[Support] Nginx Proxy Manager (NPM) Official


Recommended Posts

Quite a week...replaced the cache, then ended up with read errors on one of my array disks.  Had to eventually start in Maint Mode, run a check filesystem with -L parameter to get things up and running again.  Mods have recommended that my cables might be an issue, so I've got replacement SATA and power cables arriving tomorrow to hook up.  I have the system back up now, and I'm seeing more nginx related errors, curious what these are indicating.

Screen Shot 2023-03-09 at 5.27.04 PM.png

Link to comment

Edit:

After starting to troubleshoot from the start of this thread her is what happens when I attempt to get to my container:

# curl -sS https://192.168.69.102:444/ >/dev/null && echo "Container is reachable"
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 192.168.69.102:444 

 

Note: my domain is used instead of revealing the domain I own

I have no idea what I have done that has completely borked my reverse proxy, but I hope someone could help figure out what happened.

Summary,

I've been using Nextcloud on unraid docker running through reverse proxy since around 2018 via SpaceInvaderOne tutorial. Sometime last fall the LetsEncrypt docker stopped working and I was able to successfully move it over to NginxProxyManager docker. Last week I changed ISPs and something got wacky and I am not sure what happened. I was also using the reverse proxy for access to Ombi from outside my network. I somehow got Nextcloud working on NPM but I have been troubleshooting the ombi part for over a week.

Today, I decided to try to fix ombi by routing it through a cloudflare tunnel, so I moved my domain's DNS over to cloudflare and created the tunnel to ombi with no issues. I was going to attempt to move over Nextcloud as well, however I eventually read that violates the TOS of cloudflare tunnels, so I went to revert nextcloud back to NPM. Now whenever I try to go to cloud.mydomain.com I end up with a 502 bad gateway message.

Not sure what I have messed up here, but something is wrong. My NPM and Nextcloud docker exist on the same proxynet network on docker which I set up back in the day thanks to u/SpaceInvaderOne , as for setting up NPM, I used the tutorial set up by Ibracorp.

My network looks like this: ATT fiber > BGW320 gateway in passthrough mode > TP Link R605 router > Ports 80 & 443 forwarded to unraidip:180/1443

Right now I have cloudflare dns pointing cloud.mydomain.com to nextcloud***.duckdns.org with a dns record only as that is handling my dynamic dns, which seems to be working correctly.

Here is what my nextcloud config file looks like right now, sanitized for personal info

 

Note: I cannot access nextcloud within my network by typing 192.168.69.102:444

 

Thanks for the help

Edited by ps2sunvalley
more info
Link to comment
8 hours ago, ps2sunvalley said:

cannot access nextcloud within my network by typing 192.168.69.102:444

Error? This is your problem I think.

 

Which Nextcloud Container are you using? You tried https. Does your container really use https on port 444?

Link to comment
4 hours ago, mgutt said:

Error? This is your problem I think.

 

Which Nextcloud Container are you using? You tried https. Does your container really use https on port 444?

I'm using Linuxserver.io container.  I basically set everything up back in the day with the SpaceInvaderOne tutorial.  Attached is a picture of my docker page showing the port mappings.

Screenshot 2023-03-10 at 08.58.38.jpg

Link to comment

Is there a special reason why you are using the proxynet network? Try to switch both to bridge to simplify your setup. And you need to find out why nextcloud is not reachable. As long you can't open Nextcloud, NPM can't reach it, too. I mean kinda logic, isn't it?

 

Check the Nextcloud logs. Maybe they contain any errors.

Link to comment
8 hours ago, mgutt said:

Is there a special reason why you are using the proxynet network? Try to switch both to bridge to simplify your setup. And you need to find out why nextcloud is not reachable. As long you can't open Nextcloud, NPM can't reach it, too. I mean kinda logic, isn't it?

 

Check the Nextcloud logs. Maybe they contain any errors.

Yeah, it is logical, however I didn't do anything to change the config that would have broken this.

 

I have changed the containers over to bridge mode and still getting 502 bad gateway from within and outside my home network.

 

And for the container I can open up the console and do some CLI with Nextcloud using some occ commands.

 

Digging into the logs for nextcloud I see a bunch of these entries:

192.168.69.166 - - [08/Mar/2023:20:28:41 -0600] "GET / HTTP/2.0" 500 289 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.3 Safari/605.1.15"

That IP is the IP of the computer I am attempting access from and it makes sense.  If I scroll back through the logs you can see logs from before this got messed up showing my username and my public facing IP as what is accessing the container.

Edited by ps2sunvalley
Link to comment

The latest update to NPM today seems to have broken SSL and thus none of my redirects are working anymore - is anyone else seeing this issue? All my SSL certs expired recently, and when I try and renew them, it always fails. Making a new cert seems to fail too, just showing "Internal Error" in the webUI, and the logs show a failure, too.

Log: https://pastebin.com/Gf59VdS3

Edited by QuestForTori
Link to comment
5 hours ago, QuestForTori said:

The latest update to NPM today seems to have broken SSL and thus none of my redirects are working anymore - is anyone else seeing this issue? All my SSL certs expired recently, and when I try and renew them, it always fails. Making a new cert seems to fail too, just showing "Internal Error" in the webUI, and the logs show a failure, too.

Log: https://pastebin.com/Gf59VdS3

 

That is exactly why I do not auto update NPM 🙂

 

From the changelog :

 

Quote

v2.9.20 

Important: Back up your entire instance before using this new version! As with any new version, there may be breaking changes.

  1. Bring your docker instance down
  2. Zip or copy your data and letsencrypt folders
  3. Pull this new image jc21/nginx-proxy-manager:2.9.20
  4. Bring up your docker stack and check for any problems in the logs
  5. Renew your DNS certs
  6. Check some or all of your hosts for expected behaviour

Changes

  • Workaround for cloudflare plugin install, fixes #2381
  • Fix cerbot plugin installation issues (thanks @i-strelnikov)
  • Load events configuration from custom file (thanks @BitsOfAByte)
  • Update certbot desec plugin, fixes #2485 (thanks @LEDfan)
  • Add Online (online.net) DNS provider (thanks @gromez)
  • ACL changes should not blow away cert config, fixes #2254 (thanks @jmerdich)
  • Use ssl_reject_handshake to reject requests to default https site (thanks @TheBeeZee)
  • Mitigate CVE-2023-23596 by changing child_process.exec to child_process.execFile, fixes #2600 #2063 (thanks @skarlcf)
  • Make sure to lowercase email address entered by the user during login (thanks @jlesage)
  • Update certbot-dns-ionos plugin (thanks @campingwoelfe)
  • Add Google Domains DNS provider (thanks @ ttocsr)
  • Lots of outstanding dependabot updates
  • Updates openssl and other packages from the base image, fixes #2602
  • Added cert-prune command to container, see below

 

From your log file you have issues with permissions and maybe path/location, did you tried to fix that ?

Link to comment
5 hours ago, Kilrah said:

Update went fine for me.

 

One important thing is to never leave stale certs for domains you've removed since they won't be able to renew in that case, and any renewal failure blocks everything. 

 

 

Is there any way to get it working again after deleting unused certs and proxies?

Whenever I try and perform any action in NPM now, it just shows an "Internal Error" in the webUI, and shows this in the log:
 

[3/16/2023] [9:04:28 AM] [Express  ] › ⚠  warning   Command failed: /usr/sbin/nginx -t -g "error_log off;"
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/npm-6/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/npm-6/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

 

Edited by QuestForTori
Link to comment

Oh no, now after restarting the container, the webUI isn't even working and the logs are looking even MORE dire: https://pastebin.com/VS4LZE8U

EDIT: I wiped all my data and started fresh, and even now, requesting a brand new SSL cert still gives an internal error, and in the logs, shows this:
 

[3/16/2023] [9:20:53 AM] [Express  ] › ⚠  warning   Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-1" --agree-tos --authenticator webroot --email "[EMAIL REDACTED]" --preferred-challenges "dns,http" --domains "[URL REDACTED]" 

 

Edited by QuestForTori
Link to comment
8 minutes ago, QuestForTori said:

Oh no, now after restarting the container, the webUI isn't even working and the logs are looking even MORE dire: https://pastebin.com/VS4LZE8U

 

Well the logs are quite selfexplanatory : "parent directory has insecure permissions (It's world writable or writable by group which is not "root")" it only coùplains for log of npm itself though.

 

And then you also have a missing file/directory : letsencrypt/live/npm-6/fullchain.pem

 

Check this on your end.

Link to comment
  • 2 weeks later...

omg 

[3/27/2023] [9:45:17 AM] [SSL      ] › ✖  error     Error: Command failed: /usr/sbin/nginx -t -g "error_log off;" 
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
nginx: configuration file /etc/nginx/nginx.conf test failed

was fine till update!

Link to comment

Hi all, I upgraded Unraid to 6.12 rc2 and now NPM doesn't work. The docker starts, but I get says page can't be displayed. Here is the logs window. Has anyone else had this issue? I see it says "failed to properly bring all the services up" But it is started and stuck on "settings ownership". 

 

image.thumb.png.f96690d7dd462ac648fcffba60714540.png 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.