I am gRoot Posted June 21, 2021 Share Posted June 21, 2021 (edited) Sorry if that was'nt clear: Checked it once again to be sure: cloud.xxx.com -> "ERR_EMPTY_RESPONSE" http://cloud.xxx.com -> "ERR_EMPTY_RESPONSE" https://cloud.xxx.com/login -> "ERR_EMPTY_RESPONSE" http://cloud.xxx.com/login -> works fine, but no login possible My log just says something like "Challenge Failed". I dont know if there is a more detailed log... A thing i forgot to mention is, that if i type cloud.xxx.com into my searchbar, it automatically adds /login, so if i reload the page again it works. Edited June 21, 2021 by I am gRoot missed some info Quote Link to comment
mattie112 Posted June 21, 2021 Share Posted June 21, 2021 Are you sure you want to proxy traffic TO a HTTPS endpoint? Normally your 'internal' endpoint is unencrypted/http. Quote Link to comment
I am gRoot Posted June 21, 2021 Share Posted June 21, 2021 (edited) Well If i switch to http i get an error 400 because i cannot use ssl without a certificate on NPM. How should I use SSL then? Sorry If I got something terribly wrong here... Edited June 21, 2021 by I am gRoot Quote Link to comment
mattie112 Posted June 21, 2021 Share Posted June 21, 2021 Normally the flow is: http endpoint locally (eg http://1.2.3.4:port) https endpoint 'exposed' (eg https://domain.com) In this case the application itself (nextcloud) does not need to know anything from SSL, not the cipers not the certificate, nothing. NPM simply accepts the incoming request, handles the SSL part and then forwards the traffic to a local (unencrypted) endpoint. You are doing: https external -> https internal In that case you would need to have a SSL cert on both endpoints For example: Quote Link to comment
I am gRoot Posted June 21, 2021 Share Posted June 21, 2021 (edited) Ok so i have to make nextcloud to accept http instead of https? As far as I know it doesnt do that.. And If I use "https://cloud.xxx.com" it should work, shouldnt it? Because I still get my empty-response-error... Edited June 21, 2021 by I am gRoot Quote Link to comment
mattie112 Posted June 21, 2021 Share Posted June 21, 2021 It should work but I'm assuming you don't have a valid SSL certificate on your nextcloud internal endpoint so I think it will fail somewhere due to that. Nextcloud works fine with http, see my screenshot, I only forward 80 of the nextcloud container to 8888 and use that in NPM Quote Link to comment
I am gRoot Posted June 21, 2021 Share Posted June 21, 2021 Yes I dont have a valid certificate on there, because my plan was to create one with NPM... If I try Port 80 I can not connect due to a SSL Protocol Error, do I have to change nextclouds config somewhere? Additionally I wanted to Use Port 80 for the NPM itself since I cant forward IPv6 to another port... Quote Link to comment
mattie112 Posted June 21, 2021 Share Posted June 21, 2021 (edited) If you want your NPM to be on 80/443 you'll need to use my fork (or change it yourself): as the current image does not support it (yet). What container are you using for nextcloud? The official container (https://hub.docker.com/_/nextcloud) uses http and suggest you use a reverse-proxy (like NPM) to terminate SSL edit: So that would be 80 -> 8888 for example in your nextcloud docker config and then http://unraidip:8888 in NPM Edited June 21, 2021 by mattie112 Quote Link to comment
I am gRoot Posted June 21, 2021 Share Posted June 21, 2021 Oh, I wasnt aware that NPM doesnt support Ports 80/443 because I am able to set Its Ports in the Dockers Config: Quote Link to comment
mattie112 Posted June 21, 2021 Share Posted June 21, 2021 I'm sorry what I said is not 100% correct. You can use 80/443 but then you MUST use "br0" as network. As your unraid already listens to 80 (and/or 443). By using "br0" your NPM get it's own IP. You really only need my fork if you use IPv6 as you cannot simply forward a port there (and then the solution is to run NPM om 80/443). If you use IPv4 only then yes use br0 and have the config the way you have it. Quote Link to comment
I am gRoot Posted June 21, 2021 Share Posted June 21, 2021 (edited) Thanks for you explanation! I will try and see if it helps! Although I do not fully understand, because I set Unraids Web UI to Port 180... Is there another reason it does not work with Port 80/443 on NPM in Bridge mode? Edit: I also noticed, that I can open the URLs from my own Network (Nextcloud is still giving me that Error 400, but other Dockers I testet as well as the Unraid UI on Port 180 are okay) Edited June 21, 2021 by I am gRoot Quote Link to comment
IKWeb Posted June 21, 2021 Share Posted June 21, 2021 Hello All I am after some help please - I am using Nginx Proxy Manager as my reverse proxy. All is fine and I have next cloud working fine. But when I try and download files greater than 1GB the connection gets reset. From what I have read online I need to add the below to my config of Nginx but I am unsure what file to add it to The command is - Proxy_buffering off; If anyone could let me know what file I need to add this to that would be great. Or if I am completely on the wrong path any feedback would be welcome. Thank you Quote Link to comment
mattie112 Posted June 21, 2021 Share Posted June 21, 2021 19 minutes ago, IKWeb said: Hello All I am after some help please - I am using Nginx Proxy Manager as my reverse proxy. All is fine and I have next cloud working fine. But when I try and download files greater than 1GB the connection gets reset. From what I have read online I need to add the below to my config of Nginx but I am unsure what file to add it to The command is - Proxy_buffering off; If anyone could let me know what file I need to add this to that would be great. Or if I am completely on the wrong path any feedback would be welcome. Thank you It needs to be added to the proxy module config (http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering) Afaik that can be simply added to the "custom nginx configuration" in NPM I would suggest to simply try it... And if it doesn't work you can try to manually edit the file in /mnt/user/appdata/NginxProxyManager/nginx/proxy_host Quote Link to comment
writablevulture Posted June 25, 2021 Share Posted June 25, 2021 I am running this Nginx Proxy Manager container and I successfully set up a reverse proxy for Plex: Created a "dynamic" subdomain in CloudFlare updated with my current WAN IP Created a "plex" subdomain in CloudFlare using a CNAME record pointing to the "dynamic" subdomain Cloudflare SSL/TLS encryption mode is set to "Full" Cloudflarte Always Use HTTPS is "On" Created a host in Nginx that redirects fromn the "plex" subdomain to the IP address and port that the Plex UI is running on in Unraid with: Cache assets on Block Common Exploits on Requested a new SSL certificate from Let's Encrypt with: Force SSL on HTTP/2 Support on HSTS Enabled on HSTS Subdomains on This all seems to work well. Now, when I come to create a reverse proxy host for other services (doign exactly the same as above), they always seem to fail when trying to get a new certificate. Looking in the letsencrypt.log I can see: Quote 2021-06-25 11:29:09,684:WARNING:certbot._internal.auth_handler:Challenge failed for domain deluge.mydomainname.tld 2021-06-25 11:29:09,685:INFO:certbot._internal.auth_handler:http-01 challenge for deluge.mydomainname.tld 2021-06-25 11:29:09,685:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server: Domain: deluge.mydomainname.tld Type: unauthorized Detail: Invalid response from https://deluge.mydomainname.tld/.well-known/acme-challenge/d8P36g6MnsO3PnL-dUsN-XQzFzMNAOtXeAfHj2Pnsys [2606:4700:3032::6815:1f71]: "<!DOCTYPE html>\n<!--[if lt IE 7]> <html class=\"no-js ie6 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 7]> <html class=\"no-js " To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Can anyone give me some pointers as to why I can create my first reverse proxy but no more? I assume I am forwarding the ports in my router correctly to Nginx otherwsie none of them would work. Is trying to create a cert per subdomain the correct thing to do? Thanks! Quote Link to comment
mattie112 Posted June 25, 2021 Share Posted June 25, 2021 It seem to resolve to a IPv6 address (http://[2606:4700:3032::6815:1f71]/) that gives me an error. Do you get the NPM "welcome" page when you go to yourdomain.tld? Letsencrypt needs unencrypted (port 80/http) access in order to create a certificate. And also are you sure `deluge.mydomainname.tld` resolves correctly? Quote Link to comment
writablevulture Posted June 25, 2021 Share Posted June 25, 2021 1 hour ago, mattie112 said: Do you get the NPM "welcome" page when you go to yourdomain.tld? Letsencrypt needs unencrypted (port 80/http) access in order to create a certificate. Thanks, I thought that Letsencrypt would be contacting my server on the subdomain deluge.yourdomain.tld rather than yourdomain.tld? Anyway, since you say that Letsencrypt needs an unencrypted port I changed the "SSL/TLS encryption mode" setting in Cloudflare from Full to Flexible to allow that insecure connection and then I could get my certificates. One I had done that I set "SSL/TLS encryption mode" back to Full and everything seems to be working. I still think I have misunderstood something and I don't think I should have to relax "SSL/TLS encryption mode" every time I want to create a new host in NPM. This is the setting I have to relax each time: Quote Link to comment
mattie112 Posted June 25, 2021 Share Posted June 25, 2021 I dont use CloudFlare myself (don't see the need for that). But: letsencrypt needs an unencrypted connection always! (So every 90 days to renew). Why? Well if you don't have a valid certificate how can letsencrypt connect to your server to verify? But: perhaps you can only allow the /.well_known directory? That is what letsencrypt uses Quote Link to comment
writablevulture Posted June 25, 2021 Share Posted June 25, 2021 54 minutes ago, mattie112 said: Well if you don't have a valid certificate how can letsencrypt connect to your server to verify? Yes, I guess it's a case of the chicken and egg. I'm sure the guide I followed set Cloudflare to force encryption all the way but didn't have this issue. Maybe I miss-remember and they set the full encryption setting on at the end of the process. Thanks for your help, I'm happy it is working correctly and now adding any other NPM hosts will be infrequent it's not really an issue. Quote Link to comment
TDA Posted June 28, 2021 Share Posted June 28, 2021 (edited) Hello Everyone, Since update (yesterday or the day before), I'm not able anymore to get to my internal resources. The configuration hasn't changed so for example: on the pfsense firewall there is a rule in the DNS which : IF : dashboard.lan --> unraid server ip then I've configured in the proxy manager a rule that if there is a request for dashboard.lan it have to redirect to : unraidserver:port It has worked flawlessly before the update, now the connection is refused Can someone please help? Edited June 28, 2021 by TDA Quote Link to comment
mattie112 Posted June 28, 2021 Share Posted June 28, 2021 Can you confirm you cannot reach your NPM? Or NPM cannot reach a container? Assuming the first case: double-check if your unraid/NPM still has the same IP and if you can view NPM by using the IP instead of the hostname Quote Link to comment
TDA Posted June 28, 2021 Share Posted June 28, 2021 5 minutes ago, mattie112 said: Can you confirm you cannot reach your NPM? Or NPM cannot reach a container? Assuming the first case: double-check if your unraid/NPM still has the same IP and if you can view NPM by using the IP instead of the hostname Was this supposed to be an answer to my question? If yes. As said, the only thing that doesn't work anymore is internal (.lan) websites. I can reach the NPM, my external website are working. Only my internal one are refusing connectino. Quote Link to comment
mattie112 Posted June 28, 2021 Share Posted June 28, 2021 Did you confirm the IPs? So: 'ping internal.lan' -> does that resolve to your unraid server (or npm docker address) correctly Quote Link to comment
TDA Posted June 28, 2021 Share Posted June 28, 2021 24 minutes ago, mattie112 said: Did you confirm the IPs? So: 'ping internal.lan' -> does that resolve to your unraid server (or npm docker address) correctly Yes it does. Quote Link to comment
mattie112 Posted June 28, 2021 Share Posted June 28, 2021 Allright just making sure And is there anything in the logs of NPM? Or in the logs for the proxy itself? /mnt/user/appdata/NginxProxyManager/log Quote Link to comment
TDA Posted June 28, 2021 Share Posted June 28, 2021 3 hours ago, mattie112 said: Allright just making sure And is there anything in the logs of NPM? Or in the logs for the proxy itself? /mnt/user/appdata/NginxProxyManager/log In which one exactly? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.