[Support] Djoss - Nginx Proxy Manager


Djoss

Recommended Posts

22 hours ago, Froberg said:

Try forcing SSL for a start.

I just enabled Force SSL and the proxy host still says offline.

I don't know if it's related but when I go to the domain validation file that Let's Encrypt generates in my browser, I get a 403 error. I thought that Let's Encrypt would be looking for a 200 response on that file so I feel like that's not good.

Edited by deadletters
added a word
Link to comment

I have zerotier running on my unraid box and only want to use NPM with my zerotier IP. Reason is services I want to expose to the internet don’t need to be accessible on my WAN IP. Every device I use to connect has a zerotier client installed so I figure it’s better security (defense in depth) to limit access to zerotier IP

 

Is this possible to configure?

 

Link to comment

So far these are the only settings I've found that will show the Proxy Host is online:
1jbymFA.png

 

eLAyWDf.png

 

However, this generates an NGINX 400 Error:
xobWYAA.png

 

I'll also just add that I can pull everything up by going to https://public-ip:port without a problem.

Edited by deadletters
more info
Link to comment
On 7/26/2019 at 12:38 AM, PSYCHOPATHiO said:

yes, it is in docker mode.

I tried every possible variation from docker mode, host mode, different ips & last night I wiped my pfsense & reinstalled fresh copy & spent a couple of hours re-configuring to find out i still get bad gateway.

I think the problem is somewhere in the docker configuration or network on the unraid server it self but I cant find it.

Usually the bad gateway error occurs when NPM can't communicate with the service.  Can you share a screenshot of your Docker page so we can see basic config of your containers?

 

Link to comment
On 7/28/2019 at 2:35 PM, tmchow said:

I have zerotier running on my unraid box and only want to use NPM with my zerotier IP. Reason is services I want to expose to the internet don’t need to be accessible on my WAN IP. Every device I use to connect has a zerotier client installed so I figure it’s better security (defense in depth) to limit access to zerotier IP

 

Is this possible to configure?

 

nginx has the ability to "allow" and/or "deny" IP addresses/subnets (see http://etapien.com/guides/nginx-allow-access-certain-ips/ for examples).  Try the add this under the "Advanced" tab of your proxy host configuration.

 

  • Like 1
Link to comment
On 7/30/2019 at 6:29 AM, cagemaster said:

Can someone explain the functionality of the 'streams' function? I want to know how it works and what is does :)

It allows you to forward UDP/TCP traffic to another host.  You can google for "nginx stream module" for more details.

Link to comment
On 8/7/2019 at 10:34 AM, mysterio0 said:

I am able to connect to novnc after setting up the reverse proxy but I keep getting stuck at the connecting screen and get error "Failed to connect to server". Do I have to do some further configuration on novnc part to get it to work? Any help is appreciated.

Did you enabled WebSocket support?

Link to comment
On 12/29/2018 at 10:07 PM, Djoss said:

This docker is for people with little to no knowledge about nginx.  It was not done with manual configuration file editing in mind.  Some static configuration files are inside the container itself (/etc/nginx), while generated files are stored under the app data folder.

 

If you want to migrate from LE docker, you should not try to replicate your config files, but instead, use the UI to re-create the same functionality (again, this container doesn't support subfolders yet).

Hi,

 

I have a need to access the nginx.conf file to try and fix a problem I'm having with larger header sizes with IdentityServer.
Specifically in relation to: https://stackoverflow.com/a/48971393/4953847

 

How can I set the following values for this container?

http{
...
proxy_buffer_size   128k;
proxy_buffers   4 256k;
proxy_busy_buffers_size   256k;
large_client_header_buffers 4 16k;
...
}

Currently I'm able to authenticate my app but I immediately get redirected to a 502 Bad Gateway from nginx.

Edited by Saldash
Link to comment

First of all, thanks a lot for creating this docker container. 

 

I‘ve run into a couple of issues, I simply couldn‘t solve myself.

 

What I‘ve done so far:

1) I opened ports 80 and 443 on my router and forwarded them to 1880 and 18443 on the server. Both ports seem to be open.

 

2) I set up a DuckDNS container and verified that it shows my public IP.

 

3) I registered a domain and created a few CNAMES, i.e. sonarr.mydomain.com and plex.mydomain.com, both of which point to the DuckDNS domain (see above). I pinged sonarr.mydomain.com to verify that I see my public IP and it worked.

 

4) I installed the Nginx Proxy Manager docker and it proceeded without any errors. I didn’t have to set up a MariaDB database, which was odd for me, because I thought I‘d have to create a DB on my own. I then changed the admin password and I was able to access the GUI.

 

5) I created a new host entry for Sonarr and I used HTTP to check if it works. After that, I was able to access sonarr.mydomain.com. To secure it, I then wanted to set up https with a LE cert. I opened the Sonarr container, enabled SSL and headed back to the Nginx Proxy Manager docker, where I switched the host entry to https and change the port according to Sonarr‘s SSL port. 

 

 

Problem:

This is where I got stuck. I couldn‘t access the site anymore and had to switch back to HTTP. For now, I’ve closed both ports for security reasons before I sit down and try to solve the issue with your appreciated input.

 

Tl;dr: HTTP access works, HTTPS doesn‘t. Both ports seem to be forwarded correctly, custom domain.

Link to comment

I have a number of dockers already setup and working correctly with NPM but when I try to add Ombi I get the following error.

 

Saving debug log to /config/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ombi.jerseyknoll.com
Using the webroot path /config/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. ombi.jerseyknoll.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://ombi.jerseyknoll.com/.well-known/acme-challenge/pXsn4eZtFYYbBeoXjGKd93cmOWqgMFCFqnatTan-6_I [69.162.80.56]: "<html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://ombi.jerseyknol"

letsencrypt.log

Link to comment
On 8/10/2019 at 5:28 PM, Saldash said:

Hi,

 

I have a need to access the nginx.conf file to try and fix a problem I'm having with larger header sizes with IdentityServer.
Specifically in relation to: https://stackoverflow.com/a/48971393/4953847

 

How can I set the following values for this container?


http{
...
proxy_buffer_size   128k;
proxy_buffers   4 256k;
proxy_busy_buffers_size   256k;
large_client_header_buffers 4 16k;
...
}

Currently I'm able to authenticate my app but I immediately get redirected to a 502 Bad Gateway from nginx.

Did you try to add the settings under the Advanced tab of your host?

  • Like 1
Link to comment
On 8/13/2019 at 3:38 AM, Orejo said:

5) I created a new host entry for Sonarr and I used HTTP to check if it works. After that, I was able to access sonarr.mydomain.com. To secure it, I then wanted to set up https with a LE cert. I opened the Sonarr container, enabled SSL and headed back to the Nginx Proxy Manager docker, where I switched the host entry to https and change the port according to Sonarr‘s SSL port. 

You don't need to change the Sonarr config.  Just change the NginxProxyManager config to use SSL.  NginxProxyManager is the one that handle the SSL connection, not Sonarr.

Link to comment
On 8/13/2019 at 11:35 PM, dalben said:

I've searched the thread but couldn't find a clear and simple way of using this docker to stop the Unifi Controller docker from throwing security errors.  What's the easiest way to add a letsencrypt cert to the unifi container?

You need to add a proxy host, where the forward ip and port point to your Unifi docker.

Link to comment
On 8/15/2019 at 10:06 AM, jerseyknoll said:

I have a number of dockers already setup and working correctly with NPM but when I try to add Ombi I get the following error.

 

Saving debug log to /config/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ombi.jerseyknoll.com
Using the webroot path /config/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. ombi.jerseyknoll.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://ombi.jerseyknoll.com/.well-known/acme-challenge/pXsn4eZtFYYbBeoXjGKd93cmOWqgMFCFqnatTan-6_I [69.162.80.56]: "<html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://ombi.jerseyknol"

letsencrypt.log 18.45 kB · 0 downloads

Is your DNS name points to the correct IP address?

Link to comment
On 8/19/2019 at 11:01 AM, Djoss said:

Did you try to add the settings under the Advanced tab of your host?

I've literally just come back to it today, tried that and was about to post that it's worked for me before I saw your post. xD

Had no idea if it was going to work or not but it was a shot in the dark that got the mark for me.

 

Thank you anyway!

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.