[Support] Djoss - Nginx Proxy Manager


Djoss

Recommended Posts

5 hours ago, Skipdog said:

If I change to Bridge mode, the docker won't be able to proxy for my "host" dockers correct? 

Yes, it should work with containers in host mode.  The scenario where is may not work is when you assign an IP to containers.

Link to comment
1 hour ago, Djoss said:

So your nextcloud container seems to be the problem.  Can it resolve other DNS names (like www.google.com)?

Yes, which is what I find so weird.   It won't even resolve nextcloud.mydomainname.com.   

I get the error: wget bad address https://nextcloud.mydomainname.com.   Not sure what that even means. 

 

Also, I should state, if I take the docker out of bridge mode (and give the docker its own ip), I can resolve the domain names, even nextcloud.mydomainname.com.

Edited by eds
update
Link to comment
On 5/3/2019 at 11:23 AM, Djoss said:

The fact that this container runs in bridge mode doesn't not prevent your to use other containers with different network mode.

 

The scenario where you can have some limitations is when you run this container in another mode than bridge.

I think we are talking at cross purposed here... I am not using subfolders I am using subdomains. 

I will try it again and see if its me being a dufus

 

thanks

Link to comment
On 5/6/2019 at 10:14 PM, eds said:

Yes, which is what I find so weird.   It won't even resolve nextcloud.mydomainname.com.   

I get the error: wget bad address https://nextcloud.mydomainname.com.   Not sure what that even means. 

 

Also, I should state, if I take the docker out of bridge mode (and give the docker its own ip), I can resolve the domain names, even nextcloud.mydomainname.com.

"Bad address" means that the DNS name cannot be resolved.  You can check the content of "/etc/resolv.conf", both on unRAID and in the container to see if your DNS server is properly used.

Link to comment

 

35 minutes ago, Djoss said:

 You can check the content of "/etc/resolv.conf", both on unRAID and in the container to see if your DNS server is properly used.

 

Interesting.  Are you saying I should I see the domain name here?

Link to comment

 

 

5 hours ago, Djoss said:

"Bad address" means that the DNS name cannot be resolved.  You can check the content of "/etc/resolv.conf", both on unRAID and in the container to see if your DNS server is properly used.

4 hours ago, eds said:

 

 

Interesting.  Are you saying I should I see the domain name here?

OK, so I added the domain name to the resolv.conf manually.  Unraid can resolve the url, but nextcloud still cannot.   Clearly the issue is with the nextcloud docker.   Will try to use a static ip and see if that works. 

 

Thanks. 

 

 

Link to comment
4 hours ago, malac said:

are there plans to add fail2ban?

Not for the moment.  I would prefer an implementation of fail2ban that is not tied to a particular container, since fail2ban would be typically used by multiple containers/services.

Link to comment
5 hours ago, Djoss said:

Not for the moment.  I would prefer an implementation of fail2ban that is not tied to a particular container, since fail2ban would be typically used by multiple containers/services.

i use macvlan for all my docker images, so for the ban action i would need fail2ban integrated in this docker i think?

Link to comment

I updated nginxproxymanager last night and today I noticed that nextcloud wasn't connecting. I confirmed that my nslookups are still hitting my WAN IP, but none of my subdomains configured through nginxproxymanager are currently working. I did not change any configuration within the container. Is anyone else experiencing this?

Link to comment

Question. I have HTTP AUTH enabled for my dockers proxied, however I need to expose an endpoint for SAB to be able to fetch from Hydra. Obviously when SAB goes to do that currently, its met with a 401 not authorized. is there a way to expose the endpoint needed to fetch The NZB from hydra without exposing the entire domain?

 

hydra.mydomain.tld/getnzb is what I need to expose for this to work. Is what I need possible with NPM?

 

Or... is there a way to whitelist SAB from requiring authorization?

Edited by MowMdown
Link to comment
On 5/9/2019 at 8:34 PM, Djoss said:

You should see a like this:


nameserver <IP of your DNS server>

 

Ok, well I do see the ip of the dns server in the resolv.conf file.   

 

What is curious is I am seeing errors that look like this in the npm log:

 

nginx: [emerg] host not found in resolver "<mydomainname.com>" in /etc/nginx/conf.d/include/resolvers.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed
 

How to fix?

 

Link to comment
On 5/10/2019 at 4:56 PM, hmoney007 said:

I updated nginxproxymanager last night and today I noticed that nextcloud wasn't connecting. I confirmed that my nslookups are still hitting my WAN IP, but none of my subdomains configured through nginxproxymanager are currently working. I did not change any configuration within the container. Is anyone else experiencing this?

Are you able to access the Nginx Proxy Manager interface?

Link to comment
On 5/10/2019 at 7:38 PM, MowMdown said:

Question. I have HTTP AUTH enabled for my dockers proxied, however I need to expose an endpoint for SAB to be able to fetch from Hydra. Obviously when SAB goes to do that currently, its met with a 401 not authorized. is there a way to expose the endpoint needed to fetch The NZB from hydra without exposing the entire domain?

 

hydra.mydomain.tld/getnzb is what I need to expose for this to work. Is what I need possible with NPM?

 

Or... is there a way to whitelist SAB from requiring authorization?

Do you need your endpoint to be accessible from the Internet ?

Link to comment
On 5/10/2019 at 10:20 PM, eds said:

Ok, well I do see the ip of the dns server in the resolv.conf file.   

 

What is curious is I am seeing errors that look like this in the npm log:

 

nginx: [emerg] host not found in resolver "<mydomainname.com>" in /etc/nginx/conf.d/include/resolvers.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed
 

How to fix?

 

What is the content of /mnt/user/appdata/NginxProxyManager/nginx/resolvers.conf ?

Look s like it is not correctly generated.

Link to comment
6 minutes ago, Djoss said:

Are you able to access the Nginx Proxy Manager interface?

I apologize for not updating this. I was getting errors in the nginx proxy manager interface when trying to make changes to a new proxy host. I took a screenshot of my config, deleted the docker container + folder within appdata and then installed and configured it fresh. It's now working as expected!

 

One thing I did notice: when adding multiple proxy hosts i went back to confirm that all of the settings were correct and noticed that almost all of my newly-configured proxy hosts had all of the options unchecked in the SSL tab, and I am 100% sure that I had checked them all off.

Link to comment
13 hours ago, Djoss said:

What is the content of /mnt/user/appdata/NginxProxyManager/nginx/resolvers.conf ?

Look s like it is not correctly generated.

 

This is what I have:

 

resolver 1.1.1.1 1.0.0.1 192.168.0.1 ;

Link to comment
On 5/12/2019 at 10:15 PM, Djoss said:

Do you need your endpoint to be accessible from the Internet ?

Basically I want to be able to whitelist the /getnzb endpoint so I can fetch the URL without needing http auth.

 

Sabnzbd has two methods of retrieving nzb files. you can upload the data to sab OR you can have sab fetch the data from a URL. The URL needed to fetch the data is behind hydra.mydomain.tld/getnzb/some_nzb_file.nzb however because I put hydra.mydomain.tld behind http_auth, sab is greeted with  a 401 error (no authorization) (maybe what I am asking is not possible due to limitations of nginx)

 

I either need to whitelist the /getnzb endpoint ONLY so no http auth is required OR somehow allow sab through the auth. It's not the end of the world but I would prefer the fetch method over upload.

 

I was trying to edit the .conf using this documentation with no sucsess

 

Edit: I think I figured it out, I went in and created a custom location "/getnzb" and used the same IP:PORT as the main proxy and it seems to work. however if you try to normally access it, it will give you an AUTH form so it's not accessible from a browser. Safe enough for me.

Edited by MowMdown
Link to comment
On 5/13/2019 at 11:28 AM, eds said:

 

This is what I have:

 

resolver 1.1.1.1 1.0.0.1 192.168.0.1 ;

This seems valid...  Are you getting this error regularly ?  Or are you sure you got the error while the content of the file was the one you provided?

Link to comment
On 5/14/2019 at 4:17 PM, MowMdown said:

Basically I want to be able to whitelist the /getnzb endpoint so I can fetch the URL without needing http auth.

 

Sabnzbd has two methods of retrieving nzb files. you can upload the data to sab OR you can have sab fetch the data from a URL. The URL needed to fetch the data is behind hydra.mydomain.tld/getnzb/some_nzb_file.nzb however because I put hydra.mydomain.tld behind http_auth, sab is greeted with  a 401 error (no authorization) (maybe what I am asking is not possible due to limitations of nginx)

 

I either need to whitelist the /getnzb endpoint ONLY so no http auth is required OR somehow allow sab through the auth. It's not the end of the world but I would prefer the fetch method over upload.

 

I was trying to edit the .conf using this documentation with no sucsess

 

Edit: I think I figured it out, I went in and created a custom location "/getnzb" and used the same IP:PORT as the main proxy and it seems to work. however if you try to normally access it, it will give you an AUTH form so it's not accessible from a browser. Safe enough for me.

Or if you can fetch by using the local IP address you would bypass NginxProxyManager.

Link to comment
12 hours ago, Djoss said:

Or if you can fetch by using the local IP address you would bypass NginxProxyManager.

 

Hydra doesn't work that way if you aren't accessing it by local ip (it's weird I know). I don't think the dev has any plans on changing that either.

 

Basically if I visit "hydra.mydomain.tld" it generates the links as "hydra.mydomain.tld/getnzb/..." instead of "http://192.168.1.200:5076/getnzb/…"

 

It's fine though, I found a work around for it, thanks though. 

Edited by MowMdown
Link to comment
13 hours ago, Djoss said:

This seems valid...  Are you getting this error regularly ?  Or are you sure you got the error while the content of the file was the one you provided?

I'm not seeing the error right now so it appears to be exclusive to whatever issue I am having with the subdomain assigned to nextcloud. 

Link to comment
On 3/25/2019 at 5:08 AM, Djoss said:

The scheme you are configuring is for the forwarded host (i.e. how you access your internal service) and is not related to how it is accessed externally.

To better help you, please provide a screenshot of your proxy host configuration and a screenshot of the browser's error.

 

First off sorry for the really late reply, hope someone can still help. 

1938306502_ScreenShot2019-05-18at8_05_29PM.png.3f1c49635625216dc440975d9e48a5b5.png

This setup will not work. I get The following error 

1595639049_ScreenShot2019-05-18at8_11_36PM.thumb.png.873589efb09ab53933332401a9495c63.png

But if I change the Scheme to HTTP: I can externally access it, but if I go to the nav bar and directly add the `s` to the URL, it still works. 

Link to comment
On 5/16/2019 at 9:11 AM, eds said:

I'm not seeing the error right now so it appears to be exclusive to whatever issue I am having with the subdomain assigned to nextcloud. 

Can you confirm that you are still getting the error and if yes take the content of /mnt/user/a ppdata/NginxProxyManager/nginx/resolvers.conf at that moment?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.