Hello, 

 

Not sure what is going on with NPM, but as of today it no longer wants to work. I've had this running for over a year and have not had any issues until these past couple of days. I can no longer get ANY of my sites to connect, there are no errors in the logs for any of my dockers and they all work when accessed via the local web gui ... has anyone else been experiencing  issue with NPM? Anyone know what I need to check to get this back up and running? 

 

Was able to figure this out last night ... turns out it was the Cloudflare tunnels that seem to be the ones having issues. 🙄

Link to comment

Hello,

I am wondering how I add further 'scheme' to my proxy host.

I am not sure even if this is correct.

I am trying to setup cells-sync with pydio-cells container.

Within that there is a further port open called grpc which is 33060

It seems to use the grpc scheme.


I have found that i require this to work with their desktop sync software as here - https://forum.pydio.com/t/cells-server-closed-the-stream-without-sending-trailers/3851

I seem to require this section added somewhere, but have no real idea on how to add it.
```
    location / {
        proxy_pass https://localhost:8008;
        grpc_pass grpcs://localhost:8008; # This is the important one!! Replace this port as necessary to match your proxy_pass.
    }
```

I require the grpc_pass bit

Any ideas on how to get this working?

Link to comment
On 11/10/2022 at 3:44 PM, Joshndroid said:

Hello,

I am wondering how I add further 'scheme' to my proxy host.

I am not sure even if this is correct.

I am trying to setup cells-sync with pydio-cells container.

Within that there is a further port open called grpc which is 33060

It seems to use the grpc scheme.


I have found that i require this to work with their desktop sync software as here - https://forum.pydio.com/t/cells-server-closed-the-stream-without-sending-trailers/3851

I seem to require this section added somewhere, but have no real idea on how to add it.
```
    location / {
        proxy_pass https://localhost:8008;
        grpc_pass grpcs://localhost:8008; # This is the important one!! Replace this port as necessary to match your proxy_pass.
    }
```

I require the grpc_pass bit

Any ideas on how to get this working?

 

After 4 days i've got it working

In the advanced section in NPM add this


```
location / {
        # Uncomment this to enable gRPC and thus be able to use cells-sync
        if ($http_content_type = "application/grpc") {
            grpc_pass grpcs://hosted-ip-add:hosted-webgui-port;
        }
        proxy_pass https://hosted-ip-add:hosted-webgui-port;
    }
```

The IP and the port needed to be the same, not different as indicated in the previous post

Link to comment

Having issues out of the blue

 

Ports are forwarded and unchanged from when I initially set up NPM. 

I can't seem to get it to work outside of my home network.

 

If I utilize my local IP, public IP or domain from within my network, everything appears to be working fine.

However, if I try accessing from outside my network (Via LTE, or testing with 3rd party website checkers) all say the website is unreachable. I checked with my ISP and they said they're not blocking it.

 

When I port forward directly to the endpoints (bypassing NPM), the services are reachable, but not through NPM. 

 

I think I got a new public IP after a recent outage, but I don't think I ever configured that specifically within NPM, or my router (Ubiquiti ERX), so I don't see how that could be the problem.

 

Not sure what would be next for troubleshooting, is a complete wipe of the docker container and reconfig necessary?

 

Edit: Ended up being some weird issue with my router, clearing the port-forwarding config and resetting it seems to have solved my issue. 

Edited by nightauthor
Resolution Update
Link to comment

Anyone have any ideas what "service unavailable" would allude to out of the blue? Restarted container; same thing.

18928265_ScreenShot2022-11-14at8_20_57PM.png.d0b4fc736a23a763b4e8eb3917da31b9.png

 

EDIT: Evidently a few days ago I made a "breaking" change. No idea why just today it became and issue; figured it out. I dumb, basically. Live, learn. Sometimes I learn more than I live; that day is today LOL.

Edited by blaine07
Me stoopid
Link to comment
6 hours ago, Kilrah said:

If your IP changed your DNS needs to be updated.

Any ideas what else it could be?

I set up dynamic DNS with NameCheap and as far as I can tell, its been updated. 
Namecheap's website shows it up to date, and every nslookup I do returns the correct IP

Edit: Also, trying to access the IP directly from outside my network fails. Where I previously was able to get the "Congratulations" page. 

Edited by nightauthor
Link to comment

Someone yesterday said their carrier overnight changed them to being behind CGNAT, so no more external access. Could be the case for you too. Investigating they said it was supposed to be termporary because of maintenance...

 

Check on your router that the WAN IP it gets is the same as you see on things like whatismyip or your DNS records.

Edited by Kilrah
Link to comment

Hello,

 

What is going wrong with my configuration ? 

 

-server is 192.168.0.2

-nextcloud is on port 444

-cloudflare A record points to my public IP

-cloudflare set to "full" on SSL/TLS, records are "proxied"

-port forwarded as follows on a sky router (inbound)

image.png.e59115cf978a566fcf84b9339a110932.png

-nginx settings (ports are 4443, 8080)

image.png.e77cbd6e39ac67da8d82d0f1e6b75afa.png

 

Result is a 404 not found error when accessing externally ! 

 

-I can access nextcloud locally on 192.168.0.2:444

 

-Tried this from NGINX terminal:

/tmp # curl -sS http://192.168.0.2:444 >/dev/null && echo "Container is reachable"
Container is reachable

 

-Tried host, custom br0 and bridge networks

 

Tried- http://<mypublicIP> which lands on the UNRAD log in screen so is this a port issue ? I've opened and directed 80 & 443 as above so I'm stumped as to why it's not redirecting to NGINX.

 

Link to comment
2 hours ago, SRTG said:

Tried- http://<mypublicIP> which lands on the UNRAD log in screen so is this a port issue ? I've opened and directed 80 & 443 as above so I'm stumped as to why it's not redirecting to NGINX.

That's the problem. You should see the npm page. Seeing unraid is a security issue. Should never happen.

 

2 hours ago, SRTG said:

nginx settings (ports are 4443, 8080)

Which network is the container using?

Link to comment

I have a Problem with NPM and letsencrypt. My first SSL certifacates work fine, but after the 90 days he can`t renew the SSL. When I make a new Proxy Hosts, i cant generate a new SSL cerificate. 

 

What is wrong?

 

Message for a new SSL (yyy.xxx.de is changed)

 

[11/15/2022] [11:07:29 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[11/15/2022] [11:07:34 PM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #44: yyy.xxx.de
[11/15/2022] [11:07:34 PM] [SSL      ] › ℹ  info      Command: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-44" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "yyy.xxx.de" 
[11/15/2022] [11:08:11 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[11/15/2022] [11:08:11 PM] [Express  ] › ⚠  warning   Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-44" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "yyy.xxx.de" 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

 

with a SSL to renew  (yyy.xxx.de is changed)

 

[11/15/2022] [11:39:32 PM] [SSL      ] › ℹ  info      Renewing Let'sEncrypt certificates for Cert #23: yyy.xxx.de
[11/15/2022] [11:39:32 PM] [SSL      ] › ℹ  info      Command: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --cert-name "npm-23" --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation 
[11/15/2022] [11:40:09 PM] [Express  ] › ⚠  warning   Command failed: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --cert-name "npm-23" --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Failed to renew certificate npm-23 with error: Some challenges have failed.
All renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/npm-23/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

I can use the NPM docker, add host. All is running from Internet. But the SSL certificates are not updating 

Link to comment
3 hours ago, mgutt said:

That's the problem. You should see the npm page. Seeing unraid is a security issue. Should never happen.

 

Which network is the container using?

Landing on unraid log would mean port 80 is not being forwarded to 8080 ? I guess, public IP takes me to http://server:80. I have disabled port forwards for now but any idea why this is happening - am I missing an obvious config edit somewhere forcing use of port 80?

 

Container was on a custom network with nextcloud but at the moment it's on bridge as I try different configs. I've had the 404 error on all network variations.

 

Thanks for your help

Link to comment
7 hours ago, SRTG said:

Landing on unraid log would mean port 80 is not being forwarded to 8080

Correct. You can not reach unRAID through port 8080 or you explicitly changed Unraid to this port in the settings.

 

Note: you could change UNRAID to 5000/5001 and let NPM listen to 80/443. That's how I do it as this is the only way to use IPv6 (does not support Port forwarding).

 

 

  • Upvote 2
Link to comment
6 hours ago, mgutt said:

Correct. You can not reach unRAID through port 8080 or you explicitly changed Unraid to this port in the settings.

 

Note: you could change UNRAID to 5000/5001 and let NPM listen to 80/443. That's how I do it as this is the only way to use IPv6 (does not support Port forwarding).

 

 

 

Ok so have moved UNRAID to 5000/5001 and NPM is now on 80/443. Think I'm making progress but not there yet.

 

-NPM is now host network with server IP and when I go to http://mypublic IP I get the NGINX congratulations screen, which is what I want !?

-added new proxyhost and am able to get a cert from let's encrypt (couldn't before) 

-Now, when I click the proxyhost link to my domain I get "400 bad request The plain HTTP request was sent to HTTPS port nginx"

 

Is this a config problem on the cloudflare side ?

 

EDIT: simply changing the proxyhost to https from http it works. I think nextcloud needs https (although not sure why yet). Thank you very much mgutt for your help. I'm off to do some cartwheels 😆

Edited by SRTG
update
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.