November 18, 20205 yr The 8181 port should be the webinterface, but perhaps you use an other port? You can also go to the docker tab in unraid and then click on NPM end then choose "WebUI". I think the container uses certbot internally but I'm not 100% sure so if the UI works I would suggest to try that first.
November 18, 20205 yr webui is 8181, I checked, but can't connect. Can I create on another way cert and put in in folder ?
November 18, 20205 yr Hm that is strange (perhaps restart your container?) But yes you should be able to do it from the CLI. Again SSH to your unraid and do: docker exec -it NginxProxyManager sh (If your container has a different name use that you can see it on the web UI from Unraid) In your container do: certbot renew or certbot renew --force-renewal This will renew everything or use the --cert-name flag to only do the ones you need edit: I would restart my container after doing this. Edited November 18, 20205 yr by mattie112
November 18, 20205 yr Author @Rejserr, the web server is not starting because of the missing certificate file. If the certbot command suggested by @mattie112 doesn't fix the problem, you should try to edit the file under /mnt/user/appdata/NginxProxyManager/nginx/proxy_host/ that contains the following lines: ssl_certificate /etc/letsencrypt/live/npm-9/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/npm-9/privkey.pem; And comment them: # ssl_certificate /etc/letsencrypt/live/npm-9/fullchain.pem; # ssl_certificate_key /etc/letsencrypt/live/npm-9/privkey.pem;
November 18, 20205 yr Thank you mattie112 and Djoss for help, I was solved with certbot renew --force-renewal. Now is working again .
November 20, 20205 yr hey guys, does your NPM have updated to 2.7.1? Im stuck at 2.6.2, Tried force update, tried remove and reinstall, tried setting :latest as a tag. Nothing worked. EDIT* Now i realised this isn't the official docker image, i'll have to wait until this image is updated to 2.7.1 Edited November 22, 20205 yr by skois
November 20, 20205 yr Also if anyone could explain when to use Websocket Support and Cache Assets (or what is the benefits/cons of using them) Thanks!
November 21, 20205 yr Ok, for the past few days I've been trying to get a cert and keep getting the following error: Quote Internal Error Error: Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-23" --agree-tos --email "[email protected]" --preferred-challenges "dns,http" --domains "irc.spectralforceservers.net" Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for irc.spectralforceservers.net Using the webroot path /config/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Challenge failed for domain irc.spectralforceservers.net http-01 challenge for irc.spectralforceservers.net Cleaning up challenges Some challenges have failed. at ChildProcess.exithandler (child_process.js:303:12) at ChildProcess.emit (events.js:315:20) at maybeClose (internal/child_process.js:1021:16) at Process.ChildProcess._handle.onexit (internal/child_process.js:286:5) If anyone has a resolution or could shed some light on the subject, it would be greatly appreciated. Note: I have tried the renew certbot command previously mentioned. Thanks in advance for any help.
November 22, 20205 yr Can you check the logfile mentioned: /var/log/letsencrypt/letsencrypt.log (this file exists in your docker container so docker exec -it NginxProxyManager sh and then cat /var/log/letsencrypt/letsencrypt.log) Also: Is this the only domain that fails or does everything fail?
November 22, 20205 yr 10 hours ago, mattie112 said: Can you check the logfile mentioned: /var/log/letsencrypt/letsencrypt.log (this file exists in your docker container so docker exec -it NginxProxyManager sh and then cat /var/log/letsencrypt/letsencrypt.log) Also: Is this the only domain that fails or does everything fail? @mattie112 I haven't tried any other domain as I haven't need any others. As for the log file, I can add it here as long as there's no sensitive info in it.
November 23, 20205 yr I'm not sure what exactly is in this log (I don't seem to have this file so I guess it's only created when it fails). I would recommend to check it perhaps it is already clear then why it is failing?
November 23, 20205 yr I did a quick scan and it just said failure to renew. I'll look a more in depth after work to see if I can isolate the problem. If not and no sensitive info is in there I'll drop the log here. Best guess thus far is a failure to communicate.
November 23, 20205 yr Perhaps you can try `certbot renew --dry-run` just to see if that works? Or perhaps `certbot --test-cert` ro verify letsencrypt could be reached. And just to be really sure: can you ping from within the NPM container to the internet?
November 24, 20205 yr Author On 11/20/2020 at 11:56 AM, skois said: hey guys, does your NPM have updated to 2.7.1? Im stuck at 2.6.2, Tried force update, tried remove and reinstall, tried setting :latest as a tag. Nothing worked. EDIT* Now i realised this isn't the official docker image, i'll have to wait until this image is updated to 2.7.1 Container image has been updated.
November 24, 20205 yr Author On 11/20/2020 at 12:43 PM, skois said: Also if anyone could explain when to use Websocket Support and Cache Assets (or what is the benefits/cons of using them) Thanks! WebSocket support must be enabled only when your proxied application requires it. When enabling Cache Assets, some assets, like images, will be served by NPM instead of your proxied application. I guess this can provide some performance improvements when a lot of them need to be loaded.
November 24, 20205 yr WebSocket support must be enabled only when your proxied application requires it. When enabling Cache Assets, some assets, like images, will be served by NPM instead of your proxied application. I guess this can provide some performance improvements when a lot of them need to be loaded.I have enabled it on all, didn't see any problems or any difference when disabled, so I left it on! But I'll keep an eye if I have any problemThanks!! Sent from my Mi 10 Pro using Tapatalk
November 28, 20205 yr I have linuxserver's letsencrypt (now SWAG) container working just fine but would like to switch over to this as it makes adding entries so much easier through the UI. I also followed Spaceinvaderone's video of setting up each container that needs to be proxied via a custom proxynet network interface. Is this still necessary? Any other considerations for migrating over? Anything like fail2ban in here? Edited November 29, 20205 yr by nimaim
November 30, 20205 yr On 11/23/2020 at 8:48 AM, mattie112 said: Perhaps you can try `certbot renew --dry-run` just to see if that works? Or perhaps `certbot --test-cert` ro verify letsencrypt could be reached. And just to be really sure: can you ping from within the NPM container to the internet? @mattie112 Getting back to this. I can ping from the container. When I do the dry run, it says Cerbot is already running. I get the following error from the log Quote 2020-11-30 09:56:46,228:DEBUG:acme.client:Storing nonce: 0003zHntUKE9Oxgxpsq2L1IDEF4VMp9I5SDSoDg3GCK8AHw 2020-11-30 09:56:46,228:WARNING:certbot._internal.auth_handler:Challenge failed for domain irc.spectralforceservers.net 2020-11-30 09:56:46,229:INFO:certbot._internal.auth_handler:http-01 challenge for irc.spectralforceservers.net 2020-11-30 09:56:46,229:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server: Domain: irc.spectralforceservers.net Type: unauthorized Detail: Invalid response from http://irc.spectralforceservers.net/.well-known/acme-challenge/vxRjJMhh-i5YTWmGUfElTq9CLZQrqNrmZKE1pWMI8OI [172.98.192.36]: "<html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://irc.spectralfor" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. 2020-11-30 09:56:46,229:DEBUG:certbot._internal.error_handler:Encountered exception: Traceback (most recent call last): File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations self._poll_authorizations(authzrs, max_retries, best_effort) File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. My CNAME and duckdns.org url are linked. Thanks for your help!
November 30, 20205 yr So it seems that letsencrypt cannot access the fiel it want's. When I go to the website mentioned I get redirected to a site "survey-smiles" (with a huge alert from MalwareBytes) so I can only assume that letsencrypt faces the same issue. If you go to your site do you end up correctly? (Assuming the survey-smiles thing is not yours). And just for funs here is the output of that domain: xx@xx:~# curl irc.spectralforceservers.net <html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://irc.spectralforceservers.net/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQ<removed>TUsInRzIjoxNjA2NzQ5MjE1MzI2OTIyfQ.iwTewrvuWy6FWsN3bbD0pVnXh36dwDhFwp0Hamm07RY&sid=9db9<removed>cc3238fa');</script></body></html> So yes your site does issue a redirect (the same happens with /.well-kown/acme-challenge/somerandomstring) Edited November 30, 20205 yr by mattie112
November 30, 20205 yr 15 minutes ago, mattie112 said: So it seems that letsencrypt cannot access the fiel it want's. When I go to the website mentioned I get redirected to a site "survey-smiles" (with a huge alert from MalwareBytes) so I can only assume that letsencrypt faces the same issue. If you go to your site do you end up correctly? (Assuming the survey-smiles thing is not yours). And just for funs here is the output of that domain: xx@xx:~# curl irc.spectralforceservers.net <html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://irc.spectralforceservers.net/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQ<removed>TUsInRzIjoxNjA2NzQ5MjE1MzI2OTIyfQ.iwTewrvuWy6FWsN3bbD0pVnXh36dwDhFwp0Hamm07RY&sid=9db9<removed>cc3238fa');</script></body></html> So yes your site does issue a redirect (the same happens with /.well-kown/acme-challenge/somerandomstring) Yeah that's definitely wrong. I'll try changing the subdomain and see if that works. Even with a new subdomain it still is going to that smiles survey, which is weird, should I contact my domain provider at this point? Edited November 30, 20205 yr by Spectral Force
November 30, 20205 yr Tell me, how can I get a certificate for one domain, but several ports? mydomain.com ports: 443, 444, 445?
December 1, 20205 yr 18 hours ago, muwahhid said: Tell me, how can I get a certificate for one domain, but several ports? mydomain.com ports: 443, 444, 445? You get a cert for the subdomain not the ports.
December 2, 20205 yr On 11/30/2020 at 4:24 PM, Spectral Force said: Yeah that's definitely wrong. I'll try changing the subdomain and see if that works. Even with a new subdomain it still is going to that smiles survey, which is weird, should I contact my domain provider at this point? I would suggest to do that yeah. It seems not to resolve correctly (or at least what you expect) On 11/30/2020 at 9:55 PM, muwahhid said: Tell me, how can I get a certificate for one domain, but several ports? mydomain.com ports: 443, 444, 445? You don't Your external ip: 1.1.1.1 Your NPM: 192.168.1.1 You forward external:80 and external:443 to NPM Then you can do: domainA.com -> 1.1.1.1 domainB.com -> 1.1.1.1 domainC.com -> 1.1.1.1 NPM can then do: if i get some connection that wants domainA.com -> go to 192.168.1.2:1234 domainB.com -> 192.168.1.123:80 domainC.com -> 192.168.1.1:9234 So NPM is your only "visible" endpoint and that takes care of multiple hosts / subdomains Edited December 2, 20205 yr by mattie112
December 5, 20205 yr I have been digging around for a while and I have been unsuccessful in figure this out. I am trying to get the visitor IP to pass through the proxy and to a host I have behind it. Is there a way I can do this using NPM?
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.