[Support] Djoss - Nginx Proxy Manager


Djoss

Recommended Posts

Did the issue logging into the UniFI controller ever get resolved? I read about it in this topic, but never saw a resolution. I'm encountering the same thing when connecting through the proxy, whether externally or internally. The UniFi app works fine though using the proxy. I've read elsewhere that people have applied some sort of "referrer" code, but I tried sticking it in the advanced section and mostly just knocked the proxy host offline. Some lines of code that apparently resolved it was the following.

 

	location / {\n\
	proxy_set_header Referer \"\";\n\
	proxy_pass https://localhost:8443;\n\
        proxy_set_header X-Real-IP $remote_addr;\n\
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;\n\
        proxy_set_header Host $host;\n\
        proxy_http_version 1.1;\n\
        proxy_set_header Upgrade \$http_upgrade;\n\
        proxy_set_header Connection \"upgrade\";\n\
	}\n\

 

It does work with Firefox, but not with Chrome.

Edited by Iceman24
Link to comment
4 hours ago, Karatekid said:

Tried to overwrite the Congratulations Page.

This page is used as the default site, when you try to access something that is not configured.  So you can't use it as a static web page.

 

4 hours ago, Karatekid said:

yes. try to learn it buts really complicated if you do it the first one.

I think my problem is, that all the folders which the site (unraid, static,...) refere to are not found.

Can't you use subdomain instead? It's much easier to setup.

 

I did a quick test with unRAID, and the problem is that its web interface references ressources by absolute paths... so I think it's not possible to reverse proxy it the way you want.  It may be the same problem for NPM...  You can open your browser's developper tools and see the paths of the ressources it try to access.  You should see that a lot of them are not accessible because they are not under the proxy's subfolder.

Link to comment

Other than switching unRAID's ports from 80/443 to something else and switching NPM from 1880/18443 to 80/443, is there a better way to setup access to an app that I access from both inside and outside my network that no app I'd access it from allows you to set local and remote ports to use depending on whether you're connected to your WiFI? My issue is that for something like Nextcloud which I'd self host, setting it up via the reverse proxy (which I'd much rather do than just using port forwarding, which I'm trying to get away from for all my apps and utilize NPM instead), causes the issue of NPM by default uses different internal ports than it does external, so it's not practical to reconnect to my server with the Nextcloud app whether I'm inside my network or away every time I need to use it. I have Split DNS setup, but it doesn't change the port, so this doesn't work. I don't want to use Pure NAT or whatever variant of NAT that isn't really the right way to go about it.

 

I've been trying to find out the best way, which might be with HAProxy with pfSense, which is what my router is, but it's setup seems complicated and I don't really know for sure if it does work like that based on research I've done anyways. If I swapped ports with unRAID like I first mentioned, this seems like it was solve issue the easiest, but I'm not sure if that would cause issues or annoyances that aren't worth the hassle. I just want to be able to use the same server IP/Address whether inside or outside my network. Some apps allow this with some of the apps on my unRAID, but not Nextcloud, and not a couple others.

  • Upvote 1
Link to comment
On 4/13/2019 at 4:22 AM, Djoss said:

This page is used as the default site, when you try to access something that is not configured.  So you can't use it as a static web page.

Ahhh :D And currently there is no port for a normal static side

 

On 4/13/2019 at 4:22 AM, Djoss said:

Can't you use subdomain instead? It's much easier to setup.

I only have 10 subdomains :/ this is why i wanted to use subfolders. But I see that this highly complicated.

 

On 4/13/2019 at 4:22 AM, Djoss said:

I did a quick test with unRAID, and the problem is that its web interface references ressources by absolute paths... so I think it's not possible to reverse proxy it the way you want.  It may be the same problem for NPM...  You can open your browser's developper tools and see the paths of the ressources it try to access.  You should see that a lot of them are not accessible because they are not under the proxy's subfolder.

Yes correct you are fully right. For that there are complex rules to forward it which I'm right now not fully understood. But you need to pass every main folder he want to access to the proxy.

Link to comment
On 4/13/2019 at 8:11 PM, Iceman24 said:

Other than switching unRAID's ports from 80/443 to something else and switching NPM from 1880/18443 to 80/443, is there a better way to setup access to an app that I access from both inside and outside my network that no app I'd access it from allows you to set local and remote ports to use depending on whether you're connected to your WiFI? My issue is that for something like Nextcloud which I'd self host, setting it up via the reverse proxy (which I'd much rather do than just using port forwarding, which I'm trying to get away from for all my apps and utilize NPM instead), causes the issue of NPM by default uses different internal ports than it does external, so it's not practical to reconnect to my server with the Nextcloud app whether I'm inside my network or away every time I need to use it. I have Split DNS setup, but it doesn't change the port, so this doesn't work. I don't want to use Pure NAT or whatever variant of NAT that isn't really the right way to go about it.

 

I've been trying to find out the best way, which might be with HAProxy with pfSense, which is what my router is, but it's setup seems complicated and I don't really know for sure if it does work like that based on research I've done anyways. If I swapped ports with unRAID like I first mentioned, this seems like it was solve issue the easiest, but I'm not sure if that would cause issues or annoyances that aren't worth the hassle. I just want to be able to use the same server IP/Address whether inside or outside my network. Some apps allow this with some of the apps on my unRAID, but not Nextcloud, and not a couple others.

You don't really need to have a split DNS setup.  You should be able to access the service from both the outside and inside using the DNS name pointing to your internet IP.  Since your are using pfSense, you can just enable NAT reflection to make it work.

 

This is how I'm setup with OPNsense (similar to pfSense) and it works wonderfully.

Link to comment
14 hours ago, Djoss said:

You don't really need to have a split DNS setup.  You should be able to access the service from both the outside and inside using the DNS name pointing to your internet IP.  Since your are using pfSense, you can just enable NAT reflection to make it work.

 

This is how I'm setup with OPNsense (similar to pfSense) and it works wonderfully.

Thanks, but from prior research NAT Reflection isn't the recommended way to handle such routing. It's recommended to leave it off and use Split DNS, so I am determined to keep it configured that way. Even if nothing else worked, I'd rather work around it be using port 443 internally/externally for NPM and workaround that port being unavailable for unRAID GUI, which I don't access remotely anyways.

Link to comment
10 hours ago, Iceman24 said:

Thanks, but from prior research NAT Reflection isn't the recommended way to handle such routing. It's recommended to leave it off and use Split DNS, so I am determined to keep it configured that way. Even if nothing else worked, I'd rather work around it be using port 443 internally/externally for NPM and workaround that port being unavailable for unRAID GUI, which I don't access remotely anyways.

I think the only downside of NAT reflection is that the firewall is used to handle some internal traffic.  In an enterprise scenario, this can add too much load on the firewall, but I think that in a home setup this is not a concern.

 

https://docs.netgate.com/pfsense/en/latest/book/nat/nat-reflection.html

Link to comment

So I am trying this out with the hope to port my letsencrypt config over to it. When I try to add a certificate, I copy the domain names I am already using in the other container in and it tells me that I am limited to 15 domain names. I have everything configured as subdomains on my server at the moment so there must be at least 30 of them. Can this limit be tweaked at all? Otherwise its unusable for me. I would really like to use it as it looks awesome!

Link to comment
On 4/17/2019 at 4:52 AM, Squiggley said:

So I am trying this out with the hope to port my letsencrypt config over to it. When I try to add a certificate, I copy the domain names I am already using in the other container in and it tells me that I am limited to 15 domain names. I have everything configured as subdomains on my server at the moment so there must be at least 30 of them. Can this limit be tweaked at all? Otherwise its unusable for me. I would really like to use it as it looks awesome!

You mean that you have to add more than 15 DNS names for the same proxy host configuration?

Link to comment
3 hours ago, ExXxtr3me said:

Has someone any success with using the container name instead of the ip in the proxy host? Can't get it to work, pinging the name in cli is working.

Support for this needs to be added.  Currently you need to use an IP address.

Link to comment
4 hours ago, Xaero said:

@Djoss
Any chance of adding SSLH support for this docker? It enables SSH access on the SSL port so that you can SSH into the server using the SSL port on locked down networks. I realize a VPN works around this as well, but would be a neat addition.

A such feature has been requested on the upstream project: https://github.com/jc21/nginx-proxy-manager/issues/22

Link to comment
On 4/23/2019 at 6:15 AM, Squiggley said:

Yes exactly. Instead of accessing the services I run by paths I have them all in sub subdomain.

How many you would need?

I guess the workaround is to use multiple proxy hosts instead of one.

Also, note that it's much easier to configure access to your services via domain names instead of subfolders.

Link to comment
On 4/28/2019 at 6:44 PM, eds said:

Can someone direct me as to how to include a subdomain?   I want use the youtube downloader which requires /youtube-dl to be included in the domain name and I am unclear how to add it.  

I think that what you need is a redirection from something like "http://youtube-dl.mydomain.com" to "http://youtube-dl.mydomain.com/youtube-dl".

Under the Advanced tab of your proxy host configuration, configure the redirection by adding the following line:

location = /{return 301 $scheme://$http_host/youtube-dl;}

Then, under Custom locations tab, add a location for "/youtube-dl".

Link to comment
1 hour ago, Djoss said:

I think that what you need is a redirection from something like "http://youtube-dl.mydomain.com" to "http://youtube-dl.mydomain.com/youtube-dl".

Under the Advanced tab of your proxy host configuration, configure the redirection by adding the following line:


location = /{return 301 $scheme://$http_host/youtube-dl;}

Then, under Custom locations tab, add a location for "/youtube-dl".

Perfect!  Thanks!

Link to comment

Sorry for noob question-

 

Just deployed this docker.  Using BR0 with static IP address and i'm able to hit the website.  Trying to use the default login/password I get the no relevant user found.  What could I be doing wrong? I've tried to deploy container twice. 

 

Skip

Link to comment
On 5/1/2019 at 1:21 AM, Djoss said:

How many you would need?

I guess the workaround is to use multiple proxy hosts instead of one.

Also, note that it's much easier to configure access to your services via domain names instead of subfolders.

oh errrrrrr at a guess 30ish..... is there a reason to constrain it to be low?

 

thanks!

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.