September 13, 20241 yr 17 hours ago, blaine07 said: Woah, figured mine out, finally. Not sure what should or shouldn't be on to be honest...Recently, a few weeks ago? Converted from Tailscale DOCKER to Tailscale PLUGIN. This, Tailscale DNS, was set to "YES." Once I changed it to "NO" and restarted NPM it updates and does as should correctly. Do I need DNS on or off or is that going to break what I am doing with Tailscale plugin or? This DNS can be turned off. It is related to guiding the devices in your VPN. This is interesting for advanced configurations. It has no bearing on your case. You will use this to create routes in your VPN. Example: when you want to access nextcloud.yourdomain.com.br and want to open nextcloud only for those on your VPN Edited September 13, 20241 yr by Braulio Dias Ribeiro
September 13, 20241 yr 17 hours ago, blaine07 said: Woah, figured mine out, finally. Not sure what should or shouldn't be on to be honest...Recently, a few weeks ago? Converted from Tailscale DOCKER to Tailscale PLUGIN. This, Tailscale DNS, was set to "YES." Once I changed it to "NO" and restarted NPM it updates and does as should correctly. Do I need DNS on or off or is that going to break what I am doing with Tailscale plugin or? Uallll....thank you very much This was my problem too....now everything is working perfectly
September 13, 20241 yr My final configuration to help others peoples. Settings -> Tailscale -> Settings - Advanced view Use Tailscale Subnets: no Use Tailscale DNS settings: no Settings -> Dockers Docker custom network type: ipvlan Host access to custom networks: Enabled Settings -> Network Settings -> Routing Table I created a network only to docker (bdrtec) All the containers (dockers) are installed on this network (bdrtec). Only “AdGuard” and "NPM" containers are installed on network “br0” with fixed IP. On my router I've added the AdGuard IP (192.168.10.239) as primary DNS (first in line). This way all network traffic goes through AdGuard. When the traffic arrives at AdGuard, it checks the domains I have registered (nextcloud.mydomain.com.br, n8n.mydomain.com.br, among others) and redirects them to the NGINX Proxy Manager (192.168.10.238). The NGINX Proxy Manager redirects to the configured local IPs. nextcloud.mydomain.com.br = 192.168.10.254:Port n8n.mydomain.com.br = 192.168.10.254:Port
September 24, 20241 yr On 8/27/2024 at 10:46 AM, alturismo said: nginx does only http/s ... game server dont run via http ... so this wont work as desired. what you can do, if your NPM is accessable ... and NPM supports stream server ... then you can add a stream server service in NPM which runs seperately from port 80/443 and route to your gameserver then, wonders me a little, but yes ... just in terms NPM supports stream server setup (swag user here) but this is not domain related then, stream server function in NPM is more or less just a port forwarding ... so you also would need to open those ports too in your router to NPM and ... any domain/ip routing to your router ip:port would work then so as sample from @Aeloth client >> ip/domain:25565 >> router >> NPM (stream) >> gameserver docker so client could call game.yourdomain.com:25565 OR 100.200.300.400:25565 (while 100.200.300.400 would be your external IP), you could use any existing domain which may already be set for other services in NPM as they route to your home anyway. what wonders me ... if your gameservers cant connect to the internet ... then how should they send data to clients ... perferable methos, put them in some seperate bridge, setup port mappings and forward those ports to your gameserver/s Sorry for the late reply.. I was sick a long time and had not the time for this topic. Thanks for your advice! I forward 443 requests to my nginx port 446. So router (192.168.4.1) forwards everything that comes to HTTPS 443 and game server port 25565 to my unRAID-IP 192.168.4.2:446 NGINX is located under 192.168.4.2:446. It is in a proxynet with 172.12.0.2 Gameserver has the 172.12.0.3. This means that if I open port 25565 on my router redirect to 446 and set up a stream on nginx for 172.12.0.3:25565, it does not work. So 192.168.4.1:25565->192.168.4.2:446(172.12.0.2) Stream 25565->172.12.0.3:25565 Maybe I also have a general network design problem
September 24, 20241 yr 9 hours ago, karola said: This means that if I open port 25565 on my router redirect to 446 and set up a stream on nginx for 172.12.0.3:25565, it does not work. your nginx listening internally on 80 HTTP 443 HTTPS 8080 Webui (may some other port, dont remember) now, you mapped those ports, like in your sample probably 446 <> 443 a stream Server in nginx needs a different port, lets say as sample listening on 1234 and forwarding it to your gameserver port 25565, in the end thats nothing else like another internal port forward ... which of course also needs a sep mapping in your docker, wont work on your HTTP/HTTPS port/s ... like mentioned, http traffic only. you can decide now if you want to go this way, therefore look into it if NPM supports it by default (im a swag user) or just forward your gameserver port on your router directly to your gameserver ... you dont have any real benefit going the stream server way .... sample from a stream server nginx conf you see here several mappings here ... usecase as sample, a homeoffice VPN Docker, running nginx to map seeveral services in my LAN ... simple TCP (or UDP) traffic routing, nothing else ... but needs its own port/s.
September 26, 20241 yr On 9/24/2024 at 8:18 PM, alturismo said: your nginx listening internally on 80 HTTP 443 HTTPS 8080 Webui (may some other port, dont remember) now, you mapped those ports, like in your sample probably 446 <> 443 a stream Server in nginx needs a different port, lets say as sample listening on 1234 and forwarding it to your gameserver port 25565, in the end thats nothing else like another internal port forward ... which of course also needs a sep mapping in your docker, wont work on your HTTP/HTTPS port/s ... like mentioned, http traffic only. you can decide now if you want to go this way, therefore look into it if NPM supports it by default (im a swag user) or just forward your gameserver port on your router directly to your gameserver ... you dont have any real benefit going the stream server way .... ... If I understand it correctly now, I open e.g. port 25565 from the router to unRAID and in unraid I create a new port config for the NGINX Docker? Like this: and in NGINX a stream for the gameserver: I'm hoping for more security if I run it via NGINX instead of directly to the game server Edited September 26, 20241 yr by karola
September 26, 20241 yr Author Only as additional feedback: Doing stream port forwarding does not really make sense as NPM does not add any functionality (it forwards the traffic of this port(s) simply 1:1). The only function, which could be useful is to stop acces to the gameserver by disabling the stream port in NPM. But it should be the same effort to disable the Port in the router or by stopping the gameserver... So you don't get more security or similar by putting NPM between the router and the target container. Maybe in the future if NPM supports Geoblocking this could make more sense to use. So if you don't need to control the port through NPM, you could even forward the port in your router directly to the IP/port of the gameserver
September 26, 20241 yr 2 hours ago, karola said: I'm hoping for more security if I run it via NGINX instead of directly to the game server Exactly like @mgutt described it ... About your question, yes ... like another Port forwarding ...
September 26, 20241 yr Oh sorry I did not see the response from mgutt.. Maybe because the editor was opened for hours before I submitted my answer 🫣 Thanks for the help! Edited September 26, 20241 yr by karola
September 27, 20241 yr can someone help me? [Express ] › ⚠ warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-221" --agree-tos --authenticator webroot --email "@gmail.com" --preferred-challenges "dns,http" --domains "deluge.sykocyber.com" Another instance of Certbot is already running.
September 27, 20241 yr I saw Tailscale mentioned multiple times and then people talking about opening ports, so I'm guessing there are a lot of people setting this all up in a lot of different ways. IMO, the best way is to definitely use Tailscale. Install it as a plugin. But also, don't use the NPM docker. Instead: Using the LXC plugin, create a Debian container and install NPM into that. Create the container, and then edit its config to add these lines #Allow TUN access lxc.cgroup2.devices.allow = c 10:200 rwm lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file Start the LXC container, then open its terminal and install wget and curl apt-get install wget apt-get install curl Then use this script to install NPM sh -c "$(wget --no-cache -qO- https://raw.githubusercontent.com/ej52/proxmox/main/install.sh)" -s --app nginx-proxy-manager Lastly, install Tailscale in the same Debian container. curl -fsSL https://tailscale.com/install.sh | sh No port forwarding, you'll be able to access anything on this Unraid machine you wish, plus on any other machine on any locally accessible network your NPM installation proxies to. Edited October 1, 20241 yr by Espressomatic Added better script and TUN config
September 27, 20241 yr 2 hours ago, Espressomatic said: I saw Tailscale mentioned multiple times and then people talking about opening ports, so I'm guessing there are a lot of people setting this all up in a lot of different ways. IMO, the best way is to definitely use Tailscale. Install it as a plugin. But also, don't use the NPM docker. Instead: Using the LXC plugin, create a Debian container and install NPM into that using this script: https://github.com/tteck/Proxmox/blob/main/install/nginxproxymanager-install.sh It's for Proxmox, but it'll work - it'll produce some errors on console feedback commands, but all the functional parts are good to go. Then, ALSO install Tailscale in the same Debian container. Just follow the directions from Tailscale for a Linux install. No port forwarding, you'll be able to access anything on this Unraid machine you wish, plus on any other machine on any locally accessible network your NPM installation proxies to. FYI -- there is a new way to connect containers together coming in Unraid 7 beta 3 that would probably be an alternate solution for this (think NPM docker connected to Tailscale docker) that doesn't require the extra upkeep of LXC containers (running updates, etc.)
September 27, 20241 yr 1 hour ago, EDACerton said: FYI -- there is a new way to connect containers together coming in Unraid 7 beta 3 Nice, I'll check that out when it drops. Running your Tailscale plugin at the moment which is great on its own too.
October 11, 20241 yr I updated tonight and I'm getting an error when I try to login: Bad Gateway Also this is in my logs: [10/11/2024] [2:12:12 AM] [Certbot ] › ☒ complete Installed gandi [10/11/2024] [2:12:12 AM] [Certbot ] › ▶ start Installing cloudflare... [10/11/2024] [2:12:12 AM] [Global ] › ⬤ debug CMD: . /opt/certbot/bin/activate && pip install --no-cache-dir cloudflare==2.19.* acme==$(certbot --version | grep -Eo '[0-9](\.[0-9]+)+') certbot-dns-cloudflare==$(certbot --version | grep -Eo '[0-9](\.[0-9]+)+') && deactivate [10/11/2024] [2:12:13 AM] [Certbot ] › ✖ error The 'certbot_plugin_gandi.main' plugin errored while loading: No module named 'six'. You may need to remove or update this plugin. The Certbot log will contain the full error details and this should be reported to the plugin developer. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-hztui4oh/log or re-run Certbot with -v for more details. The 'certbot_plugin_gandi.main' plugin errored while loading: No module named 'six'. You may need to remove or update this plugin. The Certbot log will contain the full error details and this should be reported to the plugin developer. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-ks5dw_td/log or re-run Certbot with -v for more details. ERROR: Invalid requirement: 'acme==': Expected end or semicolon (after name and no valid version specifier) acme== ^
October 11, 20241 yr Author 54 minutes ago, FreakyBigFoot said: errored while loading: No module named 'six' 54 minutes ago, FreakyBigFoot said: ERROR: Invalid requirement: 'acme==': Expected end or semicolon (after name and no valid version specifier) acme== ^ Search for an existing issue at GitHub and if nothing is similar, open a new one. This is not related to unraid / container template. Of course you can tell us what the reason of this problem was after the npm dev answered.
October 11, 20241 yr Author 12 minutes ago, FreakyBigFoot said: Fixed by running this in my container: Won't survive the next update. Is this an already known issue?
October 13, 20241 yr On 10/11/2024 at 4:13 AM, FreakyBigFoot said: I updated tonight and I'm getting an error when I try to login: Bad Gateway Also this is in my logs: [10/11/2024] [2:12:12 AM] [Certbot ] › ☒ complete Installed gandi [10/11/2024] [2:12:12 AM] [Certbot ] › ▶ start Installing cloudflare... [10/11/2024] [2:12:12 AM] [Global ] › ⬤ debug CMD: . /opt/certbot/bin/activate && pip install --no-cache-dir cloudflare==2.19.* acme==$(certbot --version | grep -Eo '[0-9](\.[0-9]+)+') certbot-dns-cloudflare==$(certbot --version | grep -Eo '[0-9](\.[0-9]+)+') && deactivate [10/11/2024] [2:12:13 AM] [Certbot ] › ✖ error The 'certbot_plugin_gandi.main' plugin errored while loading: No module named 'six'. You may need to remove or update this plugin. The Certbot log will contain the full error details and this should be reported to the plugin developer. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-hztui4oh/log or re-run Certbot with -v for more details. The 'certbot_plugin_gandi.main' plugin errored while loading: No module named 'six'. You may need to remove or update this plugin. The Certbot log will contain the full error details and this should be reported to the plugin developer. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-ks5dw_td/log or re-run Certbot with -v for more details. ERROR: Invalid requirement: 'acme==': Expected end or semicolon (after name and no valid version specifier) acme== ^ Anyone else seeing this issue out of curiosity? My NPM instance has a update and I am leery to update; to say the least.
October 15, 20241 yr On 9/26/2024 at 11:38 AM, mgutt said: Only as additional feedback: Doing stream port forwarding does not really make sense as NPM does not add any functionality (it forwards the traffic of this port(s) simply 1:1). The only function, which could be useful is to stop acces to the gameserver by disabling the stream port in NPM. But it should be the same effort to disable the Port in the router or by stopping the gameserver... So you don't get more security or similar by putting NPM between the router and the target container. Maybe in the future if NPM supports Geoblocking this could make more sense to use. So if you don't need to control the port through NPM, you could even forward the port in your router directly to the IP/port of the gameserver one more thing that occurred to me. If I have nginx in between, then I don't have to do port forwarding from router gameserverport to unraid hostip but to nginx. Isn't that more secure? Otherwise I wouldn't know how to give the gameserver container its own ip address to which I can open the port from the router.
October 15, 20241 yr 6 hours ago, karola said: If I have nginx in between, then I don't have to do port forwarding from router gameserverport to unraid hostip but to nginx. Isn't that more secure? Nope. And it won't work anyway. Game servers aren't using http nor https, the only thing NPM is used for and the only thing it can apply certificates to. 6 hours ago, karola said: Otherwise I wouldn't know how to give the gameserver container its own ip address Same as every other IP address on your network: DHCP - you can set a static lease (aka fixed lease, static assignment, static IP, fixed IP, etc.) from your router, which assigns your chosen IP to a specific MAC address (of your game system) Edited October 15, 20241 yr by Espressomatic
October 17, 20241 yr Pardon my idiocracy but can someone tell me in layman’s terms what this means or what it’s wanting me to do? Screen shot perhaps? I simply don’t know what it wants. Edit: maybe it’s this they’re trying to fix https://github.com/NginxProxyManager/nginx-proxy-manager/pull/4075#issuecomment-2418276909 Edited October 17, 20241 yr by blaine07
November 8, 20241 yr Hey all! I have NPM setup to work through Cloudflare and Tailscale. I was following this tutorial (Remotely access anything from anywhere with VPS and Caddy) which it is being done with Caddy, but I much prefer NPM and I was able to get it all to work. It all works great, as expected, however, overnight or after say 8-12 hours (not exactly sure how long), NPM just freezes and nothing works anymore. If I login to Unraid and restart NPM, it all works great again until it freezes and stops again. Rinse and Repeat. I've tried uninstalling both the Tailscale and NPM Dockers, etc...nothing seems to stop it from freezing. Other than that it all works great! Any thoughts or ideas on what could be causing this?? It's very frustrating. My setup: So basically I have Cloudflare using an A record to point to my Tailscale Docker IP. The Tailscale Docker is setup to use my custom Unraid network. NPM's Network Type is set to None, but I am using "--net=container:Tailscale" under the Extra Parameters to connect it to my Tailscale Docker. Inside my NPM I have it set to use a subdomain as the source (ie books.mydomain.com), and for the destination it uses the Docker Name and port (ie http://readarrdocker:8787). Like I said, all that works perfectly....but only for say 1/2 a day and then it freezes. Could it be a limit on RAM or similar causing this? I have 10 hosts setup in NPM. Thanks in advance! Edited November 9, 20241 yr by orangewhip typos
November 9, 20241 yr Are you letting people on the internet access any devices or services behind your firewall without Tailscale? If not, then you don't need to use Cloudflare for anything related to IP pointing (keep it only for DNS validation so you can generate certificates for your intended domain) Tailscale will handle resolution of your domain and NPM will handle certs and subdomains. It also sounds like the way you have Tailscale and NPM set up is way too fiddly and I'd recommend starting from scratch and not following whatever guide you mentioned. Let me see if I can find a good reference for you that's similar to what I have set up - to avoid me having to remember every step. Incidentally, my NPM never crashes. Edited November 9, 20241 yr by Espressomatic
November 9, 20241 yr Nothing is open to the public at all. I've completely removed any port forwarding from my router as well. It's only myself and my wife that can connect to my home network using my Tailscale account on other PCs or phones. I didn't know Tailscale can handle the resolution of your domain. I was using Cloudflare because I had it setup with CNAMEs before I got into the Tailscale side of things. Not sure what you mean my setup is too "fiddly"? Other than Cloudflare my Tailscale is setup as a Docker that shares its connection with all other Dockers on the same custom network. NPM just handles the sub-domains and Let's Encrypt certs. Is there another way to do this (besides removal of Cloudflare as you mentioned)? I'll have to look into how Tailscale handles the resolution of the domain. I've run NPM for well over a year now with no crashes...but it wasn't the "official" version I started having issues. I had to install the official version because the other version doesn't use the default ports and it wouldn't work with Tailscale. All this is a new installation. In fact after it started freezing, I removed them both and started over again with the same results. Thanks for taking the time to reply, much appreciated. Any other tips would be greatly appreciated.
November 9, 20241 yr OK I've looked into The Cloudflare DNS only thing and that is actually what I am doing. It is setup as a wildcard "A record" pointing to my Tailscale Docker IP and it shows it as "DNS only - reserved IP" Are you saying I don't even need it setup as an A record? How would that DNS know where to point then? ** Update....I decided to just remove that A record and it worked for a bit, but then it kills everything. So that A record in my setup needs to be there still. Edited November 9, 20241 yr by orangewhip updates
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.