Djoss Posted January 9, 2019 Author Share Posted January 9, 2019 2 hours ago, oicydwa said: I know how macvlan works. I just had esxi installed with docker running on fedora and all my containers were setup for macvlan. Everything was working fine, once I figured out how to do what I wanted it to do. Even had NginxProxyManager setup. However, I don't understand why the external port cannot be changed on a macvlan connection with some containers like this one on unraid. In order to run this proxy manager, I am forced to use non standard http and https ports or risk port conflicts, and standard http and https ports on this one container are the most crucial because everything else I can just proxy. However when I was running it in docker on fedora I was able to adjust the external ports just fine. I don't understand how that functionality is lost simply because of the platform I'm running it on?! <edit> As for changing the ports means changing the container, i disagree. I only want to change the external ports. Can you provide more details on how you were adjusting external ports on fedora? Were you creating containers manually using the "docker run" command? Quote Link to comment
oicydwa Posted January 9, 2019 Share Posted January 9, 2019 7 minutes ago, Djoss said: Can you provide more details on how you were adjusting external ports on fedora? Were you creating containers manually using the "docker run" command? Yes. I did everything commandline, as docker cannot assign macvlan IP's and ports through portainer at all. Seems almost like docker doesn't want people using macvlan, and that doesn't make sense to me. I don't understand how 'bridge' can be called that, when it doesn't bridge to an actual device. I don't understand what benefit there is to virtualizing, if everything is only going to be accessible through that one IP. It boggles my mind. The more I research how to overcome this issue, the more I want to ditch unraid. It's go so much going for it that I love, but this one issue is a big one for me. Don't worry about it anymore. I think I'm going to just put fedora on a VM and put docker in it. Just irritates me. Thanks for your help though. NPM is a great software, I'm just frustrated with the lack of configuration for macvlan. Quote Link to comment
Djoss Posted January 9, 2019 Author Share Posted January 9, 2019 6 minutes ago, oicydwa said: I don't understand how 'bridge' can be called that, when it doesn't bridge to an actual device. Agree on this, the name is confusing! 7 minutes ago, oicydwa said: I don't understand what benefit there is to virtualizing, if everything is only going to be accessible through that one IP. It boggles my mind. I think it's not a virtualization benefit, but an isolation benefit. A container can have multiple services running and you don't want/need to expose them to the whole network. This way, you reduce the attack surface. Also, I see a docker container as an application running on the host, not as a mini VM. I have almost 40 containers running on unRAID and I'm happy they don't take each an IP. 14 minutes ago, oicydwa said: I think I'm going to just put fedora on a VM and put docker in it I would still be interested to see the docker command you use on fedora to create a container with macvlan and "external" ports adjusted. Unless the container itself offer a way to configure ports it uses, I don't see how this is possible. But maybe I miss something Finally, the docker command you use on fedora should also runs on unRAID. unRAID is just a Linux distro with docker installed. There is no magic. Quote Link to comment
oicydwa Posted January 9, 2019 Share Posted January 9, 2019 1 minute ago, Djoss said: Agree on this, the name is confusing! I think it's not a virtualization benefit, but an isolation benefit. A container can have multiple services running and you don't want/need to expose them to the whole network. This way, you reduce the attack surface. Also, I see a docker container as an application running on the host, not as a mini VM. I have almost 40 containers running on unRAID and I'm happy they don't take each an IP. I would still be interested to see the docker command you use on fedora to create a container with macvlan and "external" ports adjusted. Unless the container itself offer a way to configure ports it uses, I don't see how this is possible. But maybe I miss something Finally, the docker command you use on fedora should also runs on unRAID. unRAID is just a Linux distro with docker installed. There is no magic. After I configure the macvlan interface, which took me almost 4 hours to figure out (I have a youtube video to prove it under this same name) all I do is run And I just realized why this one looks differently. Apparently someone else has a docker image of this project and I used it on my fedora docker. Yours is the only one in Unraid apps. docker run -d --network br0 --ip=10.1.0.7 -p 80:80 -p 81:81 -p 443:443 -v /home/user/npm/config.json:/app/config/production.json -v /home/user/npm/data:/data -v /home/user/npm/letsencrypt:/etc/letsencrypt --name NginxProxyManager jc21/nginx-proxy-manager:2 Regardless, It won't work either because of Unraid's limitation on configuring ports for macvlan. I have done some testing and apparently if I change the adapter to br0, I completely lose the ability to configure the ports. Which seems really dumb to me! I don't understand why they would even have macvlan as an option if you can't even configure the container at that point?! Quote Link to comment
oicydwa Posted January 9, 2019 Share Posted January 9, 2019 As a point of fact though.... whenever I put in the above command it spun up the container and everything worked as expected (except I didn't install mariadb yet) I did the same for your container docker run -d --network br0 --ip=10.1.0.7 -p 80:8080 -p 81:8181 -p 443:4443 -v /docker/appdata/nginx-proxy-manager:/config --name NginxProxy jlesage/nginx-proxy-manager and your container forces 8080, 8181, and 4443.... So in the end, my biggest beef is with unraid's diminished support for macvlan, but also in part your container forcing those ports externally Quote Link to comment
Djoss Posted January 9, 2019 Author Share Posted January 9, 2019 I don't think there is any limitation with macvlan and unRAID. The "-p" parameter in the docker run command is not used when using macvlan. Try to change the mapping of a port. For example, you could try the following command on fedora, with the jc21's container: docker run -d --network br0 --ip=10.1.0.7 -p 80:80 -p 8181:81 -p 443:443 -v /home/user/npm/config.json:/app/config/production.json -v /home/user/npm/data:/data -v /home/user/npm/letsencrypt:/etc/letsencrypt --name NginxProxyManager jc21/nginx-proxy-manager:2 I'm pretty sure the management interface will still be reachable on port 81, not 8181 as indicated by the "-p" parameter. You could also remove all "-p" parameters and all ports will still be accessible. But I agree with you: since my container is not using ports 80 and 443, macvlan is not an option if you cannot configure port forwarding. Note that I choose to use unprivileged ports so that nothing inside the container needs to be run as root, which is again a better security practice. Quote Link to comment
bigbadblo Posted January 10, 2019 Share Posted January 10, 2019 Just a quick thank you Djoss -- I'm loving the ease of setting up reverse proxies for all the ridiculous stuff I previously had port-forwarded through my router. Using a DDNS integration between my router directly (AsusWrt Merlin firmware) to Google Domains, once I had the awareness to generate CNAME entries for the services I wanted access to -- and pointing those CNAMEs back to the synthetic DNS address -- using this proxy manager worked flawlessly. Really impressed with the ease and simplicity of this setup - especially since it's allowed someone like myself with little to no understanding of the complexities involved in manually creating a reverse proxy into a simple 10 minute affair. Thank you very, very much! 1 Quote Link to comment
Random.Name Posted January 12, 2019 Share Posted January 12, 2019 Well, i just set this up for testing and i really like the WebUi. I just setup a new SSl Certificate via the UI and accourding to the UI and the Logs everything should be running. After that i tried to setup my first reverse proxy to my speedtest docker sadly no matter what i choose i get a ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error message in Chrome...any ideas? if i try to connect from my phone (mobile connection) i geht ERR_SSL_PROTOCOL_ERROR any ideas? Quote Link to comment
Djoss Posted January 14, 2019 Author Share Posted January 14, 2019 On 1/12/2019 at 12:34 PM, Random.Name said: Well, i just set this up for testing and i really like the WebUi. I just setup a new SSl Certificate via the UI and accourding to the UI and the Logs everything should be running. After that i tried to setup my first reverse proxy to my speedtest docker sadly no matter what i choose i get a ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error message in Chrome...any ideas? if i try to connect from my phone (mobile connection) i geht ERR_SSL_PROTOCOL_ERROR any ideas? Are you accessing the site via its DNS name? What https://www.ssllabs.com/ssltest/analyze.html is saying? Quote Link to comment
n3ro365 Posted January 17, 2019 Share Posted January 17, 2019 Hello I am new here and uses Unraid for the first time. I would like to test the proxy manager and forward it to the Unraid GUI. If everything works, then Nextcloud, etc. I put the Unraid GUI on port 8008. The ports for the proxy manager are set as in the picture. In the router (FritzBox) I forwarded the ports 80 and 443 to the ports of the proxy manager. 80 -> 8080/443 -> 4443 In duckdns I have created a subdomain. What should I specify in the proxy manager? Which IP? The ones from Unraid or from the router? Would be nice if someone could help me there. Many Thanks. Quote Link to comment
Djoss Posted January 17, 2019 Author Share Posted January 17, 2019 30 minutes ago, OOmatrixOO said: Hello I am new here and uses Unraid for the first time. I would like to test the proxy manager and forward it to the Unraid GUI. If everything works, then Nextcloud, etc. I put the Unraid GUI on port 8008. The ports for the proxy manager are set as in the picture. In the router (FritzBox) I forwarded the ports 80 and 443 to the ports of the proxy manager. 80 -> 8080/443 -> 4443 In duckdns I have created a subdomain. What should I specify in the proxy manager? Which IP? The ones from Unraid or from the router? Would be nice if someone could help me there. Many Thanks. You put the IP/port of the service you want to forward to on your local network. So in your case, if you want to forward to unRAID UI, your put the local IP of unRAID and port 8008. Quote Link to comment
n3ro365 Posted January 17, 2019 Share Posted January 17, 2019 Thanks i changed this. Now i have the message 502 Bad Gateway. Quote Link to comment
Djoss Posted January 17, 2019 Author Share Posted January 17, 2019 9 minutes ago, OOmatrixOO said: Thanks i changed this. Now i have the message 502 Bad Gateway. This is usually shown when the forward IP/port is incorrect. Is your unraid UI accessible via http or https? You can also check /mnt/user/appdata/NginxProxyManager/log/nginx/error.log. You should see messages about about the failure. Quote Link to comment
ikiwi Posted January 17, 2019 Share Posted January 17, 2019 Hi Djoss! Just wanted to say thank you so much for this docker, it's a just pleasure to set everything up in gui and within couple of clicks another service is up and running. Quote Link to comment
n3ro365 Posted January 17, 2019 Share Posted January 17, 2019 10 hours ago, Djoss said: This is usually shown when the forward IP/port is incorrect. Is your unraid UI accessible via http or https? You can also check /mnt/user/appdata/NginxProxyManager/log/nginx/error.log. You should see messages about about the failure. Yes, you were right. 8008 is the http port. I have changed the Scheme to http and now the access works. Thank you for your help. Quote Link to comment
Fiala06 Posted January 18, 2019 Share Posted January 18, 2019 Thanks for this, works great and has saved me a ton of time! I'm having an issue though. When I have my pihole running, I can't add ssl certs. I receive the error "Internal Error". I've disabled all blacklists in pihole yet something is still stopping it. Once I remove pihole from the equation everything works. I've watched the query log and not ever shows as blocked. Any ideas? Quote Link to comment
buzzra Posted January 20, 2019 Share Posted January 20, 2019 If I go to the homepage listed in the OP, https://nginxproxymanager.jc21.com, and then click on the githublink on that page, I get a different github repository than listed in the OP, https://github.com/jlesage/docker-nginx-proxy-manager. So which one is the correct one? It appears that the Unraid template is using the jlesage repository, but in a previous post here, someone requested feature requests and bugs be reported to the jc21 repository. So, what's the difference and which one should we be using? If I'm using jlesage version on Unraid, why report bugs to jc21? buzz Quote Link to comment
Squid Posted January 20, 2019 Share Posted January 20, 2019 (edited) 11 hours ago, buzzra said: So which one is the correct one? They're both correct. Depends upon what you want. jc21 is the author of the app itself and maintains the github for the app. DJoss is the author of the container (which includes the app) and maintains it. 11 hours ago, buzzra said: why report bugs to jc21? Because 99% of the time, any bug is with the app itself, and not with the container. It's kinda akin to getting food poisoning from eating cereal. Is the cereal itself bad (the app), or is it the box (djoss' container) that then transferred something to the cereal? Edited January 20, 2019 by Squid Quote Link to comment
buzzra Posted January 20, 2019 Share Posted January 20, 2019 11 hours ago, Squid said: They're both correct. Depends upon what you want. jc21 is the author of the app itself and maintains the github for the app. DJoss is the author of the container (which includes the app) and maintains it. Because 99% of the time, any bug is with the app itself, and not with the container. It's kinda akin to getting food poisoning from eating cereal. Is the cereal itself bad (the app), or is it the box (djoss' container) that then transferred something to the cereal? Thanks for the explanation. Makes complete sense. And thanks Djoss for packaging this up in an Unraid container. I hope no one was offended by my questions. I just saw both and had not seen an explanation of the relationship. I will be installing this and moving my other containers to it. It looks to be VERY easy to manage. I have been using a sort of 'automatic' reverse proxy named nginx-proxy (https://hub.docker.com/r/jwilder/nginx-proxy/~/dockerfile/) but it took a lot to get it working in Unraid. Thanks again to everyone supporting this project. buzz Quote Link to comment
GreenEyedMonster Posted January 21, 2019 Share Posted January 21, 2019 Ombi isn't working with this. I see the website but I can't login. If I try to log into Ombi with my plex account it just sends me to small login window again. Looks like this: https://snag.gy/3ldut5.jpg Any ideas?? Quote Link to comment
Djoss Posted January 21, 2019 Author Share Posted January 21, 2019 On 1/18/2019 at 3:20 PM, Fiala06 said: Thanks for this, works great and has saved me a ton of time! I'm having an issue though. When I have my pihole running, I can't add ssl certs. I receive the error "Internal Error". I've disabled all blacklists in pihole yet something is still stopping it. Once I remove pihole from the equation everything works. I've watched the query log and not ever shows as blocked. Any ideas? Sorry I never used pihole, but it is possible that it forces some http to https redirection? Quote Link to comment
Djoss Posted January 21, 2019 Author Share Posted January 21, 2019 6 hours ago, GreenEyedMonster said: Ombi isn't working with this. I see the website but I can't login. If I try to log into Ombi with my plex account it just sends me to small login window again. Looks like this: https://snag.gy/3ldut5.jpg Any ideas?? Ombi is working fine for me. Are you able to login when accessing Ombi via the local IP address? 1 Quote Link to comment
GreenEyedMonster Posted January 22, 2019 Share Posted January 22, 2019 (edited) 17 hours ago, Djoss said: Ombi is working fine for me. Are you able to login when accessing Ombi via the local IP address? Yes, just fine from local IP address. I'm reinstalling it now and see if that fixes it. Still the same. These are my settings... what am I missing?! Edited January 22, 2019 by GreenEyedMonster Quote Link to comment
InfinitelySteve Posted January 24, 2019 Share Posted January 24, 2019 On 1/21/2019 at 7:38 PM, GreenEyedMonster said: Yes, just fine from local IP address. I'm reinstalling it now and see if that fixes it. Still the same. These are my settings... what am I missing?! If you disable Websockets Support then Plex authentication should work. I haven't looked into exactly why though. Quote Link to comment
GreenEyedMonster Posted January 24, 2019 Share Posted January 24, 2019 12 hours ago, InfinitelySteve said: If you disable Websockets Support then Plex authentication should work. I haven't looked into exactly why though. Thank you!! That worked perfectly!!! Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.