September 6, 20241 yr 15 minutes ago, mattie112 said: Can you chech the certificate view in NPM? Perhaps it did made one and you can just use it. Or chech the drop down where it says 'request new' So the dropdown shows: Note that what I highlighted out was my attemp to manually add my Certs from Cloudflare to NPM. It does not related to my nextcloud proxy. In my SSL Certs, I only have this manually added Cert from Cloudflare. Note I only added this cert because of the issues I was having trying to get nextcloud to work here. It didn't work prior to this (or after the fact).
September 6, 20241 yr Ik strange. You could check in the docker container itself on the filesystem (or in the app data) and manually remove any files that are certificates for your host. Or if you have not a lot of config yet just clear and restart.
September 6, 20241 yr 11 minutes ago, mattie112 said: Ik strange. You could check in the docker container itself on the filesystem (or in the app data) and manually remove any files that are certificates for your host. Or if you have not a lot of config yet just clear and restart. I'll clear and restart. My only other guess is I am not setting up the Proxy Host right. NNote I have tried EVERY combination in port (ie. I've tried http/https for 443, 444, 1443, etc). Here is how I have it set up. What do you think I should be using? And my SWAG config file looks like this:
September 6, 20241 yr 33 minutes ago, mattie112 said: Ik strange. You could check in the docker container itself on the filesystem (or in the app data) and manually remove any files that are certificates for your host. Or if you have not a lot of config yet just clear and restart. I might have more information. I checked logs when trying to pull a certificate and got this: "Timeout during connect (likely firewall problem)" My NGINX is setup exactly the same as SWAG (and I know i did port forwarding for SWAG). Here is my NGINX PM: and note I also have this on the "Custom: Proxynet" network type as my SWAG is on that too. Here is my SWAG:
September 7, 20241 yr You could try two things. With your phone on 4G try to access both 80 and 443. Are both not working or just one of them? Just to make sure we are looking in the right direction.
September 12, 20241 yr My docker network configuration is: - Docker custom network type: ipvlan - Host access to custom networks: Disabled I have this problem: 1) npm is configured on the "br0" network with a fixed ip (192.168.10.238). But I can't access the panel because when i try to do login , shows the error “Bad Gateway". All the other containers are on a single network (bdrtec), only npm is on “br0”.
October 1, 20241 yr I have my Cloudflare Tunnel pointed to NPM and a wildcard cert setup. However, when I enable Force SSL, I get an error stating "too many redirects." Any idea why I am getting this error? NPM perfectly redirects my app.example.com to the correct docker container with this turned off. I just don't understand what is a causing the error.
October 1, 20241 yr 12 hours ago, rbrowning85 said: I have my Cloudflare Tunnel pointed to NPM and a wildcard cert setup. However, when I enable Force SSL, I get an error stating "too many redirects." Any idea why I am getting this error? NPM perfectly redirects my app.example.com to the correct docker container with this turned off. I just don't understand what is a causing the error. I didn't point my cloudflare directly at NPM..... I pointed my router to the AdGuard IP. AdGuard points to NPM. NPM points to the domains.
October 1, 20241 yr 1 hour ago, Braulio Dias Ribeiro said: I didn't point my cloudflare directly at NPM..... I pointed my router to the AdGuard IP. AdGuard points to NPM. NPM points to the domains. Interesting. So you are pointing your Cloudflare Tunnel to your router's IP address? Then using an Adguard DNS rewrite, you are then forwarding that to NPM, which then proxies it to the correct docker container? app.example.com --> Cloudflare Tunnel --> home router --> AdGuard DNS rewrite --> NPM --> docker container Does this require you to open ports 80 and 443 on your router?
October 1, 20241 yr 32 minutes ago, rbrowning85 said: Interesting. So you are pointing your Cloudflare Tunnel to your router's IP address? Then using an Adguard DNS rewrite, you are then forwarding that to NPM, which then proxies it to the correct docker container? app.example.com --> Cloudflare Tunnel --> home router --> AdGuard DNS rewrite --> NPM --> docker container Does this require you to open ports 80 and 443 on your router? My redirect sub domains are internal...... Some are external Cloudflare Tunnel Site --> Cloudflare Tunnel Docker Unraid Router --> AdGuard DNS rewrite --> NPM --> docker container Edited October 1, 20241 yr by Braulio Dias Ribeiro
October 6, 20241 yr Just looking for a little advice about the assigned ports. I have started to use Immich recently. And it doesn't play nice with cloudflare because of it not breaking down the files into chunks. So any files over 100mb gets blocked. In order to combat this I set a local DNS record on my UDM P so these files will upload when on my home network. In order to ensure the traffic sent on the local DNS rule reached NPM I had to set the ports to the default 80 and 443. This is because I cant set a local port forwarding rule... At least I haven't found how to do it yet. The port forwarding rules only applies to internet traffic. I have this done and all is working just fine. My question is are there any security concerns doing this? or any other reason I shouldn't do it?
October 9, 20241 yr Hey all, I can no longer connect to the webui, just says connection refused error. In my docker log for nginx I just have this repeating forever. Any ideas? I checked my folders and there's no npm-9 folder at all, just 1, 2, 6, 7, and 8. EDIT: go ahead and ignore this, i deleted the docker and reinstalled from scratch and works right away. Edited October 9, 20241 yr by nxtiak
November 6, 20241 yr Have had this socker running for ages and been spot on noticed today noticed one ssl needed to be renewed by 24th Nov 2024, tried to manually renew but got an internal error. Googled and saw one post on GitHub to say to switch off forced SSL and try, so did this and manual renew worked, not sure why its started to be an issue now and not before, Ive always had force ssl on. Also using cloudflare cname record with proxy enabled (if that matters)
November 7, 20241 yr Hi, I try to set up my things and when I create my ssl I got this: CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details. at /opt/nginx-proxy-manager/lib/utils.js:16:13 at ChildProcess.exithandler (node:child_process:410:5) at ChildProcess.emit (node:events:513:28) at maybeClose (node:internal/child_process:1100:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5) Somebody knows why?
November 7, 20241 yr Make sure both ports 80 and 443 are forwarded to your container and that DNS changes have actually propagated, it's not always instant when you add a new subdomain. Edited November 7, 20241 yr by Kilrah
November 7, 20241 yr Hello! I just got an email from let's encrypt that my certs are expiring. I went into the SSL Certs section of this application and hit renew on let's encrypt. It error'ed out. Just says "Internal Error." I am using cloudflare. Where can I go from here?
November 9, 20241 yr An update on my situation. I setup a new Let's Encrypt cert and now I can't access my services outside of my network. "too many redirects" I can still access internally by IP. My phone when trying to access my websites via cellular says "The webpage at *REDACTED URL* might be temporarily down or it may have moved permanently to a new web address." I tried the other certs I made in the past and none of them work. And all of a sudden today my certs are all renewed. Do I have to start from scratch? EDIT: I have no backups of my previous settings. Edited November 9, 20241 yr by urbanracer34
November 9, 20241 yr I fixed it! I had to recreate the domain and everything else and now it appears to be working.
November 11, 20241 yr I've recently moved and switched to using Starlink for my internet. I'd prefer to stay on the Residential plan which gives me unlimited data, but has the downside to being behind a GNAT. Luckily, I'm using a Unifi Ultra gateway, so I can use ipv6 to access my internal devices from outside the network. I've managed to give my unraid server an ipv6 address and confirmed it works. I've also managed to set up my NPM container with an ipv6 address and can hit it publicly as well. I updated my public DNS records for my domains to point to my NPM address, but it's not forwarding the traffic to my backend devices, which are only running on ipv4. I've configured my NPM container to use the proxynet and br0 networks, while all of my backend containers are using just proxynet. I'm at a loss on how to get that traffic to forward properly and would love any help. I'm currently running on Unraid 6.9.2.
November 11, 20241 yr >CGNAT, ipv6, etc... Use Tailscale, don't forward and open ports. If you run Tailscale inside the same container as NPM and on Unraid as a Plugin, you won't have to worry about creating additional special docker-specific networks or configuring any containers for proxying or outside access. You'll be able to access anything you want on the Unraid system, including all containers and VMs from outside with any machine that's connected to the Tailnet (any machine also running Tailscale, like your phone, notebook, machine at another house, etc.) Edited November 11, 20241 yr by Espressomatic
November 11, 20241 yr 4 minutes ago, Espressomatic said: >CGNAT, ipv6, etc... Use Tailscale, don't forward and open ports. Thanks, I'll look into that.
November 12, 20241 yr 10 hours ago, Professor Oak said: I've recently moved and switched to using Starlink for my internet. I'd prefer to stay on the Residential plan which gives me unlimited data, but has the downside to being behind a GNAT. Luckily, I'm using a Unifi Ultra gateway, so I can use ipv6 to access my internal devices from outside the network. I've managed to give my unraid server an ipv6 address and confirmed it works. I've also managed to set up my NPM container with an ipv6 address and can hit it publicly as well. I updated my public DNS records for my domains to point to my NPM address, but it's not forwarding the traffic to my backend devices, which are only running on ipv4. I've configured my NPM container to use the proxynet and br0 networks, while all of my backend containers are using just proxynet. I'm at a loss on how to get that traffic to forward properly and would love any help. I'm currently running on Unraid 6.9.2. And other then what was already suggested: try testing things one by one. Can you access your NPM over IPv6? Does the DNS resolve correctly (perhaps your Unraid machine has a different IP then your NPM container) Does the forwarding work over IPv4?
November 13, 20241 yr On 11/11/2024 at 5:05 PM, Espressomatic said: >CGNAT, ipv6, etc... Use Tailscale, don't forward and open ports. If you run Tailscale inside the same container as NPM and on Unraid as a Plugin, you won't have to worry about creating additional special docker-specific networks or configuring any containers for proxying or outside access. You'll be able to access anything you want on the Unraid system, including all containers and VMs from outside with any machine that's connected to the Tailnet (any machine also running Tailscale, like your phone, notebook, machine at another house, etc.) Okay, I think I hit a wall here.. I've got the tailscale plugin installed and managed to configure it to route subnets (192.168.1.0/24) and act as an exit node. I've also got the newer Tailscale-Docker container installed and on the bridge network, but I couldn't get it to act as an exit node even when setting the correct flag. I've tried several different configurations for the NPM container, but still can't figure out how to hit it externally.
November 13, 20241 yr Sorry for not being more specific earlier: Don't run the Tailscale docker container. So far, this is the most versatile way I've found to set this up (spoiler: NPM/Tailscale inside Debian LXC) - instructions below include scripts to for NPM and Tailscale installations in the LXC. Edited November 13, 20241 yr by Espressomatic
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.