[Support] Nginx Proxy Manager (NPM) Official


Recommended Posts

23 minutes ago, mgutt said:

Ok, so it must be something related to NPM. Strange. Usually it should not modify any headers. Did you enable the cache setting?

Have tried with and without. Any other information I can share to help narrow down root cause?

Could it be possible permission issue between the containers?

Link to comment

Hey guys,

 

since a few days i'm encountering some error messages with my npm.

At the moment i can't renew SSL certificates manually, neither can i create a new one.

In the Logs i am presented with the following error:

 

[12/10/2022] [8:27:50 PM] [SSL      ] › ✖  error     Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation  
An unexpected error occurred:
ModuleNotFoundError: No module named 'zope'

 

When i'm trying to renew it over the gui i am just getting a "Internal Error", same story when requesting a new certificate.

I tried to find something regarding the missing 'zope' module, but couldn't find anything useful.

If any of you all need any more information, i'm gladly providing them.

 

Looking forward for any help you can give me, thank you in advance!

 

Link to comment

Anyone have any ideas how to stop this? Rebooting container stops it for a bit but it always comes back sooner or later. I thought “98” pointed to a config possibly but no dice. 
 

Any ideas?

 

See attached. 

7B321DBF-7B6E-4F4C-84A6-75181F537939.jpeg
 

Edit: seems to always continue to work fine when it does this; maybe slows down slightly. 

Edited by blaine07
Link to comment
19 minutes ago, mgutt said:

Is it part of a DHCP range?

No, but in pfSense I don’t have a MAC addresses assigned with .3 or static set because Unraid uses same MAC address for everything? 

See post below below for pics. Somehow totally jacked up post. 

 

 

 

Edited by blaine07
Link to comment
4 hours ago, mgutt said:

Is it part of a DHCP range?

I think other issue is now that Unraid uses ipvlan for Docker it uses same mac address for every container in Unraid. I am already using Unraids NIC Mac address for a static IP for Unraid itself which means I can't actually set static IP for NPM since MAC address is already tied to Unraids actual IP. Since Unraid changed to ipvlan I haven't figured out how to get around it; i suspect it's relative to my issue, somehow, though.

Link to comment

Hello there! I've been at this for a little more than 10 hours straight now but I couldn't for the life of me setup Nextcloud with HTTPS via NginxProxyManager, so I figured I would try to ask for some help over here as a last resort. So here's where I'm at...

 

I'm able to access my nextcloud server from the internet by entering my domain name "example.org" when I configure the Proxy Host in NPM to use HTTP. See attached image below for the NPM configuration I used and nextcloud's config.php file.

 

Here are some of the things I tried to get it to work through HTTPS (please don't judge if you see some nonsense here, I don't know what I'm doing):

  • Open ports 80 and 443 on my router, and verify with http://canyouseeme.org that they are indeed both open.
  • As per this video, I kept the NPM scheme as http, and the port as 80, but I created an SSL certificate with Let's Encrypt from the SSL tab, tick "Force SSL", "HTTP/2 Support", and "HSTS Enabled". This results in a timeout.
  • Tried all combinations of NPM scheme http/https and port 80/443 because why not. Same result, timeout.
  • Created a cloudflare account, and used that as a nameserver for my domain instead, created a CNAME record for my domain, and enabled the proxy option. Then I went back to my "HTTP:80:noSSL" NPM configuration that I mentionned earlier. Now I can connect to my nextcloud server, and I do get "Connection is secured" lock icon on my Chrome browser. However, if I block port 443 in my router, I can still access my nextcloud server, and I still get the "Connection is secured" lock icon. If I close port 80 and keep 443 open, I can no longer access (timeout), so I very doubt that this "connection is secured".
  • Then I thought maybe I need to put my own key and certificate on the nextcloud server (under appdata/nextcloud/keys), didn't change anything, still timeout.
  • Also tried to download the SSL/TLS client certificates from my cloudflare dashboard, and added those key and certificate as a custom SSL certificate in NPM, and used that instead of the Let's Encrypt auto-generated certificates, same result, timeout.

I probably tried a bunch of other stuff as well, but I think this is a good starting point. Surely I'm missing something here but I have no idea what and I'm really out of things to try at this point.

 

It would be very immensly appreciated if someone could please point me in the right direction to get Nextcloud to work with HTTPS via NginxProxyManager :)

 

Thanks a lot!

npm_http.png

config_http.php

Link to comment
2 hours ago, Kilrah said:

You can just specify the address on unraid side instead of using DHCP.

Or switch back to macvlan, the default has changed because it was a rather common source of issues, but if it worked fine for you like it does for me you can still use it. 

Macvlan was total chaos for me. I just deleted the mapping on pfSense. We’ll see what that does. 

Link to comment
2 hours ago, tinynja98 said:

HSTS Enabled

If this was ever recognized by your browser, it will never ever allow to open your website through http. So don't play around with this setting until you understand what it does.

 

2 hours ago, tinynja98 said:

cloudflare

If you use cloudflare as a proxy, your browser uses cloudflare's SSL certificate. So the way is:

 

Browser > https > cloudflare > http > npm > http > nextcloud

 

Of course this setup is insecure, because it means transferring unencrypted passwords between cloudflare and your home through the internet.

 

Quote

As per this video

Absolutely overcomplicated explanation. You don't need to touch any config file if you use NPM in unRAID. All steps are done through the GUI.

 

Quote

Host rule

scheme host port

http nextcloud 80

 

As you are using a hostname and not the IP of the nextcloud containers, it seems you created a custom network and npm and nextcloud are part of it?! Are you using docker compose?!

 

2 hours ago, tinynja98 said:

If I close port 80 and keep 443 open

If you want a visitor and or cloudflare accessing your setup through https, then you must leave 443 open.

 

If you don't use cloudflare and want to claim a let's encrypt certificate you must leave Port 80 open as well.

 

2 hours ago, tinynja98 said:

cloudflare

Now back to cloudflare. It's not allowed to use a free cloudflare account for nextcloud as it allows uploading and downloading non-html content:

https://www.cloudflare.com/de-de/terms/

Quote

2.8 Limitation on Serving Non-HTML Content

The Services are offered primarily as a platform to cache and serve web pages and websites. Unless explicitly included as part of a Paid Service purchased by you, you agree to use the Services solely for the purpose of (i) serving web pages as viewed through a web browser or other functionally equivalent applications, including rendering Hypertext Markup Language (HTML) or other functional equivalents, and (ii) serving web APIs subject to the restrictions set forth in this Section 2.8. Use of the Services for serving video or a disproportionate percentage of pictures, audio files, or other non-HTML content is prohibited, unless purchased separately as part of a Paid Service or expressly allowed under our Supplemental Terms for a specific Service. If we determine you have breached this Section 2.8, we may immediately suspend or restrict your use of the Services, or limit End User access to certain of your resources through the Services.

 

Why do you want to use cloudflare? Do you want to hide your public IP or using their firewall rules or what is your target?

 

Technically cloudflare is not necessary to realize public access to your nextcloud. And I suggest to start without their proxy and realize the direct access including let's encrypt certificate, first.

 

After that you can still use in addition the Cloudflare proxy, but being warned that your account could be banned.

 

And yes it means you would use a proxy in front of a proxy. Which works, but I think some YouTube videos don't explain well what cloudflare does.

Link to comment
16 hours ago, mgutt said:

Try to delete and reinstall the container. Maybe this solves the issue 

Tried as you recommended but reinstalling even with cleaning the old appdata with CA Cleanup Appdata didn't resolve the issues.

After further searching i found an open Issue at the github page regarding the missing 'zope' module:

 

https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2440

 

Reverting to the there mentioned release tag resolve the issues for me. 

Link to comment
4 hours ago, blaine07 said:

Macvlan was total chaos for me. I just deleted the mapping on pfSense. We’ll see what that does. 

Back to doing it again. Guess I just may ignore it. It never quits working. Just spams logs. Or I need to put a 1 hour restart chrono on NPM. Sometimes it goes 2-4 or 12 hours without spamming logs.... Hmm

Link to comment
49 minutes ago, blaine07 said:

Back to doing it again. Guess I just may ignore it. It never quits working. Just spams logs. Or I need to put a 1 hour restart chrono on NPM. Sometimes it goes 2-4 or 12 hours without spamming logs.... Hmm

Am I doing this add on network thing right? I don’t even think I need it because I am not referring to any containers by name- all IP:PORT. Could this be my issue?

 

 

C7A3DE53-6676-445E-8BEA-4B77963E9B37.jpeg

Link to comment
45 minutes ago, blaine07 said:

don’t even think I need it because I am not referring to any containers by name

Yeah there is something wrong with the command. Or does your npm container has the name npm-internal

 

Syntax is:

docker network connect network_name container_name

 

But note: In some situations the post arguments are not executed. I think it was while updating a container. But I'm not sure.

Link to comment
40 minutes ago, mgutt said:

Yeah there is something wrong with the command. Or does your npm container has the name npm-internal

 

Syntax is:

docker network connect network_name container_name

 

But note: In some situations the post arguments are not executed. I think it was while updating a container. But I'm not sure.

I’ll try just removing it and see what happens. Since not referring to any containers by “name” and instead using all IP:PORT I don’t think I even need the syntax/be on specific network too?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.