Froberg Posted July 27, 2019 Share Posted July 27, 2019 Try forcing SSL for a start. Quote Link to comment
deadletters Posted July 28, 2019 Share Posted July 28, 2019 (edited) 22 hours ago, Froberg said: Try forcing SSL for a start. I just enabled Force SSL and the proxy host still says offline. I don't know if it's related but when I go to the domain validation file that Let's Encrypt generates in my browser, I get a 403 error. I thought that Let's Encrypt would be looking for a 200 response on that file so I feel like that's not good. Edited July 28, 2019 by deadletters added a word Quote Link to comment
tmchow Posted July 28, 2019 Share Posted July 28, 2019 I have zerotier running on my unraid box and only want to use NPM with my zerotier IP. Reason is services I want to expose to the internet don’t need to be accessible on my WAN IP. Every device I use to connect has a zerotier client installed so I figure it’s better security (defense in depth) to limit access to zerotier IP Is this possible to configure? Quote Link to comment
deadletters Posted July 28, 2019 Share Posted July 28, 2019 (edited) So far these are the only settings I've found that will show the Proxy Host is online: However, this generates an NGINX 400 Error: I'll also just add that I can pull everything up by going to https://public-ip:port without a problem. Edited July 28, 2019 by deadletters more info Quote Link to comment
deadletters Posted July 29, 2019 Share Posted July 29, 2019 I ended up just reinstalling NPM and purchasing my own cert Quote Link to comment
cagemaster Posted July 30, 2019 Share Posted July 30, 2019 Can someone explain the functionality of the 'streams' function? I want to know how it works and what is does 1 Quote Link to comment
Djoss Posted August 1, 2019 Author Share Posted August 1, 2019 On 7/26/2019 at 12:38 AM, PSYCHOPATHiO said: yes, it is in docker mode. I tried every possible variation from docker mode, host mode, different ips & last night I wiped my pfsense & reinstalled fresh copy & spent a couple of hours re-configuring to find out i still get bad gateway. I think the problem is somewhere in the docker configuration or network on the unraid server it self but I cant find it. Usually the bad gateway error occurs when NPM can't communicate with the service. Can you share a screenshot of your Docker page so we can see basic config of your containers? Quote Link to comment
Djoss Posted August 1, 2019 Author Share Posted August 1, 2019 On 7/28/2019 at 2:35 PM, tmchow said: I have zerotier running on my unraid box and only want to use NPM with my zerotier IP. Reason is services I want to expose to the internet don’t need to be accessible on my WAN IP. Every device I use to connect has a zerotier client installed so I figure it’s better security (defense in depth) to limit access to zerotier IP Is this possible to configure? nginx has the ability to "allow" and/or "deny" IP addresses/subnets (see http://etapien.com/guides/nginx-allow-access-certain-ips/ for examples). Try the add this under the "Advanced" tab of your proxy host configuration. 1 Quote Link to comment
Djoss Posted August 1, 2019 Author Share Posted August 1, 2019 On 7/28/2019 at 8:46 PM, deadletters said: I ended up just reinstalling NPM and purchasing my own cert Did you check the reason why your proxy host was offline? You can check it by letting your mouse pointer on the red dot. Quote Link to comment
Djoss Posted August 1, 2019 Author Share Posted August 1, 2019 On 7/30/2019 at 6:29 AM, cagemaster said: Can someone explain the functionality of the 'streams' function? I want to know how it works and what is does It allows you to forward UDP/TCP traffic to another host. You can google for "nginx stream module" for more details. Quote Link to comment
PSYCHOPATHiO Posted August 1, 2019 Share Posted August 1, 2019 2 hours ago, Djoss said: Usually the bad gateway error occurs when NPM can't communicate with the service. Can you share a screenshot of your Docker page so we can see basic config of your containers? never mind, I hosted NPM docker on my other unraid server & it works. Quote Link to comment
mysterio0 Posted August 7, 2019 Share Posted August 7, 2019 I am able to connect to novnc after setting up the reverse proxy but I keep getting stuck at the connecting screen and get error "Failed to connect to server". Do I have to do some further configuration on novnc part to get it to work? Any help is appreciated. Quote Link to comment
Djoss Posted August 9, 2019 Author Share Posted August 9, 2019 On 8/7/2019 at 10:34 AM, mysterio0 said: I am able to connect to novnc after setting up the reverse proxy but I keep getting stuck at the connecting screen and get error "Failed to connect to server". Do I have to do some further configuration on novnc part to get it to work? Any help is appreciated. Did you enabled WebSocket support? Quote Link to comment
Saldash Posted August 10, 2019 Share Posted August 10, 2019 (edited) On 12/29/2018 at 10:07 PM, Djoss said: This docker is for people with little to no knowledge about nginx. It was not done with manual configuration file editing in mind. Some static configuration files are inside the container itself (/etc/nginx), while generated files are stored under the app data folder. If you want to migrate from LE docker, you should not try to replicate your config files, but instead, use the UI to re-create the same functionality (again, this container doesn't support subfolders yet). Hi, I have a need to access the nginx.conf file to try and fix a problem I'm having with larger header sizes with IdentityServer. Specifically in relation to: https://stackoverflow.com/a/48971393/4953847 How can I set the following values for this container? http{ ... proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; large_client_header_buffers 4 16k; ... } Currently I'm able to authenticate my app but I immediately get redirected to a 502 Bad Gateway from nginx. Edited August 10, 2019 by Saldash Quote Link to comment
Karatekid Posted August 12, 2019 Share Posted August 12, 2019 Is there a possibility to reset the user and password. Quote Link to comment
Orejo Posted August 13, 2019 Share Posted August 13, 2019 First of all, thanks a lot for creating this docker container. I‘ve run into a couple of issues, I simply couldn‘t solve myself. What I‘ve done so far: 1) I opened ports 80 and 443 on my router and forwarded them to 1880 and 18443 on the server. Both ports seem to be open. 2) I set up a DuckDNS container and verified that it shows my public IP. 3) I registered a domain and created a few CNAMES, i.e. sonarr.mydomain.com and plex.mydomain.com, both of which point to the DuckDNS domain (see above). I pinged sonarr.mydomain.com to verify that I see my public IP and it worked. 4) I installed the Nginx Proxy Manager docker and it proceeded without any errors. I didn’t have to set up a MariaDB database, which was odd for me, because I thought I‘d have to create a DB on my own. I then changed the admin password and I was able to access the GUI. 5) I created a new host entry for Sonarr and I used HTTP to check if it works. After that, I was able to access sonarr.mydomain.com. To secure it, I then wanted to set up https with a LE cert. I opened the Sonarr container, enabled SSL and headed back to the Nginx Proxy Manager docker, where I switched the host entry to https and change the port according to Sonarr‘s SSL port. Problem: This is where I got stuck. I couldn‘t access the site anymore and had to switch back to HTTP. For now, I’ve closed both ports for security reasons before I sit down and try to solve the issue with your appreciated input. Tl;dr: HTTP access works, HTTPS doesn‘t. Both ports seem to be forwarded correctly, custom domain. Quote Link to comment
dalben Posted August 14, 2019 Share Posted August 14, 2019 (edited) I've searched the thread but couldn't find a clear and simple way of using this docker to stop the Unifi Controller docker from throwing security errors. What's the easiest way to add a letsencrypt cert to the unifi container? Edited August 14, 2019 by dalben Quote Link to comment
jerseyknoll Posted August 15, 2019 Share Posted August 15, 2019 I have a number of dockers already setup and working correctly with NPM but when I try to add Ombi I get the following error. Saving debug log to /config/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for ombi.jerseyknoll.com Using the webroot path /config/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Cleaning up challenges Failed authorization procedure. ombi.jerseyknoll.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://ombi.jerseyknoll.com/.well-known/acme-challenge/pXsn4eZtFYYbBeoXjGKd93cmOWqgMFCFqnatTan-6_I [69.162.80.56]: "<html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://ombi.jerseyknol" letsencrypt.log Quote Link to comment
Djoss Posted August 19, 2019 Author Share Posted August 19, 2019 On 8/10/2019 at 5:28 PM, Saldash said: Hi, I have a need to access the nginx.conf file to try and fix a problem I'm having with larger header sizes with IdentityServer. Specifically in relation to: https://stackoverflow.com/a/48971393/4953847 How can I set the following values for this container? http{ ... proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; large_client_header_buffers 4 16k; ... } Currently I'm able to authenticate my app but I immediately get redirected to a 502 Bad Gateway from nginx. Did you try to add the settings under the Advanced tab of your host? 1 Quote Link to comment
Djoss Posted August 19, 2019 Author Share Posted August 19, 2019 On 8/12/2019 at 8:39 AM, Karatekid said: Is there a possibility to reset the user and password. Not currently. There is probably a way to do it by manually editing the database, but I didn't dig into it. Quote Link to comment
Djoss Posted August 19, 2019 Author Share Posted August 19, 2019 On 8/13/2019 at 3:38 AM, Orejo said: 5) I created a new host entry for Sonarr and I used HTTP to check if it works. After that, I was able to access sonarr.mydomain.com. To secure it, I then wanted to set up https with a LE cert. I opened the Sonarr container, enabled SSL and headed back to the Nginx Proxy Manager docker, where I switched the host entry to https and change the port according to Sonarr‘s SSL port. You don't need to change the Sonarr config. Just change the NginxProxyManager config to use SSL. NginxProxyManager is the one that handle the SSL connection, not Sonarr. Quote Link to comment
Djoss Posted August 19, 2019 Author Share Posted August 19, 2019 On 8/13/2019 at 11:35 PM, dalben said: I've searched the thread but couldn't find a clear and simple way of using this docker to stop the Unifi Controller docker from throwing security errors. What's the easiest way to add a letsencrypt cert to the unifi container? You need to add a proxy host, where the forward ip and port point to your Unifi docker. Quote Link to comment
Djoss Posted August 19, 2019 Author Share Posted August 19, 2019 On 8/15/2019 at 10:06 AM, jerseyknoll said: I have a number of dockers already setup and working correctly with NPM but when I try to add Ombi I get the following error. Saving debug log to /config/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for ombi.jerseyknoll.com Using the webroot path /config/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Cleaning up challenges Failed authorization procedure. ombi.jerseyknoll.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://ombi.jerseyknoll.com/.well-known/acme-challenge/pXsn4eZtFYYbBeoXjGKd93cmOWqgMFCFqnatTan-6_I [69.162.80.56]: "<html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://ombi.jerseyknol" letsencrypt.log 18.45 kB · 0 downloads Is your DNS name points to the correct IP address? Quote Link to comment
Saldash Posted August 21, 2019 Share Posted August 21, 2019 On 8/19/2019 at 11:01 AM, Djoss said: Did you try to add the settings under the Advanced tab of your host? I've literally just come back to it today, tried that and was about to post that it's worked for me before I saw your post. Had no idea if it was going to work or not but it was a shot in the dark that got the mark for me. Thank you anyway! Quote Link to comment
dalben Posted August 22, 2019 Share Posted August 22, 2019 I'm sure this is a very basic question but I can't seem to find the answerr. Is the nginx install of this docker geared/configured purely for remote proxy, or can it be used as a webserver as well? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.