Kilrah Posted November 5, 2023 Share Posted November 5, 2023 The admin page itself should NOT be accessible over the internet in the first place. Quote Link to comment
mgutt Posted November 5, 2023 Author Share Posted November 5, 2023 Are you talking about the welcome page which is only visible while opening the public IP? Quote Link to comment
adminmat Posted November 5, 2023 Share Posted November 5, 2023 5 hours ago, mgutt said: Are you talking about the welcome page which is only visible while opening the public IP? Correct. This page is being flagged by BrightCloud crawlers and since it says "Proxy" BrightCloud lists the public IP as "High Risk." Many large companies and orgs like State Farm Insurance, NY State . Gov, many large banks use their lists to ban IP address. So others who had this issue had to change this type of page to not say "Proxy" Note: this is not my site, I told the person to not expose the admin page. I would not do this. Here is an email from BrightCloud to someone else that had a public facing page that said "Proxy" who was added to the blacklist. Quote Link to comment
mgutt Posted November 5, 2023 Author Share Posted November 5, 2023 2 hours ago, adminmat said: 8 hours ago, mgutt said: Are you talking about the welcome page which is only visible while opening the public IP? Correct Then add a redirect host: Domain Name: ~^[0-9.]+ Forward domain: yourdomain.example.org HTTP Code: 307 After the redirect works as you need it, you could change the HTTP Code to 301 (this is cached by your browser, so test with 307 first). I've even added a redirect for my unRAID server name as I'm using a custom port and by that I don't need to type the port: Quote Link to comment
Kilrah Posted November 5, 2023 Share Posted November 5, 2023 3 hours ago, adminmat said: So the problem is the default page for nonconfigured hosts, one solution is not to put a wildcard DNS but only actually have entries for existing subdomains, anothzer is what's on the bottom of the email, just change the option for "default site" in NPM settings. Quote Link to comment
Bertoo1337 Posted November 6, 2023 Share Posted November 6, 2023 Hey guys one of my certificates was about to run out, so i tried to refresh it. since it ran into an internal error I restarted the container, because i had this issue before. But now it wont start again. This is the message that keeps popping up in the Log: nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/npm-11/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/npm-11/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) reinstalling the container didnt work either... After 2 hours of google, reddit etc. i can't find a solution. Any ideas? Quote Link to comment
mgutt Posted November 6, 2023 Author Share Posted November 6, 2023 45 minutes ago, Bertoo1337 said: Any ideas? The symbolic link "fullchain.pem" could be missing in your case because of an unRAID Bug in and old version (The mover didn't move symbolic links). Another reason could be, that you are using /mnt/cache in the container settings, but the files have been moved to the array. If you don't have an idea how to solve this: Delete the npm dir and reinstall it. This is the easiest method. Quote Link to comment
Bertoo1337 Posted November 6, 2023 Share Posted November 6, 2023 1 hour ago, mgutt said: If you don't have an idea how to solve this: Delete the npm dir and reinstall it. This is the easiest method. Well... exactly there is the error: this directory doesnt exist at all. I thought there was an easy way to fix it. I uninstalled it now, deleted my data for the container and started from scratch. not too big of a deal, because i only need 3 subdomains to be rerouted to my services on my server. but thanks anyway ^^ Quote Link to comment
gadget069 Posted November 26, 2023 Share Posted November 26, 2023 I believe there was a recent update that I took. I started getting emails that some of my certs were going to expire. I did not take care of them right away. I've tried a few time to update them throught the dashboard and they fail. I'm a complete newb at this stuff. Quote [11/26/2023] [10:31:33 AM] [SSL ] › ℹ info Renewing SSL certs close to expiry... [11/26/2023] [10:32:15 AM] [SSL ] › ✖ error Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --preferred-challenges "dns,http" --disable-hook-validation Failed to renew certificate npm-50 with error: Some challenges have failed. Failed to renew certificate npm-55 with error: Some challenges have failed. Failed to renew certificate npm-58 with error: Some challenges have failed. Failed to renew certificate npm-65 with error: Some challenges have failed. Failed to renew certificate npm-67 with error: Some challenges have failed. All renewals failed. The following certificates could not be renewed: /etc/letsencrypt/live/npm-50/fullchain.pem (failure) /etc/letsencrypt/live/npm-55/fullchain.pem (failure) /etc/letsencrypt/live/npm-58/fullchain.pem (failure) /etc/letsencrypt/live/npm-65/fullchain.pem (failure) /etc/letsencrypt/live/npm-67/fullchain.pem (failure) 5 renew failure(s), 0 parse failure(s) Quote Link to comment
Kilrah Posted November 26, 2023 Share Posted November 26, 2023 That usually means your domains aren't actually configured to resolve to your server anymore, need to fix that. Maybe your ip changed and you haven't set up automatic updating of your DNS records. Quote Link to comment
Helio667 Posted November 27, 2023 Share Posted November 27, 2023 Hi, I'm having issues accessing any of my hosted services proxied behind NPMO whilst using Proton VPN. If I turn it off or forward the relevant port directly on my router everything's good. Using cloudflare & let's encrpyt. Any help would be greatly appreciated. Cheers! Quote Link to comment
gadget069 Posted November 27, 2023 Share Posted November 27, 2023 20 hours ago, Kilrah said: That usually means your domains aren't actually configured to resolve to your server anymore, need to fix that. Maybe your ip changed and you haven't set up automatic updating of your DNS records. There was an ip address change detected by duckdns. I restarted duckdns and proxy manager. I've literally havent changed anything since I first got it up and running. Quote Link to comment
Helio667 Posted November 28, 2023 Share Posted November 28, 2023 On 11/27/2023 at 11:02 PM, Helio667 said: Hi, I'm having issues accessing any of my hosted services proxied behind NPMO whilst using Proton VPN. If I turn it off or forward the relevant port directly on my router everything's good. Using cloudflare & let's encrpyt. Any help would be greatly appreciated. Cheers! All good, turns out my ISP was blocking ports Quote Link to comment
enJOyIT Posted December 14, 2023 Share Posted December 14, 2023 (edited) One short question,,, what's about the access.log files? Are they deleted after a while? I'm afraid that they will blow up after some time. Edited December 14, 2023 by enJOyIT Quote Link to comment
Sheep Posted December 18, 2023 Share Posted December 18, 2023 (edited) So my Nginxy Proxy Manager has been working fine for months now, but for the past couple of days I have been getting this error. Any help would be much appreciated. I haven't touched it in ages, and I'm also now getting an "internal error" in Nginxy Proxy Manager if I try to get an SSL for my subdomains. Edited December 18, 2023 by Sheep Quote Link to comment
Kilrah Posted December 18, 2023 Share Posted December 18, 2023 Check on the certificates tab if none is for a domain that isn't linked to your instance anymore. Quote Link to comment
casperse Posted December 19, 2023 Share Posted December 19, 2023 I needed a second Plex docker and did this by creating a fixed IP on br0, but is there anyway to use NGINX? I have been reading and your great table says no? My docker is working and running in parallel. And the local link works. And I did set the: I have 40 working locations, but this one keeps getting me: Quote Link to comment
alturismo Posted December 19, 2023 Share Posted December 19, 2023 15 minutes ago, casperse said: I have been reading and your great table says no? if you read also the header ... so yes, if you have this disabled in your docker settings (settings, docker, ... default, no) then yes, bridged, custom and host cant "talk" to each other ... if you enable the host access ... then it of course works and the Info you posted is obsolete ... but you also know you just could run your second instance on another port ... just map a different port like 42400 ... Quote Link to comment
casperse Posted December 19, 2023 Share Posted December 19, 2023 1 hour ago, alturismo said: if you read also the header ... so yes, if you have this disabled in your docker settings (settings, docker, ... default, no) then yes, bridged, custom and host cant "talk" to each other ... if you enable the host access ... then it of course works and the Info you posted is obsolete ... but you also know you just could run your second instance on another port ... just map a different port like 42400 ... I dont think its possible to change the Plex internal port (Many other posts are at least saying that you cant do that)? Hmm I forgot the above setting, when I created the Proxynet on Unraid, I dont beleive it would be good to enable custom networks? Or I have to find a LAN card and make a special group for this docker 😞 Thanks for your insight! Quote Link to comment
alturismo Posted December 19, 2023 Share Posted December 19, 2023 30 minutes ago, casperse said: I dont think its possible to change the Plex internal port (Many other posts are at least saying that you cant do that)? i didnt meant to change the internal native port, you are running your dockers in bridge mode ... so you map the ports you need then .. Plex Session 1/ 32400 <> 32400 (plex) 2/ 32400 <> 42400 (plexii) that would be it, of course you should use 2 different appdata folders ... and different names so you can map npm to plex > 32400 plexii > 32400 (or host ip:42400) but you will find a solution ... 30 minutes ago, casperse said: I dont beleive it would be good to enable custom networks? well, if you want your dockers more isolated, yes, keep as is ... your decision Quote Link to comment
casperse Posted December 19, 2023 Share Posted December 19, 2023 2 hours ago, alturismo said: i didnt meant to change the internal native port, you are running your dockers in bridge mode ... so you map the ports you need then .. Plex Session 1/ 32400 <> 32400 (plex) 2/ 32400 <> 42400 (plexii) that would be it, of course you should use 2 different appdata folders ... and different names so you can map npm to plex > 32400 plexii > 32400 (or host ip:42400) but you will find a solution ... well, if you want your dockers more isolated, yes, keep as is ... your decision Sorry I am not following how to do this. (Plex really doesn't like having two instances on the same server) I already have two dockers running with each in separate appdata folders. Plex (Main): Host mode Plex (second): in Br0 - fixed IP Many people wants two Plex servers on Unraid, and end up having a second VM with a dedicated LAN port (Passthrough). All my other dockers are either using the proxynet but my Plex server (Main) needs to run in host mode. So I haven't found any way (Except maybe some special network creation to be used specially for a 2 plex server setup.) Mapping ports through a router is easy. Are you talking about mapping ports in the nginx proxy manager? Quote Link to comment
alturismo Posted December 19, 2023 Share Posted December 19, 2023 8 minutes ago, casperse said: Plex (Main): Host mode ok, you cant run 2 instances on host ... but this would collide with your upper posts about bridge ... so host mode is active i assume, or is your NPM and all other dockers also in host mode ? basically, the only issue i could imagine is port colliding ... so, either you just setup plex1 in host, plex2 in bridge and change the port mapping from plex2 docker (host side port) so, either you setup both in bridge and change the port mapping from plex2 docker (host side port) so, either you set them both in custom eth0 (br0) and each will have its own ip ... so, either .... all Variants should work to run 2 Plex instances now, accessing them via NPM (im a swag user, but doesnt matter), you just point to the Plex Dockers with different subdomains ... or even subfolders ... depending now where your NPM is running (host, bridge, custom ...) you can either use as sample if all are on the same bridge (like standard bridge or the common proxynet) you call the plex instances either by name, like plex and plexii, if the are on different network types you can always call them via IP:Port ... sample Host_ip:32400 < Plex 1 Custom_IP:32400 < Plex 2 Quote Link to comment
casperse Posted December 19, 2023 Share Posted December 19, 2023 4 hours ago, alturismo said: ok, you cant run 2 instances on host ... but this would collide with your upper posts about bridge ... so host mode is active i assume, or is your NPM and all other dockers also in host mode ? basically, the only issue i could imagine is port colliding ... I might have this setup wrong, so long time since I did this (So sorry for asking stupid Questions, I am truly reading to find answers :-). I have like many others created my "Proxynet" and Yes I use the names of the dockers in NMP, and it works great! But I cant use Proxynet for Plex I get no IP? and cant access the Plex server (Like below) Quote so, either you just setup plex1 in host, plex2 in bridge and change the port mapping from plex2 docker (host side port) so, either you setup both in bridge and change the port mapping from plex2 docker (host side port) so, either you set them both in custom eth0 (br0) and each will have its own ip ... so, either .... all Variants should work to run 2 Plex instances Each have there own IP now, one is Host IP and the other is br0 fixed custom IP: 192.168.0.2 If I try bridge or Proxynet I get the above or below picture with no IP? When you say changing host side ports? Is that adding each port as a variable in the docker interface and substituting them with others? (I think I once tried that, but mostly I dont change ports on Unraid dockers) NMP is on the Proxynet: My only working options so far (I have tried all other) for Plex has been to keep my main on Host and the other on Br0: I guess my Proxynet is the same as when you say standard bridge? The above br0 "works" just not for NMP - But accessing the http://192.168.0.2:32400/web works (Plex 2) I added the /web under the host to get that working long ago for the host one, and that works in NMP Doing this for the 192.168.0.2 br0 I get the: I read that the function to enable "Host access to custom networks" will be removed un this thread. So I guess its better to try other alteratives And thanks Alturismo for helping me out! Much appreciated, I think I am missing something "stupid" just cant put my finger on it. Quote Link to comment
Kilrah Posted December 19, 2023 Share Posted December 19, 2023 If you want to reverse proxy a container on br0 without host access to custom networks you'll need to run NPM on Host. Quote Link to comment
casperse Posted December 19, 2023 Share Posted December 19, 2023 But that would result in not using the proxynet and sharing the docker naming in NMP right? I did read (Read most of all the posts in this thread) that running NMP on Host was "recommended" but since I have + 40 proxyhosts I really dont want to change all of them 🙂 Ok so I read up on ports and I changed them all like below (Making sure no ports conflicted) I now have first in Host and second running in bridge (Hmm I didn't try proxynet? would that work now?) Anyway NMP is now working with one as host and one in bridge. Thanks again for explaining this! Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.