[Support] Nginx Proxy Manager (NPM) Official


Recommended Posts

35 minutes ago, REllU said:

I'm not really sure what protocol FileBrowser want's to use.

It's simple. If you open the GUI of the Container directly, does it use http, then use http in NPM. Finally it's absolutely nonsense to use https between NPM and the target container. It produces only additional CPU load.

 

35 minutes ago, REllU said:

I'm a bit confused as to why HTTPS worked just fine with the last Nginx container I had, but not here

I'd say Filebrowser had an update which removed access through https/443.

 

35 minutes ago, REllU said:

Disabling the port-forward rule for port 80 within my router seems to still work.

This is not a good idea as Let's Encrypt needs http/80 to validate certificates.

 

 

  • Thanks 1
Link to comment
1 minute ago, mgutt said:

It's simple. If you open the GUI of the Container directly, does it use http, then use http in NPM. Finally it's absolutely nonsense to use https between NPM an the target container.

 

Opening the container's ip:port on Firefox doesn't show https on the front of the address (which it does for containers like UniFi), and really, from the testings I've done now, it's probably safe to say that FileBrowser uses HTTP.

 

As for the nonsense, good to know! :D

 

3 minutes ago, mgutt said:

I'd say Filebrowser had an update which removed access through https/443.

 

Definitely a possibility. However, access to my FileBrowser was disabled due to expired certificate? It makes sense, that the Nginx wasn't able to renew the certificate, because it couldn't access the FileBrowser container, but such an update _should've_ disabled the access to FileBrowser (through the net) all together? 🤔

 

5 minutes ago, mgutt said:

This is not a good idea as Let's Encrypt needs http/80 to validate certificates.

 

Just tested this before I read your message. For whatever reason, renewing the certificate seemed to work just fine?

Port 80 isn't disabled all together btw, what I meant was that I disabled the port-forward rule for port 80, as that was previously pointing to FileBrowser.

 

From really quick testing, everything _seems_ to be working just fine right now. Seems that all of this was simply caused by the wrong protocol. 🥴

Link to comment
1 hour ago, REllU said:

It makes sense, that the Nginx wasn't able to renew the certificate, because it couldn't access the FileBrowser container

Certificate renewal happens independently from the target container. So no, has nothing to do with FileBrowser.

 

Let's Encrypt opens your domain http://filebrowser.example.com/.well-known/acme/<randomID> and the answer is returned by NPM directly without forwarding the traffic to the target container.

 

 

Link to comment

Having an issue with NGINX Proxy Manager. With all proxy hosts disabled i am seeing full internet usage 100 up /100 down out of the container.

 

Any idea what could be causing this? Turning the container off stops this issue, but turning it back on and this immediately comes back.

 

image.thumb.png.e2952c215b5dd0dd5daea301bbb03735.png

Link to comment

I have an issue that keeps popping up that is annoying. I feel like it is something small but I can't figure out where the issue lies. I have Nginx-Proxy-Manager-Official running and it has been running fine. I updated it and MariaDB (I have Nginx configured to use MySQL) and now Nginx shows only errors in the log.

 

The error is:

[2/21/2022] [4:30:52 PM] [Global ] › ✖ error ER_ACCESS_DENIED_ERROR: Access denied for user 'npm'@'172.18.0.5' (using password: YES)

That just fills the log. Now the weird thing is that 172.18.0.5 is the IP automatically assigned to the Nginx server itself. At one point, I think this was the MariaDB IP but I have since updated the MariaDB to have a hardcoded IP of 172.18.0.3. The Maria DB host is MariaDB-Official and this was all working recently. I can't figure out why Nginx thinks MariaDB-Official is at 172.18.0.5. For the record, I don't have issues connecting to either MariaDB-Official or 172.18.0.3 from adminer.

 

I even updated the Ngix config to use 172.18.0.3 explicitly (rather than MariaDB-Official) but that didn't work either (the docker command is below):

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker create --name='Nginx-Proxy-Manager-Official' --net='primary' -e TZ="America/New_York" -e HOST_OS="Unraid" -e 'DB_SQLITE_FILE'='/data/database.sqlite' -e 'DB_MYSQL_HOST'='172.18.0.3' -e 'DB_MYSQL_PORT'='3306' -e 'DB_MYSQL_USER'='npm' -e 'DB_MYSQL_PASSWORD'='ddedddddd' -e 'DB_MYSQL_NAME'='npm' -p '8181:81/tcp' -p '8080:80/tcp' -p '4443:443/tcp' -p '3000:3000/tcp' -v '/mnt/user/appdata/Nginx-Proxy-Manager-Official/data':'/data':'rw' -v '/mnt/user/appdata/Nginx-Proxy-Manager-Official/letsencrypt':'/etc/letsencrypt':'rw' -v '/tmp/Nginx-Proxy-Manager-Official/var/log':'/var/log':'rw' --memory=1G --no-healthcheck 'jc21/nginx-proxy-manager'
dddddddddddddddd

This is sort of causing me some issues (breaking other services). Any help would be appreciated.

Edited by TAHerman
Link to comment
7 hours ago, mgutt said:

Not recommend.. Use the internal database. The external will be removed from the next version.

Thank you. I was leaning towards that decision this morning anyway. I was trying to put all databases in one place but something was feeling "broken" or "off" in this scenario. I just made the update and everything is running again. Thanks.

Link to comment

I have vaultwarden running through a reverse proxy that I set up with NGINX Proxy Manager. This used to work fine but suddenly since today I'm getting 403 errors with the reverse proxy. In NGINX I have an access list configured that allows only my external IP and my internal LAN, it denies everything else. This used to work fine. But now I am getting 403 errors when this access list is used. If I set the proxy host to Public Access, everything is fine.

 

I don't know what could cause the access list to suddenly not work any more. I am using Cloudflare and I did set the custom config real_ip_header CF-Connecting-IP; in the advanced settings of the proxy host. HTTP/2 support is disabled.

 

Any ideas what could be the issue? I updated NGinx to the latest version. Is the some log that I can check?

Link to comment
15 minutes ago, mgutt said:

How did you do that, isn't this an Enterprise only feature of cloudflare?

 

Can you access vaultwarden if your remove your rules?

 

Like so:

 

nginx_advancedcfg.thumb.jpg.45f5f314602261a57d0cc9179f31fbff.jpg

 

This is what I have in my access list:

 

nginx_acl.jpg.3b6f8f3271c5b4b03c666dac84c2d412.jpg

 

If I set the Proxy Host to not use this access list, so setting it to Publicly Accessible, then I can reach my vault just fine through the domain, and also login to it without issues.

 

So the problem is somewhere in the access list, but I can't figure out how.

Link to comment
52 minutes ago, mgutt said:

Ah ok, thought this is only possible with Cloudflare enterprise.

 

Didn't you need to add the set_real_ip_from rule as well?

https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs

 

You're right. Adding the set_real_ip lines to the advanced config fixed the issue for me. Strange that it somehow managed to work for several months without it. Still, working again now. Thanks for the help! :)

Edited by lococola
Link to comment
  • 2 weeks later...
On 3/1/2022 at 5:22 PM, Profezor said:

do all the dockers running through have to use the same new network?

It depends. Every network type has its own rules:

image.png.30c01df32a20ca804a78f2419e340daa.thumb.png.92c6589f0ff4afb1fb32ee9666c06744.png

 

Depending on the used networks you can even add containers to multiple networks:

docker network connect <networkname> <containername>

 

Link to comment

So this is a weird one.  I love using my Chromebook as my daily carry.  I mainly use a Lenovo Duet 5 right now but this issue happens on m Macbook Pro as well.  When I use Chrome browser I get a stall on getting the self hosted website to connect.  This happens all the time on my Chromebook.  When I use the Firefox android app my self hosted sites load up fine on all 3 operating systems.  Is anyone else facing this same issue?  Why is it stalling?!

Screenshot 2022-03-14 12.10.14 AM.png

Edited by GreenEyedMonster
Link to comment
8 hours ago, GreenEyedMonster said:

When I use Chrome browser I get a stall on getting the self hosted website to connect

Does this only happen if NPM is in front or does it even happen if you open your website directly through the target container IP?

Link to comment
3 hours ago, mgutt said:

Does this only happen if NPM is in front or does it even happen if you open your website directly through the target container IP?

Only when NPM is in front.  What is really weird is that the VC Code docker loads just fine every single time.  No stall.  Yet, nothing different from the other websites in setup.  Nextcloud, Bookstack, and Ghost have random stalls.

 

 

Link to comment

How to secure local network application with nginx proxy manager?
I have secured the access from the www to my applications but if somebody is in my local network, he/she can read the most connections due to internal there is no https, only http://IP

How do you solve this problem?

Edited by Abigel
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.