Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Nginx Proxy Manager not letting traffic through when HTTPS is enabled

Featured Replies

I set up the Nginx Proxy Manager from https://registry.hub.docker.com/r/jlesage/nginx-proxy-manager (I can't find the thread for this specific docker)

 

I managed to get one service working on HTTP, accessible outside of my network, but the moment I flip on Let's Encrypt, it becomes inaccessible and endlessly redirects. Going back to HTTP fixes it right away. 

 

What am I doing wrong? 

Likely nothing.  Most dockers only have and unsecure HTTP gui and dont support HTTPS.  When you load your URL does the site show in your browser as secure?  Setting HTTP in NPM just means that you are encrypted from cloudflare to NPM but Unencrypted from NPM to the docker you setup.  This portion of the traffic is all behind your firewall.  Just make sure you browser says its secure with an SSL cert.

  • Author

I am trying to get Overseerr to work with this.

 

When I use HTTP it loads fine. When I turn on Let's Encrypt, it either redirects too many times or comes up "it might be temporally down or it may have moved permanently to a new web address. 

 

I did notice when I have HTTPS disabled in NGINX, and tried to access it via a web browser on a desktop, it had a Certificate with Google. 

 

Is this a conflict with the Google Cert and the LE Cert? 

 

FYI I am using cloudflare proxied with this. 

 

I think this may be fixed for now. It appears to be working. 

Edited by urbanracer34

NPM can apply TLS to any URL.

 

First look at how the URL is originally accessed.  If it's accessed by HTTP, then in NPM you set HTTP as target along with the correct IP and port for the page/service.  Assign it a certificate - that you've already provisioned - and turn on the option to force TLS/HTTPS.

 

That's the basic amount of work you need to do for most pages. Making sure of course that you're using a FQDN and that your cert includes that name or a wildcard on the base domain (domain.tld).

 

Some pages need more options, like websockets, header manipulation, etc. Some need additional configuration in their own settings, so keep that in mind. Some services actively block reverse proxies.

The last piece of the puzzle is that you absolutely need DNS to resolve your URL - if it's an internal site, you should have internal DNS server or at least a forwarder or resolver with overrides.  Unbound, DNSmasq, PiHole, AdGuard Home, others, or combination.

Also, I STRONGLY recommend using NPMPlus (available in Community Apps) rather than the original NPM.

 

For Home Assistant for example, this is all that's needed in NPM - BUT, you have to make changes in Home Assistant to allow the reverse proxy.

 

image.png.fe65996a2a23d56246589561bc5efbcb.pngimage.png.47616ab3a1e24973d936b5debbd5b200.png

Edited by Espressomatic

  • Author

I think I have it sorted for now. 

 

Why change to NPMPlus? Why fix what is not broken? And is it absolutely necessary? 

Edited by urbanracer34

Because NPM is definitely broken - butI didn't the the same number of issues I've seen other people complain about.

NPMPLUS is more regularly maintained and active, has a lot of new features and fixes.

Edited by Espressomatic

  • Author

How is it broken? Will I have to reset up everything again? 

  • Author

I'll think on it.

 

I can't get to it right away but it is something that has to be done later as I am very busy. (Life) 

Quote

When I use HTTP it loads fine. When I turn on Let's Encrypt, it either redirects too many times or comes up "it might be temporally down or it may have moved permanently to a new web address. 

 

I did notice when I have HTTPS disabled in NGINX, and tried to access it via a web browser on a desktop, it had a Certificate with Google. 

Overseer uses an unsecure gui so you have to select HTTP on NPM.  Again only the internal traffic between NPM and Overseer is unsecure.  The google services cert is the cert that NPM made for you so you should be golden.  Just to compare if you went "your server iP":5055 you will see your browser shows not secure but it can only be reached while on your network.  If you go to the URL and it shows your cert and and shows secure you are good.  On NPM its good practice to turn on"block common exploits" and on the SSL tab turn on "Force SSL"

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.