Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Djoss - Nginx Proxy Manager

Featured Replies

13 hours ago, alturismo said:

the custom br2 network here is like a host network, it wont map ports, it ll use the native ports from the app(s), so its all correct.

Ah, thank you. That makes sense, I didn't think those settings would have no effect. I take it that's true of all docker containers that use that br2 network?

Do you have a suggestion on the version being out of date? Is that just the Docker container not being maintained? I'm having a couple issues with the application itself that only happen when I run it in Docker instead of in a VM, but I figure I should make sure I'm on the most recent version before pursuing those.

  • Replies 2k
  • Views 516.3k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • You can use my fork for now: https://hub.docker.com/r/mattie112/docker-nginx-proxy-manager (which I will delete if/when this gets implemented by Djoss)   My fork is 100% the same c

  • sdchoni
    sdchoni

    To temporarily resolve this issue, you can use the previous release of Nginx Proxy Manager. Edit the app and change the repository to: jlesage/nginx-proxy-manager:v25.09.1 Once this is resolved, you

  • Please verify that the problem is fixed with the latest version.

Posted Images

1 hour ago, Foxglove said:

Ah, thank you. That makes sense, I didn't think those settings would have no effect. I take it that's true of all docker containers that use that br2 network?

Do you have a suggestion on the version being out of date? Is that just the Docker container not being maintained? I'm having a couple issues with the application itself that only happen when I run it in Docker instead of in a VM, but I figure I should make sure I'm on the most recent version before pursuing those.

to your question, yes, all dockers on their own ip run in host mode(s) for themselves, so port mappings are useless ...

 

anout this docker and version, sorry, cant help there as im back on lsio letsencrypt (swag) due i had some local stuff to reverse which was easier for me now by writing my proxy conf files therefore and im done.

I saw SWAG too, but am hoping to get Proxy Manager running to reduce the amount of overhead when managing my servers.

I could probably use it if I could just figure out what nondescript 'internal error' keeps happening whenever I try to get a certificate issued or renewed. The proxy works great, and I can pull sites over http, but I can't get certs for https. Unfortunately I don't know what this error means and I'm hoping someone else may have seen it before.
This error occurs whenever creating or renewing any certificate. Happens consistently, no special steps needed to cause it.

error.PNG

Edited by Foxglove

Hi, 

 

Can I ask if and how people are implementing Fail2ban alongside NginxProxyManager? I understand that it is not part of the NPM docker image, and my searching has come up short in identifying a way to run Fail2ban as a standalone entity on Unraid. 

 

Any suggestions would be greatly appreciated. 

 

Kind regards. 

After setting up Sonarr I get the following pop-up every time I try to access it through the reverse proxy. I've tried enabling and disabling Web Sockets, to no avail. Anybody have this issue or know how to fix it?

sonarr.png

Hi,

Sometimes an error message appears in the container logs:

nginx: [emerg] invalid number of arguments in "set_real_ip_from" directive in /etc/nginx/conf.d/include/ip_ranges.conf:250

In the Nginx Proxy Manager web interface an error message is sent to any action:

image.png.85feb7772497410b52ea4947fc184d90.png

 

The file contains a piece of code from the Cloudflare page:

set_real_ip_from 2600:9000:f000::/36;

set_real_ip_from 2600:9000:eee::/48;

set_real_ip_from <!DOCTYPE html>;

set_real_ip_from <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->;

set_real_ip_from <!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->;

set_real_ip_from <!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->;

set_real_ip_from <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->;

set_real_ip_from <head>;

set_real_ip_from <title>Attention Required! | Cloudflare</title>;

set_real_ip_from <meta name="captcha-bypass" id="captcha-bypass" />;
  
...

How do I fix this?

40 minutes ago, LoneTraveler said:

I'm taking a shot in the dark, but check that you have set your headers correctly;

 

https://www.getpagespeed.com/server-setup/nginx/cloudflare-and-nginx-automatic-sync-of-cloudflare-trusted-ip-addresses/amp

What settings are we talking about? The hosts in nginx Proxy Manager are all docker containers, in which I didn't configure headers.

The content of the uploaded code on the Cloudflare page refers to entering a captcha. Perhaps the script for updating IP ranges from Cloudflare stumbles on a captcha?

Edited by d0xt0p

  • 2 weeks later...

Has anyone been able to get the external (remote) client IP address to forward to the proxied server?

I've skimmed a few pages and run a search over this topic but I can't find anything on getting the client's IP address to the server.

 

For clarity I'm running a site using IIS on Windows Server 2016, with Nginx Proxy Manager fronting the public requests.

My web server only ever sees the IP Address of the docker (my unraid server), which is problematic when my application has IP Address banning implemented for security - I've had to disable it incase someone cottoned on that they could effectively use my own security against me 😐

Edited by Saldash
typos r bad

  • 2 weeks later...
On 8/5/2020 at 1:03 PM, Experiment626 said:

Oh it does. But. (and this is a big but).

This is the default: image.thumb.png.da85a0d7c2ca105f08d7f2ce461a630d.png

 

It'll start fine with the defaults on install. (1880, 18443).


Now, if I change http/https to 80/443, it barfs. Because Unraid itself is already using those. It would be fine to live on the default ports, if I was using IPv4 only.
image.thumb.png.5bd82df3d4072f0c5e0cc939732ba17d.png

The problem lies with ipv6. Because you don't forward ipv6 ports (at least I don't, native /56 network to play with).. then https (v6) = 18443, not the expected 443. There's no network translation, therefore no port forwarding. Therefore having ipv6 on anything *other* than 80/443 isn't an option.

So, the way to get around that, is use something other than bridge. But the config won't do custom ports that way. It forces me to use the defined ports only. So I'm back to square 1. Can't use v6 with the docker.

Did you find a good solution for this? I have the same issue. IPv4 NAT'ted (so I dont care for the ports) but native IPv6 so it needs to be 80/443. I did open a ticket but no response yet https://github.com/jlesage/docker-nginx-proxy-manager/issues/117

 

I'm currently in the process of having my own fork, building the container (set to 80/443) but new I'm getting stuck with "bind :80 permission denied" errors.

 

edit:

 

I have it working :) 

 

It does require my fork/build that has some changes in the original Dockerfile https://hub.docker.com/r/mattie112/docker-nginx-proxy-manager

The changes are: port 80 instead of 8080 and port 443 instead of 4443. Plus: nginx needs to run as 'root' or it won't have permission to open a port < 1024

 

I also needed to change the "Host access to custom networks" setting to Enabled (Unraid Docker config) as I could ping everything except my Unraid host from within the nginx-proxy-manager container. Please feel free to try this out and let me know if I can assist :)

Edited by mattie112

On 7/9/2020 at 3:10 AM, bdydrp said:

I have a situation with one of my dockers on a vlan (.20 network)  needing to write files to unraid (.1 network)

Is this what Streams would be used for? Or could someone explain what they are?

 

I have NodeRed on br0.20 and a my alexa pallete, needs access to read/write a file to my cache drive residing on host network

When i disable my firewall rule to block VLAN 20 to Main Lan, the node works.

 

I'm unsure if streams (or is correct application) would work, or i need to look at my firewall rules to only allow access to unraid

Thanks

Hello,  Not sure if this has been resolved and/or even know the whole story as didn't read rest of replies, so please excuse me but from up above, i would put back the firewall rule to block vlan20 to main lan. I dont know what you are using for firewall or your setup but by default, firewall rules should process from top to bottom. That being said, above the rule you just set, i would make another rule to allow, from vlan20 for the application, ip address, port on the main lan. This will allow that app to communicate from vlan 20  to main lan and nothing else. Hope this works. If your rules are blocking the opposite way, you will need to create another rule from the other side from host network to vlan20.  Hope this helps and as I said, not sure of whole story. 

On 10/10/2020 at 4:15 AM, Master_of_None said:

Hello,  Not sure if this has been resolved and/or even know the whole story as didn't read rest of replies, so please excuse me but from up above, i would put back the firewall rule to block vlan20 to main lan. I dont know what you are using for firewall or your setup but by default, firewall rules should process from top to bottom. That being said, above the rule you just set, i would make another rule to allow, from vlan20 for the application, ip address, port on the main lan. This will allow that app to communicate from vlan 20  to main lan and nothing else. Hope this works. If your rules are blocking the opposite way, you will need to create another rule from the other side from host network to vlan20.  Hope this helps and as I said, not sure of whole story. 

Hi, i have this sorted now precisely as you described

I'm using pfSense and I have my IOT vlan blocked form accessing my main lan. But above this rule, i added another rule, so that Nodered docker IP on vlan20 can access main lan.

Has been working well

 

Cheers

I just had to reinstall after my docker image was corrupted. I stopped all my dockers, stopped the docker service then deleted the docker image. Reinstalled all of my dockers from the previously installed app list. When I start up nginxproxymanager it never finishes starting. the log follows.

 


[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-app-niceness.sh: executing...
[cont-init.d] 00-app-niceness.sh: exited 0.
[cont-init.d] 00-app-script.sh: executing...

Did you mount the correct folder? Perhaps is is a permission issue? 

 

You could also try do do things manually to see if you get more of a clue

 

`docker exec -it NginxProxyManager sh`

 

En then check the scripts (/etc/cont-init.d) or run them manually

Can anyone advise on how do you properly configure a reverse proxy host to use websockets in a reverse proxy? I'm trying to put code-server behind a reverse proxy and Authelia. I can get authenticated and hit the code-server container but I think something is not being routed correctly for websocket since I see the browser kicking out a bunch of script related errors. I have it enabled in the GUI and below is my config. I'm aware that depending on how the application was written, I have to proxy absolute paths as well for to get the appropriate resources and that's what the additional locations are doing (hopefully).

 

16.conf.txt

Edited by crazykidguy
added config as txt file

I'm hoping someone can give me a hand with a problem. I'm using NginxProxyManager with Cloudflare and DuckDNS for several dockers which all work fine. However, I also have an Ubuntu VM running with a couple of Wordpress sites and a Mastodon instance with it's own dedicated IP. Regardless if I send the domains directly to DuckDNS or send to Cloudflare first, I can't get the sites to load. I always get a too many redirects error.

 

On the Ubuntu server I have VestaCP installed because I let a friend control his own domains. Regardless, I'm not sure what is causing the error. I've tried disabling SSL in NginxProxyManager as well as VestaCP but no matter what I do I get the error. It's all a little convoluted but here's what I've tried:

 

Namecheap -> Cloudflare -> DuckDNS -> NginxProxyManager -> VestaCP

 

Namecheap -> DuckDNS -> NginxProxyManager -> VestaCP

 

I've tried disabling SSL first in NginxProxyManager and then in VestaCP thinking having SSL enabled in both was causing the issue but it wasn't.

 

If I remove both then the error changes to connection lost.

 

Does anyone have a solution to resolving the issue?

Edited by thunderclap

So I decided to cut out the VM and try setting up Wordpress in dockers instead. Doing it this way everything is passed through exactly like my subdomains: Namecheap --> Cloudflare --> NginxProxyManager. I figured doing this would make it works since I have no issues with my subdomain dockers.

 

Wrong... I'm still getting too many redirects. So I'm stumped, does anyone have an ideas how to resolve this? Very much appreciated.

Can you explain a bit more how it is configured?

 

You have a (sub)domain that has an A record to what? Cloudflare? And then Cloudflare is linked to your NPM? Can you try to disable cloudflare just to confirm your NPM works as expected?

 

(most easy way would probably to edit your own /etc/hosts || C:\Windows\system32\drivers\etc\hosts file)

4 hours ago, mattie112 said:

Can you explain a bit more how it is configured?

 

You have a (sub)domain that has an A record to what? Cloudflare? And then Cloudflare is linked to your NPM? Can you try to disable cloudflare just to confirm your NPM works as expected?

 

(most easy way would probably to edit your own /etc/hosts || C:\Windows\system32\drivers\etc\hosts file)

For my Unraid dockers, I have a domain registered through Namecheap. Namecheap points to Cloudflare where I use CNAME's to point the subdomains to DuckDNS and that then points to NginxProxyManager on Unraid. NginxProxyManager then points to the IP of Unraid + the docker port. (eg. Nextcloud, Tautulli, etc.) These all work flawlessly.

 

For other domains (not subdomains) I've tried several set ups. They're registered through Namecheap, Namecheap points to Cloudflare where I use a CNAME to point to DuckDNS that then points to NginxProxyManager on Unraid. This is where I've tried several varying configurations.

 

If I use a VM I point the domain name to the VM's IP. Error.

 

If I use a Wordpress docker instead of the VM I use the Unraid IP + the WP docker port. Error.

 

I've cut out Cloudflare and configured Namecheap to use a CNAME to point to DuckDNS. If I point to the docker or VM I get an error.

 

 

Can you give the DNS you are using? Just to confirm it resolves correctly.

 

I would suggest to try to do the following:

In your host file add:

yourdomain -> internal.ip.from.unraid

and after you have tested that change it to

yourdomain -> your.external.ip (what it is at that moment not the duckdns stuff)

 

And also:

nonexistingdomain -> internal.ip.from.unraid

 

That should lead to a connection to NPM but as it cannot find a valid proxy host it should display a 404 (or 403) so you can at least confirm it reaches your NPM.

6 hours ago, mattie112 said:

Can you give the DNS you are using? Just to confirm it resolves correctly.

 

I would suggest to try to do the following:

In your host file add:

yourdomain -> internal.ip.from.unraid

and after you have tested that change it to

yourdomain -> your.external.ip (what it is at that moment not the duckdns stuff)

 

And also:

nonexistingdomain -> internal.ip.from.unraid

 

That should lead to a connection to NPM but as it cannot find a valid proxy host it should display a 404 (or 403) so you can at least confirm it reaches your NPM.

If you're talking about the DNS I use at home it's NextDNS.

 

As for the host file, are you talking about in the NginxProxyManager docker, the WP docker, or the VM?

  • Author
On 9/8/2020 at 9:51 PM, Foxglove said:

I could probably use it if I could just figure out what nondescript 'internal error' keeps happening whenever I try to get a certificate issued or renewed. The proxy works great, and I can pull sites over http, but I can't get certs for https. Unfortunately I don't know what this error means and I'm hoping someone else may have seen it before.
This error occurs whenever creating or renewing any certificate. Happens consistently, no special steps needed to cause it.

This is usually caused by the container not being accessible from the internet.  You can look at the container's log, you will probably have more details on the error.

  • Author
On 9/27/2020 at 3:19 PM, Saldash said:

Has anyone been able to get the external (remote) client IP address to forward to the proxied server?

I've skimmed a few pages and run a search over this topic but I can't find anything on getting the client's IP address to the server.

 

For clarity I'm running a site using IIS on Windows Server 2016, with Nginx Proxy Manager fronting the public requests.

My web server only ever sees the IP Address of the docker (my unraid server), which is problematic when my application has IP Address banning implemented for security - I've had to disable it incase someone cottoned on that they could effectively use my own security against me 😐

The IP address of the client is in the "X-Forwarded-For" HTTP header.

  • Author

@thunderclap, did you try to open the browser's developper tools and look at the "Network" tab to see what's happening ?

Also, is accessing the the WP docker with its IP+port works ?

1 hour ago, Djoss said:

@thunderclap, did you try to open the browser's developper tools and look at the "Network" tab to see what's happening ?

Also, is accessing the the WP docker with its IP+port works ?

Accessing via IP+port does work albeit site site is broken; several images won't display. Network tab doesn't show anything questionable, at least to my layman eyes.

8 hours ago, thunderclap said:

If you're talking about the DNS I use at home it's NextDNS.

 

As for the host file, are you talking about in the NginxProxyManager docker, the WP docker, or the VM?

I'm sorry I was asking about the domainname you where using just so we can check if it resolves correctly :)

 

And I am talking about the hosts file on your computer. That file basically "overrides" the DNS (your PC first checks that file then searches the internet). So just in case there is something misconfigured you can try it out that way.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.