Arndroid Posted December 22, 2018 Share Posted December 22, 2018 (edited) So something like AdminCP for Nginx on Docker/Linux? Freakin' awesome dude! Thanks for making this available in a Docker for Unraid! Hopefully I'll get to try it sometime. Edited December 22, 2018 by Arndroid Quote Link to comment
DieFalse Posted December 22, 2018 Share Posted December 22, 2018 (edited) First and foremost, Thank you for this! This looks amazing and while I love CLI for most configurations, nginx can get annoying. With that said, is there a way to "import" previously configured services from say, letsencrypt docker, to speed up the transition to nginx proxy manager? Secondly, is there a way to support "wildcard" ssl certs? *.domain.com in this docker? Sadly self-answered, no. https://github.com/jc21/nginx-proxy-manager/issues/36 Edited December 22, 2018 by fmp4m Quote Link to comment
Squid Posted December 22, 2018 Share Posted December 22, 2018 18 minutes ago, fmp4m said: With that said, is there a way to "import" previously configured services from say, letsencrypt docker, to speed up the transition to nginx proxy manager? I would think you could do this Quote Link to comment
repomanz Posted December 22, 2018 Share Posted December 22, 2018 (edited) I like this docker. Question about this, in context of unraid and hardening. What suggestions are available regarding securing the let's encrypt requirement of having 80 and 443 open on the firewall and this docker? Does the docker have a lockout function, anti-brute force, yubikey or 2fa functions (or will it eventually)? Edited December 22, 2018 by repomanz Quote Link to comment
bigbadblo Posted December 22, 2018 Share Posted December 22, 2018 Very cool. Does this allow for the handling of subfolders by chance? 1 Quote Link to comment
hernandito Posted December 24, 2018 Share Posted December 24, 2018 Can’t wait to see if this works... but at the moment, when trying to generate the LE certificate, I get http://192.168.0.201:7818 internal error. any ideas? thanks, h. Quote Link to comment
Xaero Posted December 24, 2018 Share Posted December 24, 2018 (edited) Trying to get this to work with gitlab-ce. Having basically zero luck. I'm super new to nginx and proxying different services to the web using it, was hoping a GUI would ease the learning curve. So, for configuration in Nginx-Proxy-Manager I have this: And I have it set to generate a new SSL certificate using LE, and force SSL. From there, I've set gitlab-ce docker with the following extra options: external_url 'https://git.mydomain.com/'; gitlab_rails['gitlab_ssh_host']='git.mydomain.com'; nginx['hsts_max_age'] = 0; nginx['listen_port'] = 4080; nginx['listen_https'] = false; (I've taken the liberty of placing these on newlines for readability) First I receive the same error as the above user - but refreshing the page shows that the entry was created, and the SSL certificate is shown on the certs tab. But when I attempt to reach gitlab via git.mydomain.com I get nothing. I can see that gitlab is running by checking the docker log. I've got other services forwarded fine - but gitlab seems to be a PITA. EDIT: Figured it out. Other services weren't using a subdomain. First, make sure you have your ports forwarded to this docker (or getting the certificates *will* fail) Second, if you wish to use subdomains and are using a REAL domain name (not a dyndns style one) make sure you set up a catch-all entry for subdomains (CNAME * yourdomain.com) Finally, create the entry using the GUI. Scratch that - it doesn't seem to persist reboots very well, neither of my two SSL certificates continue to work following a reboot, and I'm getting this spammed in the log: [nginx] starting... nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/npm-9/fullchain.pem") failed (SSL: error:02FFF002:system library:func(4095):No such file or directory:fopen('/etc/letsencrypt/live/npm-9/fullchain.pem', 'r') error:20FFF080:BIO routines:CRYPTO_internal:no such file) Edit: Deleted the appdata folder, recreated entries and all is working again. Edited December 25, 2018 by Xaero Quote Link to comment
JohanSF Posted December 25, 2018 Share Posted December 25, 2018 Thank you for the work, a nice GUI for overview is always great. A guide to move from the LE docker with subfolders, subdomains, organizr, settings etc. to this would be greatly appreciated. Quote Link to comment
L0rdRaiden Posted December 25, 2018 Share Posted December 25, 2018 Please post bugs and features request here https://github.com/jc21/nginx-proxy-manager?utm_source=npm-site Quote Link to comment
gacpac Posted December 26, 2018 Share Posted December 26, 2018 Hey, I'm a little bit excited about this new app. I might migrate from let's encrypt to this one but need some help setting up the proxy host. Is there some guide somewhere here or the GitHub. Quote Link to comment
dukiethecorgi Posted December 26, 2018 Share Posted December 26, 2018 Does this have fail2ban? Quote Link to comment
Squid Posted December 26, 2018 Share Posted December 26, 2018 (edited) 6 hours ago, gacpac said: Hey, I'm a little bit excited about this new app. I might migrate from let's encrypt to this one but need some help setting up the proxy host. Is there some guide somewhere here or the GitHub. IMHO, this is such an easy app to use and set up that you don't need any guide. I'd never sat down and used Let'sEncrypt (as I could never clear off something like a week to read the thread and play with setting it up), but I got this all going within 5 minutes, with no thought involved. But, if you need subfolders and not subdomains then you've got to manually edit the nginx configs. Myself, I'm just using subdomains. But, for advanced features that you may or may not require (I don't for my use case), then this may not be for you. That, and if you've already spent the time and aggravation setting up LE, why switch? Edited December 26, 2018 by Squid Quote Link to comment
gacpac Posted December 26, 2018 Share Posted December 26, 2018 1 hour ago, Squid said: IMHO, this is such an easy app to use and set up that you don't need any guide. I'd never sat down and used Let'sEncrypt (as I could never clear off something like a week to read the thread and play with setting it up), but I got this all going within 5 minutes, with no thought involved. But, if you need subfolders and not subdomains then you've got to manually edit the nginx configs. Myself, I'm just using subdomains. But, for advanced features that you may or may not require (I don't for my use case), then this may not be for you. That, and if you've already spent the time and aggravation setting up LE, why switch? 1 I like the UI and how you can do the changes. I see the web app seems easy, but I need to put my customizations again, then there's no point. Quote Link to comment
L0rdRaiden Posted December 27, 2018 Share Posted December 27, 2018 I am comming from letsencrypt docker. how can I access to edit the nginx.conf file? https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/nginx.conf or other configuration files like conf.d/include/block-exploits.conf conf.d/include/proxy.conf these do not appear when I access with SAMBA Quote Link to comment
drkpeezy Posted December 27, 2018 Share Posted December 27, 2018 (edited) I get the follow when I try to start the container [mysqld] starting... 2018-12-27 9:57:55 23424764251016 [Note] /usr/bin/mysqld (mysqld 10.2.15-MariaDB) starting as process 1998 ... 2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins 2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Uses event mutexes 2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Compressed tables use zlib 1.2.11 2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Using Linux native AIO 2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Number of pools: 1 2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Using SSE2 crc32 instructions 2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M 2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Completed initialization of buffer pool 2018-12-27 9:57:55 23424421186280 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority(). 2018-12-27 9:57:55 23424764251016 [ERROR] InnoDB: The Auto-extending innodb_system data file './ibdata1' is of a different size 0 pages than specified in the .cnf file: initial 768 pages, max 0 (relevant if non-zero) pages! 2018-12-27 9:57:55 23424764251016 [ERROR] InnoDB: Plugin initialization aborted with error Generic error [2018-12-27] [09:57:55] [Global ] › ✖ error connect ECONNREFUSED 127.0.0.1:3306 2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Starting shutdown... 2018-12-27 9:57:55 23424764251016 [ERROR] Plugin 'InnoDB' init function returned error. 2018-12-27 9:57:55 23424764251016 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed. 2018-12-27 9:57:55 23424764251016 [Note] Plugin 'FEEDBACK' is disabled. 2018-12-27 9:57:55 23424764251016 [ERROR] Could not open mysql.plugin table. Some plugins may be not loaded 2018-12-27 9:57:55 23424764251016 [ERROR] Unknown/unsupported storage engine: InnoDB 2018-12-27 9:57:55 23424764251016 [ERROR] Aborting Edited December 27, 2018 by drkpeezy Quote Link to comment
Michael_P Posted December 27, 2018 Share Posted December 27, 2018 My Install never gets past this point: [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 00-app-niceness.sh: executing... [cont-init.d] 00-app-niceness.sh: exited 0. [cont-init.d] 00-app-script.sh: executing... [cont-init.d] 00-app-script.sh: exited 0. [cont-init.d] 00-app-user-map.sh: executing... [cont-init.d] 00-app-user-map.sh: exited 0. [cont-init.d] 00-clean-logmonitor-states.sh: executing... [cont-init.d] 00-clean-logmonitor-states.sh: exited 0. [cont-init.d] 00-clean-tmp-dir.sh: executing... [cont-init.d] 00-clean-tmp-dir.sh: exited 0. [cont-init.d] 00-set-app-deps.sh: executing... [cont-init.d] 00-set-app-deps.sh: exited 0. [cont-init.d] 00-set-home.sh: executing... [cont-init.d] 00-set-home.sh: exited 0. [cont-init.d] 00-take-config-ownership.sh: executing... [cont-init.d] 00-take-config-ownership.sh: exited 0. [cont-init.d] 00-xdg-runtime-dir.sh: executing... [cont-init.d] 00-xdg-runtime-dir.sh: exited 0. [cont-init.d] nginx-proxy-manager.sh: executing... [cont-init.d] nginx-proxy-manager.sh: Initializing database data directory... [cont-init.d] nginx-proxy-manager.sh: Database data directory initialized. [cont-init.d] nginx-proxy-manager.sh: Starting database to perform its intialization... [cont-init.d] nginx-proxy-manager.sh: Securing database installation... Quote Link to comment
bigdave Posted December 27, 2018 Share Posted December 27, 2018 I see this error in the init_db.log /mnt/user/appdata/NginxProxyManager/log# more init_db.log Installing MariaDB/MySQL system tables in '/config/mysql' ... 2018-12-27 14:32:02 22714951916424 [ERROR] InnoDB: preallocating 12582912 bytes for file ./ibdata1 failed with error 95 2018-12-27 14:32:02 22714951916424 [ERROR] InnoDB: Could not set the file size of './ibdata1'. Probably out of disk space 2018-12-27 14:32:02 22714951916424 [ERROR] InnoDB: Database creation was aborted with error Generic error. You may need to delete the ibdata1 file before trying to start up again. 2018-12-27 14:32:03 22714951916424 [ERROR] Plugin 'InnoDB' init function returned error. 2018-12-27 14:32:03 22714951916424 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed. 2018-12-27 14:32:03 22714951916424 [ERROR] Unknown/unsupported storage engine: InnoDB 2018-12-27 14:32:03 22714951916424 [ERROR] Aborting Quote Link to comment
drkpeezy Posted December 27, 2018 Share Posted December 27, 2018 2 hours ago, bigdave said: I see this error in the init_db.log /mnt/user/appdata/NginxProxyManager/log# more init_db.log Installing MariaDB/MySQL system tables in '/config/mysql' ... 2018-12-27 14:32:02 22714951916424 [ERROR] InnoDB: preallocating 12582912 bytes for file ./ibdata1 failed with error 95 2018-12-27 14:32:02 22714951916424 [ERROR] InnoDB: Could not set the file size of './ibdata1'. Probably out of disk space 2018-12-27 14:32:02 22714951916424 [ERROR] InnoDB: Database creation was aborted with error Generic error. You may need to delete the ibdata1 file before trying to start up again. 2018-12-27 14:32:03 22714951916424 [ERROR] Plugin 'InnoDB' init function returned error. 2018-12-27 14:32:03 22714951916424 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed. 2018-12-27 14:32:03 22714951916424 [ERROR] Unknown/unsupported storage engine: InnoDB 2018-12-27 14:32:03 22714951916424 [ERROR] Aborting What are you using for umask? My logs are the same... Quote Link to comment
bigdave Posted December 27, 2018 Share Posted December 27, 2018 17 minutes ago, drkpeezy said: What are you using for umask? My logs are the same... The default 000, you? Quote Link to comment
madaroda Posted December 28, 2018 Share Posted December 28, 2018 (edited) Terrific work, djoss. I predict this will soon be the go-to certificate manager in unraid. Questions: How would a wildcard certificate be assembled through the proxy manager? How would we go about making the LetsEncrypt cert self-renewing? Edit: Just found that Lets Encrypt wild cards don't work yet. Hope that comes soon. Edited December 28, 2018 by madaroda added clarification Quote Link to comment
hernandito Posted December 29, 2018 Share Posted December 29, 2018 Quick question please.... if I host a personal web site, that I access from outside.... where do I place all my www files and folders, the html files. Thank you. H. Quote Link to comment
Saldash Posted December 29, 2018 Share Posted December 29, 2018 4 hours ago, hernandito said: Quick question please.... if I host a personal web site, that I access from outside.... where do I place all my www files and folders, the html files. Thank you. H. If you already have a web server hosting those files inside your network, then exactly where they are is fine, just point the reverse proxy at that server. If you don't have a web server running already, there are plenty of web server docker containers in Community Applications that will fit your needs. I'd suggest getting familiar with how your web server is configured and making sure it's secure before giving the outside world access to it. Quote Link to comment
hernandito Posted December 29, 2018 Share Posted December 29, 2018 Thank you Saldash. I have been running my web server for years.... from a docker I cobbled together from LS... using Apache and LetsEncrypt. I was able to get all the reverse proxies figured out (thanks to my friend Neil). I was never able to get PHP, LE and Nginx working in their LE docker. With my Docker, I can get to reverse proxy like this: https://MyDomain.com/sonarr https://MyDomain.com/radarr https://MyDomain.com/www (a folder with my php files for web serving) etc. With this Docker, I can only reverse proxy https://radarr.MyDomain.com... I can set LE certificates for each of the prefixes. But I cannot secure the pages using the .htpassword method. If anyone can provide some examples how to do this with this Docker, it would be greatly appreciated. And I can certainly have it point to my Apache docker for php. Thanks again, H. Quote Link to comment
Saldash Posted December 29, 2018 Share Posted December 29, 2018 (edited) 6 minutes ago, hernandito said: I can set LE certificates for each of the prefixes. But I cannot secure the pages using the .htpassword method. If anyone can provide some examples how to do this with this Docker, it would be greatly appreciated. This docker allows you to create user access lists and assign them to specific proxy hosts. From the main dashboard, click Access Lists in the menu. Create a new list and specify a username and password (up to five distinct users). Once created, go to the proxy host you want to secure, click edit to open the modal and at the bottom of the modal, select your access list from the dropdown and save. From the help text: Quote Access Lists provide authentication for the Proxy Hosts via Basic HTTP Authentication. You can configure multiple usernames and passwords for a single Access List and then apply that to a Proxy Host. This is most useful for forwarded web services that do not have authentication mechanisms built in. Edited December 29, 2018 by Saldash Quote Link to comment
Djoss Posted December 29, 2018 Author Share Posted December 29, 2018 On 12/22/2018 at 1:46 PM, repomanz said: I like this docker. Question about this, in context of unraid and hardening. What suggestions are available regarding securing the let's encrypt requirement of having 80 and 443 open on the firewall and this docker? Does the docker have a lockout function, anti-brute force, yubikey or 2fa functions (or will it eventually)? Things like 2fa are usually implemented by the application this container is proxying to. Nginx itself has some way to limit the number of requests that are done. I can check if there is anything configured by default for this. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.