[Support] Djoss - Nginx Proxy Manager


Djoss

Recommended Posts

Hi guys,

 

Thanks for the great container. Amazing work.

 

I'm currently trying to migrate from the also excellent (but  CLI oriented) Jason Wilder nginx-proxy container. 

 

So far I have a couple of problems:

 

  1. IPv6 support. Looks like the proxy is failing to forward to the desired destination when I reach it over IPv6. 
    I'm looking for something around the lines of nginx-proxy's:
    ENABLE_IPV6=true
    Is IPv6 supported?
    I've tried manually adding 
    listen [::]:8080;
     to the server block in /config/nginx/proxy_host/3.conf, however, the proxy is currently returning 502 Bad Gateway:
    $curl -g -6 -v -H "Host: mydomain.local" http://[::1]:8080
    * Rebuilt URL to: http://[::1]:8080/
    *   Trying ::1...
    * TCP_NODELAY set
    * Connected to ::1 (::1) port 8080 (#0)
    > GET / HTTP/1.1
    > Host: mydomain.local
    > User-Agent: curl/7.60.0
    > Accept: */*
    > 
    < HTTP/1.1 502 Bad Gateway
    < Server: nginx
    < Date: Sat, 09 Mar 2019 16:06:32 GMT
    < Content-Type: text/html
    < Content-Length: 166
    < Connection: keep-alive
    < 
    <html>
    <head><title>502 Bad Gateway</title></head>
    <body bgcolor="white">
    <center><h1>502 Bad Gateway</h1></center>
    <hr><center>nginx</center>
    </body>
    </html>
    * Connection #0 to host ::1 left intact

    Error logs:
     

     [error] 872#872: *2 connect() failed (111: Connection refused) while connecting to upstream, client: 172.17.0.1, server: mydomain.local, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:3000/", host: "mydomain.local"

    I can reach port 3000 directly from my host. nginx-proxy container is also able to proxy it with no issues.
     

  2. Consolidated logs. Another problem is consolidating and formatting the logs. I would like to have a consolidated view of the logs (i.e., everything at /config/nginx-proxy-manager/logs/) so that I can send it to another tool. I would also like to be able to customise its format.
    At the moment I'm using multitail to consolidate the logs and manually editing nginx configuration files to customise formatting.  However, it would be great if there was a more permanent solution to the problem.

 

All of the best

Link to comment

I feel like I am missing a step in setting this up.  LetsEncrypt docker serves works perfectly, but when I switch to this I can't reach any dockers.  Here's what I did:

 

1)  Went to CloudFlare and turned off any HTTPS on their end.  Tried both auto and normal DNS forwarding to my IP for each subdomain

2)  Router is forwarding ports 80/443 to 180/1443 found in the NGINX Proxy Manager docker install page.

3)  Switch dockers to all be on bridge mode

4) Added entries to Proxy manager, for example: radarr.mysite.com, scheme: http or https, ip: 192.168.1.99, port: 7878, SSL cert: LE radarr.mysite.com

 

I either get a 502 BAD GATEWAY or ERR_TOO_MANY_REDIRECTS based on what settings I play around with.  The single docker I've gotten to run is the HTML5 Speedtest, and that is the only one to my knowledge that doesn't use SSL.  So I believe it to be a cloudflare or LE SSL issue.  Any advice?

 

edit:

also, I can head to nondockersubdomain.mydomain.com and itll bring me to the "congratulation landing page".

Edited by thrroow
Link to comment
20 hours ago, thrroow said:

I feel like I am missing a step in setting this up.  LetsEncrypt docker serves works perfectly, but when I switch to this I can't reach any dockers.  Here's what I did:

 

1)  Went to CloudFlare and turned off any HTTPS on their end.  Tried both auto and normal DNS forwarding to my IP for each subdomain

2)  Router is forwarding ports 80/443 to 180/1443 found in the NGINX Proxy Manager docker install page.

3)  Switch dockers to all be on bridge mode

4) Added entries to Proxy manager, for example: radarr.mysite.com, scheme: http or https, ip: 192.168.1.99, port: 7878, SSL cert: LE radarr.mysite.com

 

I either get a 502 BAD GATEWAY or ERR_TOO_MANY_REDIRECTS based on what settings I play around with.  The single docker I've gotten to run is the HTML5 Speedtest, and that is the only one to my knowledge that doesn't use SSL.  So I believe it to be a cloudflare or LE SSL issue.  Any advice?

 

edit:

also, I can head to nondockersubdomain.mydomain.com and itll bring me to the "congratulation landing page".

Have you created the origin certificate in cloudflare (under Crypto Tab)?  once you create these you save them as .pem and .key files.  Use these to create the SSL  certificate in proxy manager.  I had to use these SSL certificate to make it work instead of the letsencrypt ones.

Edited by littlebudha
Link to comment
41 minutes ago, littlebudha said:

Have you created the origin certificate in cloudflare (under Crypto Tab)?  once you create these you save them as .pem and .key files.  Use these to create the SSL  certificate in proxy manager.  I had to use these SSL certificate to make it work instead of the letsencrypt ones.

No, I have not.  You use the .key as the Certificate Key and the .PEM as the Certificate and the Intermediate Certificate?

Link to comment

Okay I am going to need a bit more help.

 

This whole time I thought I was setup properly for reverse proxy, and low and behold, it ONLY works when I am on my LAN....of course right!?!??!

 

 

So i have nginx proxy manager installed. 

 

http 1880

https 18443

 

On my router, I have

Ports 80 forwarded to ip (my unraid server) 192.168.0.133:1880

Ports 443 forwarded to ip (my unraid server) 192.168.0.133:18443

 

On my domain I have 
A Record Host * (to allow all subdomains) Value: My IP (its static) TTL Automatic

On NGINX setup I would have

 

Source: subdomain.mydomain.com

Destination: 192.168.0.133:PortToService

 

So when I go to subdomain.mydomain.com it would load up. Thinking this worked Tried from outside, and got buttsquatt.

 

 

When I go to http://mypublicip:80 or http://mypublicip I get the 404 error nginx (that I setup with the proxy)

 

So I tried

Source: subdomain.mydomain.com

Destination: publicIP:PortToService

 

And get a 502 Error.

 

 

Please help?

 

EDIT: to add. When I go to http://mypublicip or http://mypublicip:80 I get the 404 error code I setup with the proxy manager. 

Edited by Nyghthawk
Link to comment
On 3/8/2019 at 4:15 PM, Nyghthawk said:

Trying to get my unifi controller accessible. When I am local and i type http://localip:port to access the login, it lets me log in, then gives me an error on the certificate, etc. When I type in http://unifi.domain it asks to log in like normal, but then does not log in giving me an error. 

Did you enabled WebSocket support?

On 3/8/2019 at 4:15 PM, Nyghthawk said:

also, I did a blanket wildcard record on my domain, so all subdomains will point to "proxy manager has not been setup yet" is this ok?

If you don't have a lot of subdomains to manage, I guess it's better to not have a wildcard record.  Else you can also edit this default page and replace it with a 404 error or something that fit your needs.

On 3/8/2019 at 4:15 PM, Nyghthawk said:

also tried to add SSL, and i get an "internal error", and nothing works, any help with that? apparently creates an SSL but then i get a cipher mismatch or something like that error.

Is the container reachable from the Internet through port 80?

Link to comment
3 minutes ago, Djoss said:

Did you enabled WebSocket support?

If you don't have a lot of subdomains to manage, I guess it's better to not have a wildcard record.  Else you can also edit this default page and replace it with a 404 error or something that fit your needs.

Is the container reachable from the Internet through port 80?

Not sure if you saw my latest post.

 

Problem so far. Can reach the nginx proxy landing page from IP:80, but cannot access ANY other container. 

Link to comment
On 3/9/2019 at 11:42 AM, Cat_Seeder said:

Error logs:
 


 [error] 872#872: *2 connect() failed (111: Connection refused) while connecting to upstream, client: 172.17.0.1, server: mydomain.local, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:3000/", host: "mydomain.local"

I can reach port 3000 directly from my host. nginx-proxy container is also able to proxy it with no issues.

The upstream server IP is 127.0.0.1.  You should set instead a local IP.  If the service is running on unRAID, use the unRAID's IP.

 

Link to comment
5 minutes ago, Nyghthawk said:

Not sure if you saw my latest post.

 

Problem so far. Can reach the nginx proxy landing page from IP:80, but cannot access ANY other container. 

But it's from working from your LAN?

Look at the logs for your proxy host (under /mnt/user/appdata/NginxProxyManager/log/nginx/).

Link to comment
4 minutes ago, Djoss said:

But it's from working from your LAN?

Look at the logs for your proxy host (under /mnt/user/appdata/NginxProxyManager/log/nginx/).

it was working from the lan, so i started over.....

 

Just a question.... in the nginx proxy manger, destination IP would be my "local" ip? or my "public"? (I thought it would be my "local" ip)

Link to comment
Just now, Nyghthawk said:

it was working from the lan, so i started over.....

 

Just a question.... in the nginx proxy manger, destination IP would be my "local" ip? or my "public"? (I thought it would be my "local" ip)

Yes, you need to use the local IP.

Link to comment
2 minutes ago, Djoss said:

Yes, you need to use the local IP.

So...I was right with that at least.

 

So This is mysetup. As a test, just in case my IP is randomly changing (which it shouldn't) I have a free account at duckdns.org.

so I have mydomain.duckdns.org pointing to my IP (which is my static ip).

I have mydomain.com with a CNAME record for subdomain1, subdomain2 pointing to mydomain.duckdns.org. I gave it 30 minutes + to propagate.

 

In nginx proxy manager I have subdomain1.mydomain.com pointing to internal IP of my unraid server 192.168.0.133 Port ####. 

 

In my local network, I go to subdomain1.mydomain.com and I get my proper container.

 

When I try to access subdomain1.mydomain.com from OUTSIDE the LAN, it does not work, however, when I access mystaticip:80 from outside the LAN I get the proxy landing page of "log in to your admin account to setup". 

 

So I figured the following:

 

Port 80 is correctly forwarded.

subdomain on mydomain is correctly forwarding to mydomain.duckdns.org to my home IP.

 

Problem now, is ANYTHING other than port 80 is not working. And I thought the purpose of this proxy manager was to avoid opening up EVERY single port for EVERY single docker. Or do I need to forward EVERY single dockerport in my firewall?

Link to comment
4 minutes ago, Nyghthawk said:

So...I was right with that at least.

 

So This is mysetup. As a test, just in case my IP is randomly changing (which it shouldn't) I have a free account at duckdns.org.

so I have mydomain.duckdns.org pointing to my IP (which is my static ip).

I have mydomain.com with a CNAME record for subdomain1, subdomain2 pointing to mydomain.duckdns.org. I gave it 30 minutes + to propagate.

 

In nginx proxy manager I have subdomain1.mydomain.com pointing to internal IP of my unraid server 192.168.0.133 Port ####. 

 

In my local network, I go to subdomain1.mydomain.com and I get my proper container.

 

When I try to access subdomain1.mydomain.com from OUTSIDE the LAN, it does not work, however, when I access mystaticip:80 from outside the LAN I get the proxy landing page of "log in to your admin account to setup". 

 

So I figured the following:

 

Port 80 is correctly forwarded.

subdomain on mydomain is correctly forwarding to mydomain.duckdns.org to my home IP.

 

Problem now, is ANYTHING other than port 80 is not working. And I thought the purpose of this proxy manager was to avoid opening up EVERY single port for EVERY single docker. Or do I need to forward EVERY single dockerport in my firewall?

So when you access http://subdomain1.mydomain.com from outside the LAN, which error the browser is reporting exactly?

Link to comment
1 hour ago, Nyghthawk said:

can i bypass this, override it with a different ip? i mean port?

 

verified blocked

:(

Then you could use https (443) only, but you would need to provide your own certificates (free certificates through Let'sEncrypt require port 80)...

Link to comment
3 minutes ago, Nyghthawk said:

how do i do this? lol!

What?  Getting your certificates? Since it seems that your domain comes from  namecheap, you can buy certificates from them: https://www.namecheap.com/security/ssl-certificates/

But if you search a little bit, you will find a lot of other places.

Once you have the certificate, you can add it in NginxProxyManager (SSLCertificates->Add SSL Certificate->Custom).

Link to comment
21 minutes ago, Djoss said:

What?  Getting your certificates? Since it seems that your domain comes from  namecheap, you can buy certificates from them: https://www.namecheap.com/security/ssl-certificates/

But if you search a little bit, you will find a lot of other places.

Once you have the certificate, you can add it in NginxProxyManager (SSLCertificates->Add SSL Certificate->Custom).

can I just force someone to use the different port?

 

like http://subdomain.domain:180

 

Its not for production or anything. Just to give a few users outside access to like 1 or 2 subdomains. I can deal without accessing my dockers outside. 

 

Edited by Nyghthawk
Link to comment
2 minutes ago, Djoss said:

Sure this is possible.

is this accomplished through proxy manager? or just opening up the few ports? 

 

could i setup a reverse proxy on an outside host?

 

so 

 

domain.com would forward all requests to remotehost.com which would then put all requests to my homeip:180 (which runs the home reverse proxy)....im just so confused because of this stupid port block......

Edited by Nyghthawk
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.