Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Djoss - Nginx Proxy Manager

Featured Replies

On 2/7/2025 at 6:32 AM, BœufLord said:

 

Same problem here: I can no longer access the interface, and none of the configured sites are working.

Has anyone figured this out?

  • Replies 2k
  • Views 516.3k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • You can use my fork for now: https://hub.docker.com/r/mattie112/docker-nginx-proxy-manager (which I will delete if/when this gets implemented by Djoss)   My fork is 100% the same c

  • sdchoni
    sdchoni

    To temporarily resolve this issue, you can use the previous release of Nginx Proxy Manager. Edit the app and change the repository to: jlesage/nginx-proxy-manager:v25.09.1 Once this is resolved, you

  • Please verify that the problem is fixed with the latest version.

Posted Images

On 2/28/2025 at 5:40 AM, eeplelife said:

Has anyone figured this out?

I don't know if it helps you, but my problem was that I logged in to Cloudflare with an Apple "shadowed" email AKA *Hide my email*. 
So my email asking for certificates from NGINX, didn't match the one from Cloudflare. I had to delete my account with Cloudflere and start over, using same email as in NGINX. 

  • 5 weeks later...

I have been experiencing periodic crashes with nginx in Unraid Docker.  It only happens every couple of weeks, but I have no idea how to fix this.  Google has not been helpful, either.  Below is the end of the nginx log from when I found the container had stopped.  Any help would be much appreciated!

 

I have 128gb of RAM, so Unraid shouldn't be actually running out of memory.

 

 

[app         ] [3/28/2025] [11:00:23 PM] [SSL      ] › ℹ  info      Completed SSL cert renew process
[app         ] [3/29/2025] [12:00:23 AM] [IP Ranges] › ℹ  info      Fetching IP Ranges from online services...
[app         ] [3/29/2025] [12:00:23 AM] [IP Ranges] › ℹ  info      Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[app         ] [3/29/2025] [12:00:23 AM] [SSL      ] › ℹ  info      Renewing SSL certs expiring within 30 days ...
[app         ] [3/29/2025] [12:00:23 AM] [SSL      ] › ℹ  info      Completed SSL cert renew process
[app         ] <--- Last few GCs --->
[app         ] [423:0x145bbd2c70b0] 259201328 ms: Mark-sweep 232.7 (254.7) -> 231.1 (254.7) MB, 25.0 / 0.0 ms  (average mu = 0.761, current mu = 0.808) task; scavenge might not succeed
[app         ] [423:0x145bbd2c70b0] 259201448 ms: Mark-sweep 232.1 (254.7) -> 231.8 (255.5) MB, 46.1 / 0.0 ms  (average mu = 0.684, current mu = 0.614) allocation failure; scavenge might not succeed
[app         ] <--- JS stacktrace --->
[app         ] FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory
[supervisor  ] service 'app' exited (got signal SIGABRT).
[supervisor  ] service 'app' exited, shutting down...
[supervisor  ] stopping service 'nginx'...
[supervisor  ] service 'nginx' exited (with status 0).
[finish      ] executing container finish scripts...
[finish      ] all container finish scripts executed.

 

 

 

  • 4 months later...

update. Fixed. port 80 showed closed, remapped in router and now fixed. In case some one else comes across the error.

Looking for some help. Not sure what's causing the error and not sure how to renew outside of the container. I get the following error when trying to renew:

[app ] [8/9/2025] [10:34:34 PM] [SSL ] › info Renewing Let'sEncrypt certificates for Cert #86: ai.digital-domination.net
[app ] [8/9/2025] [10:34:34 PM] [SSL ] › info Command: certbot renew --force-renewal --config '/etc/letsencrypt.ini' --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name 'npm-86' --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation
[app ] [8/9/2025] [10:34:34 PM] [Global ] › ⬤ debug CMD: certbot renew --force-renewal --config '/etc/letsencrypt.ini' --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name 'npm-86' --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation
[app ] [8/9/2025] [10:34:45 PM] [Express ] › warning Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
[app ] Failed to renew certificate npm-86 with error: Some challenges have failed.
[app ] All renewals failed. The following certificates could not be renewed:
[app ] /etc/letsencrypt/live/npm-86/fullchain.pem (failure)
[app ] 1 renew failure(s), 0 parse failure(s)

Taken from the container log. If any other log is needed, please let me know where and which one and I will post it. I have several certs that need renewing and any help would be appreciated. I did upgrade my router a couple of months ago, in case that could be the issue.

Edited by Spectral Force

  • 2 weeks later...
On 2/27/2025 at 8:40 PM, eeplelife said:

Has anyone figured this out?

So I dug into this and it turns out the container is out of date. It is currently running v2.12.3 while the current version is v2.12.6 (which includes a fix).

See this issue on the Nginx Proxy Manager repo: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/4606

And I created this issue on jlesage's docker-nginx-proxy-manager repo: https://github.com/jlesage/docker-nginx-proxy-manager/issues/345. Hopefully it is seen and fixed soon :)

Edited by finder39

5 hours ago, finder39 said:

So I dug into this and it turns out the container is out of date. It is currently running v2.12.3 while the current version is v2.12.6 (which includes a fix).

Check you haven't pinned the version yourself.

On 1/22/2025 at 1:19 PM, mjeshurun said:

Good to know I'm not the only one suffering from this.
What does it mean that the sample config changed?
Do we need to change it for it to work again?

 

Edit: Until a solution is found for this NginxProxyManager issue, I switched my external url's connections from NginxProxyManager to Cloudflare Tunnels.

Now everything is working again, but that's not really a solution to the NginxProxyManage issue.

I was able to find a solution to this as well. Previously my x.conf files looked like this:

server {
  set $forward_scheme https;
  set $server         “cool_name.local";
  set $port           1234;

  listen 8080;
  listen [::]:8080;

  listen 4443 ssl http2;
  listen [::]:4443 ssl http2;

...

 location / {
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Scheme $scheme;
    proxy_set_header X-Forwarded-Proto  $scheme;
    proxy_set_header X-Forwarded-For    $remote_addr;
    proxy_set_header X-Real-IP		$remote_addr;
    proxy_pass       http://cool_name.local:1234;
...

I modified them like as follows and the container was able to start up right away and everything worked!

server {
  set $forward_scheme https;
  set $server         “192.168.xxx.xxx“; // change this to the IP address instead of the .local name
  set $port           1234;

  listen 8080;
  listen [::]:8080;

  // these change as well, handling the new way we need to use http2
  listen 4443 ssl;
  listen [::]:4443 ssl;
  http2 on;

...

 location / {
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Scheme $scheme;
    proxy_set_header X-Forwarded-Proto  $scheme;
    proxy_set_header X-Forwarded-For    $remote_addr;
    proxy_set_header X-Real-IP		$remote_addr;
    proxy_pass       http://$server:$port; // this is to make use of what is in the server section

Edited by finder39

9 hours ago, Kilrah said:

Check you haven't pinned the version yourself.

I checked and I haven't, the latest version of the repo the unraid template points to is only running v2.12.3

  • 2 months later...

Hey @Djoss

I'm having issues communicating from NPM to certain containers on different networks within unraid. Can you let me know what's the best network setup for NPM to communicate with any/all containers across different networks?

I can successfully communicate from the following:

NPM 10.48.48.96 (druproxynet) --> any container on (bridge)

NPM 10.48.48.96 (druproxynet) --> 192.168.107 (on proxmox server)

I can't ping from the following:

NPM 10.48.48.96 (druproxynet) --> 192.168.72.3 (br1)

NPM 10.48.48.96 (druproxynet) --> 10.48.48.3 (br0)

Please see screenshots for the docker setting, network listings, container list.

Thanks

Screenshot 2025-11-04 at 11.43.11 AM.png

Screenshot 2025-11-04 at 11.39.43 AM.png

Screenshot 2025-11-04 at 4.34.22 PM.png

eth0.png

eth1.png

Edited by TekDRu
add interface settings

  • 2 weeks later...
On 8/9/2025 at 10:40 PM, Spectral Force said:

Fixed. port 80 showed closed, remapped in router and now fixed. In case some one else comes across the error.

Huge thanks! I changed modems and had this issue...port 80 wasn't mapped and I couldn't renew my certs. Appreciate the solution!

Edited by Andiroo2

  • 2 months later...

Need some help....

My setup is as follows:

DDNS is setup trought duckdns: mysubnet.duckdns.org

CNAME is configured in domain registrar myserver.mydomain.com points to mysubnet.duckdns.org

ISP modem has fowarded ports 80/53/443 to NPMlocal adress in the range of 192.168.2.x

NPM is configured with the ports listening at 80/53/443

i cannot use NPM to redirect https.... here is what iv'e done:

if i open a port at the ISP modem level, lets say port 9999 redirects to a service on the server and i access it through duckdns.org it goes through to the service ath server without any problems..

mysubnet.duckdns.org:9999 ---> it goes through as long port forward is enabled

if the port at the ISP modem level, port 9999 is closed.... then it doesnt go through....

NPM has the same service proxied, and enabled as myserver.mydomain.com at port 9999 this port is https,

NPM does not go through, i cannot connect to the service, but if i change the same service to another port, lets say 9090 and this port only handles http, it does go through...

NPM does show welcome page if you go to http://NPMlocaladdress:80

Somehow i could register for the letsencrypt ssl certificate after many attemps, still the PROXY address does not go through, the CNAME is correctly registered (i have 4 CNAME enabled at the domain registrar). None of them go through if its HTTPS, only HTTP......

i don´t know what am i missing,two years ago was working correctly, i stopped the service a while ago.... changed ISP modem, same settings on the new modem, same ISP....

any help is appreciated

edit: localaddress changed to NPMlocaladress

Edited by kicsrules

  • 1 month later...

I installed the latest version and am getting an SSL handshake failed error Error code 525 Even the website is having the same problem:

Application Site: https://nginxproxymanager.jc21.com

Is there any way to fix this?

  • Author

Can you share the config of the host ? What kind of cert it used ? Letsencrypt or a custom Cloudflare cert ?

Can you share the full log (docker logs NginxProxyManager)?

Can you also check the nginx log associated to the host ?

Edited by Djoss

@Djoss The problem is described here:

I have Cloudflare set up, and the certificate is configured in Nginx via Cloudflare.

Logi:

│ │
│ Application: Nginx Proxy Manager │
│ Application Version: 2.14.0 │
│ Docker Image Version: 26.03.1 │
│ Docker Image Platform: linux/amd64 │
│ │
╰――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――╯
[cont-init ] 89-info.sh: terminated successfully.
[cont-init ] all container initialization scripts executed.
[init ] giving control to process supervisor.
[supervisor ] loading services...
[supervisor ] loading service 'default'...
[supervisor ] loading service 'app'...
[supervisor ] loading service 'nginx'...
[supervisor ] loading service 'logmonitor'...
[supervisor ] service 'logmonitor' is disabled.
[supervisor ] loading service 'logrotate'...
[supervisor ] service 'logrotate' is disabled.
[supervisor ] loading service 'cert_cleanup'...
[supervisor ] all services loaded.
[supervisor ] starting services...
[supervisor ] starting service 'nginx'...
[supervisor ] starting service 'app'...
[supervisor ] all services started.
[cert_cleanup] ----------------------------------------------------------
[cert_cleanup] Let's Encrypt certificates cleanup - 2026/03/16 12:56:50
[cert_cleanup] ----------------------------------------------------------
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-9/fullchain2.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-9/privkey2.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-9/chain2.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-9/cert2.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-2/fullchain9.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-2/chain9.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-2/cert9.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-2/privkey9.pem.
[cert_cleanup] 8 file(s) kept.
[cert_cleanup] 0 file(s) deleted.
[app ] [3/16/2026] [12:56:50 PM] [Global ] › info Using configuration from file: ./config/production.json
[app ] [3/16/2026] [12:56:50 PM] [Migrate ] › info Current database version: none
[app ] [3/16/2026] [12:56:50 PM] [Setup ] › info Logrotate Timer initialized
[app ] [3/16/2026] [12:56:50 PM] [Setup ] › info Logrotate completed.
[app ] [3/16/2026] [12:56:50 PM] [Global ] › info IP Ranges fetch is enabled
[app ] [3/16/2026] [12:56:50 PM] [IP Ranges] › info Fetching IP Ranges from online services...
[app ] [3/16/2026] [12:56:50 PM] [IP Ranges] › info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[app ] [3/16/2026] [12:56:50 PM] [IP Ranges] › info Fetching https://www.cloudflare.com/ips-v4
[app ] [3/16/2026] [12:56:51 PM] [IP Ranges] › info Fetching https://www.cloudflare.com/ips-v6
[app ] [3/16/2026] [12:56:51 PM] [SSL ] › info Let's Encrypt Renewal Timer initialized
[app ] [3/16/2026] [12:56:51 PM] [SSL ] › info Renewing SSL certs expiring within 30 days ...
[app ] [3/16/2026] [12:56:51 PM] [IP Ranges] › info IP Ranges Renewal Timer initialized
[app ] [3/16/2026] [12:56:51 PM] [Global ] › info Backend PID 560 listening on port 3000 ...
[app ] [3/16/2026] [12:56:51 PM] [SSL ] › info Completed SSL cert renew process

My settings router:

image.png

My docker parametrs:

docker run
  -d
  --name='NginxProxyManager'
  --net='dockernet'
  --pids-limit 2048
  -e TZ="Europe/Warsaw"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="KulisUnRaid"
  -e HOST_CONTAINERNAME="NginxProxyManager"
  -e 'USER_ID'='99'
  -e 'GROUP_ID'='100'
  -e 'UMASK'='0000'
  -e 'APP_NICENESS'='0'
  -e 'DISABLE_IPV6'='0'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.webui='http://[IP]:[PORT:8181]'
  -l net.unraid.docker.icon=''
  -p '7818:8181/tcp'
  -p '1880:8080/tcp'
  -p '18443:4443/tcp'
  -v '/mnt/user/appdata/NginxProxyManager':'/config':'rw' 'jlesage/nginx-proxy-manager'

Same issues as above.

What I believe to be the Issue:

Current database version: none

What i can almost guarantee due to the log output above, that's the issue lol.

[app ] [3/16/2026] [12:56:50 PM] [Migrate ] ›  info Current database version: none

Starting some tests for resolution will report back ASAP!

Having the exact same issues as the users above & also using Cloudflare.

Was working prior to update and no configuration changes prior or post updating the container.

Unable to do any real troubleshooting until I get back from work later today.

To temporarily resolve this issue, you can use the previous release of Nginx Proxy Manager. Edit the app and change the repository to:
jlesage/nginx-proxy-manager:v25.09.1

Once this is resolved, you should change it back to:
jlesage/nginx-proxy-manage

@sdchoni

When I do that, I get a message in the log saying that the migration failed.

Edited by Kulis

Milage may vary.

GOLDEN RULE: BACK YOU DATA UP NO IF ANDS OR BUTS BEFORE ATTEMPTING!

(Options Least to Most invasive)

1: Roll the docker image back to prior version, until image issue is resolved.

2: In the NGINX Proxy Manager UI, go to your proxy hosts, disable the cert, save, enable the cert save and check mark all 4 of the main boxes (or your flavor) this forces the .conf to update - Check proxy.

3: Confirm Port mappings in the container.

4. If that fails move check your DB for merge locks etc. This was causing my database version to be :none

check DB version:

docker logs <container_name> | grep "Current database version"

# Set your database path here

DB_PATH="/your/custom/path/to/database.sqlite"

# 1. Back up the database

cp "$DB_PATH" "${DB_PATH}.bak"

# 2. Sync migrations

sqlite3 "$DB_PATH" "INSERT INTO knex_migrations SELECT * FROM migrations;"

# 3. Clear the lock

sqlite3 "$DB_PATH" "UPDATE knex_migrations_lock SET is_locked = 0;"

Some like this direct format more:

# 1. Back up the existing database

cp /path/to/nginxproxymanager/database.sqlite /path/to/nginxproxymanager/database.sqlite.bak

# 2. Sync the old migrations table to the new knex_migrations table

sqlite3 /path/to/nginxproxymanager/database.sqlite "INSERT INTO knex_migrations SELECT * FROM migrations;"

# 3. Ensure the migration lock is cleared so NPM can boot

sqlite3 /path/to/nginxproxymanager/database.sqlite "UPDATE knex_migrations_lock SET is_locked = 0;"

#check DB version

docker logs <container_name> | grep "Current database version"

**If that is now showing a proper version and still failing do/check steps 2/3 again!

Hope this help, this got me up and running, I obviously cant account for all scenarios & will advise once more BACK UP YOUR DATA!

NGINX v2.14.0 works after unRAID reboot, some time later starts failing, with Cloudflare reporting Bad Gateway Error code 502:

(This is a configuration that has worked correctly for the last year until recently)

temp.jpg

The error messages in the NGINX proxy-host-2_error.log:

2026/03/16 11:38:31 [error] 482#482: *16 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 162.158.155.156, server: APPLICATION.MYDOMAIN.net, request: "GET / HTTP/1.1", upstream: "http://10.55.83.191:8080/", host: "APPLICATION.MYDOMAIN.net"

2026/03/16 11:38:32 [error] 483#483: *18 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 104.23.187.209, server: APPLICATION.MYDOMAIN.net, request: "GET /ui3serviceworker.js?v=318-6.0.3.8 HTTP/1.1", upstream: "http://10.55.83.191:8080/ui3serviceworker.js?v=318-6.0.3.8", host: "APPLICATION.MYDOMAIN.net"

2026/03/16 11:38:33 [error] 484#484: *20 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 104.23.190.195, server: APPLICATION.MYDOMAIN.net, request: "GET /favicon.ico HTTP/1.1", upstream: "http://10.55.83.191:8080/favicon.ico", host: "APPLICATION.MYDOMAIN.net", referrer: "https://APPLICATION.MYDOMAIN.net/"

  • Author

@wmcneil the connection seems to be terminated by your upstream at 10.55.83.191. Get you can more details on the upstream ?

Also, does Cloudflare give more details about the problem ?

11 hours ago, Djoss said:

@wmcneil the connection seems to be terminated by your upstream at 10.55.83.191. Get you can more details on the upstream ?

Also, does Cloudflare give more details about the problem ?

Hi, thanks for your response. 10.55.83.191 is the ultimate webserver. The webserver in this case is a BlueIris webserver running in a Win11 VM that is located on the same unRAID machine that is running the NGINX docker under unRAID. After further testing, I see that upon stopping and starting BlueIris, things are working. I will wait until the next failure to see if I can glean anything from the BlueIris log.

Cloudflair claims "The HTTP 502 error is coming from your origin web server and is not caused by Cloudflare."

I had restored my data/configuration for nginx proxy manager from a backup after the update yesterday prior to rolling back to v25.09.1, just to get me going again.

Unsure if this will make a difference for others that just rolled back and have the db migration issue.

Just updated, I also made sure to target the new version - v26.03.2.

There are still some errors in my container log.

[app ] [3/18/2026] [5:22:18 PM] [SSL ] › info Renewing LetsEncrypt certificates for Cert #29: test.example.com
[app ] [3/18/2026] [5:22:18 PM] [SSL ] › info Command: certbot renew --force-renewal --config /etc/letsencrypt.ini --work-dir /tmp/letsencrypt-lib --logs-dir /data/logs --cert-name npm-29 --preferred-challenges http --no-random-sleep-on-renew --disable-hook-validation
[app ] [3/18/2026] [5:22:21 PM] [SSL ] › error Saving debug log to /data/logs/letsencrypt.log
[app ] Failed to renew certificate npm-29 with error: Some challenges have failed.
[app ] All renewals failed. The following certificates could not be renewed:
[app ] /etc/letsencrypt/live/npm-29/fullchain.pem (failure)
[app ] 1 renew failure(s), 0 parse failure(s)
[app ] Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /data/logs/letsencrypt.log or re-run Certbot with -v for more details.
[app ] [3/18/2026] [5:22:21 PM] [SSL ] › info Completed SSL cert renew process

Even with these errors, it appears nginx is working okay, have only tested a few containers but all are configured in the same manner with a CF origin cert.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.