Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Djoss - Nginx Proxy Manager

Featured Replies

The 8181 port should be the webinterface, but perhaps you use an other port? You can also go to the docker tab in unraid and then click on NPM end then choose "WebUI".

 

I think the container uses certbot internally but I'm not 100% sure so if the UI works I would suggest to try that first.

  • Replies 2k
  • Views 517.3k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • You can use my fork for now: https://hub.docker.com/r/mattie112/docker-nginx-proxy-manager (which I will delete if/when this gets implemented by Djoss)   My fork is 100% the same c

  • sdchoni
    sdchoni

    To temporarily resolve this issue, you can use the previous release of Nginx Proxy Manager. Edit the app and change the repository to: jlesage/nginx-proxy-manager:v25.09.1 Once this is resolved, you

  • Please verify that the problem is fixed with the latest version.

Posted Images

webui is 8181, I checked, but can't connect.

Can I create on another way cert and put in in folder ?

Hm that is strange (perhaps restart your container?)

 

But yes you should be able to do it from the CLI. Again SSH to your unraid and do:

docker exec -it NginxProxyManager sh

(If your container has a different name use that you can see it on the web UI from Unraid)

 

In your container do:

certbot renew
or
certbot renew --force-renewal

This will renew everything or use the --cert-name flag to only do the ones you need

 

edit:

I would restart my container after doing this.

Edited by mattie112

  • Author

@Rejserr, the web server is not starting because of the missing certificate file.  If the certbot command suggested by @mattie112 doesn't fix the problem, you should try to edit the file under /mnt/user/appdata/NginxProxyManager/nginx/proxy_host/ that contains the following lines:

  ssl_certificate /etc/letsencrypt/live/npm-9/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-9/privkey.pem;

And comment them:

#  ssl_certificate /etc/letsencrypt/live/npm-9/fullchain.pem;
#  ssl_certificate_key /etc/letsencrypt/live/npm-9/privkey.pem;

 

Thank you mattie112 and Djoss for help, I was solved with certbot renew --force-renewal.

Now is working again .

hey guys, does your NPM have updated to 2.7.1? Im stuck at 2.6.2, Tried force update, tried remove and reinstall, tried setting :latest as a tag.
Nothing worked.


EDIT* Now i realised this isn't the official docker image, i'll have to wait until this image is updated to 2.7.1 :) 

Edited by skois

Also if anyone could explain when to use Websocket Support and Cache Assets (or what is the benefits/cons of using them) Thanks!

Ok, for the past few days I've been trying to get a cert and keep getting the following error:

 

Quote

Internal Error

 

Error: Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-23" --agree-tos --email "[email protected]" --preferred-challenges "dns,http" --domains "irc.spectralforceservers.net" Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for irc.spectralforceservers.net Using the webroot path /config/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Challenge failed for domain irc.spectralforceservers.net http-01 challenge for irc.spectralforceservers.net Cleaning up challenges Some challenges have failed. at ChildProcess.exithandler (child_process.js:303:12) at ChildProcess.emit (events.js:315:20) at maybeClose (internal/child_process.js:1021:16) at Process.ChildProcess._handle.onexit (internal/child_process.js:286:5)

 

If anyone has a resolution or could shed some light on the subject, it would be greatly appreciated.

 

Note: I have tried the renew certbot command previously mentioned.  Thanks in advance for any help.

Can you check the logfile mentioned: /var/log/letsencrypt/letsencrypt.log

(this file exists in your docker container so docker exec -it NginxProxyManager sh and then cat /var/log/letsencrypt/letsencrypt.log)

 

Also:

Is this the only domain that fails or does everything fail?

10 hours ago, mattie112 said:

Can you check the logfile mentioned: /var/log/letsencrypt/letsencrypt.log

(this file exists in your docker container so docker exec -it NginxProxyManager sh and then cat /var/log/letsencrypt/letsencrypt.log)

 

Also:

Is this the only domain that fails or does everything fail?

@mattie112   I haven't tried any other domain as I haven't need any others.  As for the log file, I can add it here as long as there's no sensitive info in it.

I'm not sure what exactly is in this log (I don't seem to have this file so I guess it's only created when it fails). I would recommend to check it perhaps it is already clear then why it is failing?

I did a quick scan and it just said failure to renew.  I'll look a more in depth after work to see if I can isolate the problem.  If not and no sensitive info is in there I'll drop the log here.  Best guess thus far is a failure to communicate.

Perhaps you can try `certbot renew --dry-run` just to see if that works? Or perhaps `certbot --test-cert` ro verify letsencrypt could be reached.

 

And just to be really sure: can you ping from within the NPM container to the internet?

  • Author
On 11/20/2020 at 11:56 AM, skois said:

hey guys, does your NPM have updated to 2.7.1? Im stuck at 2.6.2, Tried force update, tried remove and reinstall, tried setting :latest as a tag.
Nothing worked.


EDIT* Now i realised this isn't the official docker image, i'll have to wait until this image is updated to 2.7.1 :) 

Container image has been updated.

  • Author
On 11/20/2020 at 12:43 PM, skois said:

Also if anyone could explain when to use Websocket Support and Cache Assets (or what is the benefits/cons of using them) Thanks!

WebSocket support must be enabled only when your proxied application requires it.

When enabling Cache Assets, some assets, like images, will be served by NPM instead of your proxied application.  I guess this can provide some performance improvements when a lot of them need to be loaded.

Container image has been updated.
Thanks!

Sent from my Mi 10 Pro using Tapatalk

WebSocket support must be enabled only when your proxied application requires it.
When enabling Cache Assets, some assets, like images, will be served by NPM instead of your proxied application.  I guess this can provide some performance improvements when a lot of them need to be loaded.
I have enabled it on all, didn't see any problems or any difference when disabled, so I left it on! But I'll keep an eye if I have any problem

Thanks!!

Sent from my Mi 10 Pro using Tapatalk

I have linuxserver's letsencrypt (now SWAG) container working just fine but would like to switch over to this as it makes adding entries so much easier through the UI. I also followed Spaceinvaderone's video of setting up each container that needs to be proxied via a custom proxynet network interface. Is this still necessary? Any other considerations for migrating over? Anything like fail2ban in here?

Edited by nimaim

On 11/23/2020 at 8:48 AM, mattie112 said:

Perhaps you can try `certbot renew --dry-run` just to see if that works? Or perhaps `certbot --test-cert` ro verify letsencrypt could be reached.

 

And just to be really sure: can you ping from within the NPM container to the internet?

@mattie112

 

Getting back to this.  I can ping from the container.  When I do the dry run, it says Cerbot is already running.

 

I get the following error from the log 

Quote

 

2020-11-30 09:56:46,228:DEBUG:acme.client:Storing nonce: 0003zHntUKE9Oxgxpsq2L1IDEF4VMp9I5SDSoDg3GCK8AHw
2020-11-30 09:56:46,228:WARNING:certbot._internal.auth_handler:Challenge failed for domain irc.spectralforceservers.net
2020-11-30 09:56:46,229:INFO:certbot._internal.auth_handler:http-01 challenge for irc.spectralforceservers.net
2020-11-30 09:56:46,229:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:

Domain: irc.spectralforceservers.net
Type:   unauthorized
Detail: Invalid response from http://irc.spectralforceservers.net/.well-known/acme-challenge/vxRjJMhh-i5YTWmGUfElTq9CLZQrqNrmZKE1pWMI8OI [172.98.192.36]: "<html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://irc.spectralfor"

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2020-11-30 09:56:46,229:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

 

My CNAME and duckdns.org url are linked.  Thanks for your help!

So it seems that letsencrypt cannot access the fiel it want's. When I go to the website mentioned I get redirected to a site "survey-smiles" (with a huge alert from MalwareBytes) so I can only assume that letsencrypt faces the same issue.

 

If you go to your site do you end up correctly? (Assuming the survey-smiles thing is not yours).

 

And just for funs here is the output of that domain:

 

xx@xx:~# curl irc.spectralforceservers.net
<html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://irc.spectralforceservers.net/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQ<removed>TUsInRzIjoxNjA2NzQ5MjE1MzI2OTIyfQ.iwTewrvuWy6FWsN3bbD0pVnXh36dwDhFwp0Hamm07RY&sid=9db9<removed>cc3238fa');</script></body></html>

So yes your site does issue a redirect (the same happens with /.well-kown/acme-challenge/somerandomstring)

Edited by mattie112

15 minutes ago, mattie112 said:

So it seems that letsencrypt cannot access the fiel it want's. When I go to the website mentioned I get redirected to a site "survey-smiles" (with a huge alert from MalwareBytes) so I can only assume that letsencrypt faces the same issue.

 

If you go to your site do you end up correctly? (Assuming the survey-smiles thing is not yours).

 

And just for funs here is the output of that domain:

 


xx@xx:~# curl irc.spectralforceservers.net
<html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://irc.spectralforceservers.net/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQ<removed>TUsInRzIjoxNjA2NzQ5MjE1MzI2OTIyfQ.iwTewrvuWy6FWsN3bbD0pVnXh36dwDhFwp0Hamm07RY&sid=9db9<removed>cc3238fa');</script></body></html>

So yes your site does issue a redirect (the same happens with /.well-kown/acme-challenge/somerandomstring)

Yeah that's definitely wrong.  I'll try changing the subdomain and see if that works.

 

Even with a new subdomain it still is going to that smiles survey, which is weird, should I contact my domain provider at this point?

Edited by Spectral Force

Tell me, how can I get a certificate for one domain, but several ports? 
mydomain.com
ports: 443, 444, 445?

18 hours ago, muwahhid said:

Tell me, how can I get a certificate for one domain, but several ports? 
mydomain.com
ports: 443, 444, 445?

You get a cert for the subdomain not the ports.

On 11/30/2020 at 4:24 PM, Spectral Force said:

Yeah that's definitely wrong.  I'll try changing the subdomain and see if that works.

 

Even with a new subdomain it still is going to that smiles survey, which is weird, should I contact my domain provider at this point?

I would suggest to do that yeah. It seems not to resolve correctly (or at least what you expect)

On 11/30/2020 at 9:55 PM, muwahhid said:

Tell me, how can I get a certificate for one domain, but several ports? 
mydomain.com
ports: 443, 444, 445?

You don't

Your external ip: 1.1.1.1

Your NPM: 192.168.1.1

You forward external:80 and external:443 to NPM

 

Then you can do:

domainA.com -> 1.1.1.1

domainB.com -> 1.1.1.1

domainC.com -> 1.1.1.1

 

NPM can then do:

if i get some connection that wants domainA.com -> go to 192.168.1.2:1234

domainB.com -> 192.168.1.123:80

domainC.com -> 192.168.1.1:9234

 

So NPM is your only "visible" endpoint and that takes care of multiple hosts / subdomains

 

reverse-proxy-featured.png

Edited by mattie112

I have been digging around for a while and I have been unsuccessful in figure this out. 
I am trying to get the visitor IP to pass through the proxy and to a host I have behind it. 
Is there a way I can do this using NPM? 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.