[Support] Nginx Proxy Manager (NPM) Official


Recommended Posts

On 7/19/2022 at 4:51 AM, mgutt said:

Good idea. In Cloudflare it's possible to force a valid SSL certificate between Cloudflare and NPM. Maybe this setting is active.

 

@dv310p3r

Try to add example.com to your local hosts file and set your local server IP. Then test through "ping" if the IP is used. Now open the domain again through your browser. By that you are bypassing cloudflare and connecting NPM directly.

Ok. So, it seems to be good now. I think it was a cloudflare thing. I had to turn on full end to end encryption in the cloudflare settings and then enable https in the nginxproxymanager, and it's working. So, thanks for the guidance.

Link to comment

since yesterday a got problems with the internal routing and I don`t find the problem.

 

Yesterday all was running very well, but today I can`t access the sites.

 

 

I will get the Error since today but only the sites on the Unraid Server. Nothing changed at the Ports or so. 

Error.thumb.png.a4f45478ce0d519287a7ba80e99e978a.png

 

Wenn I use my FritzBox, there is no problem and I can go there. 

Proxy.thumb.jpg.b65fd10bfb79d70d799d9ae84e8cc2e6.jpg

 

Als things go to 192.168.1.3 are not working and I get the 502 Error. When I use the other sites (like 192.168.1.1 oder .10, that are other Server) it runs like befor. 

 

Proxy2.jpg.0457a29736edfba8b65cb6da00274068.jpg

 

Proxy3.jpg.e9fb8e32e08688c061eaec02468ff593.jpg

 

Like I said, yesterday was all okay. Today Error 503. Ping is possible and I got the right IP

 

Where can the problem that I can´t come on my Dockers on the Unraid Server 

 

Update: I changed from br0 to bridge, changed the router and it worked again. But why not with bridge? 

Edited by Evilernie
Link to comment

Trying to switch to this docker from the unofficial one after many moons. I'm not changing any of the default options as such it is running on the custom (br0) network and has an ip on my local subnet. I am able to access the WebUI and set up a couple of test domains. Both of these error with 502.

Looking at the access log:
2022/08/10 19:41:24 [error] 810#810: *104 octopi.local could not be resolved (3: Host not found),

I can't resolve any address in my local network, trying to curl octopi.local results in could not resolve host: octopi.local. Using curl on the IP works fine. Additionally, I receive no route to host when trying to refer to the unraid server, so I can't see/forward to any dockers hosted on that server. Not sure how best to approach this.

(For example, I have a service running at 192.168.1.72:8443, I get "no route to host" for 192.168.1.72 - which is my unraid box)

Link to comment
5 hours ago, Xaero said:

octopi.local

This sounds like you want to reach the container by its name? So you created a custom network? Is NPM part of this custom network and the target container as well? As far as I know the br0 network does not contain a DNS server. Only user defined networks have this feature:

https://stackoverflow.com/a/35691865/318765

 

5 hours ago, Xaero said:

I can't resolve any address in my local network, trying to curl octopi.local results in could not resolve host: octopi.local

I think this is correct.

Link to comment
12 hours ago, mgutt said:

This sounds like you want to reach the container by its name? So you created a custom network? Is NPM part of this custom network and the target container as well? As far as I know the br0 network does not contain a DNS server. Only user defined networks have this feature:

https://stackoverflow.com/a/35691865/318765

 

I think this is correct.

The octopi instance is running on a raspberry pi and is reachable on my network as "octopi.local" I'm wanting to allow remote access to it through nginx proxy manager as well as the other services on my network that aren't all on my server. I ended up switching to HOST networking, moving the unraid WebUI to Port 5000/5001 and then pointing my router to my unraid's hostname. After switching to host network mode hostname resolution works properly, and I have now set it up so that I can access all of my services. I also added an entry for my local unraid hostname and ip address to redirect to the unraid WebUI so I can use those like I always have transparently.

Link to comment
28 minutes ago, Xaero said:

The octopi instance is running on a raspberry pi

Ah ok.

 

28 minutes ago, Xaero said:

I ended up switching to HOST networking, moving the unraid WebUI to Port 5000/5001 and then pointing my router to my unraid's hostname

That's my favorite setup as it works flawlessly with IPv6, too.

 

Only out of interest: Did you even try running NPM in br0? I think this should work, too, as it should be able to reach your local DNS information as it is then part of your local network. In bridge mode NPM runs isolated from your network, so yes, in this network mode it shouldn't be able to resolve any domains from your local network.

Link to comment
4 minutes ago, mgutt said:

Ah ok.

 

That's my favorite setup as it works flawlessly with IPv6, too.

 

Only out of interest: Did you even try running NPM in br0? I think this should work, too, as it should be able to reach your local DNS information as it is then part of your local network. In bridge mode NPM runs isolated from your network, so yes, in this network mode it shouldn't be able to resolve any domains from your local network.

That's how it came set up out of the box - and it was unable to resolve hostnames. Even specifying a dns using the --dns flag in docker it would not resolve hostnames. I believe there is something missing in the br0 config for this to work outside of dns as `curl <DNS IP>` which is on my local subnet results in no route to host - which is odd since the br0 network and my local subnet are the same scope (192.168.1.x). Either way host works and all my services are reachable how I want them to be again.

Link to comment
1 hour ago, Xaero said:

and it was unable to resolve hostnames

I found the reason. A linux client needs a "zeroconf" setup to be able to resolve .local hostnames. This is done by the avahi-daemon which includes mDNS.

 

PROBLEM: This daemon is missing in most of the docker containers including NPM and that is the reason why they can not resolve .local hostnames.

 

More informations:

https://wiki.debian.org/Avahi

image.png.d1efbf7b0c91cf805ef710ef1cbaed2f.png

 

So this .local hostnames are NOT part of your DNS server. Instead a client which supports mDNS, automatically sends a multicast message to 224.0.0.251 through UDP port 5353 to resolve a .local hostname. And as all mDNS clients are listening to this traffic, the target machine answers with its IP (which is then store in a local mDNS cache):

https://en.wikipedia.org/wiki/Multicast_DNS#Protocol_overview

 

You could add those .local hostnames manually to your DNS server, but by that you "break" the zeroconf concept because IP changes are not update automatically, instead you need to update DNS entries on your own.

 

I think we both learned something new 😋

Link to comment
3 hours ago, mgutt said:

I found the reason. A linux client needs a "zeroconf" setup to be able to resolve .local hostnames. This is done by the avahi-daemon which includes mDNS.

 

PROBLEM: This daemon is missing in most of the docker containers including NPM and that is the reason why they can not resolve .local hostnames.

 

More informations:

https://wiki.debian.org/Avahi

image.png.d1efbf7b0c91cf805ef710ef1cbaed2f.png

 

So this .local hostnames are NOT part of your DNS server. Instead a client which supports mDNS, automatically sends a multicast message to 224.0.0.251 through UDP port 5353 to resolve a .local hostname. And as all mDNS clients are listening to this traffic, the target machine answers with its IP (which is then store in a local mDNS cache):

https://en.wikipedia.org/wiki/Multicast_DNS#Protocol_overview

 

You could add those .local hostnames manually to your DNS server, but by that you "break" the zeroconf concept because IP changes are not update automatically, instead you need to update DNS entries on your own.

 

I think we both learned something new 😋



You would be correct in learning something new. I never even would have guessed that ".local" suffix specifically had different handling via zerconf/avahi/multicast.

Neat!

Yeah, don't really feel I should be breaking zeroconf by manually adding those entries to DNS. What I've got going for now works. I've next go to tackle taking my ISP's gateway out of the picture because it explicitly does not support certain things (changing the DNS and NAT loopback being the important ones for me.)

Link to comment
  • 2 weeks later...

Heya sorry for the disturb, I need my Nginx to connect on database, has so i use the basic variable to set everything.
For some reason all are used, except the host.
image.png.6e00707121e36086cc74e383e7145488.png

And has so, in the log he keep trying to reach 'root'@'127.17.0.1' :/ 
If someone has the answer to that problem i dont say no !

Link to comment
2 hours ago, Fantucie said:

I need my Nginx to connect on database

You should not use this feature. Its deprecated. It will be removed in the next version of NPM. Maybe it already is?!

 

Did you add all five variables?

 

  <Environment>
    <Variable>
      <Value></Value>
      <Name>DB_MYSQL_HOST</Name>
      <Mode/>
    </Variable>
    <Variable>
      <Value>3306</Value>
      <Name>DB_MYSQL_PORT</Name>
      <Mode/>
    </Variable>
    <Variable>
      <Value>npm</Value>
      <Name>DB_MYSQL_USER</Name>
      <Mode/>
    </Variable>
    <Variable>
      <Value/>
      <Name>DB_MYSQL_PASSWORD</Name>
      <Mode/>
    </Variable>
    <Variable>
      <Value>npm</Value>
      <Name>DB_MYSQL_NAME</Name>
      <Mode/>
    </Variable>
  </Environment>

 

Link to comment

I figured it out. I had assigned an IP on the dockerz network. Another container on the same network was started prior to NPM starting and it was assigned the same IP address. Once I cleared the assigned IP NPM started ok.
 

I made the assumption that defining an IP on a container would reserve the IP from the Docker DHCP. But the Docker network is not like a router. There is no IP reservation. At least defining it in a container is not going to reserve it lol.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.