alturismo Posted December 19, 2023 Share Posted December 19, 2023 1 hour ago, casperse said: I read that the function to enable "Host access to custom networks" will be removed un this thread. So I guess its better to try other alteratives i cant imagine this ... no idea where you read this but up to you 47 minutes ago, casperse said: Anyway NMP is now working with one as host and one in bridge. Thanks again for explaining this! enjoy 1 Quote Link to comment
Kilrah Posted December 20, 2023 Share Posted December 20, 2023 (edited) 10 hours ago, alturismo said: i cant imagine this ... no idea where you read this but up to you IIRC it was either in the help text for the option in 6.11 or in the old doc but it seems that decision was reverted. I remember setting up my things to not use it because of that about 1.5 year ago. Edited December 20, 2023 by Kilrah 1 Quote Link to comment
casperse Posted December 20, 2023 Share Posted December 20, 2023 4 hours ago, Kilrah said: IIRC it was either in the help text for the option in 6.11 or in the old doc but it seems that decision was reverted. I remember setting up my things to not use it because of that about 1.5 year ago. Yes some time ago: Quote Link to comment
alturismo Posted December 20, 2023 Share Posted December 20, 2023 16 minutes ago, casperse said: Yes some time ago: ahh, ok, a rumor nahh, i know its been discussed as some people had issues with stalled Servers due macvlan traces ... but never been officially announced to remove this feature. Quote Link to comment
sonofdbn Posted December 20, 2023 Share Posted December 20, 2023 I'm trying to replace Swag (for a convoluted reason - it was working fine) with NPM. I have two unRAID servers, and Swag (which is no longer running) and NPM are on Server1, which also has a Nextcloud container. Both NPM and Nextcloud are on a custom network called proxynet. I'm using DuckDNS, and previously had nextcloud.mydomain.duckdns.org pointing to my Nextcloud container and everything was fine with Swag. Now I have set up NPM on proxynet, and learned that instead of using container.mydomain.duckdns.org, it was more convenient for running NPM to use container.npmdomain.mydomain.duckdns.org because then I could use *.npmdomain.mydomain.duckdns.org for the SSL certificates. So I deleted nextcloud.mydomain.duckdns.org (and removed it from my duckdns container on Server1), and set up npmdomain.mydomain.duckdns.org. So far NPM works fine for connecting to itself (I think I was following a YouTube tutorial). It also works fine connecting to Jellyfin, which is running on Server2 and is named jellyfin.npmdomain.mydomain.duckdns.org. But I can't connect to nextcloud.npmdomain.mydomain.duckdns.org. I checked connectivity using the curl command in the NPM console and the nextcloud container is reachable. But I can't reach Nextcloud using nextcloud.npmdomain.mydomain.duckdns.org. In the Nextcloud container, let's say I map port 1443 to 443 in the container. I'm not sure what to enter as the destination in the Proxy Host entry for Nextcloud. If I use https://nextcloud:1443 I get 502 Bad Gateway. If I use https://Server1 IP address:1443, I get "This site can't be reached." And the odd thing is that it's somehow still picking up the old nextcloud.mydomain.duckdns.org name. (Deleted days ago, so shouldn't be a propagation issue.) The browser address bar shows nextcloud.mydomain.duckdns.org, not nextcloud.npmdomain.mydomain.duckdns.org. What am I doing wrong? Quote Link to comment
SidM Posted December 26, 2023 Share Posted December 26, 2023 On 9/26/2023 at 8:54 PM, SidM said: Hallo Zusammen, seit gestern habe ich mal wieder ein wenig Trouble mit Nginx. Ich habe für meine Nextcloud Instanz 2x DynDNs (Strato und DuckDNS) eingerichtet, falls mal eins von beiden nicht gehen sollte, ich immer noch über die jeweilige andere Domain gehen kann. (Ursprünglich hatte ich nur DuckDNS, da ich aber einen schöneren Namen für die Domain haben wollte, kam Strato dazu) Das ganze hab ich nun seit nen 3/4 Jahr soweit laufen und zugriff über https mit Zertifikaten von Let's Encrypt. Nun sind gestern mal wieder die Zertifikate abgelaufen und ich wollte diese im WebUI erneuern. Für die DuckDNS Domain hat dies funktioniert, aber bei der Strato Domain kommt die Meldung "Internal Error". Dies hatte ich beim Letzen mal auch schon gehabt, nur konnte ich dort das Zertifikat weder für die eine noch die andere Domain erneuern. Irgendwann hat es funktioniert, nur leider weiß ich nicht mehr was der Fehler war. Was habe ich getestet/kontrolliert: - DynDNS ist bei der Strato Domain aktiv - Wenn ich die aktuelle öffentliche IPv4 Adresse im Browser eingebe, komme ich auf die "Congratulations!" Seite von NGINX - In der Fritzbox sind die Ports 443 und 80 eingerichtet und zeigen auf NGINX - Im Log von NGINX steht "Another instance of Certbot is already running" ( Ich erinnere mich, dass diese Meldung beim letzten mal auch da stand. - Wenn ich den Proxy Host lösche und neu anlege funktioniert es ohne Fehler - Zusätzlich habe ich beim neu anlegen bemerkt, dass die Optionen "Force SSL", "HTTP/2 Support" "HSTS enabled" nach den speichern wieder deaktiviert wurden. Ich kann diese zwar dann nochmal aktivieren und er behält dieses mal die Einstellung, aber ist das Normal? Danke und viele Grüße! Hallo Zusammen, alle Monate wieder.... es ist mal wieder soweit, dass die Zertifikate abgelaufen sind und sich nicht wieder automatisch verlängert haben. Auch ist es wieder nicht Möglich in der Webui die Zertifikate zu erneuern. (Internal Error) im Log steht dazu folgendes: [12/26/2023] [12:46:46 PM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates for Cert #1: meine.Domain [12/26/2023] [12:46:46 PM] [SSL ] › ℹ info Command: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-1" --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation [12/26/2023] [12:46:58 PM] [Express ] › ⚠ warning Command failed: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-1" --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation Saving debug log to /tmp/letsencrypt-log/letsencrypt.log Failed to renew certificate npm-1 with error: Some challenges have failed. All renewals failed. The following certificates could not be renewed: /etc/letsencrypt/live/npm-1/fullchain.pem (failure) 1 renew failure(s), 0 parse failure(s) Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details. Hat bitte jemand eine Lösung dafür? Der hinweiß auf github "force SSL" auszuschalten bringt leider nichts. Vielen Dank. Quote Link to comment
alturismo Posted December 26, 2023 Share Posted December 26, 2023 24 minutes ago, SidM said: Hallo Zusammen, alle Monate wieder.... this is a english only part here, so please edit the post in english, thanks. btw. you will have alot more ppl able to help then if you cant, may try your luck in the german part of the Forum. 1 Quote Link to comment
SidM Posted December 26, 2023 Share Posted December 26, 2023 Quote Hello everyone, Since yesterday I've been having a bit of trouble with Nginx again. I have set up 2x DynDNs (Strato and DuckDNS) for my Nextcloud instance, so if one of the two doesn't work, I can still use the other domain. (Originally I only had DuckDNS, but since I wanted a nicer name for the domain, Strato was added) I've had the whole thing running for 3/4 years now and accessed via https with certificates from Let's Encrypt. Yesterday the certificates expired again and I wanted to renew them in the WebUI. This worked for the DuckDNS domain, but for the Strato domain the message “Internal Error” appears. I already had this the last time, but I couldn't renew the certificate for one or the other domain. At some point it worked, but unfortunately I don't remember what the error was. What did I test/check: - DynDNS is active on the Strato domain - When I enter the current public IPv4 address in the browser, I come to the “Congratulations!” page of NGINX - Ports 443 and 80 are set up in the Fritzbox and point to NGINX - The NGINX log says “Another instance of Certbot is already running” (I remember this message was there last time too. - If I delete the proxy host and recreate it, it works without errors - Additionally, when I recreated I noticed that the options “Force SSL”, “HTTP/2 support” “HSTS enabled” were deactivated again after saving. I can then activate it again and it will keep the setting this time, but is that normal? Thanks and best regards! Hello everyone, every month... It's that time again when the certificates have expired and have not been automatically renewed again. It is also not possible to renew the certificates in the Webui. (Internal error) The log says the following: [12/26/2023] [12:46:46 PM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates for Cert #1: meine.Domain [12/26/2023] [12:46:46 PM] [SSL ] › ℹ info Command: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-1" --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation [12/26/2023] [12:46:58 PM] [Express ] › ⚠ warning Command failed: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-1" --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation Saving debug log to /tmp/letsencrypt-log/letsencrypt.log Failed to renew certificate npm-1 with error: Some challenges have failed. All renewals failed. The following certificates could not be renewed: /etc/letsencrypt/live/npm-1/fullchain.pem (failure) 1 renew failure(s), 0 parse failure(s) Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details. Does anyone have a solution for this please? Unfortunately, turning off “force SSL” on Github doesn’t help. Thank you. Quote Link to comment
mgutt Posted December 26, 2023 Author Share Posted December 26, 2023 6 hours ago, SidM said: See the logfile /tmp/letsencrypt-log/letsencrypt.log The error is written to this logs. I still don't understand why NPM is hiding them in a different log file instead of writing them to the default container logs. Quote Link to comment
SidM Posted December 27, 2023 Share Posted December 27, 2023 On 12/26/2023 at 7:28 PM, mgutt said: The error is written to this logs. I still don't understand why NPM is hiding them in a different log file instead of writing them to the default container logs. Unfortunately you can forget the log completely, it only contains the following: 2023/12/27 20:48:43 [notice] 203#203: signal process started 2023/12/27 20:52:23 [notice] 221#221: signal process started 2023/12/27 20:52:31 [notice] 242#242: signal process started 2023/12/27 20:53:10 [notice] 259#259: signal process started 2023/12/27 20:53:17 [notice] 280#280: signal process started 2023/12/27 21:00:13 [notice] 197#197: signal process started 2023/12/27 21:00:27 [notice] 215#215: signal process started 2023/12/27 21:00:38 [notice] 237#237: signal process started 2023/12/27 21:00:38 [notice] 265#265: signal process started 2023/12/27 21:02:36 [notice] 283#283: signal process started 2023/12/27 21:03:06 [notice] 304#304: signal process started 2023/12/27 21:05:10 [notice] 321#321: signal process started 2023/12/27 21:05:27 [notice] 342#342: signal process started I have now deleted the container including all files and then reinstalled it. I also changed the network setting from Bridge to Custom: eth0 (including changing the port forwarding on the Fritzbox) The first domain worked straight away and with the second one I get the error message “Internal error” again. With the second domain everything is really the same as with the first, except that the domain name is different. I don't understand it and I can't figure it out. Fortunately, I now have 3 months of peace with one domain. But it would be nice if I knew where to look or where I'm doing something wrong Quote Link to comment
jspeeples Posted December 29, 2023 Share Posted December 29, 2023 Fresh install of NPM using the br0 network and its own IP. Have both 443 and 80 ports forwarded with my router and even able to ping them from outside the network. When I try to add a new Proxy Host and enable SSL its says: "Internal Error" If I go to SSL Certificates and create a new one it says: "Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-12" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "mydomain.org" Saving debug log to /tmp/letsencrypt-log/letsencrypt.log Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details. at ChildProcess.exithandler (node:child_process:402:12) at ChildProcess.emit (node:events:513:28) at maybeClose (node:internal/child_process:1100:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)" Quote Link to comment
SidM Posted December 29, 2023 Share Posted December 29, 2023 52 minutes ago, jspeeples said: Fresh install of NPM using the br0 network and its own IP. Have both 443 and 80 ports forwarded with my router and even able to ping them from outside the network. When I try to add a new Proxy Host and enable SSL its says: "Internal Error" If I go to SSL Certificates and create a new one it says: "Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-12" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "mydomain.org" Saving debug log to /tmp/letsencrypt-log/letsencrypt.log Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details. at ChildProcess.exithandler (node:child_process:402:12) at ChildProcess.emit (node:events:513:28) at maybeClose (node:internal/child_process:1100:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)" Seems quite familiar to me...😒 1 Quote Link to comment
MAM59 Posted December 30, 2023 Share Posted December 30, 2023 You won't be able to get this to run with Bridge Mode and a Fritzbox. The Fritzbox uses the MAC Address to determine a host, it does not care about the IP Address. So, if the MACs are identical, the IPs are overwritten and the computer is treated as one box (using the last IP that was announced with this MAC) To get NPM to run in this environment, you need to install it in HOST mode (moving the UNRAID GUI to different ports before!) and use ports 80 and 443. Then everything will work Quote Link to comment
Nexus Posted January 1 Share Posted January 1 (edited) Hi friends, I am trying to set up NPM, and I have it running with br0, and can login etc...but when I try to request an SSL cert I get an error: warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-4" --agree-tos --authenticator webroot --email When I test server reachability, I see this in the logs: ❯ Starting backend ... [12/31/2023] [9:04:07 PM] [Global ] › ℹ info Using Sqlite: /data/database.sqlite [12/31/2023] [9:04:08 PM] [Migrate ] › ℹ info Current database version: none [12/31/2023] [9:04:08 PM] [Setup ] › ℹ info Logrotate Timer initialized [12/31/2023] [9:04:08 PM] [Setup ] › ℹ info Logrotate completed. [12/31/2023] [9:04:08 PM] [IP Ranges] › ℹ info Fetching IP Ranges from online services... [12/31/2023] [9:04:08 PM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json [12/31/2023] [9:04:08 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4 [12/31/2023] [9:04:08 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6 [12/31/2023] [9:04:08 PM] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized [12/31/2023] [9:04:08 PM] [SSL ] › ℹ info Renewing SSL certs close to expiry... [12/31/2023] [9:04:08 PM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized [12/31/2023] [9:04:08 PM] [Global ] › ℹ info Backend PID 515 listening on port 3000 ... [12/31/2023] [9:04:09 PM] [Nginx ] › ℹ info Reloading Nginx [12/31/2023] [9:04:09 PM] [SSL ] › ℹ info Renew Complete But no obvious (to me) errors. I don't know how to get past it. I have forwarded the proper ports (81,443,80) to the NGINX container IP - so I don't know where else to look. Thanks for any help/pointers. Edit: Well I tried this morning, and it worked. Must have been some issues on the LE API side. Carry on. Edited January 1 by Nexus Quote Link to comment
tokar86a Posted January 5 Share Posted January 5 Hi I am running Webmin behind NPM. The problem i am having is that when i am visiting Webmin admin portal i get the same loggin ip as the NPM docker contatiner host. In this case 192.168.1.118 when the ip should be 192.168.1.160. Any suggesting when it comes to get webmin to understand my true IP address? I have sett the following headers in NPM advance section: real_ip_header CF-Connecting-IP; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; And in Webmin i have turn the following setting on: Trust remote IP address provided by proxies. But it still something that is missing here. Quote Link to comment
Avenga Posted January 6 Share Posted January 6 (edited) Hi, is there a log file, where I can see when (time) who (IP) querys my Proxy? fail2ban is not included in this docker right? P.S. Unlike what is described on the first page here, I can access my services perfectly via IPv6 in bridge mode and with ports >8000. So no port change from Unraid WebUI necessary, and no host network. sub.mydomain.net:8399 for example. the service shows fd17::1 has entered, like in the teamspeak3 docker... Edited January 6 by Avenga Quote Link to comment
mgutt Posted January 6 Author Share Posted January 6 41 minutes ago, Avenga said: I can access my services perfectly via IPv6 in bridge mode Until your ipv6 prefix changes.... 42 minutes ago, Avenga said: sub.mydomain.net:8399 I don't think anybody uses a web proxy with custom ports. I mean why even using a reverse proxy if you don't want to use the default ports for http and https. Quote Link to comment
Avenga Posted January 6 Share Posted January 6 I´ve changed my IPv6 Prefix just now, updated my DynDNS and get access via IPv6 again, just like in Teamspeak3 Docker. Why not, no problem, the bridge does masquared IPv6 I think. I would prefer to use web proxy with custom ports, but of course everyone should decide for themselves.. Log Files can be seen /mnt/user/appdata/Nginx-Proxy-Manager-Official/data/logs It would be very very nice if you can see the logs in the Nginx WebUI. Quote Link to comment
Archonite Posted January 7 Share Posted January 7 Hi everyone, I have an issue that started recently. I have a few sites (e.g Vaultwarden, overseer) exposed through Cloudflare tunnel + NPM. They no longer seem to be working for some reason. When I hit the URL endpoint, nothing happens until the request times out and I get a 524 HTTP Error from cloudflare. Looking at the logs, I can see the request come in through the tunnel and then to NPM: ==> /data/logs/proxy-host-20_access.log <== [07/Jan/2024:15:29:04 -0500] - 307 307 - GET https my.domain.url "/" [Client xx.xx.xx.xx] [Length 5] [Gzip -] [Sent-to 192.168.1.24] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "-" But it seems like it never goes back to cloudflare to serve the site. I can access the site locally no problem with the configured URL + port over HTTP I have configured in NPM. Has anyone experienced this before? Any ideas or things to look at? Quote Link to comment
serversonfire Posted January 10 Share Posted January 10 On 12/29/2023 at 5:45 PM, SidM said: Seems quite familiar to me...😒 Me too why is this happening again. I always say "why did I ever switch away from NPM its so easy with the GUI" then randomly a few months into using it with no changes and boom lets encrypt stops working completely for me. INTERNAL ERROR. Does anyone know how to troubleshoot this? I always just end up switching away when this happens then coming back a or so year later figuring it must be resolved. Quote Link to comment
gadget069 Posted January 19 Share Posted January 19 (edited) Updated NPM last night now I'm getting a "bad gateway" error ❯ Starting nginx ... ❯ Starting backend ... [1/19/2024] [7:29:36 AM] [Global ] › ℹ info Using Sqlite: /data/database.sqlite [1/19/2024] [7:29:36 AM] [Migrate ] › ℹ info Current database version: none ❯ Configuring npm user ... 0 usermod: no changes ❯ Configuring npm group ... ❯ Checking paths ... ❯ Setting ownership ... ❯ Dynamic resolvers ... ❯ IPv6 ... Enabling IPV6 in hosts in: /etc/nginx/conf.d - /etc/nginx/conf.d/default.conf - /etc/nginx/conf.d/include/assets.conf - /etc/nginx/conf.d/include/block-exploits.conf - /etc/nginx/conf.d/include/force-ssl.conf - /etc/nginx/conf.d/include/ip_ranges.conf - /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf - /etc/nginx/conf.d/include/proxy.conf - /etc/nginx/conf.d/include/ssl-ciphers.conf - /etc/nginx/conf.d/include/resolvers.conf - /etc/nginx/conf.d/production.conf Enabling IPV6 in hosts in: /data/nginx - /data/nginx/proxy_host/8.conf - /data/nginx/proxy_host/7.conf - /data/nginx/proxy_host/1.conf - /data/nginx/proxy_host/6.conf ❯ Docker secrets ... Edited January 19 by gadget069 Quote Link to comment
blaine07 Posted January 19 Share Posted January 19 25 minutes ago, gadget069 said: Updated NPM last night now I'm getting a "bad gateway" error ❯ Starting nginx ... ❯ Starting backend ... [1/19/2024] [7:29:36 AM] [Global ] › ℹ info Using Sqlite: /data/database.sqlite [1/19/2024] [7:29:36 AM] [Migrate ] › ℹ info Current database version: none ❯ Configuring npm user ... 0 usermod: no changes ❯ Configuring npm group ... ❯ Checking paths ... ❯ Setting ownership ... ❯ Dynamic resolvers ... ❯ IPv6 ... Enabling IPV6 in hosts in: /etc/nginx/conf.d - /etc/nginx/conf.d/default.conf - /etc/nginx/conf.d/include/assets.conf - /etc/nginx/conf.d/include/block-exploits.conf - /etc/nginx/conf.d/include/force-ssl.conf - /etc/nginx/conf.d/include/ip_ranges.conf - /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf - /etc/nginx/conf.d/include/proxy.conf - /etc/nginx/conf.d/include/ssl-ciphers.conf - /etc/nginx/conf.d/include/resolvers.conf - /etc/nginx/conf.d/production.conf Enabling IPV6 in hosts in: /data/nginx - /data/nginx/proxy_host/8.conf - /data/nginx/proxy_host/7.conf - /data/nginx/proxy_host/1.conf - /data/nginx/proxy_host/6.conf ❯ Docker secrets ... https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3237#issuecomment-1900351270 1 Quote Link to comment
nerbonne Posted January 19 Share Posted January 19 7 hours ago, blaine07 said: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3237#issuecomment-1900351270 How do you roll back to 2.10.4? 1 Quote Link to comment
blaine07 Posted January 19 Share Posted January 19 18 minutes ago, nerbonne said: How do you roll back to 2.10.4? 1 Quote Link to comment
blaine07 Posted January 21 Share Posted January 21 2.11.1 is alleged to fix the login issues and issues with 2.11.0. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.