[Support] Djoss - Nginx Proxy Manager


Djoss

Recommended Posts

1 hour ago, Brydezen said:

I only have one user named lol and the password is also lol. Does it only work if the username is admin?

EDIT: I just tried doing the auth in a new browser (firefox) and it worked flawlessly. But chrome seems to mess me up.

Ok, you may need to clear chrome's cache...

Link to comment
  • 2 weeks later...
On 10/21/2019 at 4:04 AM, jj_uk said:

Is anyone using this with the home assistant docker? I can't get access to HA when going through this proxy. I get a bad gateway error.

This error is usually caused by an incorrect configuration of your proxy host.  Make sure the forward host is properly set with the correct http scheme and port.

According to https://www.home-assistant.io/docs/ecosystem/nginx/, it seems that you need to enable WebSocket support.  You may also have to adjust the config of HA.

Link to comment
This error is usually caused by an incorrect configuration of your proxy host.  Make sure the forward host is properly set with the correct http scheme and port.
According to https://www.home-assistant.io/docs/ecosystem/nginx/, it seems that you need to enable WebSocket support.  You may also have to adjust the config of HA.
Within the link posted, there is a nginx setup configuration. Is nginx already configured like this or do I need to change something?
Link to comment
4 hours ago, jj_uk said:
6 hours ago, Djoss said:
This error is usually caused by an incorrect configuration of your proxy host.  Make sure the forward host is properly set with the correct http scheme and port.
According to https://www.home-assistant.io/docs/ecosystem/nginx/, it seems that you need to enable WebSocket support.  You may also have to adjust the config of HA.

Within the link posted, there is a nginx setup configuration. Is nginx already configured like this or do I need to change something?

I think you don't need any advanced config.  Make sure to enable WebSocket.

Link to comment
23 hours ago, Djoss said:

If you have an instance already running (in another container for examle), you can configure it to point to NginxProxyManager's log files and it should work.

Unfortunately I haven't one, and apparently there isn't any standalone docker in UNRAID for fail2ban.

Why is fail2ban not already implemented into NginxProxyManager?
How would you suggest to protect against brute-force-attacks and so on?

thx

Link to comment

I've got NPM up and running, and I've got it working with a host (jellyfin), however, when I enable/force SSL, it breaks. As soon as I disable SSL, it works again. I made sure to request a letsencrypt cert, and it seems to have been successful. It's behind a pfsense firewall, and any time port 80 appears, ports 443 and 81 appear with it (alias for web ports). Any suggestions/troubleshooting?

 

EDIT: Nevermind. Working flawlessly now. Not sure if it was that particular computer I was using, dns cache or what. Thanks for this program, it's saved me a lot of headache.

Edited by duskofdawn
Link to comment

I recently started having issues with Bookstack container and NginxProxyManager giving "502 Bad Gateway" when accessing from the domain pointed at it. The Bookstack container is accessible for it IP on local network, restarting the NginxProxyManager fixes the issue for a few minutes then back to 502

Link to comment
On 10/22/2019 at 4:18 PM, jj_uk said:

I can't get this to work. I've tried all sorts of configuration in HA. 

I have installed Home Assistant from scratch and created an account.  No other setting changed.

 

I have the following proxy host that works:

 

Scheme : http
Forward host: unRAID IP address
Port: 8123
WebSocket support : Enabled

 

Link to comment
On 10/23/2019 at 6:15 AM, TDA said:

Unfortunately I haven't one, and apparently there isn't any standalone docker in UNRAID for fail2ban.

Why is fail2ban not already implemented into NginxProxyManager?
How would you suggest to protect against brute-force-attacks and so on?

thx

Because fail2ban play with iptables rules on the host, one cannot have multiple instances of iptables running.  Thus, I feel that implementing fail2ban in this Docker container is not the right way to go, since fail2ban is potentially wanted by other containers as well.

 

Nginx as some built-in protections.  Maybe this is something you can look at: https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/

Link to comment
9 hours ago, swingline said:

I recently started having issues with Bookstack container and NginxProxyManager giving "502 Bad Gateway" when accessing from the domain pointed at it. The Bookstack container is accessible for it IP on local network, restarting the NginxProxyManager fixes the issue for a few minutes then back to 502

Do you have more details/log from the Bookstack container when the problem happens?

Link to comment
18 hours ago, Djoss said:

I have installed Home Assistant from scratch and created an account.  No other setting changed.

 

I have the following proxy host that works:

 


Scheme : http
Forward host: unRAID IP address
Port: 8123
WebSocket support : Enabled

 

 

"Scheme http" 

 

This fixed it for me, i was using "https" for the scheme as it connects with ssl. Clearly I don't understand the difference. Thanks for your help!

Edited by jj_uk
Link to comment
On 10/28/2019 at 4:22 AM, Djoss said:

Do you have more details/log from the Bookstack container when the problem happens?

Thanks for the reply. Here is everything in the bookstack logs.

 

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-adduser: executing...

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
App Key found - setting variable for seds
Running config - db_user set
/var/run/s6/etc/cont-init.d/50-config: line 63: warning: command substitution: ignored null byte in input
/var/run/s6/etc/cont-init.d/50-config: line 63: warning: command substitution: ignored null byte in input
Nothing to migrate.
[cont-init.d] 50-config: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.

 

Link to comment

SSL worked for about a day before breaking again. I'm not sure what I was doing that got it to work vs not work. I spun up a new VM, downloaded the example config, and after initial setup, created two hosts. They both point to the same server, one has SSL enabled with a letsencrypt certificate generated by NPM. The other is HTTP only. When I go to the SSL one (in CHrome), it throws up "Your connection is not private NTT::ERR_CERT_AUTHORITY_INVALID. The cert itself is from BMS. If I click advanced, and then proceed, I get ERR_EMPTY_RESPONSE.

Link to comment

I had an issue with another Docker image, so carried out a restore and I'm now seeing the following error in the logs;

 

[nginx] starting...
nginx: [emerg] PEM_read_bio_X509_AUX("/etc/letsencrypt/live/npm-1/fullchain.pem") failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

 

Any ideas?

Link to comment
On 10/30/2019 at 1:12 PM, swingline said:

Thanks for the reply. Here is everything in the bookstack logs.

 


[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-adduser: executing...

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
App Key found - setting variable for seds
Running config - db_user set
/var/run/s6/etc/cont-init.d/50-config: line 63: warning: command substitution: ignored null byte in input
/var/run/s6/etc/cont-init.d/50-config: line 63: warning: command substitution: ignored null byte in input
Nothing to migrate.
[cont-init.d] 50-config: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.

 

I would also check the log for your proxy host under /mnt/user/appdata/NginxProxyManager/log/nginx/ to see if you can get more details.

Do you have the issue only when you access the domain name from your own network?

Link to comment
On 10/30/2019 at 5:28 PM, duskofdawn said:

SSL worked for about a day before breaking again. I'm not sure what I was doing that got it to work vs not work. I spun up a new VM, downloaded the example config, and after initial setup, created two hosts. They both point to the same server, one has SSL enabled with a letsencrypt certificate generated by NPM. The other is HTTP only. When I go to the SSL one (in CHrome), it throws up "Your connection is not private NTT::ERR_CERT_AUTHORITY_INVALID. The cert itself is from BMS. If I click advanced, and then proceed, I get ERR_EMPTY_RESPONSE.

If the certificate is not from Letsencrypt, then you are probably not reaching the container... or are you using a DNS service that could interfer?

Link to comment
16 hours ago, WannabeMKII said:

I had an issue with another Docker image, so carried out a restore and I'm now seeing the following error in the logs;

 

[nginx] starting...
nginx: [emerg] PEM_read_bio_X509_AUX("/etc/letsencrypt/live/npm-1/fullchain.pem") failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

 

Any ideas?

Looks like a certificate is corrupted.... You can check if you can read the certificate at /mnt/user/appdata/NginxProxyManager/letsencrypt/live/npm-1/fullchain.pem.

Link to comment
9 hours ago, Djoss said:

Looks like a certificate is corrupted.... You can check if you can read the certificate at /mnt/user/appdata/NginxProxyManager/letsencrypt/live/npm-1/fullchain.pem.

Stupid question, but how would I test I can read it?

 

Krusader is reporting the file as 0 bytes in size?

 

Also, if I go into the webgui and try to edit one of the hosts and hit save, it comes back with a 'Internal Error'? 

 

Does any of that help?

Link to comment
16 hours ago, Djoss said:

I would also check the log for your proxy host under /mnt/user/appdata/NginxProxyManager/log/nginx/ to see if you can get more details.

Do you have the issue only when you access the domain name from your own network?

I have issues from all networks when accessing from domain. I have NAT refection turned on my firewall and all other domains I have are working. The container is accessible from its IP address. Below is a log excerpt from when it stops working. It never recovers unless I restart the NginxProxyManger container then fails after i close my session with the bookstack.

 

[02/Nov/2019:21:11:22 +0400] - 502 502 - GET https wiki.domain.pw "/" [Client 10.0.0.1] [Length 166] [Gzip -] [Sent-to 10.0.0.64] "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0" "http://10.0.0.77:8181/nginx/proxy"

 

[06/Nov/2019:23:10:18 +0400] - 502 502 - GET https wiki.domain.pw "/" [Client 10.0.0.1] [Length 166] [Gzip -] [Sent-to 10.0.0.64] "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0" "-"

 

Link to comment

Can someone help me getting custom locations to work? I want mydomain.com to link to 192.168.0.118:4001 (which it does). And then i want mydomain.com/radarr to link to 192.168.0.118:7878. So i added a custom location for for mydomain.com like so:

/radarr
http 192.168.0.118 7878

But it doesn't work. Why?

Thanks!

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.