July 31, 2025Jul 31 I have installed NPM with the following attributes:I use pihole with unbound as DNS and Fritzbox as DHCP, this works well.With NPM I have received LE cert for my domain.I have registered some subdomains like dc.mydomain.xxx for Double Commander.dc.mydomain.xxx is also registered in pihole as local DNS record with IP forwarding to NPM.Host for dc.mydomain.xxx in NPM is forwarded to https://192.168.23.155:3001.Double Commander is accessible with this IP/Port but not dc.mydomain.xxx.Any hints waht's going wrong?
August 5, 2025Aug 5 On 7/31/2025 at 10:01 PM, PinkCarlos said:is also registered in pihole as local DNS record with IP forwarding to NPMwhat do you mean with "forwarding" ???And which computers are asking pihole for an address?
August 14, 2025Aug 14 this might sounds silly, but i have installed, logged in, and configured nginx container a few times so far. however, every time, if i return after 2-3 days, it does not allow me to login (wrong username/password error). i m 100% i am using the correct credentials, as i copy paste them from another document. driving myself crazy here. any help welcomethanks
August 15, 2025Aug 15 Author Sounds like your database gets corrupted. Is your app data share located on the cache only? (Best option is enabling exclusive shares and bring the cache completely on an SSD, but backups are mandatory)
August 18, 2025Aug 18 Is there a env variable for setting log levels? proxy-host-1_access.log, proxy-host-1_error.log, and fallback_error.log have no entries.Logfiles and loglevel can be set via CLI, but also with env?
August 18, 2025Aug 18 3 hours ago, PinkCarlos said:Is there a env variable for setting log levels?proxy-host-1_access.log, proxy-host-1_error.log, and fallback_error.log have no entries.Logfiles and loglevel can be set via CLI, but also with env?no longer relevant
August 25, 2025Aug 25 For some reason when I try to run tailscale on this container recently it binds on port 443 which stops nginx from starting up, I've used this succesfully up until recently and am a bit unsure about what changed to break this. I did activate HTTPS on tailscale a couple of weeks back but it's been working up until just a day or two ago so don't know if it's related but also tried turning that off again.From what I've understood Tailscale Serve Protocol uses port 443 and while that has been activated before without an issue I've tried to set Tailscale Serve to no but no luck.Anyone has any idea on what to do from here, currently can't get NGINX up and running while using tailscale on the container which breaks my usecase for accessing some stuff when away from home.Edit:I found how to fix the issueAs long as this field was populated with a port value it seems like serve is started no matter what you sett Tailscale Serve to.When I set it to blank the issue dissapeared Edited August 27, 2025Aug 27 by Gronsak Found solution to the issue
September 8, 2025Sep 8 Hey all. I successfully setup NPM two or three days ago. I linked an A-record from my custom domain to my ISP public ip address (which never changes), using my DNS provider where I manage the custom domain name. Hope all that makes sense. I spun up linkwarden and NPM on a custom network, got linkwarden setup properly, then setup NPM with SSL. Ports 80 and 443 are forwarded in my router to 180 and 1443 respectively, and my NPM container reflects this.This setup WORKED FINE for the last two days. I could hit linkwarden.mycustomdomain.org from anywhere on any device. Then today, it stopped. DNS checker shows the hostname is resolving to my IP address, but when I test "server reachability" in NPM, I get this:linkwarden.mycustomdomain.org: There is a server found at this domain but it returned an unexpected status code Connection timed out.. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running.I've checked NPM docker logs, and I don't see any errors. Again, nothing about my server has changed and this setup was working fine. I am not behind CGNAT or anything weird like that. My Plex server is still running fine using UPNP port forwarding. Any ideas?
September 8, 2025Sep 8 It appears that my ISP has blocked ports 80 and 443 after a few days of using NPM. I used Tailscale via TSDProxy instead. Go figure
September 11, 2025Sep 11 Hello, I'm using the NPM container in Unraid for quite a while and I'm quite happy with how it works.However I do encounter a strange problem that I can't find a solution for:Whenever I want to renew an existing certificat, I get this Error:This Error occurs when I try to manually renew a certificat via certbot. My container log just gave me an error while trying to auto-renew (referring to the letsencrypt log, that I don't understand. I can share it if you want).Creating a new certificat for that same host however is no problem.I checked the things you recommended.My Port is reachable I get a result by entering my IPv4:And the target container is reachable via NPM:
September 12, 2025Sep 12 Author 20 hours ago, Qesaru said:I checked the things you recommended.My Port is reachableI get a result by entering my IPv4:Both are relevant for creating and updating certificates.20 hours ago, Qesaru said:And the target container is reachable via NPM:That's irrelevant for certs.20 hours ago, Qesaru said:(referring to the letsencrypt log, that I don't understand. I can share it if you want).We need the errors which are logged in this file. I still don't understand why they aren't forwarded to the container output, so we would be able to see them through the unraid gui. So please open the file in your npm appdata folder. A simple search for "error" or "fail" should show the relevant lines. Else remove your private information and post it here.
September 12, 2025Sep 12 Thank you for your help!2 hours ago, mgutt said:A simple search for "error" or "fail" should show the relevant lines. Else remove your private information and post it here.For readability I put the code at the end. I've also attached the anonymized file, but this seems to be the relevant part.According to the hint letsencrypt needs some sort of file that's created by my certbot, however I don't know what I need to do in order to make it available.{ "identifier": { "type": "dns", "value": "sub.mydomain.com" }, "status": "invalid", "expires": "2025-09-19T22:29:59Z", "challenges": [ { "type": "http-01", "url": "https://acme-v02.api.letsencrypt.org/acme/chall/1951384786/582604934051/680gKQ", "status": "invalid", "validated": "2025-09-12T22:29:59Z", "error": { "type": "urn:ietf:params:acme:error:connection", "detail": "2001:###:####:####:####:####:####:3736: Fetching https://sub.mydomain.com/.well-known/acme-challenge/#########################: Error getting validation data", "status": 400 }, "token": "#########################", "validationRecord": [ { "url": "http://sub.mydomain.com/.well-known/acme-challenge/#########################", "hostname": "sub.mydomain.com", "port": "80", "addressesResolved": [ "46.###.###.###", "2001:###:####:####:####:####:####:3736" ], "addressUsed": "2001:###:####:####:####:####:####:3736" }, { "url": "http://sub.mydomain.com/.well-known/acme-challenge/#########################", "hostname": "sub.mydomain.com", "port": "80", "addressesResolved": [ "46.###.###.###", "2001:###:####:####:####:####:####:3736" ], "addressUsed": "46.###.###.###" }, { "url": "https://sub.mydomain.com/.well-known/acme-challenge/#########################", "hostname": "sub.mydomain.com", "port": "443", "addressesResolved": [ "46.###.###.###", "2001:###:####:####:####:####:####:3736" ], "addressUsed": "2001:###:####:####:####:####:####:3736" } ] } ] } 2025-09-13 00:30:01,203:DEBUG:acme.client:Storing nonce: z38KXhlRljrs_ghQTq4a7sG4IqZVTPmWQ-0xnHhhaT3LR9gy4dw 2025-09-13 00:30:01,204:INFO:certbot._internal.auth_handler:Challenge failed for domain sub.mydomain.com 2025-09-13 00:30:01,204:INFO:certbot._internal.auth_handler:http-01 challenge for sub.mydomain.com 2025-09-13 00:30:01,204:DEBUG:certbot._internal.display.obj:Notifying user: Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: sub.mydomain.com Type: connection Detail: 2001:###:####:####:####:####:####:3736: Fetching https://sub.mydomain.com/.well-known/acme-challenge/#########################: Error getting validation data Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet. 2025-09-13 00:30:01,205:DEBUG:certbot._internal.error_handler:Encountered exception: Traceback (most recent call last): File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort) File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed.2 hours ago, mgutt said:Both are relevant for creating and updating certificates.That's irrelevant for certs.We need the errors which are logged in this file. I still don't understand why they aren't forwarded to the container output, so we would be able to see them through the unraid gui. So please open the file in your npm appdata folder. A simple search for "error" or "fail" should show the relevant lines. Else remove your private information and post it here. letsencrypt.log
September 12, 2025Sep 12 Author I think it's because the authority server tries to reach your domain through your IPv6, which is wrong:5 minutes ago, Qesaru said:Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: sub.mydomain.com Type: connection Detail: 2001:###:####:####:####:####:####:3736: Fetching https://sub.mydomain.com/.well-known/acme-challenge/#########################: Error getting validation dataHow do you update the IPv6 of your domain and does it target your NPM container? Note: IPv6 must not be the one of your router as it is for IPv4.You can test your IPv6 similar to IPv4 in your browser by adding brackets. Example:http://[2001:4860:4860::8888]:80/You must see the npm welcome page equal to your IPv4 tests.IPv6 can be more challenging to setup. On the first page I showed one example by running npm in the host network, so it shares the same IPv6 as unraid. But you need to update your domains IPv6 everytime Unraids IPv6 changes.Most people gave up and disable IPv6 😅
September 14, 2025Sep 14 On 9/13/2025 at 1:17 AM, mgutt said:How do you update the IPv6 of your domain and does it target your NPM container? First of all, thanks for your replies.I used to use DynDNS on my router, but because that led to difficulties, it's now running on my Unraid box via die qmcgaw/ddns-updater Docker container. My registrar is Strato, if that matters. I don't know what you mean by targeting the NPM container.Note: IPv6 must not be the one of your router as it is for IPv4.I don't quite understand what you mean with that. Could you reframe the quesion?On 9/13/2025 at 1:17 AM, mgutt said:You can test your IPv6 similar to IPv4 in your browser by adding brackets. [...]You must see the npm welcome page equal to your IPv4 tests.I can't figure out what my IPv6 is supposed to be. My router once ran IPv4 via DS-Lite, but I made my ISP set me to native IPv4 (as far as I know at least) because I couldn't get things working with DS-Lite. Interestingly my router doesn't show any IPv6 Interface-ID for my server and therefore doesn't let me do any IPv6 settings. I can also not forward any ports to IPv6, only to IPv4.Other devices on my network however do have an IPv6 Interface-ID and have changable settings under the IPv6 section in the port forwarding menu.On 9/13/2025 at 1:17 AM, mgutt said:Most people gave up and disable IPv6 😅That seems to be the best solution to me. How do I do this?Thank you for your patience, I know my reply is probably not as helpful, but I hope you can help me fix this problem and get a better understanding of it.
September 16, 2025Sep 16 I feel like I'm SO CLOSE to getting my setup right. Here's what I've done:Running a docker app on port 300X that I want to expose.Also running a PiHoleInstalled and set up DDNSSet up A name pointing to my IPCreated CNAME for app.example.comForwarded ports 80, 443, and 300X for my appCreated host in NPM for app.example.com on port 300X with a LetsEncrypt certWhen I visit app.example.com, I do not see my docker app. Instead, I see the Unraid login screen. That only happens when I forward port 80. When I do not forward port 80, I get a timeout 522 error.Why am I being taken to the Unraid login screen? I definitely do NOT want to expose that, if possible.
September 16, 2025Sep 16 2 minutes ago, acdn01 said:Why am I being taken to the Unraid login screen? I definitely do NOT want to expose that, if possible.Because you forgot to add Step 1 :-)1) MOVE UNRAID away from Port 80!This can be done HEREChange HTTP and HTTPS Port to a value that you like (and remember!).Now NPM can run in Host mode and take over these ports.Btw, you still cannot access Port 300x from the internet, NPM only tunnels 80 and 443. Edited September 16, 2025Sep 16 by MAM59
September 16, 2025Sep 16 A basic thing that I completely forgot, thank you!!I can now reach app.example.com. A few minutes after implementing the change, my app was available but some content (like images and some forms) were not rendering. I think this is a caching issue and will update this response if I figure out why the content did not render. Edited September 16, 2025Sep 16 by acdn01
September 30, 2025Sep 30 Could someone please help me directly via discord / voice chat to get my domain (atomicrhino.net on cloudflare) working and pointing to my unraid server nginx so I can do things like have a self hosted image upload thing etc? I really am struggling and could use the help. discord is sunwind.actual.
November 8, 2025Nov 8 Hi @mgutt, I've been searching through the forum for help with this, but no replies yet. I came across your post (https://forums.unraid.net/topic/110245-support-nginx-proxy-manager-npm-official/#findComment-1011152) which I think is helpful in my situation but I am not so sure what changes I should make.The issue that I'm having is posted here: https://forums.unraid.net/topic/76460-support-djoss-nginx-proxy-manager/page/78/#findComment-1588569. My NPM is on a user created network and I need it to communicate with some containers on br1. Your chart below shows that I won't be able to communicate with anything on br0, does that apply to br1 as well? If so, what changes can I make to my docker network setup so that NPM can communicate to containers on br1 network? I'm not sure if I need to switch from ipvlan to macvlan or if its required to to allow host access to custom networks.Thanks!
December 7, 2025Dec 7 Author Maybe useful for others. This sets a bandwidth limit for nextcloud downloads (added through the advanced tab of the host settings):# main rules adopted from nginx proxy manager location / { add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload;"; client_body_buffer_size 512k; client_max_body_size 32G; proxy_request_buffering off; proxy_read_timeout 600s; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_http_version 1.1; # Proxy! include conf.d/include/proxy.conf; } # bandwith limit for downloads location ~ ^/(public\.php/dav/files|remote\.php/dav/files)/ { # ignore X-Accel-Buffering header (https://github.com/nextcloud/server/pull/25747) proxy_ignore_headers X-Accel-Buffering; # limit to 10 Mbit/s limit_rate 1280k; # make sure proxy buffering is enabled proxy_buffering on; # disable buffering to temporary files proxy_max_temp_file_size 0; # general proxy settings add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload;"; client_body_buffer_size 512k; client_max_body_size 32G; proxy_request_buffering off; proxy_read_timeout 600s; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_http_version 1.1; include conf.d/include/proxy.conf; } location /.well-known/carddav { return 301 /remote.php/dav/; } location /.well-known/caldav { return 301 /remote.php/dav/; }
January 2Jan 2 On 8/25/2025 at 6:36 AM, Gronsak said:For some reason when I try to run tailscale on this container recently it binds on port 443 which stops nginx from starting up, I've used this succesfully up until recently and am a bit unsure about what changed to break this. I did activate HTTPS on tailscale a couple of weeks back but it's been working up until just a day or two ago so don't know if it's related but also tried turning that off again.From what I've understood Tailscale Serve Protocol uses port 443 and while that has been activated before without an issue I've tried to set Tailscale Serve to no but no luck.Anyone has any idea on what to do from here, currently can't get NGINX up and running while using tailscale on the container which breaks my usecase for accessing some stuff when away from home.Edit:I found how to fix the issueAs long as this field was populated with a port value it seems like serve is started no matter what you sett Tailscale Serve to.When I set it to blank the issue dissapearedRunning into this same issue and this is the closest I've found to a solution. However, it appears that between Aug and now, the TS implementation may have changed (?). See my screenshot below. If I leave the Serve port blank, it defaults to 443, which is the cause of the issue. Changing to any other port doesn't solve it. I even tried typing just a space in the field but it reverted back to default when the container was created. Any guidance?
January 10Jan 10 hi hope some one can give me some help i have moved to unraid and installed Nginx Proxy Manager to see how it works the only challenges i have for now is my plex sever and docker-uisp both is comming up as This page isn’t working but all the other containers is passing throug am i missing someting and yes i did do Let's Encrypt.thanks in advance.
January 10Jan 10 Author 1 minute ago, unraid.admin said:This page isn’t working but all the other containers is passing througDid you make some of the checks of the first posts?
January 10Jan 10 12 minutes ago, mgutt said:Did you make some of the checks of the first posts?yes i have read few of them seems to fail to understand what i am doing wrong
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.