January 28, 20251 yr I just set up Nginx Proxy Manager on Unraid. Everything is going amazing — so much easier than Traefik! Anyway, some of my *Arrs are giving the following error: Could not connect to SignalR, UI won't update I found that I need to add the following location block for the app(s): proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; My question is… HOW? I can't find instructions anywhere on how to do this on the Unraid UI for Nginx. Thanks
January 29, 20251 yr Author On 1/28/2025 at 3:38 AM, Edival76 said: I found that I need to add the following location block for the app(s): Enable websockets. This adds exactly these lines you mentioned.
January 30, 20251 yr I have a strange problem I'm unable to fix. If I login to my OPNsense box via its IP everything on the dashboard (widgets) work. If I login using the hostname which redirects to HTTPS via NPM then some of the 'live view' widgets don't show any data/graphs. All I see are these in the NPM logs. 2025/01/30 19:06:11 [warn] 2268#2268: *6878 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/3/01/0000000013 while reading upstream, client: 10.0.3.3, server: opnsense.mydomain.net, request: "GET /ui/assets/fontawesome/webfonts/fa-solid-900.woff2 HTTP/1.1", upstream: "https://192.168.5.1:443/ui/assets/fontawesome/webfonts/fa-solid-900.woff2", host: "opnsense.mydomain.net", referrer: "https://opnsense.mydomain.net/ui/assets/fontawesome/css/solid.min.css?v=92561a8740a1d3da" 2025/01/30 19:07:28 [warn] 2277#2277: *6979 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/4/01/0000000014 while reading upstream, client: 10.0.3.3, server: opnsense.mydomain.net, request: "GET /api/diagnostics/systemhealth/getSystemHealth/opt3-packets/0/0 HTTP/1.1", upstream: "https://192.168.5.1:443/api/diagnostics/systemhealth/getSystemHealth/opt3-packets/0/0", host: "opnsense.mydomain.net", referrer: "https://opnsense.mydomain.net/ui/diagnostics/systemhealth" 2025/01/30 19:13:40 [warn] 2261#2261: *7111 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/5/01/0000000015 while reading upstream, client: 10.0.3.3, server: opnsense.mydomain.net, request: "GET /api/core/firmware/info HTTP/1.1", upstream: "https://192.168.5.1:443/api/core/firmware/info", host: "opnsense.mydomain.net", referrer: "https://opnsense.mydomain.net/ui/core/firmware" 2025/01/30 19:20:50 [warn] 2262#2262: *7276 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/6/01/0000000016 while reading upstream, client: 10.0.3.3, server: opnsense.mydomain.net, request: "GET /api/diagnostics/systemhealth/getSystemHealth/opt3-packets/0/0 HTTP/1.1", upstream: "https://192.168.5.1:443/api/diagnostics/systemhealth/getSystemHealth/opt3-packets/0/0", host: "opnsense.mydomain.net", referrer: "https://opnsense.mydomain.net/ui/diagnostics/systemhealth" 2025/01/30 19:28:46 [warn] 2263#2263: *7560 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/7/01/0000000017 while reading upstream, client: 10.0.3.3, server: opnsense.mydomain.net, request: "POST /diag_backup.php HTTP/1.1", upstream: "https://192.168.5.1:443/diag_backup.php", host: "opnsense.mydomain.net", referrer: "https://opnsense.mydomain.net/diag_backup.php" 2025/01/30 19:31:44 [warn] 2265#2265: *7754 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/8/01/0000000018 while reading upstream, client: 10.0.3.3, server: opnsense.mydomain.net, request: "GET /ui/assets/fontawesome/webfonts/fa-solid-900.woff2 HTTP/1.1", upstream: "https://192.168.5.1:443/ui/assets/fontawesome/webfonts/fa-solid-900.woff2", host: "opnsense.mydomain.net", referrer: "https://opnsense.mydomain.net/ui/assets/fontawesome/css/solid.min.css?v=92561a8740a1d3da" 2025/01/30 19:49:38 [warn] 2267#2267: *8652 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/9/01/0000000019 while reading upstream, client: 10.0.3.3, server: opnsense.mydomain.net, request: "GET /api/core/firmware/info HTTP/1.1", upstream: "https://192.168.5.1:443/api/core/firmware/info", host: "opnsense.mydomain.net", referrer: "https://opnsense.mydomain.net/ui/core/firmware" 2025/01/30 19:51:19 [warn] 2267#2267: *8654 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/0/02/0000000020 while reading upstream, client: 10.0.3.3, server: opnsense.mydomain.net, request: "GET /api/diagnostics/firewall/log/?digest=&limit=1000 HTTP/1.1", upstream: "https://192.168.5.1:443/api/diagnostics/firewall/log/?digest=&limit=1000", host: "opnsense.mydomain.net", referrer: "https://opnsense.mydomain.net/ui/diagnostics/firewall/log"
January 30, 20251 yr I can offer some suggestions specific to NPM, but it's kind of shooting in the dark without seeing how you've configured the connection to OPN. Instead however, I'll suggest an alternative... How about removing OPNSense from NPM and instead use OPN's own ability to provision a certificate? In your forwarder or resolver you change the IP of your OPN FQDN to its actual IP instead of NPM's. I run pfSense myself and don't run that through NPM, letting it renew its own cert via ACME Edited January 30, 20251 yr by Espressomatic
February 4, 20251 yr I'm struggling to get this container successfully running. I previously used an Unraid version (not the official one) which used ports 1880 and 18443. Now that I'm trying to set up the official one, I'm getting the following error: docker run -d --name='Nginx-Proxy-Manager-Official' --net='nginx' --pids-limit 2048 -e TZ="Europe/London" -e HOST_OS="Unraid" -e HOST_HOSTNAME="S7ewiesLab" -e HOST_CONTAINERNAME="Nginx-Proxy-Manager-Official" -e 'DB_SQLITE_FILE'='/data/database.sqlite' -l net.unraid.docker.managed=dockerman -l net.unraid.docker.webui='http://[IP]:[PORT:81]' -l net.unraid.docker.icon='https://nginxproxymanager.com/icon.png' -p '81:81/tcp' -p '80:80/tcp' -p '443:443/tcp' -p '3000:3000/tcp' -v '/mnt/user/appdata/Nginx-Proxy-Manager-Official/data':'/data':'rw' -v '/mnt/user/appdata/Nginx-Proxy-Manager-Official/letsencrypt':'/etc/letsencrypt':'rw' -v '/tmp/Nginx-Proxy-Manager-Official/var/log':'/var/log':'rw' --memory=1G --no-healthcheck 'jc21/nginx-proxy-manager' WARNING: Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap. d796083263545a6851be67d392158814b00a67303b31a33ca2044c8991507695 docker: Error response from daemon: driver failed programming external connectivity on endpoint Nginx-Proxy-Manager-Official (90a1a29cea71199abb5e387e40c71049e705ccc95e7f414113481c14c2c02709): failed to bind port 0.0.0.0:80/tcp: Error starting userland proxy: listen tcp4 0.0.0.0:80: bind: address already in use. From what I can gather, it's implying that port 80 is already in use? But I have no containers using this port and if I run something like "netstat -tulnp | grep :80" I get: tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN 620903/nginx: maste tcp 0 0 100.88.223.16:80 0.0.0.0:* LISTEN 620903/nginx: maste tcp 0 0 0.0.0.0:8001 0.0.0.0:* LISTEN 12772/docker-proxy tcp 0 0 0.0.0.0:8002 0.0.0.0:* LISTEN 679462/docker-proxy tcp 0 0 0.0.0.0:8096 0.0.0.0:* LISTEN 12050/docker-proxy tcp 0 0 10.10.10.2:80 0.0.0.0:* LISTEN 620903/nginx: maste tcp6 0 0 fd7a:115c:a1e0::6101:80 :::* LISTEN 620903/nginx: maste tcp6 0 0 :::8001 :::* LISTEN 12780/docker-proxy tcp6 0 0 :::8002 :::* LISTEN 679468/docker-proxy tcp6 0 0 :::8096 :::* LISTEN 12058/docker-proxy tcp6 0 0 ::1:80 :::* LISTEN 620903/nginx: maste Which implies that the only thing using port 80 is nginx? which isn't running? Is this just left over stuff from a previous install? My knowledge around this subject is limited.
February 4, 20251 yr 13 minutes ago, S7ewie said: Which implies that the only thing using port 80 is nginx? which isn't running? Is this just left over stuff from a previous install? thats nginx from Unraid ... either map different ports 80 and 443 like the "older" Container or change the default ports from Unraid ... yes, also Unraid has nginx running ...
February 4, 20251 yr 42 minutes ago, alturismo said: thats nginx from Unraid ... either map different ports 80 and 443 like the "older" Container or change the default ports from Unraid ... yes, also Unraid has nginx running ... Is Unraid supposed to have nginx running? I feel dumb asking but why are we running nginx via a container if it's already built in?
February 4, 20251 yr 16 minutes ago, S7ewie said: Is Unraid supposed to have nginx running? That's what serves the unraid web ui. 16 minutes ago, S7ewie said: I feel dumb asking but why are we running nginx via a container if it's already built in? Because this is a separate purpose-built container to make reverse proxying easy, yeah it also uses nginx but that's almost irrelevant. Almost every service you'll run will run its own separate copy of nginx or other web server. Edited February 4, 20251 yr by Kilrah
February 4, 20251 yr 10 minutes ago, S7ewie said: Is Unraid supposed to have nginx running? I feel dumb asking but why are we running nginx via a container if it's already built in? yes, Unraid Host runs nginx for its web Services like many many other Dockers also running Nginx for their web frontends ... but, you want letsencrypt certs, so NPM, swag, ... have certbot integrated which play together and so on ... and you dont want to collide with nginx configuration (which are in Unraid NOT persistent) etc etc etc ... but as sample, i run the nginx from host as 2nd instance also for some stream services with a persistent config ... for your issue, even if it would be now any other web app which Unraid would use, you can only use a port ONCE on an IP ... so in a custom br0 when a docker runs on its own IP, you can use any port you want, when you run in bridge, the exposed external port must not collide with anything else running on host or with any other exposed external ports ... there is your major issue
February 4, 20251 yr Ahh thanks for the explanation. I was planning to set it up on its own custom network but I'd still need to change the ports? Or does that mean I've set up the network wrong?
February 26, 20251 yr Author On 1/27/2025 at 7:14 PM, propbuildervash said: From another pc on the network i can ping the dockers IP. Ports 80, 81 and 443 fail to connect when using TCPING to try to verify the ports are open so I can only assume the service is failing to actually start. I am using the default configs BR0 network etc. I can blow away everything, recreate it and reenter all my config and it works fine for a couple weeks then dies again. the config was configured 3 weeks ago, i have not logged into the WebUI or made a single change to NGINX since it was deployed. Are you using IPv6? This could cause an issue if your provider assigns you a new IPv6 prefix while your br0 config contains the old IPv6. I never tested IPv6 and br0 again after it causes this problems. Thats why you find on the first page a "IPv6 Setup" tutorial by using the host network.
March 7, 20251 yr I've been setting up Nginx Proxy Manager and am wondering, is there a reason the docker doesn't include a port mapping for port 3000 by default? Since it seems to be required for the admin interface to function correctly. As it is I ran into some trouble because I had another service that happened to default to using port 3000. If the port was mapped then it would have detected the port was already allocated to another image and refused to start the service rather than requiring going into the logs to figure out why I was unable to login.
March 8, 20251 yr Hey Guys. I stumpled upon a weird problem. I have the following configuration: - Unraid UI access at http/8080 - Docker network setup as "host" - Proxy Host from https:443 to http:localhost:8080 This works fine, but I noticed that the nginx-proxy some how remembers the session and does the login. This means: I Use the ssl proxy to login at the UI, I take another device which has never been on this UI page yet, Enter the ssl proxy URL and..... I am logged in. It seems like the proxy somehow caches the session token, or the unraid ui takes all connections from localhost as the same session. Even when I explicitly log out at the unraid UI, the next time I access the URL, I am logged in again. Has anyone experienced the same issue? Is it an issue of the unraid UI such that it accepts all connections from local host as root login? Or could it be configuration issue of the nginx proxy?
March 8, 20251 yr 34 minutes ago, Ichabod said: Has anyone experienced the same issue? Is it an issue of the unraid UI such that it accepts all connections from local host as root login? Or could it be configuration issue of the nginx proxy? exactly, localhost ... doesnt require ...
April 23, 20251 yr I am running into an issue that I can't seem to fix no matter what settings I try. When I try to use Nginx Proxy manager to proxy to an IP outside its subnet mask (Nginx is on a 192.168.1.0/24 subnet same as Unraid with services being accessed being on other subnets and Vlans), it always seems to throw error 502 Bad Gateway on services are on a different VLAN/Subnet but works fine if I set them on same subnet. Tried with multiple apps and services and made sure Unraid network type set to macvlan and custom network access enabled. From unraid CLI I can ping the ip address on the different subnet so it does not seem routing related issue. Any ideas what could be causing this?
April 25, 20251 yr Different subnet shouldn't make a difference for the ability to connect/proxy. NPM on 10.8.8.2, container on 192.168.0.50 for example. 502 can happen with a misconfiguration of the proxy or container networking/webui even on the same subnet. Including forwarding to HTTP when the container is expecting HTTPS I'm using custom bridged network type, br0 and macvlan in case it makes any difference. Edited April 26, 20251 yr by Espressomatic
April 27, 20251 yr On 4/25/2025 at 1:22 PM, Espressomatic said: Different subnet shouldn't make a difference for the ability to connect/proxy. NPM on 10.8.8.2, container on 192.168.0.50 for example. 502 can happen with a misconfiguration of the proxy or container networking/webui even on the same subnet. Including forwarding to HTTP when the container is expecting HTTPS I'm using custom bridged network type, br0 and macvlan in case it makes any difference. On 4/25/2025 at 1:22 PM, Espressomatic said: Thanks, my network type is same. Not sure what other settings I need to look at as most are default. Below are my settings, any suggestions from anyone on what to change to fix routing to a different VLAN? The issue seems Docker network settings related as pings from one docker running on base subnet to another seems to fail. Edited April 27, 20251 yr by Teknowiz
May 4, 20251 yr I wish I had more advice but I can't think of anything else to look at. One thing to note is that while I can use different subnets, I don't have any VLANs set up anywhere at the moment. Coincidentally, I thought I'd come across some failure of my NPM install earlier, but it turns out it's some oddity with pfSense/Unbound. I made a new override to resolve deemix.xee.to to my NPM host, the same way I have for so many other subdomains on the same FQDN, and it refused to work. Making one for "dmix" instead of "deemix" works fine. No idea why, but still the case if I do it all over again. *shrug* Edited May 4, 20251 yr by Espressomatic
May 7, 20251 yr Hi, I suddenly seem to have an issue where when I access my NPM login page through chrome, it shows as normal, I enter my login details and click signin and nothing happens. I currently have this sat on it's own IP on a custom docker network and I can ping the NPM server and as above see the login page, I have noticed that if I change the NPM network settings to host mode then I can access as normal, my current config has worked in the past and nothing has changed, can anyone offer any possible solutions plz? Thanks John
May 7, 20251 yr Hey guys Is it possible to use other ports instead of 80/443 with NPM? Port 80 and 443 are already in use in my Router for other ressources. Regards Lukas Edited May 7, 20251 yr by luk
May 7, 20251 yr Author 2 hours ago, luk said: Port 80 and 443 are already in use in my Router for other ressources. Why not merging everything to npm? Other ports are possible, but ugly as you need to add the port like https://example.com:4443/index.html
May 7, 20251 yr 15 minutes ago, mgutt said: Why not merging everything to npm? My other Server need to be accessible via Port 80/443 from outside, how could it work to merge everything to npm? I'm fine with ugly Ports :-)
May 7, 20251 yr Author 5 minutes ago, luk said: My other Server need to be accessible via Port You could then add those domains to npm and configure the servers ip address as the target. You are not forced to use local container ips as target. If you prefer the ugly addresses simply forward those ports to npm. For example 8443 to unraid_ip:443 and 8080 to unraid_ip:80
May 7, 20251 yr 11 minutes ago, mgutt said: If you prefer the ugly addresses simply forward those ports to npm. For example 8443 to unraid_ip:443 and 8080 to unraid_ip:80 What about Letsencrypt automatic certificate renewal, will it work with other ports than 80 and 443 ?
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.