Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Djoss - Nginx Proxy Manager

Featured Replies

On 8/19/2019 at 8:00 PM, Djoss said:

You need to add a proxy host, where the forward ip and port point to your Unifi docker.

OK, after more reading I see because I have unifi on its own IP address that this won't work. 

17 hours ago, dalben said:

I'm sure this is a very basic question but I can't seem to find the answerr.  Is the nginx install of this docker geared/configured purely for remote proxy, or can it be used as a webserver as well?

After that more reading this is answered as well. 

  • Replies 2k
  • Views 516.2k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • You can use my fork for now: https://hub.docker.com/r/mattie112/docker-nginx-proxy-manager (which I will delete if/when this gets implemented by Djoss)   My fork is 100% the same c

  • sdchoni
    sdchoni

    To temporarily resolve this issue, you can use the previous release of Nginx Proxy Manager. Edit the app and change the repository to: jlesage/nginx-proxy-manager:v25.09.1 Once this is resolved, you

  • Please verify that the problem is fixed with the latest version.

Posted Images

On 8/19/2019 at 8:00 PM, Djoss said:

You need to add a proxy host, where the forward ip and port point to your Unifi docker.

OK, I moved the unifi container into bridge mode.  Set everything up.  I get to the unfi login prompt.  enter login and password, that gets in but I end up with a 400 error when it tries to load the controller.

 

ngle-unifi.PNG.14c1c22bbbc0e6dc4d8b44c17551a0ca.PNG

 

Has anyone got this working and if so, what are your settings ?

 

EDIT: All sorted now.  Needed to set the Force SSL option on

Edited by dalben

  • 2 weeks later...

Hey all - this thread got me to register and I'm making my way through it now to catch up, but after spening tons of hours trying to get traefik to work well for me and never quite getting there I thought I'd try something different.

 

As a reverse proxy, does this handle when containers or the server get restarted so that it doesn't require any manual intervention to reverse proxy for the containers again?  Are HTTPS backend containers supported yet?  TLS 1.3?  

 

Thank you for any updates.

  • Author
On 9/1/2019 at 7:01 PM, BurntOC said:

As a reverse proxy, does this handle when containers or the server get restarted so that it doesn't require any manual intervention to reverse proxy for the containers again?

Since there is no automatic configuration involved like Traefik, this doesn't apply.

On 9/1/2019 at 7:01 PM, BurntOC said:

Are HTTPS backend containers supported yet?

Yes.

On 9/1/2019 at 7:01 PM, BurntOC said:

TLS 1.3?

Yes.

So not sure if this is place to ask this, but going to ask anyway.

 

I work for an MSP and we use OpenDNS at our office and for most of our clients.  While my domain is not explictly blocked, it appears that OpenDNS seems that they are malware and by policy in openDNS that just redirects to a different page.  Edge will just straight to the redirect.  Firefox said is was a potential security issue, and if you advance then you get the redirect.  I can try chrome, but curious if anyone else runs into this.

 

It could be due to my domain redirection.  My top level domain points to a duckdns instead of straight back to my IP as i do not have a static ip from my ISP.

  • 2 weeks later...

This app really piqued my interest, so I set things up last night, but ran into a snag.  Setup: DuckDNS subdomain entry pointing to my public IP.  Router ports forwarded to NPM.  NPM proxy host pointing to a docker app.

 

Connecting from an external address, it works fine and responsiveness is good.  When I connect from within my LAN using the same DuckDNS subdomain it's extremely slow (as in 15+ minutes just to see the app login screen).  It seems to eventually get through, but it's unusable.  From the LAN, if I just use the internal IP and port for the app directly, it's good.

 

I'm a bit out of my element, but I think I'm experiencing a NAT issue.  I've scoured my router (Hitron CODA-4589 - provided by ISP) settings for anything resembling NAT reflection/redirection/etc., but I cannot find anything.  Any guidance would be greatly appreciated!

  • Author
On 9/17/2019 at 2:38 PM, beverage said:

This app really piqued my interest, so I set things up last night, but ran into a snag.  Setup: DuckDNS subdomain entry pointing to my public IP.  Router ports forwarded to NPM.  NPM proxy host pointing to a docker app.

 

Connecting from an external address, it works fine and responsiveness is good.  When I connect from within my LAN using the same DuckDNS subdomain it's extremely slow (as in 15+ minutes just to see the app login screen).  It seems to eventually get through, but it's unusable.  From the LAN, if I just use the internal IP and port for the app directly, it's good.

 

I'm a bit out of my element, but I think I'm experiencing a NAT issue.  I've scoured my router (Hitron CODA-4589 - provided by ISP) settings for anything resembling NAT reflection/redirection/etc., but I cannot find anything.  Any guidance would be greatly appreciated!

Yes this look like a NAT/routing issue.  Do you have a way to override DNS names on your router?   If yes, you could try to map your DuckDNS name to your local IP address.

Is there any chance you can set this up, or help me set this up, to work with something like tecnativa/docker-socket-proxy?  I imagine someone with the skills can make this adjustment pretty easily and the security benefit of talking to the socket-proxy as a sidecar vs exposing it directly to containers that could through individual exploits jeopardize the entire container stack could be huge.  Especially for those of us with a lot of important media at risk (though I'm using a temporary solution for that part until I stand Unraid up). 

 

I've been working to do it with either traefik or jc21/nginx-proxy-manager but your approach may be the most straightforward. 

  • Author
17 hours ago, BurntOC said:

Is there any chance you can set this up, or help me set this up, to work with something like tecnativa/docker-socket-proxy?  I imagine someone with the skills can make this adjustment pretty easily and the security benefit of talking to the socket-proxy as a sidecar vs exposing it directly to containers that could through individual exploits jeopardize the entire container stack could be huge.  Especially for those of us with a lot of important media at risk (though I'm using a temporary solution for that part until I stand Unraid up). 

 

I've been working to do it with either traefik or jc21/nginx-proxy-manager but your approach may be the most straightforward. 

Not sure why you need tecnativa/docker-socket-proxy, since Nginx Proxy Manager container doesn't need and doesn't expose the docker socket.

8 hours ago, Djoss said:

Not sure why you need tecnativa/docker-socket-proxy, since Nginx Proxy Manager container doesn't need and doesn't expose the docker socket.

So I think my understanding of this is evolving, thankfully.  Unlike traefik, there's no automatic configuration so using nginx as a proxy you're specifying virtual hosts manually, right?  I've heard comments about nginx not handling restarts as well, with some of those comments implying it's due to the random IP assignment, but they're so few and far between I'm guessing that if you define the virtual hosts in your compose you'd be fine even after restarts? 

 

If that's all right then so far so good.  I guess I'm still unclear on how nginx-proxy-manager doesn't need the socket.  Is it because they use docker-gen and that doesn't need it the same way traefik or haproxy do? 

 

Sorry for all the questions, but I'm easily 40 hours into my attempts to get a basic setup working that can reverse proxy requests from my semi-protected IOT/DMZ network to local containers and some others via SSL to a media server in my guest network in a way that isn't unsat from the start due to accessing docker-socket in a way (e.g. traefik mounting docker.sock) that exposes the entire stack to RCE if the proxy is exploited.

 

I need a super secure reverse proxy to docker containers and maybe it will all have to live on that host because I'm too early in my journey, but I can't even get that fundamental necessity running properly.  So frustrating...

I can't seem to get Nextcloud to work.  I keep getting this error.

 

"400 Bad Request
The plain HTTP request was sent to HTTPS port
nginx/1.16.1"

 

Any ideas?  I'm a bit at a loss. 

I have NPM working using the LetsEncrypt certificates, however, I'd like to eliminate the port 80 forwarding in my firewall.  Has anyone setup NPM to work with Cloudflare DNS verification and their universal certificate?

 

I saw SpaceInvader One's LetsEncrypt video here: How to Use DNS Verification with your Reverse Proxy & use a Wildcard SSL Certificate but I haven't been able to figure out how to translate it to NPM .

 

  • Author
On 9/23/2019 at 2:31 PM, BurntOC said:

So I think my understanding of this is evolving, thankfully.  Unlike traefik, there's no automatic configuration so using nginx as a proxy you're specifying virtual hosts manually, right?  I've heard comments about nginx not handling restarts as well, with some of those comments implying it's due to the random IP assignment, but they're so few and far between I'm guessing that if you define the virtual hosts in your compose you'd be fine even after restarts? 

 

If that's all right then so far so good.  I guess I'm still unclear on how nginx-proxy-manager doesn't need the socket.  Is it because they use docker-gen and that doesn't need it the same way traefik or haproxy do? 

 

Sorry for all the questions, but I'm easily 40 hours into my attempts to get a basic setup working that can reverse proxy requests from my semi-protected IOT/DMZ network to local containers and some others via SSL to a media server in my guest network in a way that isn't unsat from the start due to accessing docker-socket in a way (e.g. traefik mounting docker.sock) that exposes the entire stack to RCE if the proxy is exploited.

 

I need a super secure reverse proxy to docker containers and maybe it will all have to live on that host because I'm too early in my journey, but I can't even get that fundamental necessity running properly.  So frustrating...

traefik requires access to the docker socket to perform automatic configuration of containers running on the host.  But this is not a usual case and most containers don't need access to the docker socket.  Nginx Proxy Manager does not perform automatic configuration: you need to configure yourself the services you want to proxy.  Configuration is persistent across restarts.

  • Author
18 hours ago, GreenEyedMonster said:

I can't seem to get Nextcloud to work.  I keep getting this error.

 

"400 Bad Request
The plain HTTP request was sent to HTTPS port
nginx/1.16.1"

 

Any ideas?  I'm a bit at a loss. 

How did you configure your proxy host?

  • Author
9 hours ago, beverage said:

I have NPM working using the LetsEncrypt certificates, however, I'd like to eliminate the port 80 forwarding in my firewall.  Has anyone setup NPM to work with Cloudflare DNS verification and their universal certificate?

 

I saw SpaceInvader One's LetsEncrypt video here: How to Use DNS Verification with your Reverse Proxy & use a Wildcard SSL Certificate but I haven't been able to figure out how to translate it to NPM .

 

To handle the HTTPs connection between NPM and Cloudflare, you basically need to manually import certificates in NPM.  Depending on the SSL mode you choose, this cert must be the one from Cloudflare or a self-signed one.

 

To import a certificate, under the "SSL Certificates" page, click the "Add SSL Certificate" button, then choose "Custom".

6 hours ago, Djoss said:

traefik requires access to the docker socket to perform automatic configuration of containers running on the host.  But this is not a usual case and most containers don't need access to the docker socket.  Nginx Proxy Manager does not perform automatic configuration: you need to configure yourself the services you want to proxy.  Configuration is persistent across restarts.

Thank you.  I'm clear on it now, and I'm happy to report I was able to get a basic setup working this way with traefik and another with NPM and dockergen.

16 hours ago, Djoss said:

To handle the HTTPs connection between NPM and Cloudflare, you basically need to manually import certificates in NPM.  Depending on the SSL mode you choose, this cert must be the one from Cloudflare or a self-signed one.

 

To import a certificate, under the "SSL Certificates" page, click the "Add SSL Certificate" button, then choose "Custom".

Okay.  Thanks.  Was hoping there was a way to use my Cloudflare API key to somehow automatically pick up their universal certificate.  Manually importing means I'll have to manually update it periodically.  Not the end of the world, and no rush anyway, since the LetsEncrypt approach is working.

 

On 9/24/2019 at 8:04 PM, Djoss said:

How did you configure your proxy host?

I'm an idiot figured it out!

 

Just incase anyone else is going through this same issue.  I had the website as HTTP not HTTPS on the first setup page.  Changed it to HTTPS and now it works.  :)

 

Edited by GreenEyedMonster

  • 2 weeks later...
On 4/1/2019 at 12:57 PM, Lebowski said:

anyone have this going with Home Assistant? I have it working fine, but on some occasions I have to hit the "retry" button to login. After clicking retry its fine. It can cause the IOS app to be blocked for a short period but it also comes good if you force close the app and re-open.

 

I figure I might need to add extra settings for 100% compatibility?

Did you figure this out?

 

I am trying to use this for Home assistant, but after I enter credentials on the HA login page, I get the error with a "retry" link.

 

 

 

Edited by jj_uk

anyone know how or if this awesome docker support htaccess password protection?

  • Author
1 hour ago, Brydezen said:

anyone know how or if this awesome docker support htaccess password protection?

Yes, you can create an "Access List" and then assign it to a "Proxy Host".

1 minute ago, Djoss said:

Yes, you can create an "Access List" and then assign it to a "Proxy Host".

Still can't get it to work.

- the error log says password mismatch and that is no way I typed "lol" wrong four times. And it also keeps saying that "admin" was not found.

 

2019/10/10 19:00:46 [notice] 1022#1022: signal process started
2019/10/10 19:01:00 [notice] 1031#1031: signal process started
2019/10/10 19:01:02 [error] 1032#1032: *115 user "admin" was not found in "/data/access/2", client: 176.XXX.XXX.X, server: portainer.domain.tld, request: "GET / HTTP/2.0", host: "portainer.domain.tld", referrer: "https://proxy.domain.tld/nginx/proxy"

 

Edited by Brydezen
some log provided

  • Author
13 minutes ago, Brydezen said:

- the error log says password mismatch and that is no way I typed "lol" wrong four times. And it also keeps saying that "admin" was not found.

 


2019/10/10 19:00:46 [notice] 1022#1022: signal process started
2019/10/10 19:01:00 [notice] 1031#1031: signal process started
2019/10/10 19:01:02 [error] 1032#1032: *115 user "admin" was not found in "/data/access/2", client: 176.XXX.XXX.X, server: portainer.domain.tld, request: "GET / HTTP/2.0", host: "portainer.domain.tld", referrer: "https://proxy.domain.tld/nginx/proxy"

 

 

Do you have the "admin" user in your access list ?  Try:

cat /mnt/user/appdata/NginxProxyManager/access/2

 

32 minutes ago, Djoss said:

 

Do you have the "admin" user in your access list ?  Try:


cat /mnt/user/appdata/NginxProxyManager/access/2

 

I only have one user named lol and the password is also lol. Does it only work if the username is admin?

EDIT: I just tried doing the auth in a new browser (firefox) and it worked flawlessly. But chrome seems to mess me up.

Edited by Brydezen
edits

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.