[Support] Djoss - Nginx Proxy Manager


Djoss

Recommended Posts

3 hours ago, mattie112 said:

 

Yes that should work just fine. On what action do you get the 400 error? Adding the host or enabling SSL? You could try to remove all files in appdata and start fresh if you have nothing on it just to make sure nothing "strange" happend during initial setup. Or go to the console of NPM and try a couple of `certbot` commands to manually get a SSL certificate (I don't know the exact commands) and see if that works or if that possible gives an error that you can search for.

It lets me set it up fine, but when I connect to the external hostname I get the 400 error. It's definitely hitting Nginx (and that configured external address) as if I change it to homeassistant.local instead of the internal IP of home assistant, I get a different error (unraid isn't resolving .local addresses it seems).

Link to comment
On 12/15/2022 at 11:52 AM, mattie112 said:

 

I guess if you have multiple external IPs you could enable the forward only for one IP? But you will have to consult your router manual/docs for that. Or just use 0.0.0.0 - 255.255.255.255 to see if that works :)

 

I did not get a manual with this router which explains port forwarding.

 

Also 0.0.0.0 - 255.255.255.255 are not valid IP addresses it says. Any more information?

Link to comment
  • 2 weeks later...

Hello,
I was trying to renew my certificates manually but the logs shows me that the certbot is already running?

[1/11/2023] [6:06:22 PM] [SSL      ] › ℹ  info      Renewing Let'sEncrypt certificates for Cert #30: bitwarden.domain.com
[1/11/2023] [6:06:22 PM] [SSL      ] › ℹ  info      Command: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --cert-name "npm-30" --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation 
[1/11/2023] [6:06:23 PM] [Express  ] › ⚠  warning   Command failed: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --cert-name "npm-30" --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation 
Another instance of Certbot is already running.

 

Then the docker tries to renew it on its own, fails again.

It shows me 8 renew failures, but there are only 4 domains registered.

[1/11/2023] [6:12:19 PM] [SSL      ] › ✖  error     Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation  
Failed to renew certificate npm-12 with error: Some challenges have failed.
Failed to renew certificate npm-2 with error: Some challenges have failed.
Failed to renew certificate npm-25 with error: Some challenges have failed.
Failed to renew certificate npm-26 with error: Some challenges have failed.
Failed to renew certificate npm-30 with error: Some challenges have failed.
Failed to renew certificate npm-31 with error: Some challenges have failed.
Failed to renew certificate npm-32 with error: Some challenges have failed.
Failed to renew certificate npm-35 wth error: Some challenges have failed.
All renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/npm-12/fullchain.pem (failure)
  /etc/letsencrypt/live/npm-2/fullchain.pem (failure)
  /etc/letsencrypt/live/npm-25/fullchain.pem (failure)
  /etc/letsencrypt/live/npm-26/fullchain.pem (failure)
  /etc/letsencrypt/live/npm-30/fullchain.pem (failure)
  /etc/letsencrypt/live/npm-31/fullchain.pem (failure)
  /etc/letsencrypt/live/npm-32/fullchain.pem (failure)
  /etc/letsencrypt/live/npm-35/fullchain.pem (failure)
8 renew failure(s), 0 parse failure(s)

    at ChildProcess.exithandler (node:child_process:399:12)
    at ChildProcess.emit (node:events:526:28)
    at maybeClose (node:internal/child_process:1092:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5)

 

Some input for the problem?

Link to comment

Hi, So I've been trying to force SSL on my subdomain for a proxy. I have changed my subdomain atleast 10 times. Uninstalled, reinstalled. The works. I even went as far as to completely remodeling my server lol. But for some reason itll still Shoot the same error "Internal Error" Its been driving me nuts. At the time of posting this I'll be going to bed so if any logs are needed feel free to lmk and I'll get around to it tomorrow. 

nginxepicfail1.png

Link to comment
14 hours ago, MPHxLegend said:

Hello,
I was trying to renew my certificates manually but the logs shows me that the certbot is already running?

[1/11/2023] [6:06:22 PM] [SSL      ] › ℹ  info      Renewing Let'sEncrypt certificates for Cert #30: bitwarden.domain.com
[1/11/2023] [6:06:22 PM] [SSL      ] › ℹ  info      Command: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --cert-name "npm-30" --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation 
[1/11/2023] [6:06:23 PM] [Express  ] › ⚠  warning   Command failed: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --cert-name "npm-30" --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation 
Another instance of Certbot is already running.

 

Some input for the problem?

 

Solved, the Certbot couldn't get a callback because I did proxied all my domains on Cloudflare. I reversed the proxy so the certbot could renew the certificates and then proxied the domains after that again. 

Link to comment
10 hours ago, OhShiro said:

Hi, So I've been trying to force SSL on my subdomain for a proxy. I have changed my subdomain atleast 10 times. Uninstalled, reinstalled. The works. I even went as far as to completely remodeling my server lol. But for some reason itll still Shoot the same error "Internal Error" Its been driving me nuts. At the time of posting this I'll be going to bed so if any logs are needed feel free to lmk and I'll get around to it tomorrow. 

nginxepicfail1.png

 

Well without logs your guess is as good as mine. There is "somekind" of error!

Link to comment
On 1/11/2023 at 9:28 PM, OhShiro said:

Hi, So I've been trying to force SSL on my subdomain for a proxy. I have changed my subdomain atleast 10 times. Uninstalled, reinstalled. The works. I even went as far as to completely remodeling my server lol. But for some reason itll still Shoot the same error "Internal Error" Its been driving me nuts. At the time of posting this I'll be going to bed so if any logs are needed feel free to lmk and I'll get around to it tomorrow. 

nginxepicfail1.png

As I now am awake and have time to upload logs attached will be said logs.

letsnotworkepicfail.log

Link to comment
3 hours ago, OhShiro said:

As I now am awake and have time to upload logs attached will be said logs.

letsnotworkepicfail.log 27.18 kB · 0 downloads

 

So the error is clear:

 

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

 

You have to make sure that port 80 (with no SSL) can be reached from the outside. Please confirm that that is the case.

Link to comment
22 hours ago, mattie112 said:

 

So the error is clear:

 

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

 

You have to make sure that port 80 (with no SSL) can be reached from the outside. Please confirm that that is the case.

Under the assumption that you mean that port 80 would need to be forwarded I went ahead and did that. I also forwarded 1337 as thats the port I enter when making the profile. After making these changes nothing has changed. Same error message. If I misunderstood feel free to correct me. As a note, I'm still new to all this and have no prior knowledge on what I'm doing. I'm simply following guides and learning on the way. 

Link to comment
15 hours ago, OhShiro said:

Under the assumption that you mean that port 80 would need to be forwarded I went ahead and did that. I also forwarded 1337 as thats the port I enter when making the profile. After making these changes nothing has changed. Same error message. If I misunderstood feel free to correct me. As a note, I'm still new to all this and have no prior knowledge on what I'm doing. I'm simply following guides and learning on the way. 

 

The flow is like this:

- you request a certificate for domain.com (by asking letsencrypt (LC) to do that)

- LC gives you a code (that is put in the .well-known dir)

- LC does a DNS request for your domain.com to get the IP
- LC connects to that domain/IP on port 80 (because: you don't have a certificate yet, so port 80 must be HTTP not HTTPS)

- LC verifies that you "own" the domain by reading the code from the .well-known dir

- LC supplies you with a certificate

 

In this case the error is that is cannot verify the code, why I don't know it could be any of the previous steps. But: usually your NPM cannot be accessed over unsecured HTTP port 80.

Link to comment

Hi Folks,

 

Seems I found a bug with the template.

I configured a custom port for the docker container, although it seems regardless what I configure the base 4443 and 8080 ports are used.

To repro: 

  1. Install NginxProxyManager
  2. Change container ports from 8080 and 4443 to something else1331504422_Customports.thumb.png.45baa14808dc7db42f3a703081c81ee9.png
  3. Once applied, check the port mapping on the docker page1014422328_Stilldefaultsareused.thumb.png.30c7277e2abaa08f74aba206bcb8aeb0.png

 

It's a bit confusing for me why both sides of the port mapping has the container's IP, but my understanding is that the left port is the one that I use to access to the container while the right one is used inside the container.

Anyhow regardless what I configured in the template alway the default ports were in use and not the ones I configured.

 

I'm not familiar how templates are made / maintained, but I hope my explanation was good enough :)

 

regards,

@monghuz

 

 

Edited by monghuz
duplicated screenshot
Link to comment
1 hour ago, monghuz said:

Anyhow regardless what I configured in the template alway the default ports were in use and not the ones I configured.

 

I'm not familiar how templates are made / maintained, but I hope my explanation was good enough :)

as you seem to use custom:br0 (or host mode), so your docker has a LAN IP port mappings are obsolete ... then always the normal ports are used, only in bridge mode (shared ip from unraid host) the mappings are active.

  • Like 1
Link to comment
43 minutes ago, alturismo said:

as you seem to use custom:br0 (or host mode), so your docker has a LAN IP port mappings are obsolete ... then always the normal ports are used, only in bridge mode (shared ip from unraid host) the mappings are active.

 

Hi @alturismo,

 

Thanks for your quick reply. I was not aware of that. Thanks a lot for explaining, I learnt something new today :)

As a side note it would be more straight forward to disable the concerned port field if a non bridge mode is used. Although I appreciate that it would be a feature request and it's not related to a single container.

 

Regards,

Tamas

Link to comment
  • 2 weeks later...

I have been trying to get this to work for two days using a domain I purchased and setup through cloudflare. No matter what I do, I get "Origin is unreachable Error code 523". For privacy reasons, I will refer to the domain I specifically purchased as "mydomain."

  • I setup cloudflare with my personal IP set in the DNS settings. I set a CNAME subdomain for overseerr. I created an Origin SSL certificate through cloudflare and set it to strict. 
  • I forwarded ports 80 and 443 to ports 1880 and 18443 with the IP of my unraid server of 192.168.1.134 within my router.
  • I installed this docker and set network to Bridge. I then set it up with a user and password. I added "overseerr.mydomain.com" as a host and added the origin SSL certificate to it

Originally, going to the web address "overseerr.mydomain.com" would strangely lead to the login page for one of my Reolink security cameras. I disabled UPNP within my router, and then it would only display the cloudflare page with  "Origin is unreachable Error code 523" These are things I have tried;

  • I have tried removing and reinstalling NGINX multiple times with deleting all files in appdata in between.
  • I have tried it on different network setting such as individual docker networks, and Br0(Where an individual IP was assigned, and I changed the IP for the port fowarding in the router respectively) 
  • I have done various testing. I can ping "overseerr.mydomain.com" sucessfully.
  • Running a traceroute ends at the cloudflare servers
  • Scanning open ports for "overseerr.mydomain.com" shows port 80 and 443 open. 
  • Using Telnet, I am able to successfully ping ports 80 and 443 for "overseerr.mydomain.com"
  • whois for "overseerr.mydomain.com" says cloudflare. 
  • I have also tried setting up other subdomains for other dockers. 
  • running a curl command in to see the IP for NGINX and overseer both returns my external IP indicating that they can both reach out to the internet. 
  • I do not see anything strange in the logs for NGINX. 
Link to comment

"Cannot load certificate" - Help!

 

I just started getting this error (see below) in my logs.  The directory is empty beside the README.  Can anyone give me advice on how to fix outside of reinstalling?  I havn't made any changes however, I just replaced my cache drives last week as they were failing.  I "thought" I had backed up/restored everything properly but maybe I didn't.   

 

Thanks for your help.

 

nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/npm-1/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/npm-1/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

Link to comment
On 1/26/2023 at 11:56 PM, Dwiman89 said:

I have been trying to get this to work for two days using a domain I purchased and setup through cloudflare. No matter what I do, I get "Origin is unreachable Error code 523". For privacy reasons, I will refer to the domain I specifically purchased as "mydomain."

  • I setup cloudflare with my personal IP set in the DNS settings. I set a CNAME subdomain for overseerr. I created an Origin SSL certificate through cloudflare and set it to strict. 
  • I forwarded ports 80 and 443 to ports 1880 and 18443 with the IP of my unraid server of 192.168.1.134 within my router.
  • I installed this docker and set network to Bridge. I then set it up with a user and password. I added "overseerr.mydomain.com" as a host and added the origin SSL certificate to it

Originally, going to the web address "overseerr.mydomain.com" would strangely lead to the login page for one of my Reolink security cameras. I disabled UPNP within my router, and then it would only display the cloudflare page with  "Origin is unreachable Error code 523" These are things I have tried;

  • I have tried removing and reinstalling NGINX multiple times with deleting all files in appdata in between.
  • I have tried it on different network setting such as individual docker networks, and Br0(Where an individual IP was assigned, and I changed the IP for the port fowarding in the router respectively) 
  • I have done various testing. I can ping "overseerr.mydomain.com" sucessfully.
  • Running a traceroute ends at the cloudflare servers
  • Scanning open ports for "overseerr.mydomain.com" shows port 80 and 443 open. 
  • Using Telnet, I am able to successfully ping ports 80 and 443 for "overseerr.mydomain.com"
  • whois for "overseerr.mydomain.com" says cloudflare. 
  • I have also tried setting up other subdomains for other dockers. 
  • running a curl command in to see the IP for NGINX and overseer both returns my external IP indicating that they can both reach out to the internet. 
  • I do not see anything strange in the logs for NGINX. 

 

Can you first try it without Cloudflare? Just point directly to your IP. If that does not work it is something with your NPM. If it does work it is something with cloudflare.

Link to comment
18 hours ago, joleger said:

"Cannot load certificate" - Help!

 

I just started getting this error (see below) in my logs.  The directory is empty beside the README.  Can anyone give me advice on how to fix outside of reinstalling?  I havn't made any changes however, I just replaced my cache drives last week as they were failing.  I "thought" I had backed up/restored everything properly but maybe I didn't.   

 

Thanks for your help.

 

nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/npm-1/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/npm-1/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

Nginx wants to load a certificate that does not exist. You can go into the console and run certbot --renew (or something) to fetch new certificates. It might be needed to first remove the SSL config so that nginx start. Or possible you can create an empty file (or self-signed cert) so that it at least loads.

Link to comment
  • 2 weeks later...
On 1/12/2023 at 1:47 AM, MPHxLegend said:

 

Solved, the Certbot couldn't get a callback because I did proxied all my domains on Cloudflare. I reversed the proxy so the certbot could renew the certificates and then proxied the domains after that again. 

Was having the same issue and the same worked for me.  Haven't experienced this before.  Wonder if we'll have to do this on expiration every time or is there is a programmatic resolution.

Link to comment

Hello all,

 

I recently acquired a new server and am looking tomove some dockers to the new server to leave my primary as plex and datastore.  I'm trying to migrate NPM from old server to new but have no idea what I'm doing.  I followed the instructions as best I could from the below link but its not specific to unraid.  I moved the letsencrypt directory as well as the SQLLite DB.  I was able to log in to the new docker and redirected my port forwarding to the new docker but still unable to ouse my external URLs.  Any assistance is greatly appreciated.

 

https://github.com/NginxProxyManager/nginx-proxy-manager/discussions/1529 

Link to comment
14 hours ago, Huascar said:

Hello all,

 

I recently acquired a new server and am looking tomove some dockers to the new server to leave my primary as plex and datastore.  I'm trying to migrate NPM from old server to new but have no idea what I'm doing.  I followed the instructions as best I could from the below link but its not specific to unraid.  I moved the letsencrypt directory as well as the SQLLite DB.  I was able to log in to the new docker and redirected my port forwarding to the new docker but still unable to ouse my external URLs.  Any assistance is greatly appreciated.

 

https://github.com/NginxProxyManager/nginx-proxy-manager/discussions/1529 

 

Please confirm that your IP / open ports are correct. Can you access http://your.ip (from an EXTERNAL connection) would be a place to start. Just to confirm that everything other then NPM is working.

Link to comment

In the last few weeks I've been experiencing extremely slow loading times on pages using nginx proxy manager. qBittorrent, rTorrent, Heimdall, Plex, etc. everything is really, really slow to load. It can take like 2 minutes for a page to resolve for some reason.

 

Some images are not loading at all and I basically have to refresh the page a dozen times before the site seems to "wake up" and actually load fully.

 

I have an extremely fast connection and before these pages would load almost instantly. I haven't changed any settings either.

 

Could someone please give me some tips on how to debug this?

Edited by plantsandbinary
Link to comment

Hi all - i have a strange issue with minecraft that's occurred. 

I setup 2 proxy hosts for 2 seperate minecraft server instances I have running (using crafty 4). It worked great for a couple of days and I am having a few issues now. 

When I access any of my previous working proxy hosts, it sends me to the same minecraft server instance regardless of the address. Krafty 4 appears to be working as I can connect to each individually on my internal network and using the external address with the port referenced. I tried to add a brand new proxy host and it still points to that same server as the previous ones I created.  

I did a couple dnsflushes in an attempt to troubleshoot.  Are there other things I can do in order to troubleshoot? I'm at a loss. 

 

I should mention that when I tested the new proxy address, i setup a new cname on my domain registar. 

 

Edited by ledfortr
Link to comment
  • 2 weeks later...
  • 2 weeks later...

Hello,

I have been accessing several containers on unraid using nginx proxy manager with no issues.

Suddenly today I get and error page stating "DNS address could not be found. DNS_PROBE_POSSIBLE

In Ngnix webgui all the redirects are listed as online and have valid certificates.

All the containers are accessible through the local ip address.

I have no idea what suddenly caused this and would appreciate advice on how to diagnose and fix the error.

In the logs for nginx is does say that some things are depreciated if that's relevant

Thanks in advance

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.