August 29, 20241 yr I set up the Nginx Proxy Manager from https://registry.hub.docker.com/r/jlesage/nginx-proxy-manager (I can't find the thread for this specific docker) I managed to get one service working on HTTP, accessible outside of my network, but the moment I flip on Let's Encrypt, it becomes inaccessible and endlessly redirects. Going back to HTTP fixes it right away. What am I doing wrong?
August 29, 20241 yr Likely nothing. Most dockers only have and unsecure HTTP gui and dont support HTTPS. When you load your URL does the site show in your browser as secure? Setting HTTP in NPM just means that you are encrypted from cloudflare to NPM but Unencrypted from NPM to the docker you setup. This portion of the traffic is all behind your firewall. Just make sure you browser says its secure with an SSL cert.
August 29, 20241 yr Author I am trying to get Overseerr to work with this. When I use HTTP it loads fine. When I turn on Let's Encrypt, it either redirects too many times or comes up "it might be temporally down or it may have moved permanently to a new web address. I did notice when I have HTTPS disabled in NGINX, and tried to access it via a web browser on a desktop, it had a Certificate with Google. Is this a conflict with the Google Cert and the LE Cert? FYI I am using cloudflare proxied with this. I think this may be fixed for now. It appears to be working. Edited August 29, 20241 yr by urbanracer34
August 29, 20241 yr NPM can apply TLS to any URL. First look at how the URL is originally accessed. If it's accessed by HTTP, then in NPM you set HTTP as target along with the correct IP and port for the page/service. Assign it a certificate - that you've already provisioned - and turn on the option to force TLS/HTTPS. That's the basic amount of work you need to do for most pages. Making sure of course that you're using a FQDN and that your cert includes that name or a wildcard on the base domain (domain.tld). Some pages need more options, like websockets, header manipulation, etc. Some need additional configuration in their own settings, so keep that in mind. Some services actively block reverse proxies. The last piece of the puzzle is that you absolutely need DNS to resolve your URL - if it's an internal site, you should have internal DNS server or at least a forwarder or resolver with overrides. Unbound, DNSmasq, PiHole, AdGuard Home, others, or combination. Also, I STRONGLY recommend using NPMPlus (available in Community Apps) rather than the original NPM. For Home Assistant for example, this is all that's needed in NPM - BUT, you have to make changes in Home Assistant to allow the reverse proxy. Edited August 29, 20241 yr by Espressomatic
August 29, 20241 yr Author I think I have it sorted for now. Why change to NPMPlus? Why fix what is not broken? And is it absolutely necessary? Edited August 29, 20241 yr by urbanracer34
August 29, 20241 yr Because NPM is definitely broken - butI didn't the the same number of issues I've seen other people complain about. NPMPLUS is more regularly maintained and active, has a lot of new features and fixes. Edited August 29, 20241 yr by Espressomatic
August 29, 20241 yr https://github.com/ZoeyVid/NPMplus#list-of-new-features You can migrate. That's what I did when I ran it early this year. Last week on a new install I just started directly with NPMPlus. Shouldn't need to lose any settings. See here: https://github.com/ZoeyVid/NPMplus#migration Edited August 29, 20241 yr by Espressomatic
August 29, 20241 yr Author I'll think on it. I can't get to it right away but it is something that has to be done later as I am very busy. (Life)
August 29, 20241 yr Quote When I use HTTP it loads fine. When I turn on Let's Encrypt, it either redirects too many times or comes up "it might be temporally down or it may have moved permanently to a new web address. I did notice when I have HTTPS disabled in NGINX, and tried to access it via a web browser on a desktop, it had a Certificate with Google. Overseer uses an unsecure gui so you have to select HTTP on NPM. Again only the internal traffic between NPM and Overseer is unsecure. The google services cert is the cert that NPM made for you so you should be golden. Just to compare if you went "your server iP":5055 you will see your browser shows not secure but it can only be reached while on your network. If you go to the URL and it shows your cert and and shows secure you are good. On NPM its good practice to turn on"block common exploits" and on the SSL tab turn on "Force SSL"
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.