[Support] Djoss - Nginx Proxy Manager


Djoss

Recommended Posts

On 12/18/2019 at 12:33 PM, maxse said:

Hey guys,

Do you know if this will easily work with minio docker? I was watching the spaceinvader one's video on LE but LE doesn't have a config file for minio so I'm not sure what to do. 

minio doesn't seem to have special requirements according to https://docs.min.io/docs/setup-nginx-proxy-with-minio.html, so it should be easy to use it with NginxProxyManager.

Link to comment
On 12/19/2019 at 6:22 AM, Karatekid said:

Nextcloud reported that the X-Frame-Option is not configured as "sameorigin".

Is there a way to check debug this? Maybe there is a wrong Nextcloud setting.

You can check your site with https://securityheaders.com to see if the header is correctly set or not.

 

Also, if the change under the Advanced tab didn't help, try adding "add_header X-Frame-Options “SAMEORIGIN” always;" instead.

Link to comment
On 12/19/2019 at 7:35 AM, Karatekid said:

Other Question... Is there a possibility to enable oder disable the proxies over ssh or so?

 

I think about to automatic disable and enable proxies over my smarthome-system.

There is currently no facilities to automate things...

Link to comment

I am facing issues when attempting to manually renew certificates (SSL Certificates > Select 3 Dots on the Service > Renew Now).

 

image.png.fa1e22405f91d032e0dc841e45f1e037.png


It will then report a 'timeout' error and the Logs don't appear to show anything useful.

Any attempt to manually renew any certificate after this will immediately fail with an 'Internal Error' and logs state that Certbot is still running:

 

image.png.173ee216ca3f27bd752df306091205dc.png   image.png.2c6c0430b95d514e2c37eb1db70eaef7.png

 

image.png.421c276830aa097cb66667e9f1b348f4.png

 

Is this a known issue? Is there a way to update them manually outside of this function?

Link to comment
10 hours ago, Djoss said:

You can check your site with https://securityheaders.com to see if the header is correctly set or not.

 

Also, if the change under the Advanced tab didn't help, try adding "add_header X-Frame-Options “SAMEORIGIN” always;" instead.

Funny...

 

https://securityheaders.com/ says:

 

X-Frame-Options = SAMEORIGIN (green)

but

Warning:

X-Frame-Options --> There was a duplicate X-Frame-Options header.

 

 

https://scan.nextcloud.com/ says:

 X-Frame-Options is red

 

Will the X-Frame-Option not set by the last webservice in the row or how does it work?

Maybe its a poblem by Nextcloud directly.

Link to comment

Hey everybody,

 

I'm trying to do the configuration for my nextcloud. Everything works so far except on mobile devices...

 

I think some browser tests brought the cause:

 

https://xxx.yyy.zzz/nextcloud/ = everything works well

https://xxx.yyy.zzz/nextcloud (without tailing "/")  gets https://xxx.yyy.zzz:4443/nextcloud/

 

What can I do?

 

Best wishes,

 

placix

1.PNG

2.PNG

Edited by placix
Link to comment

Hey, thanks for this app.

 

I cant reach the webui of this container. I've seen something rather odd.

image.thumb.png.0a65d29392698356461a92c2904c1809.png

Upon creation i see port 7818 for the webui and after i've started the container it said 8181 for the webui. Also the other ports don't add up.

 

image.thumb.png.10b4fbd13ccf06d331dc2492098db8dc.png

Please advise.

Link to comment

Hi to all

 

Thank you for this wundefull peace of software. I am convinced that it also works wonderfully. Unfortunately I still can't get anything going. I try to make port forwarding on my test server. Of course I can only work with Ip's here at home. Unfortunately without any success. Probably I am making basic mistakes...

 

My next goal is to reach Seafile on my puplic unraid server (public IP) over https with Let´s Encrypt.

 

I didn't want to configure my productive server on the net with public IP for understandable reasons. If I have to do this directly on this server, here are some questions. I would appreciate if someone could answer them.

 

- Does this really only work on a publicly accessible server and only with domain names not with IPs?

- What must be entered in the DNS settings at the domain provider? A-Record, CNAME?

- is there a manual somewhere?

 

What I have to say, on this server I only have the port range 8000 to 8800 available. There are other servers running on this site that use other ports. But I can forward these ports freely to the unraid server.

 

Thank you in advance.

 

Greg

Link to comment
On 12/23/2019 at 12:08 AM, Mattyfaz said:

I am facing issues when attempting to manually renew certificates (SSL Certificates > Select 3 Dots on the Service > Renew Now).

 

image.png.fa1e22405f91d032e0dc841e45f1e037.png


It will then report a 'timeout' error and the Logs don't appear to show anything useful.

Any attempt to manually renew any certificate after this will immediately fail with an 'Internal Error' and logs state that Certbot is still running:

 

image.png.173ee216ca3f27bd752df306091205dc.png   image.png.2c6c0430b95d514e2c37eb1db70eaef7.png

 

image.png.421c276830aa097cb66667e9f1b348f4.png

 

Is this a known issue? Is there a way to update them manually outside of this function?

Looks like the UI is not waiting enough long.  Did you check if the certificate has been eventually renewed after the timeout?

Link to comment
On 12/23/2019 at 7:53 AM, Karatekid said:

Funny...

 

https://securityheaders.com/ says:

 

X-Frame-Options = SAMEORIGIN (green)

but

Warning:

X-Frame-Options --> There was a duplicate X-Frame-Options header.

 

 

https://scan.nextcloud.com/ says:

 X-Frame-Options is red

 

Will the X-Frame-Option not set by the last webservice in the row or how does it work?

Maybe its a poblem by Nextcloud directly.

Since it seems that the header is duplicated, did you try to remove it from the proxy host config? You can also use the browser's developper tools to check which headers are added.

Link to comment
On 12/25/2019 at 7:37 AM, placix said:

Hey everybody,

 

I'm trying to do the configuration for my nextcloud. Everything works so far except on mobile devices...

 

I think some browser tests brought the cause:

 

https://xxx.yyy.zzz/nextcloud/ = everything works well

https://xxx.yyy.zzz/nextcloud (without tailing "/")  gets https://xxx.yyy.zzz:4443/nextcloud/

 

What can I do?

 

Best wishes,

 

placix

1.PNG

2.PNG

Since you are using a lot of custom config, I would double check the resulting, generated config...

 

Did you try to add a redirect from https://xxx.yyy.zzz/nextcloud to https://xxx.yyy.zzz/nextcloud/ ?

Link to comment
On 12/26/2019 at 7:05 AM, ezra said:

Hey, thanks for this app.

 

I cant reach the webui of this container. I've seen something rather odd.

image.thumb.png.0a65d29392698356461a92c2904c1809.png

Upon creation i see port 7818 for the webui and after i've started the container it said 8181 for the webui. Also the other ports don't add up.

 

image.thumb.png.10b4fbd13ccf06d331dc2492098db8dc.png

Please advise.

Since you are not using the "Bridge" network type, the UI should be reachable over port 8181.  In your case you probably need to use http://192.168.2.5:8181

 

Link to comment
On 12/27/2019 at 10:29 PM, maxse said:

it is super slow with rclone and minio. I am talking about 200KB/s! no issues when connecting directly to minio on internal network. Any suggestions?

You mean it's slow only when connecting remotely?  Do yo have the same behaviour if you connect remotely directly to the minio container (i.e. bypassing NginxProxyManager)?  This is to confirm if NginxProxyManager has anything to do with your issue.

Link to comment
On 12/28/2019 at 6:29 PM, cracksilver said:

- Does this really only work on a publicly accessible server and only with domain names not with IPs?

The goal of this software is to make easy for people to remotely access their home services through HTTPs using a DNS name.  Certificates are generated by Let'sEncrypt.  This provider requires your web server to be accessible over the Internet through port 80 (only).

 

On 12/28/2019 at 6:29 PM, cracksilver said:

- What must be entered in the DNS settings at the domain provider? A-Record, CNAME?

Both can be used depending on your setup.  A-Record maps a DNS name to an IP address, while CNAME map a DNS to another DNS name.

 

On 12/28/2019 at 6:29 PM, cracksilver said:

- is there a manual somewhere?

No, but there are some build-in help in the UI.

Link to comment
18 hours ago, Djoss said:

Since it seems that the header is duplicated, did you try to remove it from the proxy host config? You can also use the browser's developper tools to check which headers are added.

Found the failure in the nextcloud config.

 

Thank you very much for your help!!

Have a happy new year.

Link to comment

I was able to get this up and running for a few specific docker containers (Organizrv2, Shinobi, Ombi). I have 2 questions from here:

 

1. I am currently accessing them through organizrsubdomain.duckdns.org, ombisubdomain.duckdns.org, and shinobisubdomain.duckdns.org

Can i change that to be subdomain.duckdns.org/organizr, etc

I did not see a guide on that combing through the forum here

 

2. Is there a way to allow all my apps to run through Organizr, such that I can access organizr through the reverse proxy, then access all my individual pages through that? That way i only have the organizr page exposed to my firewall, and not other pages like sonarr, radarr, pihole, etc.

 

Looks like was able to fix number 2 on my own, with the settings within organizr.

 

This may be a question for that forum, but i figured someone had already configured it and so i thought i would ask here?

 

Edited by mihcox
Link to comment
On 12/30/2019 at 1:58 PM, Djoss said:

You mean it's slow only when connecting remotely?  Do yo have the same behaviour if you connect remotely directly to the minio container (i.e. bypassing NginxProxyManager)?  This is to confirm if NginxProxyManager has anything to do with your issue.

Both servers are local, but I am using the external IP by duckdns. Both servers are on the same local network for now. I'm not sure if by using the external IP makes the data go outside/back inside, or if the router understands that they are still on the local network and just uses my local network...

 

However, switching to the actual local IP address 192.168... doesn't have the same issue and speed is as expected...

But anyway, I am trying duplicacy right now and it seems to be working well with great speeds.

Link to comment
On 12/31/2019 at 4:45 PM, mihcox said:

1. I am currently accessing them through organizrsubdomain.duckdns.org, ombisubdomain.duckdns.org, and shinobisubdomain.duckdns.org

Can i change that to be subdomain.duckdns.org/organizr, etc

I did not see a guide on that combing through the forum here

This is possible by adding a "Custom location" under your proxy host.

 

But note that this method is more complex and the application your are proxying may not support this scenario or may require additional configuration.

Edited by Djoss
Link to comment
On 12/30/2019 at 8:11 PM, Djoss said:

The goal of this software is to make easy for people to remotely access their home services through HTTPs using a DNS name.  Certificates are generated by Let'sEncrypt.  This provider requires your web server to be accessible over the Internet through port 80 (only).

 

Both can be used depending on your setup.  A-Record maps a DNS name to an IP address, while CNAME map a DNS to another DNS name.

 

No, but there are some build-in help in the UI.

Hi. Thank you. Now everything is working with domains and subdomains over ssl.

 

But I can't access to the web UI over https. It just works over http. Is there a config where i can change this?

 

Greg

Link to comment
On 1/3/2020 at 6:13 PM, cracksilver said:

Hi. Thank you. Now everything is working with domains and subdomains over ssl.

 

But I can't access to the web UI over https. It just works over http. Is there a config where i can change this?

 

Greg

There is no config for this, but you can create a proxy host to access NginxProxyManager UI over HTTPs.

Link to comment
6 hours ago, Djoss said:

There is no config for this, but you can create a proxy host to access NginxProxyManager UI over HTTPs.

Made a proxyhost proxy.mydomain.com

It doesn´t work. Tried with Unraid IP 192.168.2.121:8418 and Docker IP 172.17.0.2:8181. No way.

All other subdomains on this unraid server runs perfect. But not the Nginx Proxy Manager

screenshot_53.png.649e108e11ebc6f2484f48cc4ffa80c5.png

 

Made the following:

screenshot_56.png.6502f527107b1c8a1c96eef681f0acb5.png

 

screenshot_55.png.3e0f5ef1e92ed79c4fb53f27c962d337.png

 

Get no connection to the app.

 

EDIT: made the same with nginx.mydomain.com and it works. Don´t no why but it works perfectly now. Thank you anyway ;-)

 

Edited by cracksilver
it works now.....
Link to comment

Is there a point to using the SSL port at all for, whether connecting to NPM externally or internally, if you use the force SSL option which effectively gives you SSL anyways? Thinking about it, it seems as if it's double SSL getting to where you're going. I don't know if that requires anything to work harder, but after discovering I could force SSL on apps that didn't even offer it, I wondered what the point of using SSL for any specific apps was in the first place? It would seem to only deal with SSL for NPM and not any other apps you use it to connect with as the most efficient and simplest option. Do I have this right?

Link to comment
1 hour ago, Iceman24 said:

Is there a point to using the SSL port at all for, whether connecting to NPM externally or internally, if you use the force SSL option which effectively gives you SSL anyways? Thinking about it, it seems as if it's double SSL getting to where you're going. I don't know if that requires anything to work harder, but after discovering I could force SSL on apps that didn't even offer it, I wondered what the point of using SSL for any specific apps was in the first place? It would seem to only deal with SSL for NPM and not any other apps you use it to connect with as the most efficient and simplest option. Do I have this right?

The Force SSL option redirects users connecting to the non-secure HTTP port (80) to the secure HTTPs port (443).  Since NPM is mainly used to access services over the Internet, having an encrypted connection is always better.

  • Like 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.