[Support] Djoss - Nginx Proxy Manager


Djoss

Recommended Posts

So, NPM just stopped working for me. When I try to access my websites, cloudflare gives me error 522(but accessing via IP works just fine). Trying to renew certificates gives me an internal error message and looking though the logs, this is what it says: 

 

[6/30/2021] [3:35:49 AM] [SSL ] › ✖ error Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation
Failed to renew certificate npm-30 with error: Some challenges have failed.
Failed to renew certificate npm-31 with error: Some challenges have failed.
Failed to renew certificate npm-33 with error: Some challenges have failed.
Failed to renew certificate npm-35 with error: Some challenges have failed.
All renewals failed. The following certificates could not be renewed:

 

Is this an easy problem to solve or not?

Link to comment
1 hour ago, mattie112 said:

That error simply means that letsenctypt cannot verify your domain. It needs access to unencrypted http (the '.well-known') directory. Confirm if that works for you (so, http port 80). 

Thank you! Looked to see if port 80 was open and saw that neither 80 or 443 could be reached. A quick restart of the router and everything works as usual :)

 

Edit: I still get an internal error when trying to renew, even if the site is reachable. This is what I get when trying to renew:

 

Duplicate relation "access_list" in a relation expression. You should use "a.[b, c]" instead of "[a.b, a.c]". This will cause an error in objection 2.0
[6/30/2021] [10:03:21 PM] [Nginx ] › ℹ info Reloading Nginx
[6/30/2021] [10:03:22 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #38:

domain.com
[6/30/2021] [10:03:22 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #38:

domain.com
[6/30/2021] [10:03:22 PM] [Nginx ] › ℹ info Reloading Nginx
[6/30/2021] [10:03:22 PM] [Express ] › ⚠ warning Command failed: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-38" --agree-tos --email "[email protected]" --preferred-challenges "dns,http" --domains "media.domain.com"

 

Tried restarting the container and that didn't work

Edited by ostron2
Had to put in more info
Link to comment

Hi everyone,

 

I've been banging my head on this for a while now, I originally thought it was because my router wasn't allowing access to the internal sites via the dns name, but I've since fixed that and nothing has changed.  I'm betting it's something easy that i just don't know about. Here is the error in the container logs:


at ChildProcess.exithandler (child_process.js:308:12)
at ChildProcess.emit (events.js:314:20)
at maybeClose (internal/child_process.js:1022:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5)
[7/2/2021] [8:54:03 PM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates for Cert #1: site.domain.com (this is redacted, not sure it really matters)
[7/2/2021] [8:54:04 PM] [Express ] › ⚠ warning Command failed: certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --preferred-challenges "dns,http" --disable-hook-validation
An unexpected error occurred:
pkg_resources.DistributionNotFound: The 'mock' distribution was not found and is required by the application
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/tmpih4raccg/log or re-run Certbot with -v for more details.

Link to comment
On 6/30/2021 at 10:00 PM, ostron2 said:

Thank you! Looked to see if port 80 was open and saw that neither 80 or 443 could be reached. A quick restart of the router and everything works as usual :)

 

Edit: I still get an internal error when trying to renew, even if the site is reachable. This is what I get when trying to renew:

 

Duplicate relation "access_list" in a relation expression. You should use "a.[b, c]" instead of "[a.b, a.c]". This will cause an error in objection 2.0
[6/30/2021] [10:03:21 PM] [Nginx ] › ℹ info Reloading Nginx
[6/30/2021] [10:03:22 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #38:

domain.com
[6/30/2021] [10:03:22 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #38:

domain.com
[6/30/2021] [10:03:22 PM] [Nginx ] › ℹ info Reloading Nginx
[6/30/2021] [10:03:22 PM] [Express ] › ⚠ warning Command failed: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-38" --agree-tos --email "[email protected]" --preferred-challenges "dns,http" --domains "media.domain.com"

 

Tried restarting the container and that didn't work

 

Hm that is strange, you could try to do the commands manually with some debug info / dry-run. Look into this topic posts from me should be some info.

 

13 hours ago, Billy12347 said:

Hi everyone,

 

I've been banging my head on this for a while now, I originally thought it was because my router wasn't allowing access to the internal sites via the dns name, but I've since fixed that and nothing has changed.  I'm betting it's something easy that i just don't know about. Here is the error in the container logs:


at ChildProcess.exithandler (child_process.js:308:12)
at ChildProcess.emit (events.js:314:20)
at maybeClose (internal/child_process.js:1022:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5)
[7/2/2021] [8:54:03 PM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates for Cert #1: site.domain.com (this is redacted, not sure it really matters)
[7/2/2021] [8:54:04 PM] [Express ] › ⚠ warning Command failed: certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --preferred-challenges "dns,http" --disable-hook-validation
An unexpected error occurred:
pkg_resources.DistributionNotFound: The 'mock' distribution was not found and is required by the application
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/tmpih4raccg/log or re-run Certbot with -v for more details.

 

Never seen before is there anything in the log file specified? Of when you run with -v ?

Link to comment
On 7/3/2021 at 11:08 AM, mattie112 said:

 

Hm that is strange, you could try to do the commands manually with some debug info / dry-run. Look into this topic posts from me should be some info.

 

 

Never seen before is there anything in the log file specified? Of when you run with -v ?

Probably should have mentioned this in the first post, but this happens when I run the renew cert in the gui, I haven't tried /been able to do much with cli. As for the log file, I tried looking for it in the app data folder and couldn't find it, I'll try to get there with the console and see what it says.

 

Link to comment

This is so clean and easy, I'm almost scared that it's not working.  Any way to ensure that it is?

 

Also, I've got everything up and running using cloudfare (not the docker, the website) to manage DNS.  The only issue is that I cannot enter duckdns into the A record for my root or www entries.  I have to enter my public IPS IP.  This changes with every router reboot.  So, that means I will need to update cloudfare whenever my router updates the IP address, which seems to be frequently.  Any suggestions?

Link to comment
15 hours ago, Billy12347 said:

Probably should have mentioned this in the first post, but this happens when I run the renew cert in the gui, I haven't tried /been able to do much with cli. As for the log file, I tried looking for it in the app data folder and couldn't find it, I'll try to get there with the console and see what it says.

 

I think this file only exists in the NPM container yes.

docker exec -it NginxProxyManager bash

and then (you are now in the container)

cat /tmp/logfile

 

7 hours ago, BigMal said:

This is so clean and easy, I'm almost scared that it's not working.  Any way to ensure that it is?

 

Also, I've got everything up and running using cloudfare (not the docker, the website) to manage DNS.  The only issue is that I cannot enter duckdns into the A record for my root or www entries.  I have to enter my public IPS IP.  This changes with every router reboot.  So, that means I will need to update cloudfare whenever my router updates the IP address, which seems to be frequently.  Any suggestions?

 

What do you want to test? Your website? Simply visit it from your phone 4G? Or am I not understanding your question correctly.

 

I don't use cloudflare / duckdns but genrally the idea is that you have somekind of dynamic DNS (duckdns) and then your domain will point to that.

So:

randomname.duckdns -> your public ip will get automatically updated

unraid.yourdomain.com -> CNAME -> randomname.duckdns

 

Link to comment
20 hours ago, mattie112 said:

I think this file only exists in the NPM container yes.

docker exec -it NginxProxyManager bash

and then (you are now in the container)

cat /tmp/logfile

 

 

What do you want to test? Your website? Simply visit it from your phone 4G? Or am I not understanding your question correctly.

 

I don't use cloudflare / duckdns but genrally the idea is that you have somekind of dynamic DNS (duckdns) and then your domain will point to that.

So:

randomname.duckdns -> your public ip will get automatically updated

unraid.yourdomain.com -> CNAME -> randomname.duckdns

 

I checked that log file, it's a similar output to the docker log:

 

Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/usr/lib/python3.8/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 1514, in main
    plugins = plugins_disco.PluginsRegistry.find_all()
  File "/usr/lib/python3.8/site-packages/certbot/_internal/plugins/disco.py", line 237, in find_all
    plugin_ep = cls._load_entry_point(entry_point, plugins, with_prefix=False)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/plugins/disco.py", line 255, in _load_entry_point
    plugin_ep = PluginEntryPoint(entry_point, with_prefix)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/plugins/disco.py", line 51, in __init__
    self.plugin_cls: interfaces.IPluginFactory = entry_point.load()
  File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 2449, in load
    self.require(*args, **kwargs)
  File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 2472, in require
    items = working_set.resolve(reqs, env, installer, extras=self.extras)
  File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 772, in resolve
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'mock' distribution was not found and is required by the application
2021-07-05 23:10:53,098:ERROR:certbot._internal.log:An unexpected error occurred:
2021-07-05 23:10:53,099:ERROR:certbot._internal.log:pkg_resources.DistributionNotFound: The 'mock' distribution was not foun
d and is required by the application

 

It's strange though, when i manually run a certbot renew I get this for the output:

 

The following certificates are not due for renewal yet:
  /etc/letsencrypt/live/npm-1/fullchain.pem expires on 2021-10-04 (skipped)
  /etc/letsencrypt/live/npm-10/fullchain.pem expires on 2021-10-04 (skipped)
  /etc/letsencrypt/live/npm-11/fullchain.pem expires on 2021-10-04 (skipped)
  /etc/letsencrypt/live/npm-12/fullchain.pem expires on 2021-10-04 (skipped)
  /etc/letsencrypt/live/npm-13/fullchain.pem expires on 2021-10-04 (skipped)
  /etc/letsencrypt/live/npm-14/fullchain.pem expires on 2021-10-04 (skipped)
  /etc/letsencrypt/live/npm-15/fullchain.pem expires on 2021-10-04 (skipped)
  /etc/letsencrypt/live/npm-16/fullchain.pem expires on 2021-10-04 (skipped)
  /etc/letsencrypt/live/npm-17/fullchain.pem expires on 2021-10-04 (skipped)
  /etc/letsencrypt/live/npm-18/fullchain.pem expires on 2021-10-04 (skipped)
  /etc/letsencrypt/live/npm-4/fullchain.pem expires on 2021-10-04 (skipped)
  /etc/letsencrypt/live/npm-5/fullchain.pem expires on 2021-10-04 (skipped)
  /etc/letsencrypt/live/npm-6/fullchain.pem expires on 2021-10-04 (skipped)
  /etc/letsencrypt/live/npm-7/fullchain.pem expires on 2021-10-04 (skipped)
  /etc/letsencrypt/live/npm-8/fullchain.pem expires on 2021-10-04 (skipped)
  /etc/letsencrypt/live/npm-9/fullchain.pem expires on 2021-10-04 (skipped)

 

Which as far as I can tell are my certs. Certbot is saying they're still good, but NPM and Digicert's certificate checker are saying they're due to expire on the 14th. Seems like certbot is looking at a different set of something than NPM.

Link to comment

Hm that is really strange. Just to be sure did you already try to restart the NPM container? Perhaps you can extract the certificate and check the serialnumber to see if it matches what your browsers tells you.

 

I still don't really understand the error perhaps reinstall / force update the container? Just in case?

Link to comment
16 hours ago, mattie112 said:

Hm that is really strange. Just to be sure did you already try to restart the NPM container? Perhaps you can extract the certificate and check the serialnumber to see if it matches what your browsers tells you.

 

I still don't really understand the error perhaps reinstall / force update the container? Just in case?

I did try to restart, as well as force update. I could try just creating a new NPM install, although this would be the second time I've had to blow it away and start from scratch.

 

I'll try checking the serial numbers before I start over again.

Link to comment

Well the error seem to originate from certbox internals (so not really something with NPM). I thought perhaps something is corrupted there. I don't think that removing all config would have any effect.

 

There are lots of hits on the error 'pkg_resources.DistributionNotFound: The 'mock' distribution was not found and is required by the application' most being solved by upgrading/reinstalling pyton.

Link to comment

I have multiple Websites Running on Nginx Docker and Nginx Reverse Proxy Docker on Unraid 6.9.2. All works absolutely perfect from any Computer or Phone. The issue is only with iPhone that I am aware of. If my iPhone is on wifi I can connect no problem, but if I turn off wifi and go to cellular data, the phone will not connect to any of my websites. Every browser I have tried gives similar messages like this: Website ERR_SSL_PROTOCOL_ERROR

 

I have been troubleshooting this for over 3 weeks now and have tried every trick I could find, but nothing works. it has me puzzled that it will work fine for computers inside and outside of the network and phones inside and outside of the network, but will not work when switched to cellular data. If anyone could help me get this working I would really appreciate it. If I need to provide more information I can try an do that as well. Also, when I run tests with SSL Labs, I get A+ rating so I am just at a loss.

Link to comment

When I open up my dashboard I'm able to login but it's not showing any of my hosts, nothing shown in the main dashboard tab, just blank white below. Functionally all of the hosts are working. I tried restarting the container and clearing cache without luck. I did a few docker container updates so not sure if this was one that upgrading to the latest version has caused it. Any ideas on fixing it? Also, could I get a reminder on how to set a version tag for unraid/docker to revert to?

 

Edit:

Nevermind, changed browser and it appears to be a browser related issue.

However, still curious the best way to revert container versions based on the tag. I tried adding :v1.16.1 and it didn't work..

Edited by BKS
  • Like 2
Link to comment
On 7/7/2021 at 2:54 AM, mattie112 said:

Well the error seem to originate from certbox internals (so not really something with NPM). I thought perhaps something is corrupted there. I don't think that removing all config would have any effect.

 

There are lots of hits on the error 'pkg_resources.DistributionNotFound: The 'mock' distribution was not found and is required by the application' most being solved by upgrading/reinstalling pyton.

I ended up adding a completely new NPM container and was able to register new certs without issue, i guess I'll see if they renew in a couple months. Thanks for your help in troubleshooting, I'm still learning Linux and Docker, so any help is invaluable.

  • Like 2
Link to comment
On 4/1/2021 at 2:01 PM, RyanOver9000 said:


I think I figured it out.  The user email has to be typed all lowercase when logging in. It seems when changing from the original admin account it will automatically lowercase everything.

Thank you for coming back to update. I have been pulling my hair out trying to figure this out.

Link to comment

docker stuck on [nginx] starting... loop
anyone knows how to solve it ?
 

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-app-niceness.sh: executing...
[cont-init.d] 00-app-niceness.sh: exited 0.
[cont-init.d] 00-app-script.sh: executing...
[cont-init.d] 00-app-script.sh: exited 0.
[cont-init.d] 00-app-user-map.sh: executing...
[cont-init.d] 00-app-user-map.sh: exited 0.
[cont-init.d] 00-clean-logmonitor-states.sh: executing...
[cont-init.d] 00-clean-logmonitor-states.sh: exited 0.
[cont-init.d] 00-clean-tmp-dir.sh: executing...
[cont-init.d] 00-clean-tmp-dir.sh: exited 0.
[cont-init.d] 00-set-app-deps.sh: executing...
[cont-init.d] 00-set-app-deps.sh: exited 0.
[cont-init.d] 00-set-home.sh: executing...
[cont-init.d] 00-set-home.sh: exited 0.
[cont-init.d] 00-take-config-ownership.sh: executing...
[cont-init.d] 00-take-config-ownership.sh: exited 0.
[cont-init.d] 00-xdg-runtime-dir.sh: executing...
[cont-init.d] 00-xdg-runtime-dir.sh: exited 0.
[cont-init.d] 90-db-upgrade.sh: executing...
[cont-init.d] 90-db-upgrade.sh: exited 0.
[cont-init.d] nginx-proxy-manager.sh: executing...
�[1;34m❯ �[1;36mEnabling IPV6 in hosts: �[1;33m/etc/nginx/conf.d�[0m
�[1;34m❯ �[1;33m/etc/nginx/conf.d/include/assets.conf�[0m
�[1;34m❯ �[1;33m/etc/nginx/conf.d/include/block-exploits.conf�[0m
�[1;34m❯ �[1;33m/etc/nginx/conf.d/include/force-ssl.conf�[0m
�[1;34m❯ �[1;33m/etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf�[0m
�[1;34m❯ �[1;33m/etc/nginx/conf.d/include/proxy.conf�[0m
�[1;34m❯ �[1;33m/etc/nginx/conf.d/include/ssl-ciphers.conf�[0m
�[1;34m❯ �[1;33m/etc/nginx/conf.d/default.conf�[0m
�[1;34m❯ �[1;33m/etc/nginx/conf.d/production.conf�[0m
�[1;34m❯ �[1;36mEnabling IPV6 in hosts: �[1;33m/config/nginx�[0m
�[1;34m❯ �[1;33m/config/nginx/proxy_host/22.conf�[0m
...
�[1;34m❯ �[1;33m/config/nginx/proxy_host/21.conf�[0m
�[1;34m❯ �[1;33m/config/nginx/ip_ranges.conf�[0m
�[1;34m❯ �[1;33m/config/nginx/resolvers.conf�[0m
chown: /config/log/log: Symbolic link loop
[cont-init.d] nginx-proxy-manager.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] starting s6-fdholderd...
[services.d] starting logmonitor...
[services.d] starting statusmonitor...
[logmonitor] no file to monitor: disabling service...
[services.d] starting cert_cleanup...
[statusmonitor] no file to monitor: disabling service...
[services.d] starting logrotate...
[services.d] starting nginx...
[cert_cleanup] starting...
[services.d] starting app...
[logrotate] starting...
[nginx] starting...
[app] starting Nginx Proxy Manager...
[services.d] done.
[cert_cleanup] ----------------------------------------------------------
[cert_cleanup] Let's Encrypt certificates cleanup - 2021/07/18 05:22:34
[cert_cleanup] ----------------------------------------------------------
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-1/privkey2.pem.
...
[cert_cleanup] Deleting /etc/letsencrypt/csr/0001_csr-certbot.pem.
[cert_cleanup] Deleting /etc/letsencrypt/keys/0000_key-certbot.pem.
[cert_cleanup] Deleting /etc/letsencrypt/keys/0001_key-certbot.pem.
[cert_cleanup] 96 file(s) kept.
[cert_cleanup] 4 file(s) deleted.
[7/18/2021] [5:22:35 AM] [Migrate ] › ℹ info Current database version: none
[nginx] starting...
[7/18/2021] [5:22:36 AM] [Setup ] › ℹ info Added Certbot plugins certbot-dns-cloudflare==1.8.0 cloudflare
[7/18/2021] [5:22:36 AM] [IP Ranges] › ℹ info Fetching IP Ranges from online services...
[7/18/2021] [5:22:36 AM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[7/18/2021] [5:22:36 AM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4
[7/18/2021] [5:22:36 AM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6
[7/18/2021] [5:22:36 AM] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized
[7/18/2021] [5:22:36 AM] [SSL ] › ℹ info Renewing SSL certs close to expiry...
[7/18/2021] [5:22:36 AM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized
[7/18/2021] [5:22:36 AM] [Global ] › ℹ info Backend PID 4403 listening on port 3000 ...
[nginx] starting...
[nginx] starting...
[nginx] starting...
[nginx] starting...
[nginx] starting...
[nginx] starting...
[nginx] starting...
[nginx] starting...
[nginx] starting...

 

Link to comment

hello - i'm having trouble setting this HTTPS with NGINX Proxy Manager (NPM) and duckDNS. I don't pay for a separate Godaddy domain etc.  so I just want to be able to use a free solution like duckDNS.

 

I setup duckDNS with [mydomain].duckdns.org (and works perfectly with Wireguard VPN). I installed NPM and forwarded 80/443 to 1880/18443 on my router;  then setup NPM so that "domain name"="[mydomain].duckdns.org"; ; forward hostname = unraid local ip (192.168.0.100); forward port is 8181 (tautulli in this case); scheme = https; cache assets and block common exploits both on. Custom locations blank and on the SSL tab I created a new SSL certificate with same domain name, my personal email account (hotmail) and force SSL + HTTP/2 support both turned on.

 

I get "502 Bad Gateway" when I try to navigate to [mydomain].duckdns.org. Does anyone know what's going on to fix this? When I change "scheme"="http" then access to this specific forwarded port works but I dont know then if SSL is working as intended?

 

I also would like to eventually setup various sub-sub domains like tautulli.[mydomain].duckdns.org or [mydomain].duckdns.org/tautulli. Is this possible with free solution like duckDNS? If so, how are you supposed to setup the "details" tab and the "custom locations" tab?

Edited by Linguafoeda
Link to comment

This might have been asked before. In that case: sorry 😅

 

I'm running NPM on my unraid server. I'm also running a VM which is serving my access control to my house. This platform is web-based. Is there a way to point <sub.domain.ext> to a site that is not running on my custom docker network? It is http traffic on a fixed IP for the VM. Tried some stuff allready, pointing to IP or hostname, pushing buttons and sliding sliders but all I get is errors. 

Edited by XisoP
Typo
Link to comment

@Linguafoeda

502 is a problem between NPM and the endpoint.


Usally you let NPM handle SSL

so:

internet -> SSL -> yourdomain -> non-SSL -> your-internal-service (like plex, apache, bitwarden, whatever)

 

Can you share some screenshots? I find it hard to understand exactly what your setup is.

Edited by mattie112
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.