December 4, 20241 yr I would like to issue a WARNING to all users using this APP, The source image and repository for this app / docker image are greatly OUTDATED - From 2021, It is feasible that users of this app expose this nginx externally to the public internet, those user are facing security risks due to using outdated software, the image is built on-top of openresty, which itself is a standalone extended distribution of nginx, both products are constantly under security scrutiny and cycles of vulnerability detection and patching. I have raised a closed github issue here: https://github.com/jlesage/docker-nginx-proxy-manager/issues/331 I recommend users to move to the official image: https://github.com/NginxProxyManager/nginx-proxy-manager/tree/develop it is a drop in replacement, when using: https://github.com/chrizzo84/unraid-templates/tree/main/nginx-proxy-manager-jc21
December 16, 20241 yr Hello everyone, Disclaimer: Unraid is by far the most IT technical thing I have ever done, all based on iterative trial and error. It seems I really messed up this time however. Definitions PC = my main computer (1st machine) Server = the 2nd machine that has Unraid on it Everything is purely within the LAN network, both PC and Server are in the same house, i.e. both are connected to the walls in their respective rooms via an ethernet cable. How the problem started: Decided to give Ngninx a try since I wanted to see if I could get HTTPS working. Installed Nginx docker, messed around with it a bit, seemed like I could not get it to work (could get it to make an SSL certificate via DuckDNS and set up some Proxy Hosts with duckdns subdomains, but everything staid HTTP when I clicked on the proxy host). Basically had no idea what I was doing. Was experimenting with having Nginx Proxy Hosts direct to different ports etc. and figured I'd just trial and error things a bit while following some Youtube tutorials etc. to see how far I'd get. Basically that's how I got this far using Unraid over the past several months in general. I was not aware about this being potentially dangerous outside of the docker containers, in hindsight I guess I should have. At some point I was also changing some ports in the different docker settings (as far as I know I did not create any overlapping ports, but who knows) and tried putting some dockers from "Bridge" to "br0" etc. (not having any deep understanding about the differences) but that did not seem to do much, in the end I just set everything back to "Bridge". Installed Traefik docker in Unraid, but then decided against starting to mess around with that as well, so jumped back to Nginx. All of a sudden I did not have LAN access to the server anymore (purely from messing around with Nginx as far as I could tell). Strangely, I could still go to different tabs within the Nginx GUI itself (e.g. "Proxy Host" and "SSL" tabs) but all the other dockers (including Unraid GUI itself) were unavailable so I was basically stuck - I tried to walk my steps back in Nginx but I don't know at what stage everything broke and I don't remember when I changed what, as I had been messing with it on and off over the course of several hours. Whenever I try to connect to the Server (or any of the dockers like Nextcloud or Jellyfin) from my PC via my PC browser (tested multiple browsers, using bookmarks to e.g. Nextcloud so nothing changed there either), both via "tower.local" or the "IP address", I get this message: "This site can’t be reached 192.168.0.100 [note: this is my local Unraid server IP] refused to connect. Try: Checking the connection Checking the proxy and the firewall ERR_CONNECTION_REFUSED" Once the problem occured: I still see the Server on its fixed LAN IP when logging into my modem, so that seems normal. I can get into the Server via physically connecting a screen/keyboard/mouse and booting into GUI (it seems to actually start a Linux instace and automatically opened a Firefox browser showing the Unraid GUI in there - hopefully makes sense?). The GUI in the Firefox browser on the server connects to the tower.local address in the adress bar. When I open a second tab in that Firefox browser on the server I seemingly can use the IP address to get to the login screen as well. However, I cannot get to the login screen via my PC anymore, neither to any of the dockers and SMB is also down (cannot get to my folders via windows explorer on PC). I tried connecting via my PC browser both without the dockers running and after the dockers started. Booting the Server in Unraid safe mode also does not change anything it seems. I think I managed to get the diagnostics file (see attachment). When I open "servers.conf.txt" in the diagnostics file I see some reference to Nginx, but I don't know what to make of it. I just mention it here because it may be relevant for somebody who does know how to read it. I really tried troubleshooting it myself but I honestly do not know what else to do anymore at this stage without potentially creating an even bigger mess. I hope one of the experts here can help me get my server back up and running. Any help would be greatly, greatly appreciated. // Reporting back on some more troubleshooting I did in the meantime: Uninstalled the Nginx docker. Did not change anything. Reinstalled the Nginx docker, which gave errors because it as a standard uses port 80. I changed the Nginx docker settings back to what it was before I removed it. Strangely, when I then launched the Nginx GUI on the server, it just got me straight into Nginx, where it apparently had remembered the login credentials and still had the proxy host and SSL certificate? In other words, removing the Nginx docker apparently did not remove everything related to it and as a result also did not solve the issue and I still only have physical access to server with nothing remote (on the LAN) working tower-diagnostics-20241216-0128.zip
December 16, 20241 yr The files are not stored in the container but mounted from the /appdata storage share. If you want to start over / clear everything empty-out that folder. Check your docker config to see the exact path of mapped volumes.
December 26, 20241 yr My Nginx has worked reliably until today! Today I had to restart my Unraid server because I had to increase the size of my Docker container. Since then, NGINX has stopped working - cannot be started and I get the following error in the log: Mein Nginx funktionierte bis heute zuverlässig! Heute mußte ich aber meinen Unraid Server einen Neustart verpassen, weil ich die größe meines Docker Containers erhöhen musste. Seit dem funktioniert NGINX nicht mehr - lässt sich nicht starten und ich erhalte folgenden Fehler im Protokoll: [init ] container is starting... [cont-env ] loading container environment variables... [cont-env ] APP_NAME: loading... [cont-env ] APP_VERSION: loading... [cont-env ] DOCKER_IMAGE_PLATFORM: loading... [cont-env ] DOCKER_IMAGE_VERSION: loading... [cont-env ] HOME: loading... [cont-env ] TAKE_CONFIG_OWNERSHIP: loading... [cont-env ] XDG_CACHE_HOME: loading... [cont-env ] XDG_CONFIG_HOME: loading... [cont-env ] XDG_DATA_HOME: loading... [cont-env ] XDG_RUNTIME_DIR: loading... [cont-env ] XDG_STATE_HOME: loading... [cont-env ] container environment variables initialized. [cont-secrets] loading container secrets... [cont-secrets] container secrets loaded. [cont-init ] executing container initialization scripts... [cont-init ] 10-check-app-niceness.sh: executing... [cont-init ] 10-check-app-niceness.sh: terminated successfully. [cont-init ] 10-clean-logmonitor-states.sh: executing... [cont-init ] 10-clean-logmonitor-states.sh: terminated successfully. [cont-init ] 10-clean-tmp-dir.sh: executing... [cont-init ] 10-clean-tmp-dir.sh: terminated successfully. [cont-init ] 10-init-users.sh: executing... [cont-init ] 10-init-users.sh: terminated successfully. [cont-init ] 10-pkgs-mirror.sh: executing... [cont-init ] 10-pkgs-mirror.sh: terminated successfully. [cont-init ] 10-set-tmp-dir-perms.sh: executing... [cont-init ] 10-set-tmp-dir-perms.sh: terminated successfully. [cont-init ] 10-xdg-runtime-dir.sh: executing... [cont-init ] 10-xdg-runtime-dir.sh: terminated successfully. [cont-init ] 15-install-pkgs.sh: executing... [cont-init ] 15-install-pkgs.sh: terminated successfully. [cont-init ] 54-db-upgrade.sh: executing... [cont-init ] 54-db-upgrade.sh: terminated successfully. [cont-init ] 55-nginx-proxy-manager.sh: executing... [cont-init ] 55-nginx-proxy-manager.sh: ln: /config/logs: No space left on device [cont-init ] 55-nginx-proxy-manager.sh: terminated with error 1.
December 26, 20241 yr Manually remove the log try again if you already increased the size of the docker image.
December 26, 20241 yr Yes, I have already increased the Docker storage. How can I delete the log? Ja den Docker Speicher habe ich bereits vergrößert. Wie kann ich den Log löschen?
December 26, 20241 yr Open the console to NPM via the Unraid container page (next to stop/start/restart) and remove it using the shell. OR: delete NPM, then re-'install' it and use the same config/path mapping.
December 26, 20241 yr I think that's not the right way. But I still removed ngins without deleting the image and installed it again. Without success or changing the situation. Then I went into the log folder and deleted all the entries there, but that didn't make any changes either. Ich denke das ist nicht der richtige weg. Ich habe jetzt aber trotzdem mal ngins entfernt-ohne das image zu löschen und habe es erneut installiert. Ohne Erfolg bzw veränderung der Situation. Dann bin ich in den Log Ordner gegangen und habe dort alle Einträge gelöscht, aber auch das führte zu keiner veränderung.
January 5, 20251 yr Hello:) Anyone who how to fix this one?? [IP Ranges] › ✖ error getaddrinfo EAI_AGAIN ip-ranges.amazonaws.com Thank you!
January 5, 20251 yr Hello again:) This is the output.. Anyone with a idea of how to fix this?? User: npm PUID:0 ID:0 GROUP:0 Group: npm PGID:0 ID:0 ------------------------------------- ❯ Starting nginx ... ❯ Starting backend ... [1/5/2025] [2:01:42 PM] [Global ] › ℹ info Using Sqlite: /data/database.sqlite [1/5/2025] [2:01:42 PM] [Migrate ] › ℹ info Current database version: none [1/5/2025] [2:01:42 PM] [Setup ] › ℹ info Logrotate Timer initialized [1/5/2025] [2:01:42 PM] [Global ] › ⬤ debug CMD: logrotate /etc/logrotate.d/nginx-proxy-manager [1/5/2025] [2:01:42 PM] [Setup ] › ℹ info Logrotate completed. [1/5/2025] [2:01:42 PM] [IP Ranges] › ℹ info Fetching IP Ranges from online services... [1/5/2025] [2:01:42 PM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json [1/5/2025] [2:01:58 PM] [IP Ranges] › ✖ error getaddrinfo EAI_AGAIN ip-ranges.amazonaws.com [1/5/2025] [2:01:58 PM] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized [1/5/2025] [2:01:58 PM] [SSL ] › ℹ info Renewing SSL certs expiring within 30 days ... [1/5/2025] [2:01:58 PM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized [1/5/2025] [2:01:58 PM] [Global ] › ℹ info Backend PID 155 listening on port 3000 ... [1/5/2025] [2:01:58 PM] [SSL ] › ℹ info Completed SSL cert renew process [1/5/2025] [2:13:19 PM] [Global ] › ℹ info PID 155 received SIGTERM [1/5/2025] [2:13:19 PM] [Global ] › ℹ info Stopping. ❯ Configuring npm user ... 0 usermod: no changes ❯ Configuring npm group ... ❯ Checking paths ... ❯ Setting ownership ... ❯ Dynamic resolvers ... ❯ IPv6 ... Enabling IPV6 in hosts in: /etc/nginx/conf.d - /etc/nginx/conf.d/default.conf - /etc/nginx/conf.d/include/assets.conf - /etc/nginx/conf.d/include/block-exploits.conf - /etc/nginx/conf.d/include/force-ssl.conf - /etc/nginx/conf.d/include/ip_ranges.conf - /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf - /etc/nginx/conf.d/include/log.conf - /etc/nginx/conf.d/include/proxy.conf - /etc/nginx/conf.d/include/ssl-ciphers.conf - /etc/nginx/conf.d/include/resolvers.conf - /etc/nginx/conf.d/production.conf Enabling IPV6 in hosts in: /data/nginx - /data/nginx/proxy_host/1.conf ❯ Docker secrets ...
January 11, 20251 yr Is there any way I can edit the template app-store pulls myself? Wants to get NPM to run on port 443 and not 4443 because I want to integrate it with Tailscale and Tailscale only uses the container port, not the redirect port, so don’t help to set port 443-->4443 yes, I know I can just run this in docker compose myself, but I like much better how Unriad7 shows/handles the Tailscale container integration in the GUI instead of having a sidecar container showing.
January 11, 20251 yr 21 minutes ago, Kilrah said: Sure, just click edit on the container. Does not work, the container port is always 4443
January 12, 20251 yr I made a fork for that: https://github.com/Mattie112/docker-nginx-proxy-manager (I update it a few times a year if I dont forget haha)
January 12, 20251 yr 9 hours ago, isvein said: Does not work, the container port is always 4443 If you run it on bridge that's not a problem. You didn't say what network you needed. If you need it on port 80 for host/br0 just use the official container instead of this modified one.
January 12, 20251 yr 1 hour ago, Kilrah said: If you run it on bridge that's not a problem. You didn't say what network you needed. If you need it on port 80 for host/br0 just use the official container instead of this modified one. True, was too late to remember that Im using custom vlan so the container has its own IP Ended up using the official one
January 14, 20251 yr On 12/29/2023 at 12:46 PM, Ptolemyiv said: Am getting a certbot route53 error again in the logs and am unable to log in to the gui (since itself relies on ssl certificate!) - log is showing the following repeatedly: [app ] [12/29/2023] [11:33:43 AM] [Global ] › ✖ error Command failed: pip install --no-cache-dir certbot-dns-route53==$(certbot --version | grep -Eo '[0-9](\.[0-9]+)+') [app ] The 'certbot_dns_route53.authenticator' plugin errored while loading: cannot import name 'DEFAULT_CIPHERS' from 'urllib3.util.ssl_' (/usr/lib/python3.10/site-packages/urllib3/util/ssl_.py). You may need to remove or update this plugin. The Certbot log will contain the full error details and this should be reported to the plugin developer. [app ] Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-ul_q9vn7/log or re-run Certbot with -v for more details. [app ] ERROR: Could not find a version that satisfies the requirement certbot-dns-route53== (from versions: 0.15.0.dev0, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.18.1, 0.18.2, 0.19.0, 0.20.0, 0.21.0, 0.21.1, 0.22.0, 0.22.1, 0.22.2, 0.23.0, 0.24.0, 0.25.0, 0.25.1, 0.26.0, 0.26.1, 0.27.0, 0.27.1, 0.28.0, 0.29.0, 0.29.1, 0.30.0, 0.30.1, 0.30.2, 0.31.0, 0.32.0, 0.33.0, 0.33.1, 0.34.0, 0.34.1, 0.34.2, 0.35.0, 0.35.1, 0.36.0, 0.37.0, 0.37.1, 0.37.2, 0.38.0, 0.39.0, 0.40.0, 0.40.1, 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.9.0, 1.10.0, 1.10.1, 1.11.0, 1.12.0, 1.13.0, 1.14.0, 1.15.0, 1.16.0, 1.17.0, 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.22.0, 1.23.0, 1.24.0, 1.25.0, 1.26.0, 1.27.0, 1.28.0, 1.29.0, 1.30.0, 1.31.0, 1.32.0, 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.5.0, 2.6.0, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.8.0) [app ] ERROR: No matching distribution found for certbot-dns-route53== [app ] [12/29/2023] [11:33:44 AM] [Migrate ] › ℹ info Current database version: none Unfortunately the fix before doesn't seem to be working - anyone know how to fix this once and for all? (may be a recent update issue since only just started reoccurring again) EDIT: So the only way I was able to fix this error was to run the following command and download urllib manually: pip install 'urllib3<2' Nginx Proxy Manager then loaded and unsuccessfully failed to auto-renew the certificates - after this, I was able to manually renew the certificates from the UI. Strangely, if I reboot the container than the original error re-occurs and I have to manually execute the above command again... Anyone else encountering the same or can suggest a permanent fix? Many thanks I still have to take care of this issue every 3 month
January 16, 20251 yr On 1/5/2025 at 1:54 PM, Mattti1912 said: Anyone who how to fix this one?? [IP Ranges] › ✖ error getaddrinfo EAI_AGAIN ip-ranges.amazonaws.com Did you solve it?
January 19, 20251 yr On 12/4/2024 at 3:17 PM, Free-MeN4 said: I would like to issue a WARNING to all users using this APP, The source image and repository for this app / docker image are greatly OUTDATED - From 2021, It is feasible that users of this app expose this nginx externally to the public internet, those user are facing security risks due to using outdated software, the image is built on-top of openresty, which itself is a standalone extended distribution of nginx, both products are constantly under security scrutiny and cycles of vulnerability detection and patching. I have raised a closed github issue here: https://github.com/jlesage/docker-nginx-proxy-manager/issues/331 I recommend users to move to the official image: https://github.com/NginxProxyManager/nginx-proxy-manager/tree/develop it is a drop in replacement, when using: https://github.com/chrizzo84/unraid-templates/tree/main/nginx-proxy-manager-jc21 Is there a simple way to copy all your settings across if you change to the official docker?
January 20, 20251 yr On 1/19/2025 at 5:01 AM, bobalot said: Is there a simple way to copy all your settings across if you change to the official docker? Unfortunately, no. I'd further avoid trying to manually copy config files and databases. I've done this successfully in the past, but I've also done it unsuccessfully a couple of times. One of those times everything seemed to work for a couple of months, but then I found that Certbot wasn't able to renew anything - which I found out was due to some key mismatch in one file per certificate - this isn't something you want to be trying to fix in a rush at the last minute. Just set up a parallel install and manually recreate everything. It didn't take me very long for 20-something hosts and about 10 certificates. Edited January 20, 20251 yr by Espressomatic
January 22, 20251 yr Hi friends, Since today, I'm seeing this repeating message in my NginxProxyManager log: nginx ] nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/10.conf:14 I also cannot open my docker apps webui's that are configured to run behind NginxProxyManager with my external domain urls. When I use my internal ip's for my docker apps, I can open their webui's and use them. Can someone please assist in solving this issue?
January 22, 20251 yr 9 hours ago, mjeshurun said: Hi friends, Since today, I'm seeing this repeating message in my NginxProxyManager log: nginx ] nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/10.conf:14 I also cannot open my docker apps webui's that are configured to run behind NginxProxyManager with my external domain urls. When I use my internal ip's for my docker apps, I can open their webui's and use them. Can someone please assist in solving this issue? I'm having the same issue and my external URLs aren't working. Edit: Looks like the sample config has changed, see https://github.com/linuxserver/docker-swag/blob/master/root/defaults/nginx/site-confs/default.conf.sample Edited January 22, 20251 yr by ryphez
January 22, 20251 yr 15 hours ago, ryphez said: I'm having the same issue and my external URLs aren't working. Edit: Looks like the sample config has changed, see https://github.com/linuxserver/docker-swag/blob/master/root/defaults/nginx/site-confs/default.conf.sample Good to know I'm not the only one suffering from this. What does it mean that the sample config changed? Do we need to change it for it to work again? Edit: Until a solution is found for this NginxProxyManager issue, I switched my external url's connections from NginxProxyManager to Cloudflare Tunnels. Now everything is working again, but that's not really a solution to the NginxProxyManage issue. Edited January 23, 20251 yr by mjeshurun
February 7, 20251 yr On 1/22/2025 at 10:19 PM, mjeshurun said: Good to know I'm not the only one suffering from this. What does it mean that the sample config changed? Do we need to change it for it to work again? Edit: Until a solution is found for this NginxProxyManager issue, I switched my external url's connections from NginxProxyManager to Cloudflare Tunnels. Now everything is working again, but that's not really a solution to the NginxProxyManage issue. Same problem here: I can no longer access the interface, and none of the configured sites are working.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.