Jump to content

[Support] Nginx Proxy Manager (NPM) Official

mgutt

By mgutt
in Docker Containers

Recommended Posts

  • Replies 975
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

mgutt
mgutt

No joke: I missed this part in the docs:   I will update the container and remove the external DB. SQLite is the easier option for the user.

mgutt
mgutt

Correct. You can not reach unRAID through port 8080 or you explicitly changed Unraid to this port in the settings.   Note: you could change UNRAID to 5000/5001 and let NPM listen to 80/443.

Mentox
Mentox

Hi @mgutt, what is the reason for using MariaDB instead of SQLite? I am running jc21 and SQLite works great.

Posted Images

CALMSURF Noob

CALMSURF

Posted
Posted

NPM and BTCPAY Server

I just installed NPM and man is this slick !  Working great with Immich on Unraid!  I am having problems with BTCPay Server however. 
My setup is cloudflare with two domains, one configured for dynamic DNS with CloudFalre DDNS on Unraid (domain1) and another with a subnet  (btcpay.domain2) CNAME pointing to the dynamic.domain1 in cludflare  which works fine.   I have a proxy host entry and an SSL for btcpay.domain2 pointing to a different server on the lAN where btcpay lives on Umbrel. 

All good - the domain resolves BUT I btcpay doesn't like the configuration complaining: BTCPay is expecting you to access this website from http://btcpay.domain2.com/. If you use a reverse proxy, please set the X-Forwarded-Proto header to http (More information).   

I have followed every instruction from BTCPay server around this (even though it seems suited to standalone nginx NOT NGP) and no dice. Either breaks completely or same result.    Anyone have any experience with this or a similar issue? 

Link to comment
mgutt Veteran

mgutt

Posted
  • Author
Posted
10 minutes ago, CALMSURF said:

the domain resolves BUT I btcpay doesn't like the configuration complaining

This is strange as forwarding headers is the default behavior of NPM. This are the default settings:

  

    add_header       X-Served-By $host;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Scheme $scheme;
    proxy_set_header X-Forwarded-Proto  $scheme;
    proxy_set_header X-Forwarded-For    $remote_addr;
    proxy_set_header X-Real-IP          $remote_addr;
    proxy_pass       $forward_scheme://$server:$port;

 

 

Link to comment
CALMSURF Noob

CALMSURF

Posted
Posted

Issue is known with BTCPay - https://docs.btcpayserver.org/FAQ/Deployment/#cause-3-btcpay-is-expecting-you-to-access-this-website-from

The config they want is:

map $http_x_forwarded_proto $proxy_x_forwarded_proto { default $http_x_forwarded_proto; '' $scheme; } proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; server_names_hash_bucket_size 128; proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; client_header_buffer_size 500k; large_client_header_buffers 4 500k;

Link to comment
mgutt Veteran

mgutt

Posted
  • Author
Posted
On 1/22/2024 at 9:46 PM, CALMSURF said:

The config they want is:

Which isn't different in the relevant part, which is this:

proxy_set_header Host $http_host

 

This config sets the host header, which is the same domain which was used to reach the proxy.

 

Are you able to upload a php file or edit a php file of BTCPay? I would like to see what is returned if you create a test.php with the following content:

<?php

print_r($_SERVER);

?>

 

And open it as follows:

http://btcpay.domain2.com/test.php

 

By that you will see the http headers and one of it should contain the Host Header which contains the Domain and if this is the case, the problem is caused by BTCPay and not NPM.

Link to comment
kumper33 Noob

kumper33

Posted
Posted

Have a simple question and it's probally because I am tired. I am setting up a Palworld server but want to put the server behind my reverse proxy. I already use NGINX for a couple things my question is with ports. 

 

So I pointed NGINX to the docker and the port 8211, however in the game it only allows you to put an address in as: xxx.xxx.xxx.xxx:8211

 

Is there a setting I change in NGINX that fixes this forward so it accepts the normal port after the IP format?

 

 

Link to comment
alturismo Mentor

alturismo

Posted
Posted
18 minutes ago, kumper33 said:

Is there a setting I change in NGINX that fixes this forward so it accepts the normal port after the IP format?

 

Gameservers need TCP / UDP direct traffic ... usually wont work behind a reverse proxy with http protocol ...

 

you could use stream serving in Nginx (i guess thats not included in NPM) but this is more or less also a simple Port forwarding ... unless you know howto use advanced (very advanced) stream protocol setups ...

Link to comment
GollyJer Noob

GollyJer

Posted
Posted (edited)

Just set up NPM and it's working great with my wildcard certificate.

I installed the image with no changes and it installs on br0 and becomes a device on my network. 

 

What I've run into is passing traffic to other Unraid docker servers.
I can point NPM at other servers on my network, but pointing at any on Unraid lead to a 502 page.

 

I'm missing something very simple but not sure what.
What's the trick to pointing at images and VMs running inside Unraid? Thanks!

Edited by GollyJer
Link to comment
jackfalveyiv Apprentice

jackfalveyiv

Posted
Posted

Getting some strange errors that I can't parse out in the logs.  My Unraid Fix Common Problems plugin has alerted me over teh past few days that I was getting Out of Memory errors.  AFter looking into that on the forums, a user helped me figure out that Nginx was the culprit.  My proxy host entries look normal, and I haven't made any changes to the app in over a year.  When I took a quick look at the logs, I see a ton of '[emerg] bind() to ...failed (98: Address already in use)' messages.  I'm not sure where to start on this, hoping for some guidance, thanks.fallback_error.log

proxy-host-11_access.log proxy-host-19_access.log fallback_access.log

Link to comment
Necro Noob

Necro

Posted
Posted

I recently updated UNRAID and I believe something got screwed up in my NPM setup - wondering if maybe I missed a setting change somewhere. 

  • Only using NPM to do local network proxy hosts so I can use local DNS easily (using PiHole for the local DNS) (e.g., plex.local --> directs to NPM via local DNS --> actual IP based off NPM proxy config)
  • Getting 502 Bad Gateway errors (and testing via CURL shows I can't connect between br0(NPM) and bridge (other containers)
  • Host access to custom networks is enabled (which I thought should address the previous)

I'm having trouble wrapping my brain around what to modify/test to fix and get back to previous functionality.  I don't want each container that's currently on bridge to have a separate IP is the key thing that is confusing me since, my understanding is to do what I want NPM HAS to be on it's on IP.

 

Any thoughts/pointers would be appreciated...somewhat stumped.

Link to comment
alturismo Mentor

alturismo

Posted
Posted
7 hours ago, Necro said:

If it's on host, wouldn't it inherently conflict with the unraid server using port 80/443?  (Similar with bridge)

of course it would but

 

1/ host mode, you 1st have to change the unraid webui listening ports

2/ bridge mode, you change the mapping like 180<>80 and 1443<>443

 

so the point is correct, you can run it in any way, you just have to make the requirements fit ...

 

look that you dont have two Services listening on the same Port on the same Stack ;)

Link to comment
krazytaco Noob

krazytaco

Posted
Posted (edited)

Update: I seem to have figured it out - I watched this video on how to create an SSL certificate from Cloudflare directly and use it in Nginx (as opposed to using Let's Encrypt).  In addition to the certificate, I also set my Cloudflare domain within Cloudflare to use Full (Strict) encryption

image.thumb.png.7965043bbaeb011e953961e46d30cee7.png

 

Once I did these two things I can now access the website via the internet.

 

Hi there! I've gotten to the Nginx welcome page but I can't seem to get it configured to route traffic hitting my cloudflare domain name to overseerr.  I have a domain via cloudflare that's setup like below with the A record being automatically configured via the cloudfare-DDNS container in Unraid

image.thumb.png.73330a7221a590f6f96bda268f654d1b.png

 

My server runs off an Xfinity Modem/Router which doesn't allow ports to be forwarded to other ports, it only allows opening of ports - I've opened ports 80, 443, and 5055 on my router and then reconfigured Unraid to run its webUI on ports 180 and 1443

image.png.5c93e4b224f99b6e70569f71b3279bfc.png

 

Nginx is configured to run on ports 80 and 443 - overseerr is installed and configured to run on port 5055

image.png.8a7a15391974ff274d9514ef846508e0.png

image.png.a0e526a777c52bb8fc5db57f623174c5.png

 

Within Nginx, I have a host setup to look at domain name of overseerr.krazytaco.party, scheme of https, forward hostname of 10.0.0.97, and forward port of 5055 - Let's encrypt is used to provide SSL.

image.png.8575356305ca370a47fe05d59cfcb899.pngimage.png.86e5d00c7385ddd04a59c8142398f646.png

If I navigate to https:// or http://krazytaco.party I land on the Nginx congrats page

image.png.02281a80dd7464487e2b7562acd45a20.png

 

If I go to http://overseerr.krazytaco.party in either http or https form I get a bad redirect error in the browser.

 

image.png

 

What am I missing to make https://overseer.krazytaco.party accessible from the internet?

Edited by krazytaco
Added resolution details
Link to comment
Necro Noob

Necro

Posted
Posted (edited)
On 1/27/2024 at 11:45 PM, alturismo said:

of course it would but

 

1/ host mode, you 1st have to change the unraid webui listening ports

2/ bridge mode, you change the mapping like 180<>80 and 1443<>443

 

so the point is correct, you can run it in any way, you just have to make the requirements fit ...

 

look that you dont have two Services listening on the same Port on the same Stack ;)

 

I guess the key sticking point for me at this part is understanding how to have the local DNS redirect work with non-standard ports on the proxy server, which I didn't think was possible.  And I didn't want to change Unraid's default port - just seems messy and has a potential to  make things confusing later w/a non-standard config if not absolutely necessary. 

 

EDIT:  Ok, I just tried something given the "Host access to custom networks" was enabled but didn't seem to be working.  I toggled Docker off, toggled that setting to disabled, toggled it to enabled, and restarted docker (applying between each step)...and all is working as expected now.  So, if someone updates and hits a problem like this try that as a solution.  Seems the setting may say enabled but actually isn't after update.

 

 

Edited by Necro
Solved issue.
Link to comment
jdiacobbo Noob

jdiacobbo

Posted
Posted (edited)
On 1/26/2024 at 1:14 PM, jackfalveyiv said:

Getting some strange errors that I can't parse out in the logs.  My Unraid Fix Common Problems plugin has alerted me over teh past few days that I was getting Out of Memory errors.  AFter looking into that on the forums, a user helped me figure out that Nginx was the culprit.  My proxy host entries look normal, and I haven't made any changes to the app in over a year.  When I took a quick look at the logs, I see a ton of '[emerg] bind() to ...failed (98: Address already in use)' messages.  I'm not sure where to start on this, hoping for some guidance, thanks.fallback_error.log

proxy-host-11_access.log 874.82 kB · 0 downloads proxy-host-19_access.log 18.99 kB · 0 downloads fallback_access.log 124.42 kB · 0 downloads

I am having this same issue. Have you figured out a solution yet? Out of curiosity, what version of unraid are you on?

 

As a note, I have set up a User Script to run daily to restart the container to hope fully prevent the issue from occurring until I can figure out the root cause.

Edited by jdiacobbo
Added additional info on stopgap.
Link to comment
  • 2 weeks later...
coltonc18 Apprentice

coltonc18

Posted
Posted

Good morning, 

I'm not sure what has happened....everything was working fine, but now all of a sudden, I'm getting 522 timeout errors.  Everything was working, but now none of my proxies work.  I have 11 setup and none work anymore.  I've got nothing in the logs either.

image.thumb.png.2c36d1f4c342e0f2564b6a958cc78956.png

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...