[Support] Djoss - Nginx Proxy Manager


Djoss

Recommended Posts

I a m intrecidble confused by the NginxProxyManager, can someone please tell my the container is writing logs to 2 paths with identical data?

In /mnt/cache/Appdata/NginxProxyManager i have 2 folders:

/Log

/Logs

Both contains 983 files, and 1 folder, both seems to be log files with identical data, whats the point of having 2 paths with the exact same data? Why is this happening?

image.png

Edited by je82
Link to comment
9 minutes ago, je82 said:

I a m intrecidble confused by the NginxProxyManager, can someone please tell my the container is writing logs to 2 paths with identical data?

In /mnt/cache/Appdata/NginxProxyManager i have 2 folders:

/Log

/Logs

Both contains 983 files, and 1 folder, both seems to be log files with identical data, whats the point of having 2 paths with the exact same data? Why is this happening?

image.png

 

Yes but no :)

The `logs`  directory is a symlink to `/log`. So really just a "shortcut" to an other directory. This is a Linux thingy and it looks like it is duplicated but I can guarantee you that is is not.

 

If you go to your Unraid terminal to that directory and do `ls -alh`  you can see that it is simply liked and not a 'real' directory.

 

root@Tower:/mnt/user/appdata/NginxProxyManager# ls -alh
drwxrwxrwx 1 nobody users 3.7K Jul  3 16:10 log/
lrwxrwxrwx 1 root   root     3 Jul  4 13:17 logs -> log/

 

edit:

Oh and to why: I don't know, perhaps it is kept for backwards compatibility or something?

Edited by mattie112
  • Thanks 1
Link to comment
  • 3 weeks later...

I have hit a wall and can't seem to figure out my issue. 

 

All of a sudden none of my containers are able to be reached through my reverse proxy. I haven't made any changes to my network or to my docker containers or my proxy hosts. I am able to load NGINX and all of my proxy host show as they always have and show online. I can curl all of my containers from an NGINX console window and all are available. Whenever I try to reach any of my dockers, I get a 522 error "timeout". I am at a loss as nothing has changed in over 6 months, and was running great just a week ago. I can provide any logs just not sure which ones will be needed. Any help will be greatly appreciated. 

Link to comment

At the risk of sounding completely ignorant, I'm having trouble establishing a Let's Encrypt certificate.  I can create custom ones easily enough, but would like to have auto-renewing certs to simplify the process.  When entering my domain into the "Add Let's Encrypt Certificate" box, select "I agree to the...", and click Save, the following error shows up.  Any pointers on what I may be doing wrong.  I'm using Cloudflare to manage all DNS.

 

image.png.01e327eea72f8f25209cc865a1ab5a27.png image.png.cbfcb8b72ab12cc19dc1576864b1a711.png

Link to comment
8 minutes ago, mattie112 said:

So, does your domain point to the IP NPM is running on? Both 443 and 80?

Yes, both 443 and 80 are open.  I'm using Cloudflare to point to my public IP.  I can access all other sites using NPM using the custom cert.  I just cannot create a Let's Encrypt cert.  I'm confident it's one setting I've got off...just don't know which one that "one" is.

 

Edited by BigMal
updated open ports
Link to comment
5 minutes ago, mattie112 said:

I don't use CF. Perhaps it caches the url it uses to verify? Afaik the '.well-known' directory. 

 

Perhaps try it without CF first? 

It's got to be something related to CF as it works if I use port forwarding and a duckdns domain.

Link to comment
  • 2 weeks later...

Why When I resetup the nginx,It's cannot show me the login page, and I have read the log, 

[nginx] starting...
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/npm-15/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/npm-15/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

 

T.T

Link to comment

I have just gone to create a new host and it failed. 

Here is the log:
 

2022-08-23 19:51:27,153:DEBUG:certbot._internal.main:certbot version: 1.27.0
2022-08-23 19:51:27,153:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2022-08-23 19:51:27,153:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--cert-name', 'npm-40', '--agree-tos', '--authenticator', 'webroot', '--email', '<REMOVED>', '--preferred-challenges', 'dns,http', '--domains', 'eveinsight.brothercraig.ddns.me']
2022-08-23 19:51:27,153:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-08-23 19:51:27,165:DEBUG:certbot._internal.lock:A lock on /var/log/letsencrypt/.certbot.lock is held by another process.
2022-08-23 19:51:27,165:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/certbot/_internal/lock.py", line 126, in _try_lock
    fcntl.lockf(fd, fcntl.LOCK_EX | fcntl.LOCK_NB)
BlockingIOError: [Errno 11] Resource temporarily unavailable

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/usr/lib/python3.9/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1728, in main
    log.post_arg_parse_setup(config)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/log.py", line 107, in post_arg_parse_setup
    file_handler, file_path = setup_log_file_handler(
  File "/usr/lib/python3.9/site-packages/certbot/_internal/log.py", line 161, in setup_log_file_handler
    util.set_up_core_dir(config.logs_dir, 0o700, config.strict_permissions)
  File "/usr/lib/python3.9/site-packages/certbot/util.py", line 183, in set_up_core_dir
    lock_dir_until_exit(directory)
  File "/usr/lib/python3.9/site-packages/certbot/util.py", line 157, in lock_dir_until_exit
    _LOCKS[dir_path] = lock.lock_dir(dir_path)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/lock.py", line 259, in lock_dir
    return LockFile(os.path.join(dir_path, '.certbot.lock'))
  File "/usr/lib/python3.9/site-packages/certbot/_internal/lock.py", line 45, in __init__
    self.acquire()
  File "/usr/lib/python3.9/site-packages/certbot/_internal/lock.py", line 60, in acquire
    self._lock_mechanism.acquire()
  File "/usr/lib/python3.9/site-packages/certbot/_internal/lock.py", line 112, in acquire
    self._try_lock(fd)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/lock.py", line 130, in _try_lock
    raise errors.LockError('Another instance of Certbot is already running.')
certbot.errors.LockError: Another instance of Certbot is already running.
2022-08-23 19:51:27,165:ERROR:certbot._internal.log:Another instance of Certbot is already running.


I also noticed, after check, in the docker logs the renewals are also failing.

Link to comment

Hello fellow unraiders.  I decided to setup NGINX after debating it for a while.  For some reason, I can't get the final piece to work.  I followed many of the tutorials, setup duckdns, setup port forwarding, created a subdomain for overseer (trial app), etc...

 

If i go to overseer.mydomain.com, get a "the site cannot be reached" overseer.mydomain.com refused to connect.  However, if I put in my ISP IP address:8080, (port number I setup), I can get to the page showing "Congratulations! You've successfully started the Nginx Proxy Manager. If you're seeing this site then you're trying to access a host that isn't setup yet."

 

I'm not sure what else to do to troubleshoot.  Additionally, I keep getting "internal error" when trying to setup the SSL for the host (overseer).

Link to comment

On to my next issue, challenges are failing for some reason
 

today at 06:50:02[8/26/2022] [6:50:02 AM] [SSL      ] › ✖  error     Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation  
today at 06:50:02Failed to renew certificate npm-10 with error: Some challenges have failed.
today at 06:50:02Failed to renew certificate npm-11 with error: Some challenges have failed.
today at 06:50:02Failed to renew certificate npm-12 with error: Some challenges have failed.
today at 06:50:02Failed to renew certificate npm-13 with error: Some challenges have failed.
today at 06:50:02Failed to renew certificate npm-15 with error: Some challenges have failed.
today at 06:50:02Failed to renew certificate npm-16 with error: Some challenges have failed.
today at 06:50:02Failed to renew certificate npm-17 with error: Some challenges have failed.
today at 06:50:02Failed to renew certificate npm-18 with error: Some challenges have failed.
today at 06:50:02Failed to renew certificate npm-19 with error: Some challenges have failed.
today at 06:50:02Failed to renew certificate npm-20 with error: Some challenges have failed.
today at 06:50:02Failed to renew certificate npm-21 with error: Some challenges have failed.
today at 06:50:02Failed to renew certificate npm-22 with error: Some challenges have failed.
today at 06:50:02Failed to renew certificate npm-23 with error: Some challenges have failed.
today at 06:50:02Failed to renew certificate npm-24 with error: Some challenges have failed.
today at 06:50:02Failed to renew certificate npm-26 with error: Some challenges have failed.
today at 06:50:02Failed to renew certificate npm-27 with error: Some challenges have failed.
today at 06:50:02Failed to renew certificate npm-8 with error: Some challenges have failed.
today at 06:50:02Failed to renew certificate npm-9 with error: Some challenges have failed.
today at 06:50:02All renewals failed. The following certificates could not be renewed:
today at 06:50:02  /etc/letsencrypt/live/npm-10/fullchain.pem (failure)
today at 06:50:02  /etc/letsencrypt/live/npm-11/fullchain.pem (failure)
today at 06:50:02  /etc/letsencrypt/live/npm-12/fullchain.pem (failure)
today at 06:50:02  /etc/letsencrypt/live/npm-13/fullchain.pem (failure)
today at 06:50:02  /etc/letsencrypt/live/npm-15/fullchain.pem (failure)
today at 06:50:02  /etc/letsencrypt/live/npm-16/fullchain.pem (failure)
today at 06:50:02  /etc/letsencrypt/live/npm-17/fullchain.pem (failure)
today at 06:50:02  /etc/letsencrypt/live/npm-18/fullchain.pem (failure)
today at 06:50:02  /etc/letsencrypt/live/npm-19/fullchain.pem (failure)
today at 06:50:02  /etc/letsencrypt/live/npm-20/fullchain.pem (failure)
today at 06:50:02  /etc/letsencrypt/live/npm-21/fullchain.pem (failure)
today at 06:50:02  /etc/letsencrypt/live/npm-22/fullchain.pem (failure)
today at 06:50:02  /etc/letsencrypt/live/npm-23/fullchain.pem (failure)
today at 06:50:02  /etc/letsencrypt/live/npm-24/fullchain.pem (failure)
today at 06:50:02  /etc/letsencrypt/live/npm-26/fullchain.pem (failure)
today at 06:50:02  /etc/letsencrypt/live/npm-27/fullchain.pem (failure)
today at 06:50:02  /etc/letsencrypt/live/npm-8/fullchain.pem (failure)
today at 06:50:02  /etc/letsencrypt/live/npm-9/fullchain.pem (failure)
today at 06:50:0218 renew failure(s), 0 parse failure(s)
today at 06:50:02
today at 06:50:02    at ChildProcess.exithandler (node:child_process:399:12)
today at 06:50:02    at ChildProcess.emit (node:events:526:28)
today at 06:50:02    at maybeClose (node:internal/child_process:1092:16)
today at 06:50:02    at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5)


Checking the letsencrypt.log

 

Quote

2022-08-26 06:50:02,492:DEBUG:acme.client:Storing nonce: 0001_undfctTqZ9baRaugQQWs1NLmyi1KbD_beHhlQ_epuQ

2022-08-26 06:50:02,493:INFO:certbot._internal.auth_handler:Challenge failed for domain emby.brothercraig.ddns.me

2022-08-26 06:50:02,493:INFO:certbot._internal.auth_handler:http-01 challenge for emby.brothercraig.ddns.me

2022-08-26 06:50:02,493:DEBUG:certbot._internal.display.obj:Notifying user:

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:

  Domain: emby.brothercraig.ddns.me

  Type:   connection

  Detail: 2.24.123.204: Fetching http://emby.brothercraig.ddns.me/.well-known/acme-challenge/j3zsjOyI-QyJlW0eip3AOjpa31lTx-J6teBcRUwL2QM: Error getting validation data

 

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.


image.png.6f42cbfbdf1d2ccf03d4c9d21aebda8b.png

image.thumb.png.b95f86c58967cdd42ad1a54da3e4cdab.png

image.png.79600eb1025031d8c66e5b5b3da11f71.png

Edited by MrLinford
Update
Link to comment
  • 4 weeks later...

Hi,i have 2 Unraid servers and trying to install on both Npm on one of them everything works perfect but on second it works only if first one is turned off.

I change and forward ports on the second Unraid box but still get some problems and cant access the dockers.

I use OpnSense firewall .

Should i put from my modem second router so i have every unraid on different router or i dont know.

I use Godaddy thru Cloudflare.

Thank you.

Screenshot from 2022-09-19 13-24-28.png

Screenshot from 2022-09-19 13-46-00.png

Screenshot from 2022-09-19 13-46-11.png

Edited by Vesko
Link to comment
35 minutes ago, Vesko said:

Hi,i have 2 Unraid servers and trying to install on both Npm on one of them everything works perfect but on second it works only if first one is turned off.

I change and forward ports on the second Unraid box but still get some problems and cant access the dockers.

I use OpnSense firewall .

Should i put from my modem second router so i have every unraid on different router or i dont know.

I use Godaddy thru Cloudflare.

Thank you.

Screenshot from 2022-09-19 13-24-28.png

Screenshot from 2022-09-19 13-46-00.png

Screenshot from 2022-09-19 13-46-11.png

 

You can't forward the same port to two different IP's on your LAN. I'm surprised your router allowed you to even enter this config.

 

Just do all the NPM forwarding on box1 to all the services that are on box2 with the appropriate IP's/ports.

 

Quote

Should i put from my modem second router so i have every unraid on different router or i dont know.

 

So what I read from this is you are double NAT'ed. That's a nightmare. There should be a way you can configure your providers modem/router to operate in bridge mode. That essentially disables the built in router and allows your PFSense to act as the primary (and only) firewall/router. This should simplify managing the system and clear up a lot of port forward/conflict issues.

Edited by aglyons
  • Thanks 1
Link to comment
22 minutes ago, aglyons said:

 

You can't forward the same port to two different IP's on your LAN. I'm surprised your router allowed you to even enter this config.

 

Just do all the NPM forwarding on box1 to all the services that are on box2 with the appropriate IP's/ports.

 

 

Thank you for the fast answer i was trying from yesterday to understand how it works.I will never try this way.Thank you again very much.

So i delete the Npm on Box 2 and delete the second forward ports on the router and now works.

So now the box 1 then should do all job then.

If Box 1 is turned off how i can setup things to work.

I need to install Npm on box 2 also with same settings but keep it OFF and if box 1 is off need to turn on Npm on box 2 because 2 Pnm cant work same time yes.

Screenshot from 2022-09-19 15-22-33.png

Screenshot from 2022-09-19 15-23-31.png

Screenshot from 2022-09-19 15-24-03.png

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.