[Support] Djoss - Nginx Proxy Manager


Djoss

Recommended Posts

This has been asked long time ago but is there a way to expose "visitor real IP"? I mean I setup an image hosting website but unfortunately all uploads will appear under my main user name cause of the same address & internal IP.

 

I have a dedicated web server VM on a separate IP, from what I read previously at some point that it has to share the same IP with the NPM docker!

Link to comment

Cant seem to get it to start on a fresh unraid install:

 

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-app-niceness.sh: executing...
[cont-init.d] 00-app-niceness.sh: exited 0.
[cont-init.d] 00-app-script.sh: executing...
[cont-init.d] 00-app-script.sh: exited 0.
[cont-init.d] 00-app-user-map.sh: executing...
[cont-init.d] 00-app-user-map.sh: exited 0.
[cont-init.d] 00-clean-logmonitor-states.sh: executing...
[cont-init.d] 00-clean-logmonitor-states.sh: exited 0.
[cont-init.d] 00-clean-tmp-dir.sh: executing...
[cont-init.d] 00-clean-tmp-dir.sh: exited 0.
[cont-init.d] 00-set-app-deps.sh: executing...
[cont-init.d] 00-set-app-deps.sh: exited 0.
[cont-init.d] 00-set-home.sh: executing...
[cont-init.d] 00-set-home.sh: exited 0.
[cont-init.d] 00-take-config-ownership.sh: executing...
[cont-init.d] 00-take-config-ownership.sh: exited 0.
[cont-init.d] 00-xdg-runtime-dir.sh: executing...
[cont-init.d] 00-xdg-runtime-dir.sh: exited 0.
[cont-init.d] nginx-proxy-manager.sh: executing...
[cont-init.d] nginx-proxy-manager.sh: Initializing database data directory...
[cont-init.d] nginx-proxy-manager.sh: exited 1.
[services.d] stopping services
[services.d] stopping s6-fdholderd...
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

This is from the init_db log:

 

Installing MariaDB/MySQL system tables in '/config/mysql' ...
2020-03-22 18:08:12 0 [ERROR] InnoDB: preallocating 12582912 bytes for file ./ibdata1 failed with error 95
2020-03-22 18:08:12 0 [ERROR] InnoDB: Could not set the file size of './ibdata1'. Probably out of disk space
2020-03-22 18:08:12 0 [ERROR] InnoDB: Database creation was aborted with error Generic error. You may need to delete the ibdata1 file before trying to start up again.
2020-03-22 18:08:13 0 [ERROR] Plugin 'InnoDB' init function returned error.
2020-03-22 18:08:13 0 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
2020-03-22 18:08:13 0 [ERROR] Unknown/unsupported storage engine: InnoDB
2020-03-22 18:08:13 0 [ERROR] Aborting

 

After more digging in this thread, it appears that this is because my filesystem is ReiserFS and this container is incompatible with it. Did anyone ever fix this glaring oversight?

Edited by inh
Link to comment
13 hours ago, inh said:

my filesystem is ReiserFS and this container is incompatible with it. Did anyone ever fix this glaring oversight?

ReiserFS is not being updated or actively supported for many years now. It's going to cause more and more issues as time passes, not less.

 

You need to migrate to XFS or BTRFS as soon as you can. There is a sticky thread from 5 years ago on conversion.

https://forums.unraid.net/topic/35815-re-format-xfs-on-replacement-drive-convert-from-rfs-to-xfs-discussion-only/

 

Link to comment
11 minutes ago, jonathanm said:

ReiserFS is not being updated or actively supported for many years now. It's going to cause more and more issues as time passes, not less.

 

You need to migrate to XFS or BTRFS as soon as you can. There is a sticky thread from 5 years ago on conversion.

https://forums.unraid.net/topic/35815-re-format-xfs-on-replacement-drive-convert-from-rfs-to-xfs-discussion-only/

 

Ah look at that. Guess I got some work to do. Thank you!

Link to comment

HI,

 

I'm trying to forward OpenPorject as a docker (running br0) from within NginxPM.  I'm pointing the sub.domain.com to the forwarder IP, but i'm getting 502 gateway errors when trying to access said webpage.

I tried to read the log in nginx (below) but i'm not seeing much that directly points me to an error.

I have no other details configured within Npm apart from the IP/port

 

2020/03/24 16:57:53 [error] 924#924: *30 connect() failed (113: Host is unreachable) while connecting to upstream, client: 192.168.0.1, server: project.hostname.biz, request: "GET / HTTP/1.1", upstream: "http://192.168.0.6:8080/", host: "project.hostname.biz", referrer: "http://192.168.0.200:7818/nginx/proxy" 
2020/03/24 16:57:56 [error] 924#924: *30 connect() failed (113: Host is unreachable) while connecting to upstream, client: 192.168.0.1, server: project.hostname.biz, request: "GET /favicon.ico HTTP/1.1", upstream: "http://192.168.0.6:8080/favicon.ico", host: "project.hostname.biz", referrer: "http://project.hostname.biz/"

Edit,

further inspection lead me down the line of the br0 not being able to communicate with the bridge IP range.   In the docker settings there is a option to allow communication between bridge/br0, so i've ticked that and hey presto! away we go.

 

 

Now, is there a simple way to setup sub.tld.com/docker   ?  or do all the entries need to be docker.tld.com

Edited by isaw
fixed main issue
Link to comment
4 minutes ago, alturismo said:

https is handled by nginx, using https in emby makes only sense when u directly access emby by its https port from remote, in case u have issues there may try emby forum ?

I'm not sure how I got it working, but the website shows as secure as of now.

Link to comment
On 3/24/2020 at 6:48 PM, isaw said:

Now, is there a simple way to setup sub.tld.com/docker   ?  or do all the entries need to be docker.tld.com

You can look at the "Custom location" tab, but it's much easier and less troubles to use a DNS name for each service you want to reverse-proxy.

Link to comment
On 2/22/2020 at 10:24 PM, Djoss said:

I also have the same issue.  I'm not sure if this is a problem with NPM or not... 

Sorry it's been awhile, but In discussion over on the UI.com site, I was given this post as a workable solution to the Unifi Video not working with NPM.  Could you assist with intrepreting the settings and how to implement them in NPM? 

 

Here's the link to the post: https://community.ui.com/questions/NGINX-Reverse-Proxy-in-a-Docker-Container/89509ee7-b920-4d9e-9736-73d981df97bb#answer/5b511459-5a02-46bb-ab60-a1b97c992189

 

Thanks in advance.

Link to comment

This may well be the stupidest idea ever and feel free to laugh..

 

I have added a Proxy Host to effectively reverse proxy to the NPM's (NginxProxyManagers) own WEB UI, I wondered if it would blow up, but that part works well, I can access the proxy manager externally (using a sub-domain) and SSL.

 

What doesn't work is when I add an 'Access List' to the Proxy Host config, I do this for my other Proxy Hosts to my other dockers, this gives a first layer of authentication independently of the target docker which makes me sleep better!

 

When I say doesn't work, I mean, when you first access the URI externally you get the authentication dialog from the access list, but entering the correct credentials has it just pop up the same authentication dialog again, I can't get to the NPM login page.

 

Not sure if I'm being stupid here, it feels wrong proxying to itself, but the WEBUI is on port 8081, the proxying is over 8080/4443 (the defaults).

 

 

 

 

 

 

Link to comment

Hi all, is it possible to get this docker app to listen on a custom br0 IP on port 80 and 443? I've tried to use custom br0 (with a new IP on my range where 80 and 443 is available) but it keeps defaulting to 8080 and 4443. 

 

Any help would be appreciated

Link to comment
23 hours ago, ultimz said:

Hi all, is it possible to get this docker app to listen on a custom br0 IP on port 80 and 443? I've tried to use custom br0 (with a new IP on my range where 80 and 443 is available) but it keeps defaulting to 8080 and 4443. 

 

Any help would be appreciated

I've done some investigating and the commands seem to be different when spinning up the container (Bridge vs Custom br0 with assigning different IP):

 

On bridge
/usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='NginxProxyManager' --net='bridge' -e TZ="Africa/Johannesburg" -e HOST_OS="Unraid" -e 'USER_ID'='99' -e 'GROUP_ID'='100' -e 'UMASK'='000' -e 'APP_NICENESS'='' -p '8181:8181/tcp' -p '81:8080/tcp' -p '444:4443/tcp' -v '/mnt/user/appdata/NginxProxyManager':'/config':'rw' 'jlesage/nginx-proxy-manager' 
 

On custom br0
/usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='NginxProxyManager' --net='br0' --ip='192.168.0.7' -e TZ="Africa/Johannesburg" -e HOST_OS="Unraid" -e 'TCP_PORT_8181'='8181' -e 'TCP_PORT_8080'='80' -e 'TCP_PORT_4443'='443' -e 'USER_ID'='99' -e 'GROUP_ID'='100' -e 'UMASK'='000' -e 'APP_NICENESS'='' -v '/mnt/user/appdata/NginxProxyManager':'/config':'rw' 'jlesage/nginx-proxy-manager' 

 

Any ideas on how I can fix this? Or can it be fixed with an update?

Link to comment

Hi,

Thanks for the great work.

I have a situation; i have a port forward in the  router (80/443) pointing to the nginx proxy manager (A), and also and a website running with their nginx and ssl, within a server client (B) witch i don't have access . 

Can i have a custom/advanced configuration in the configured proxy, in nginx proxy manager (A) to use the remote certificate server (B), like a tcp pass through in haproxy ? 

 

Thanks

Link to comment
On 4/1/2020 at 12:34 PM, debit lagos said:

Sorry it's been awhile, but In discussion over on the UI.com site, I was given this post as a workable solution to the Unifi Video not working with NPM.  Could you assist with intrepreting the settings and how to implement them in NPM? 

 

Here's the link to the post: https://community.ui.com/questions/NGINX-Reverse-Proxy-in-a-Docker-Container/89509ee7-b920-4d9e-9736-73d981df97bb#answer/5b511459-5a02-46bb-ab60-a1b97c992189

 

Thanks in advance.

What is not working exactly with NPM ?  Are you at least able to get the login page?

 

Link to comment
On 4/2/2020 at 9:35 AM, Snubbers said:

This may well be the stupidest idea ever and feel free to laugh..

 

I have added a Proxy Host to effectively reverse proxy to the NPM's (NginxProxyManagers) own WEB UI, I wondered if it would blow up, but that part works well, I can access the proxy manager externally (using a sub-domain) and SSL.

 

What doesn't work is when I add an 'Access List' to the Proxy Host config, I do this for my other Proxy Hosts to my other dockers, this gives a first layer of authentication independently of the target docker which makes me sleep better!

 

When I say doesn't work, I mean, when you first access the URI externally you get the authentication dialog from the access list, but entering the correct credentials has it just pop up the same authentication dialog again, I can't get to the NPM login page.

 

Not sure if I'm being stupid here, it feels wrong proxying to itself, but the WEBUI is on port 8081, the proxying is over 8080/4443 (the defaults).

It make sense to reverse proxy the admin page.  I'm not sure about this the issue you are seeing with the access list, but since there is already a login page, is an access list needed?

Link to comment
On 4/3/2020 at 1:51 AM, Bandit_King said:

All i get is stupid internal error and the program is never updates how I add jc21 version to my docker apps? What's the command?

In settings of the Community Apps plugin, you have an option that allow you to get search results from Dockerhub.

But since this container is based on jc21's one, you will probably get the same "internal error", which is usually related to an issue with the setup.

Link to comment
19 hours ago, ultimz said:

I've done some investigating and the commands seem to be different when spinning up the container (Bridge vs Custom br0 with assigning different IP):

 

On bridge
/usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='NginxProxyManager' --net='bridge' -e TZ="Africa/Johannesburg" -e HOST_OS="Unraid" -e 'USER_ID'='99' -e 'GROUP_ID'='100' -e 'UMASK'='000' -e 'APP_NICENESS'='' -p '8181:8181/tcp' -p '81:8080/tcp' -p '444:4443/tcp' -v '/mnt/user/appdata/NginxProxyManager':'/config':'rw' 'jlesage/nginx-proxy-manager' 
 

On custom br0
/usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='NginxProxyManager' --net='br0' --ip='192.168.0.7' -e TZ="Africa/Johannesburg" -e HOST_OS="Unraid" -e 'TCP_PORT_8181'='8181' -e 'TCP_PORT_8080'='80' -e 'TCP_PORT_4443'='443' -e 'USER_ID'='99' -e 'GROUP_ID'='100' -e 'UMASK'='000' -e 'APP_NICENESS'='' -v '/mnt/user/appdata/NginxProxyManager':'/config':'rw' 'jlesage/nginx-proxy-manager' 

 

Any ideas on how I can fix this? Or can it be fixed with an update?

Port mappings work only when using the bridge network mode.  In other modes, you have to work with container's ports (8080 and 4443).

Link to comment
1 hour ago, cesar_panter said:

Hi,

Thanks for the great work.

I have a situation; i have a port forward in the  router (80/443) pointing to the nginx proxy manager (A), and also and a website running with their nginx and ssl, within a server client (B) witch i don't have access . 

Can i have a custom/advanced configuration in the configured proxy, in nginx proxy manager (A) to use the remote certificate server (B), like a tcp pass through in haproxy ? 

 

Thanks

It seems that the "stream" feature of nginx could do the job, but I don't know if this can be mixed with other stuff on the same port...

Link to comment
2 hours ago, Djoss said:

Port mappings work only when using the bridge network mode.  In other modes, you have to work with container's ports (8080 and 4443).

Thanks Djoss - I have moved the unraid server off port 80 and made this container use bridge network mode and port 80/443. 

 

Thanks for all the amazing work. This docker is very useful!

Link to comment
7 hours ago, Djoss said:

It seems that the "stream" feature of nginx could do the job, but I don't know if this can be mixed with other stuff on the same port...

Hummm... How do i implement the stream option? I mean, beside configure one in the stream panel; how do i link a name server to the stream? sorry for the inconvenience...

Thanks

Edited by cesar_panter
Link to comment
9 hours ago, Djoss said:

It make sense to reverse proxy the admin page.  I'm not sure about this the issue you are seeing with the access list, but since there is already a login page, is an access list needed?

Thanks for the reply! 

 

In this day/age of security I'd say it's becoming essential if you do expose services by

- Adding a layer of anonymity, anyone snooping around won't know the service you are proxying to, all they will know if they fail the access list authentication is you are running nginx.

- By directly exposing the service, I am relying on the robustness of their individual authentication methods, and this ties in with the previous point of hiding the service as much as possible.

 

My setup (in case it helps in any way!)
It's setup using br0 (so own IP address) using default 8080/4443 ports
My DNS record is a subdomain CNAME pointing to a Dynamic DNS address that points to my WAN IP.
My proxy host in NPM is set as follows (private info removed



Domain Name: subdomain.mydomain.com
scheme: http
Forward Hostname/IP: NginxProxyManager  (I'm using the container name, but tried the IP as well with the same issue)
Forward Port: 8181
Cache Assets: Off
Block Common Exploits: On
Websockets Support: Off
Access List: "Home" (A list called home with a single user, 'admin' )

Custom Locations: None

SSL: Custom (1and1 Wildcard cert for my domain)
Force SSL: On
HSTS Enabled: Off
HTTP/2 Support: Off
HSTS Subdomains: N/A

Advanced: Empty

It may well be an issue with the NPM itself?

 

 

 

Edited by Snubbers
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.