June 1, 20197 yr Couldn't see a mention of it in the thread yet, is there any support for DNS authentication for letsencrypt certs?
June 2, 20197 yr I needed to carry out an AppData restore last night, but since then, I'm seeing the following in the nginx logs; [nginx] starting... nginx: [emerg] PEM_read_bio_X509_AUX("/etc/letsencrypt/live/npm-22/fullchain.pem") failed (SSL: error:********:PEM routines:CRYPTO_internal:no start line:Expecting: TRUSTED CERTIFICATE) Any ideas what's caused this and how to resolve it, as I can't access remotely at the moment? Thanks. Edited June 2, 20197 yr by WannabeMKII
June 3, 20197 yr Author On 5/30/2019 at 11:40 AM, EmilionDK said: But it is possible that you can change SSL Protocols and Cipher Suite yourself? And use letsencrypt 4096 bit key? These settings are currently not configurable...
June 3, 20197 yr Author On 5/30/2019 at 2:16 PM, alturismo said: may a question about a default www folder, sample, put something there for web downloads ... for an tip, thanks ahead Under settings, you can configure the behaviour of the default site.
June 3, 20197 yr Author On 5/30/2019 at 3:21 PM, eds said: Any idea where I should start looking? I have an asus RT-AC68W router running Merlin. What configurations should I have (note the same domain name is being used as dnns in the router)? dnns? Do you mean dynamic DNS? Do you have anything special in your DNS settings?
June 3, 20197 yr Author On 6/1/2019 at 11:59 AM, colsw said: Couldn't see a mention of it in the thread yet, is there any support for DNS authentication for letsencrypt certs? There is currently no support for DNS authentication.
June 3, 20197 yr Just now, Djoss said: dnns? Do you mean dynamic DNS? Do you have anything special in your DNS settings? Yes. Yes. No. But believe it or not this problem appears to be resolved (for now). I made no changes to my router, but I did change around my nic and by mistake I may have fixed this problem. So far so good. Will update if I have new issues (right now I am about to post to the forum for your cloudberry docker )
June 3, 20197 yr Author On 5/30/2019 at 2:51 PM, BlueLight said: All my subdomains stopped working suddenly. I went through the whole container and could not find anysettings that were off. also, checked my cloudflare account, CDN is off and only running on DNS. I get this error when it starts, and it continually shows that error the rest of the time container is running. nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/npm-12/fullchain.pem") failed (SSL: error:02FFF002:system library:func(4095):No such file or directory:fopen('/etc/letsencrypt/live/npm-12/fullchain.pem', 'r') error:20FFF080:BIO routines:CRYPTO_internal:no such file) any ideas on how to get this file? I don't even have a lettsencrypt folder in my /etc/ dir /etc/letsencrypt in the container is mapped to /mnt/user/appdata/NginxProxyManager/letsencrypt/ in unRAID. Do you see certs there?
June 3, 20197 yr Author 15 hours ago, WannabeMKII said: I needed to carry out an AppData restore last night, but since then, I'm seeing the following in the nginx logs; [nginx] starting... nginx: [emerg] PEM_read_bio_X509_AUX("/etc/letsencrypt/live/npm-22/fullchain.pem") failed (SSL: error:********:PEM routines:CRYPTO_internal:no start line:Expecting: TRUSTED CERTIFICATE) Any ideas what's caused this and how to resolve it, as I can't access remotely at the moment? Thanks. Looks like the file is not a valid certificate chain. You can verify the file content at /mnt/user/appdata/NginxProxyManager/letsencrypt/live/npm-22/fullchain.pem
June 3, 20197 yr 4 hours ago, Djoss said: Under settings, you can configure the behaviour of the default site. ok, so 1st it has to be an unknown host when i read correctly, makes sense. tried and ended always up like this with adding /config/www Setting Browser when using http://ip/blabla <- while blabla is located at /config/www For an Tipp thanks ahead
June 3, 20197 yr 7 hours ago, Djoss said: Looks like the file is not a valid certificate chain. You can verify the file content at /mnt/user/appdata/NginxProxyManager/letsencrypt/live/npm-22/fullchain.pem Sorry, beginner question, but how do I verify it? Ignore this - I started again from scratch and all is now working fine. Edited June 3, 20197 yr by WannabeMKII Issue resolved
June 3, 20197 yr 6 hours ago, Djoss said: /etc/letsencrypt in the container is mapped to /mnt/user/appdata/NginxProxyManager/letsencrypt/ in unRAID. Do you see certs there? I saw a some folders and files, in them were some .pem files. Did not investigate further.. I ended up solving my issue by completely uninstalling and reinstalling. I thought I had tried it without any luck, but I just tried again, and I can add certs now, the container is working again. Before figuring this out, I checked dynamic dns, cloudflare DNS Cnames, and my router settings, denying it was the container throwing error. I'm glad it was as simple as uninstalling and reinstalling. Here' what I did: -Delete container -Delete appdata (I needed to do it through krusader) -Delete from "previous apps" in apps tab. -Reinstall The first time around, I did everything except clear it from Previous Apps. I was thinking about copying files over from old appdata folder, but this container is so easy to use, I'm just going to keep it clean and reinput all the certs and proxies again. Hope this helps someone!
June 3, 20197 yr Author 4 hours ago, alturismo said: ok, so 1st it has to be an unknown host when i read correctly, makes sense. tried and ended always up like this with adding /config/www Setting Browser when using http://ip/blabla <- while blabla is located at /config/www For an Tipp thanks ahead The "Custom Page" option allows you to directly put the HTML content of the page to display. You cannot point to a folder.
June 3, 20197 yr OK, thanks for the Info, means a simple download folder is not possible.Gesendet von meinem SM-G950F mit Tapatalk
June 10, 20197 yr Hi All - sorry if this has been asked, I did search and did not see an answer... How can I reduce logging or enforce log rotation? After only a few weeks NginxProxyManager is generating and keeping a LOT of log files. especially in "appdata\NginxProxyManager\log\letsencrypt\" Thanks, BR
June 12, 20197 yr Author On 6/10/2019 at 12:52 PM, bertrandr said: Hi All - sorry if this has been asked, I did search and did not see an answer... How can I reduce logging or enforce log rotation? After only a few weeks NginxProxyManager is generating and keeping a LOT of log files. especially in "appdata\NginxProxyManager\log\letsencrypt\" Thanks, BR There is no log rotation done currently. I agree it would be nice to do it. Could you create an issue for this at https://github.com/jlesage/docker-nginx-proxy-manager/issues ?
June 27, 20197 yr Love this docker so far! Having read this article: https://www.techrepublic.com/article/docker-containers-are-filled-with-vulnerabilities-heres-how-the-top-1000-fared/ I'm wondering about docker security. Any thoughts on that for this docker (as it's internet facing). Thanks!
June 30, 20197 yr I've been digging into this trying to get SSL to work for the some of my soon to be externally accessible sites. I have a mixture of things I want exposed and how to expose them. Some things, I want to only expose over my ZeroTier network. Examples are Node Red and Nzbget since all the devices I access those things from (basically my laptop) can have the zero tier client installed and works seamlessly. I really don't need SSL on these but why not? Other containers I want exposed over regular internet (non-ZeroTier network) since I need them accessible from other internet devices (e.g. my MQTT broker which needs to be accessible from internet attached devices not on my LAN). My ZeroTier addresses are in 10.241.0.0/16. When creating proxy hosts in Nginx Proxy Server, is this just a matter of adding those addresses as aliases? (e.g. 10.241.1.1 and 192.168.1.5 both for same proxy host?) Or am I just totally confused? Would appreciate help in understanding the above. Edited June 30, 20197 yr by tmchow
June 30, 20197 yr I've tried to get his going by mucking around. I have the container setup to port 2080 for HTTP and 20443 for HTTPS. I've forwarded ports 80 and 443 on my router to those ports. When I try to create an SSL cert through the Nginx reverse proxy dashboard, I get an "Internal error" dialog after a few seconds. In the error.log there isn't a 1:1 corresponding line for when this error occurs other than: 2019/06/29 18:37:01 [notice] 1037#1037: signal process started If I hit "OK" on that error modal and refresh the page, there is a line for the SSL cert. If I then try to use that cert, it fails because it can' tfind the cert on the disk (presumably due to the "internal error"). How do i debug this and get this working? Edited June 30, 20197 yr by tmchow
July 2, 20197 yr Anybody managed to get Airsonic working behind nginxproxymanager? The web site comes up, and will play music, but some features don't work (settings tab, downloading to a mobile device). Seems like it's related to a "location" setting, but I haven't found the winner.
July 2, 20197 yr Author On 6/26/2019 at 8:36 PM, Adam64 said: Love this docker so far! Having read this article: https://www.techrepublic.com/article/docker-containers-are-filled-with-vulnerabilities-heres-how-the-top-1000-fared/ I'm wondering about docker security. Any thoughts on that for this docker (as it's internet facing). Thanks! By running the same tool as the article: trivy --clear-cache jlesage/nginx-proxy-manager:latest 2019-07-02T07:20:28.768-0400 INFO Removing image caches... 2019-07-02T07:20:28.826-0400 INFO Updating vulnerability database... 2019-07-02T07:20:35.328-0400 INFO Detecting Alpine vulnerabilities... jlesage/nginx-proxy-manager:latest (alpine 3.8.4) ================================================= Total: 3 (UNKNOWN: 0, LOW: 1, MEDIUM: 2, HIGH: 0, CRITICAL: 0) +---------+------------------+----------+-------------------+---------------+--------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +---------+------------------+----------+-------------------+---------------+--------------------------------+ | mariadb | CVE-2019-2628 | MEDIUM | 10.2.24-r0 | 10.2.24.r0 | mysql: InnoDB unspecified | | | | | | | vulnerability (CPU Apr 2019) | + +------------------+ + + +--------------------------------+ | | CVE-2019-2627 | | | | mysql: Server: Security: | | | | | | | Privileges unspecified | | | | | | | vulnerability (CPU Apr 2019) | + +------------------+----------+ + +--------------------------------+ | | CVE-2019-2614 | LOW | | | mysql: Server: Replication | | | | | | | unspecified vulnerability (CPU | | | | | | | Apr 2019) | +---------+------------------+----------+-------------------+---------------+--------------------------------+
July 2, 20197 yr Author On 6/29/2019 at 9:40 PM, tmchow said: I've tried to get his going by mucking around. I have the container setup to port 2080 for HTTP and 20443 for HTTPS. I've forwarded ports 80 and 443 on my router to those ports. When I try to create an SSL cert through the Nginx reverse proxy dashboard, I get an "Internal error" dialog after a few seconds. In the error.log there isn't a 1:1 corresponding line for when this error occurs other than: 2019/06/29 18:37:01 [notice] 1037#1037: signal process started If I hit "OK" on that error modal and refresh the page, there is a line for the SSL cert. If I then try to use that cert, it fails because it can' tfind the cert on the disk (presumably due to the "internal error"). How do i debug this and get this working? Double check that accessing port 80 from the Internet reaches the container. You can use https://www.yougetsignal.com/tools/open-ports/. Then make sure that your DNS name is properly mapped to the Internet IP of your router.
July 2, 20197 yr Author 9 hours ago, bdillahu said: Anybody managed to get Airsonic working behind nginxproxymanager? The web site comes up, and will play music, but some features don't work (settings tab, downloading to a mobile device). Seems like it's related to a "location" setting, but I haven't found the winner. You can have a look at the corresponding log file under /mnt/user/appdata/NginxProxyManager/log/nginx/ to have a better understanding of what's happening when you access these locations.
July 2, 20197 yr 1 hour ago, Djoss said: By running the same tool as the article: trivy --clear-cache jlesage/nginx-proxy-manager:latest 2019-07-02T07:20:28.768-0400 INFO Removing image caches... 2019-07-02T07:20:28.826-0400 INFO Updating vulnerability database... 2019-07-02T07:20:35.328-0400 INFO Detecting Alpine vulnerabilities... jlesage/nginx-proxy-manager:latest (alpine 3.8.4) ================================================= Total: 3 (UNKNOWN: 0, LOW: 1, MEDIUM: 2, HIGH: 0, CRITICAL: 0) +---------+------------------+----------+-------------------+---------------+--------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +---------+------------------+----------+-------------------+---------------+--------------------------------+ | mariadb | CVE-2019-2628 | MEDIUM | 10.2.24-r0 | 10.2.24.r0 | mysql: InnoDB unspecified | | | | | | | vulnerability (CPU Apr 2019) | + +------------------+ + + +--------------------------------+ | | CVE-2019-2627 | | | | mysql: Server: Security: | | | | | | | Privileges unspecified | | | | | | | vulnerability (CPU Apr 2019) | + +------------------+----------+ + +--------------------------------+ | | CVE-2019-2614 | LOW | | | mysql: Server: Replication | | | | | | | unspecified vulnerability (CPU | | | | | | | Apr 2019) | +---------+------------------+----------+-------------------+---------------+--------------------------------+ Thanks!
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.