[Support] Nginx Proxy Manager (NPM) Official

[Kilrah]

Do you have both ports 80 and 443 forwarded to NPM?

 

Look at container logs, might give an insight

Edited February 2, 2023 by Kilrah

[WillyThunder]

Yes I have. Otherwise i could not get SSL-Certificates for the subdomains which i totally can, right?

 

Log says

 

[2/3/2023] [9:41:31 AM] [Express  ] › ⚠  warning   Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-60" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "example.com"

 

Any Ideas?

 

[mgutt]

Retry it, then check the recent logs inside of the appdata directory /data/logs

 

 

[Mosorio]

Hi am new to NPM i want to know if its possible to just use the reverse proxy feature without letsencrypt in https and having the certificate in the server that points to, no the NPM, why? i have a server with iis and a certificate bought for two years but when i use NPM to get to that server doesnt load the certificate unless i use one from letsencrypt generated from the NPM. How can i use the certificate that is already working in the server (not exporting to the NPM) sorry for my english

[aglyons]

I was running some Docker updates and got a docker.img usage warning. I started to look and see if I had something set to store logs in the wrong spot and noticed the path for error logs.

 

/tmp/Nginx-Proxy-Manager-Official/var/log

 

I can't find out where that path is on the server. It's not in any share, it's not on the thumb drive and it's not in the cache. Where are these log files being stored and is there any management that needs to be done to keep them in check?

[Kilrah]

It would be in, well /tmp, which is in RAM. It's not supposed to get big that quick (9MB for 6 days here).

[mgutt]

2 hours ago, aglyons said:

I can't find out where that path is on the server. It's not in any share

/tmp is the default Linux path for temporary files and unRAID mounts it to the RAM.

 

The purpose of this tweak is to avoid unnecessary writes to your SSD.

 

2 hours ago, aglyons said:

got a docker.img usage warning.

There is no connection between /tmp and the docker.img. Must be another reason. Btw: you should switch docker to directory. Less overhead and no size limitation, except the size of your SSD.

[mklecka]

On 12/12/2022 at 8:30 AM, mgutt said:

Check debug 5xx errors on the first page of this thread. As it happened after a reboot I would assume you created a custom network, which is now missing?! There is a docker setting in unRAID to keep custom networks.

Im having the same problem. After unraid reboot, npm always shows 502 error. Its on br0 and "preserve user defined networks" is enabled. This problem disappears when i restart whole docker service. If i try to restart just npm container the problem stays.

Any tips?

[Kilrah]

2 minutes ago, mklecka said:

Im having the same problem. After unraid reboot, npm always shows 502 error. Its on br0 and "preserve user defined networks" is enabled. This problem disappears when i restart whole docker service. If i try to restart just npm container the problem stays.

Any tips?

br0 is not a "custom network" and is newly created at each boot so its ID will change. You have to make your own if you want it to be preserved.

[mklecka]

49 minutes ago, Kilrah said:

br0 is not a "custom network" and is newly created at each boot so its ID will change. You have to make your own if you want it to be preserved.

Oh, i see. So right now i have npm on br0 with fixed ip. Can i still have that same fixed ip within custom docker network? I already have a custom docker network, but the ips are 172xxxxx. Any tips?

Thanks

[Kilrah]

Yes, you can create your own macvlan/ipvlan network like br0 is:

https://docs.docker.com/network/macvlan/

https://docs.docker.com/network/ipvlan/

 

 

 

 

[mgutt]

2 hours ago, mklecka said:

After unraid reboot, npm always shows 502 error. Its on br0 and "preserve user defined networks" is enabled. This problem disappears when i restart whole docker service. If i try to restart just npm container the problem stays.

Doesn't sound normal to me. The br0 network is a network which is created by default if you enabled bridge in the Unraid network settings.

 

The option "preserve custom" is only needed it you create custom networks through the terminal, but it's usually not required.

 

I'd say you have a port conflict. This means a different container uses a port which is needed by NPM and after you restart the whole docker service, NPM is started before the conflicting container. Which of yours are started after NPM and use the same network as NPM? Or does NPM use br0 with its own fixed IP address?

[mklecka]

1 hour ago, mgutt said:

Doesn't sound normal to me. The br0 network is a network which is created by default if you enabled bridge in the Unraid network settings.

 

The option "preserve custom" is only needed it you create custom networks through the terminal, but it's usually not required.

 

I'd say you have a port conflict. This means a different container uses a port which is needed by NPM and after you restart the whole docker service, NPM is started before the conflicting container. Which of yours are started after NPM and use the same network as NPM? Or does NPM use br0 with its own fixed IP address?

As far as i know there are no port conflicts. I have NPM setup to use br0 with static address and its the first container that starts.

 

[mgutt]

1 hour ago, mklecka said:

NPM setup to use br0 with static address

Ok, and are you able to reach the NPM GUI while pages return 502?

[mklecka]

59 minutes ago, mgutt said:

Ok, and are you able to reach the NPM GUI while pages return 502?

yes, i was able to access it. Weird thing is, i was able to access some containers and some not. Didn't matter if they were on custom docker network or on br0 with static address assigned. Again, after restartign docker service i was able to access containers previously inaccesible. Should i post some logs?/which ones?

[mklecka]

19 minutes ago, mklecka said:

yes, i was able to access it. Weird thing is, i was able to access some containers and some not. Didn't matter if they were on custom docker network or on br0 with static address assigned. Again, after restartign docker service i was able to access containers previously inaccesible. Should i post some logs?/which ones?

sorry to waste your time, im fkin dumb.. didnt occur to me, that some containers take really long time for me to start and werent started yet..

[SevenEleven]

Thank you for putting this all together.

 

I have been reading over the thread and havent been able to find a similar situation to mine. Although I am sure I must be just missing it.

 

I have HomeAssistant running in a VM network source is : br0

I am running Nginx in an unraid docker with a bridged network. All of my other dockers are successfully configured on nginx. I havent been able to get HomeAssistant working.

 

My tower is 192.168.1.150

Home assisant VM is 192.168.1.212:8123

 

I have gotten as far as getting home assistant login screen at ha.mydomain.ca

but it then says "unable to connect to home assistant. Retrying in xx seconds..."

 

Then I get a 502 bad gateway page.

 

Cname is setup on google domains  - hostname: ha.mydomain.ca data - myname-duckdns.org

 

nginx setup:

domain : ha.mydomain.ca

scheme: http

IP: 192.168.1.212 (virtual machine ip)

Forwarded port : 8123

 

My thought is that it has to do with the VM being on a separate IP from the nginx docker. But I am not sure how to go about fixing it, or if that is even the correct idea.

 

Thank you for looking

[Kilrah]

10 hours ago, SevenEleven said:

I have gotten as far as getting home assistant login screen at ha.mydomain.ca

but it then says "unable to connect to home assistant. Retrying in xx seconds..."

Likely you didn't add the trusted proxies entry in HA configuration:

 

[mklecka]

On 2/19/2023 at 7:31 PM, mklecka said:

yes, i was able to access it. Weird thing is, i was able to access some containers and some not. Didn't matter if they were on custom docker network or on br0 with static address assigned. Again, after restartign docker service i was able to access containers previously inaccesible. Should i post some logs?/which ones?

ok, so me again.. i thought it was long container loading times, but problem still presists as its is about 20 mins from unraid start and its still not working. Here's a list to see better whats accesible.

• br0, custom ip - can access though IP and NPM
  • NPM UI
  • Home asssitant VM
  • Router
  • Adguard home
• custom docker network - can't access via NPM, but can through IP:port
  • sonarr
  • radarr
  • homepage
  • jellyfin
  • jellyseer
  • etc
  • etc
• unraid ui - cant access through NPM but can through IP

Again, if i disable docker in unraid and reenable it, then everything loads through NPM no problem.

Thanks for any help.

Edited February 26, 2023 by mklecka

[mgutt]

4 minutes ago, mklecka said:

Here's a list to see better whats accesible.

I absolutely don't understand your list. First list is br0 and your list contains what is reachable and then custom network and the containers you can not reach?!

 

Apart from that: Why don't you simply use the host network for NPM? Change unRAID to 5000/5001 and let NPM listen to 80/443. Put the other containers to the bridge network and you have the most simpel setup.

[mklecka]

6 minutes ago, mgutt said:

I absolutely don't understand your list. First list is br0 and your list contains what is reachable and then custom network and the containers you can not reach?!

 

Apart from that: Why don't you simply use the host network for NPM? Change unRAID to 5000/5001 and let NPM listen to 80/443. Put the other containers to the bridge network and you have the most simpel setup.

yes, first list is containers on br0 network which are all accessible when NPM container starts. second are containers on custom network (in my case dockernet) which i can't reach until i completely restart docker.

 

yeah, i could do that. I just really dont understand, why my setup only works after docker restart.. Other than that, i have no problems with it. And i use custom network so containers can communicate just by container name.

 

[WillWorkForAmmo]

I recently tried renewing my certs since they were expired. When running the 'renew' option from the GUI, the log shows the following: 

Failed to renew certificate npm-1 with error: [Errno 117] Structure needs cleaning: '/etc/letsencrypt/csr/2485_csr-certbot.pem'
All renewals failed. The following certificates could not be renewed:
      /etc/letsencrypt/live/npm-1/fullchain.pem (failure)

 

When I browse to the csr path in Krusader, the folder is empty. I was able to find online that this message usually means there is corruption. Is there a way to resolve this without just re-installing the container and setting up again?

[007craft]

I'm having problems with certs Auto renewing.  After digging, I find this is caused because when NPM tries to renew all the certs, it fails on 3 old certs for domains I removed and then gets blocked from renewing further.

 

Ok great, so I removed the certs and proxies from the GUI.

Unfortunately its STILL trying to renew them.  NPM-13, NPM-24 and NPM-6 don't exist anymore.  How can I fix this?  Is there a command to remove them from the Database?

 

SOLUTION:  I figured it out in case anybody wants to know.  Just goto the folder /etc/letsencrypt/renewal/ (which should be in your appdata folder) and remove the npm-xx.conf file thats giving you problems.  Looks like these conf files are whats controlling the cert renewals on startup.

Edited March 4, 2023 by 007craft

[Kilrah]

A cleaner way is to do `certbot delete` then select it from the list.

[jackfalveyiv]

My server had backups run last night and I woke up to all my reverse proxied apps not connecting.  All connect locally without issue.  When looking at the logs, I saw the attached information.  Is this a critical error that's broken my docker, and if so, how can I remediate?