Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Nginx Proxy Manager (NPM) Official

Featured Replies

image.thumb.png.8028b6ea252f3b3cbd359d452b5d4437.png

 

I've tried to disable IPv6 on unRAID but it still has the same issue

 

EDIT: I've just nuked the Docker and config files and started over again, seems to work now, not sure if it will continue to work after an update though.

 

EDIT 2: Turns out rebooting it, killed it again.

Edited by Vista2003

  • Replies 1.2k
  • Views 393.2k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • malghana
    malghana

    Solution: For easy access, copied this solution from Github user: "marcosvfc" GitHub Cannot Log into Admin After Upgrade to 2.12.4 · Issue #46... Checklist Have you pulled and found the error with j

  • No joke: I missed this part in the docs:   I will update the container and remove the external DB. SQLite is the easier option for the user.

  • I think this is false.   Try this in advanced: location / { add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;   proxy_set_header Upgrade $ht

Posted Images

  • Author
1 hour ago, Vista2003 said:

I'm not entirely sure what I'm looking for here

Docker to No and then you should be able to disable IPv6 custom....

 

8 minutes ago, Vista2003 said:

I've tried to disable IPv6 on unRAID but it still has the same issue

Ok, hmmm.

 

EDIT: One moment. The error appears after reading stream/2.conf. Please open the NPM console and execute the following:

su
cat /data/nginx/stream/2.conf

 

Does this stream host use port 80 and/or 443?

 

You can not setup a stream host with this ports as they are used by NPM itself.

Hello!

 

trying to debug an issue I’m having. I have NPM installed, my DNS is sorted, I have a host configured and the SSL certificate has been registered. So I’m preset sure every part of the chain to NPM is working, however when I try to connect to the URL I have configure it times out as unreachable.

 

im guessing it’s an issue between the container and the rest of my UNRAID ecosystem, I’ve tried connecting to other continents and VM hosted applications with no luck. But the logs are not really helpful, is there a way to turn on debug logging to see what js happening within NPM and why it’s not finding the endpoint specified?

 

One thing I’ve noticed is every guide I’ve seen has the container on a custom network type, where as mine is set for bridge. When I switch to something else the SSL service can’t renew certificates so breaks that part of the chain.

 

all advice or suggestions welcome.

 

thanks in advance

On 1/30/2022 at 4:36 PM, mgutt said:

 

Thanks, if I run the curl from the console I get "HTTP/1.1 200 OK" which is good, however when I try to connect on the url I get chromes "ERR_CONNECTION_TIMED_OUT"

 

As it stands I have:

  • dns for subdomain.domain.com to my public IP
  • two port forwarding rules on my router for port 80 and 443 to the IP of the NPM container (i have changed the IP on unraid from port 80 to allow NPM to have it)
  • When I connect to the NPM with both http and https I get the correct splash page
  • Within NPM I have a Proxy Host
    • Details
      • Domain Name: subdomain.domain.com
      • Scheme: http
      • Forward Hostname / IP: 172.16.1.1
      • Forward Port: 8181
      • Cache Assets: Off
      • Block Common Exploits: On
      • Websockets Support: Off
      • Access List: Publicly Accessible
    • Custom Locations
      • None
    • SSL
      • SSL Certificate: subdomain.domain.com
      • Force SSL: On
      • HTTP/2 Support: On
      • HSTS Enabled: Off
      • HSTS Subdomains: Off
    • Advanced
      • None
         

When I run 

curl -sSL -D - http://172.16.1.1:8181 -o /dev/null

 

I get the following response

 

HTTP/1.1 303 See Other
Content-Type: text/html;charset=utf-8
Server: CherryPy/unknown
Date: Thu, 03 Feb 2022 15:58:50 GMT
Location: http://172.16.1.1:8181/home
Vary: Accept-Encoding
Content-Length: 100

HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
Server: CherryPy/unknown
Date: Thu, 03 Feb 2022 15:58:50 GMT
Vary: Accept-Encoding
Content-Length: 68695

 

I thought maybe its a port issue, so I have added a port forward rule on the router for 8181 but this doesn't fix it (I assume the port number is handled by NPM but was running out of ideas!)

  • Author
1 hour ago, Camnomis said:

When I connect to the NPM with both http and https I get the correct splash page

What happens if you open http://yourpublicip ?

4 minutes ago, mgutt said:

What happens if you open http://yourpublicip ?

 

This site can’t be reached

xxx.xxx.xxx.xxx took too long to respond.

 

Try:

Checking the connection

Checking the proxy and the firewall

ERR_CONNECTION_TIMED_OUT

Scrap that!

It seems to work from when I am accessing the urls from outside my network, but just not while I am at home. 

  • Author
24 minutes ago, Camnomis said:

It seems to work from when I am accessing the urls from outside my network, but just not while I am at home. 

Hmm that's strange. And it's the same for the public ip url?

18 hours ago, mgutt said:

Hmm that's strange. And it's the same for the public ip url?

 

It brings up the splash page, when I update my local host file to the NPM it works, so I am guessing the problem lies with my router, I have a pfSense one on order so that might fix it, but I think I can say NPM Is configured and working as it should

As an aside, how secure is the access lists feature?

Obviously if I use user name / password it's only as strong as the password I provide, but is IP restriction enough? Is there any way to improve on the basic security of NPM with 2FA?

22 hours ago, Camnomis said:

Scrap that!

It seems to work from when I am accessing the urls from outside my network, but just not while I am at home. 

Research NAT Loopback, hairpinning, etc.

Is there anyway to backup and restore the stuff I set up in reverse proxy and migrate to a new system?

  • Author
22 minutes ago, ProphetSe7en said:

Is there anyway to backup and restore the stuff

Only by copying the complete appdata dir.

Hey there,

 

I've set up an Nginx proxy to an FileBrowser docker (and previously NextCloud) about a year ago, and so far everything has been working like a dream.

 

Until yesterday >.<

 

Not sure what happened, and when, but Nginx wasn't able to auto-renew the SSL certificate for my domain. I only noticed this yesterday, when I wasn't able to connect to the FileBrowser from the net anymore.

 

I've tried to "manually" (as in, from the Nginx GUI) renew the certificate, but it keeps failing.

 

On certain browsers (like Samsung's own web app, which doesn't seem to give two hoots about secure connections) I can connect to the FileBrowser docker just fine.

I also created a new domain, and new Nginx proxy host to my FileBrowser docker, without the SSL certificates, just to test if the connection is good. It is.

 

This is what I'm getting from the Docker log (inside of UnRaid) when I try to renew the certificate:

Internal Error

Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-6" --agree-tos --authenticator webroot --email "[EMAIL HERE]" --preferred-challenges "dns,http" --domains "[EMAIL HERE]" 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

    at ChildProcess.exithandler (node:child_process:397:12)
    at ChildProcess.emit (node:events:390:28)
    at maybeClose (node:internal/child_process:1064:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)

 

The external log files I can't seem to find anywhere 🤔

 

Trying to test the server reachability, I get:

1069190336_TestReachability.PNG.2a7d85d852e03cbe468e2a98aa0e7d07.PNG

 

 

Any help would be appreciated! :)

  • Author
27 minutes ago, REllU said:

This is what I'm getting from the Docker log

Open the containers console and check the last entries:

tail -n200 /var/log/letsencrypt/letsencrypt.log

 

45 minutes ago, mgutt said:

Open the containers console and check the last entries:

tail -n200 /var/log/letsencrypt/letsencrypt.log

 


Here's what I've got:

Spoiler

 

# tail -n200 /var/log/letsencrypt/letsencrypt.log
2022-02-11 19:02:40,778:DEBUG:certbot._internal.main:certbot version: 1.22.0
2022-02-11 19:02:40,779:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2022-02-11 19:02:40,779:DEBUG:certbot._internal.main:Arguments: ['--non-interactive', '--quiet', '--config', '/etc/letsencrypt.ini', '--preferred-challenges', 'dns,http', '--disable-hook-validation']
2022-02-11 19:02:40,779:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-02-11 19:02:40,789:DEBUG:certbot._internal.log:Root logging level set at 40
2022-02-11 19:02:40,791:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/npm-8.conf
2022-02-11 19:02:40,804:DEBUG:certbot._internal.plugins.selection:Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x14e5136e0b38> and installer <certbot._internal.cli.cli_utils._Default object at 0x14e5136e0b38>
2022-02-11 19:02:40,804:DEBUG:certbot._internal.cli:Var pref_challs=dns,http (set by user).
2022-02-11 19:02:40,804:DEBUG:certbot._internal.cli:Var preferred_chain=ISRG Root X1 (set by user).
2022-02-11 19:02:40,804:DEBUG:certbot._internal.cli:Var key_type=ecdsa (set by user).
2022-02-11 19:02:40,804:DEBUG:certbot._internal.cli:Var elliptic_curve=secp384r1 (set by user).
2022-02-11 19:02:40,805:DEBUG:certbot._internal.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user).
2022-02-11 19:02:40,805:DEBUG:certbot._internal.cli:Var webroot_map={'webroot_path'} (set by user).
2022-02-11 19:02:40,805:DEBUG:certbot._internal.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user).
2022-02-11 19:02:40,823:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2022-02-11 19:02:40,890:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2022-02-11 19:02:40,892:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/npm-8/cert1.pem is signed by the certificate's issuer.
2022-02-11 19:02:40,893:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/npm-8/cert1.pem is: OCSPCertStatus.GOOD
2022-02-11 19:02:40,897:DEBUG:certbot._internal.display.obj:Notifying user: Certificate not yet due for renewal
2022-02-11 19:02:40,898:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2022-02-11 19:02:40,898:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-02-11 19:02:40,898:DEBUG:certbot._internal.display.obj:Notifying user: The following certificates are not due for renewal yet:
2022-02-11 19:02:40,898:DEBUG:certbot._internal.display.obj:Notifying user:   /etc/letsencrypt/live/npm-8/fullchain.pem expires on 2022-05-12 (skipped)
2022-02-11 19:02:40,898:DEBUG:certbot._internal.display.obj:Notifying user: No renewals were attempted.
2022-02-11 19:02:40,898:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-02-11 19:02:40,899:DEBUG:certbot._internal.renewal:no renewal failures

 

However, I'm not exactly in the same spot anymore, as I was with the previous message.

 

I got the certificate to renew itself by changing the port-forward rules, so that from port 80, instead of it being directed to FileBrowser, it was instead directed at Nginx docker.

 

This, however, created a "Bad gateway" error, which I'm now struggling with.

 

BadGateway.PNG.eb4481d9571303793f8b5838078decbb.PNG

 

I've since changed the port forward rules back to what they were, so port 80 is now directed to FileBrowser again. But the result is the same.

 

I'm also getting the same result with the reachability test.

 

Thank you for the quick response! Appreciate it :)

Edited by REllU

On 2/4/2022 at 12:11 PM, Camnomis said:

As an aside, how secure is the access lists feature?

Obviously if I use user name / password it's only as strong as the password I provide, but is IP restriction enough? Is there any way to improve on the basic security of NPM with 2FA?


Thanks for the help in this thread, I’ve got NPM with Authelia for 2FA and I’m really happy with the set up, only a small niggle is that when I try to access the UNRAID host via an NPM address it’s coming up with a 502 bad gateway, I can access via IP so I’m guessing it’s something in NPM which is causing the issue.

Hello. Does anyone know if this container is able to display html websites? I know it has nginx and it can be used to making your own website. 
 

i tried placing the index.html in the nginx/default_www folder but it did not work. Has anyone tried it before? 
 

i don’t want to use Wordpress. I want to learn html and making website and I have been searching and I don’t see anything. All I see is how to use Wordpress with it and I already have that. 
 

i want to drop the files in a folder location inside nginx and makes changes to the file to update my own website. 
 

thanks in advance. 

  • Author
17 minutes ago, Tucubanito07 said:

i want to drop the files in a folder location inside nginx and makes changes to the file to update my own website. 

Use a different container:

https://hub.docker.com/_/nginx

  • Author
1 hour ago, REllU said:

This, however, created a "Bad gateway" error, which I'm now struggling with.

 

First page, read the 5xx error paragraph.

13 hours ago, mgutt said:

First page, read the 5xx error paragraph.

 

Rightyo! Let's see..

 

4.) Does NPM reach your target container?

Nope. Nginx container is in br0, and wasn't able to connect to FileBrowser, since that was in Bridge mode.

Changing FileBrowser into br0 as well, allows Nginx to connect to it succesfully.

 

I've then changed the port forward rule to reflect this change, which seems to work fine.

 

However, the situation is still very much the same:

 

✔️ http://[my-public-ip] (Skipping Nginx entirely)

✔️[FileBrowser_ip]:[FileBrowser_port] (Skipping Nginx entirely)

✔️Connection between Nginx and FileBrowser (with br0 network)

✔️http:// domain . com

https:// domain . com (results in bad gateway)

Server reachability test (Within Nginx)

 

I've only now jumped to the official docker image of the Nginx Proxy Manager, previously, I was rocking the jlesage's docker image, which has server me well up until the issue yesterday with renewing certificates. It was also using Bridge-network mode.

I read somewhere about potential issues with that particular docker image, and I figured I'd try this one out, just in case 🤷‍♂️

 

I feel like I'm just missing something obvious here.

 

 

Edited by REllU

  • Author
6 minutes ago, REllU said:

https:// domain . com (results in bad gateway)

That's really strange as http is working. Do you have any advanced rules which cover https/443 traffic?

 

What happens if you open https://your.public.ip ? It should return "ERR_HTTP2_PROTOCOL_ERROR" as no SSL certificate is provided by NPM.

30 minutes ago, mgutt said:

That's really strange as http is working. Do you have any advanced rules which cover https/443 traffic?

 

What happens if you open https://your.public.ip ? It should return "ERR_HTTP2_PROTOCOL_ERROR" as no SSL certificate is provided by NPM.

Spoiler

 

The only rule I have for 443 port in Ubiquiti, is this:

443_Rule.PNG.c92b6c26553cb4503d51ffc49937edd7.PNG

 

Just tried to shut down Nginx completely, and even then http:// mydomain . com - works fine, so it seems to skip Nginx entirely.

I do have a rule for port 80 within my router, currently pointing to FileBrowser, so that makes sense.

 

Trying to open https:// public_ip - Just results in a timeout. If there's a log file somewhere that you'd like to see about this, just point me into the right direction, and I'll dig it up for you (apologies, networking isn't my strongest suit)

 

EDIT:

I had Nginx stopped when I tried to access https:// public_ip

With Nginx running, I'm getting the (original issue from yesterday) potential security risk, which would point out for an invalid certificate.

 

risk.thumb.PNG.cc97e08f8bee7088339746b4e8c92ebc.PNG

 

Trying to continue from here gives me an "Secure connection failed"

 

Apologies for the amount of edits. There's so many variables with testing these things.

 

Edit 3:

I've now tried to change the protocol to HTTP instead of HTTPS within Nginx, as I'm not really sure what protocol FileBrowser want's to use.

 

Turns out, this seems to work from quick on/off testing. I'm a bit confused as to why HTTPS worked just fine with the last Nginx container I had, but not here?

 

Going to the certificates tab within Nginx, and testing the reachability of the server seems to still give me the same error as before. So I'm guessing renewing the certificates will still be an issue.

 

Edit 4:

Disabling the port-forward rule for port 80 within my router seems to still work.

Doing this however, does give me a different result in reachability test, which is now stating that there is no server.

Edited by REllU

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.