huangtf Posted April 20, 2020 Share Posted April 20, 2020 (edited) Hi Guys, I'm having some issues recently, so after going thru reinstalling trying to downgrade to v1.70 etc, i finally resolve the issue by restoring my backup for appdata, the proxy host works now. However, i'm unable to log in to the gui it shows bad gateway I'm getting lots of errors in the logs. [4/20/2020] [5:49:29 PM] [Migrate ] › ℹ info Current database version: 20190227065017 [4/20/2020] [5:49:29 PM] [Migrate ] › ℹ info [access_list_client] Migrating Up... migration file "20200410143839_access_list_client.js" failed migration failed with error: create table `access_list_client` (`id` int unsigned not null auto_increment primary key, `created_on` datetime not null, `modified_on` datetime not null, `access_list_id` int unsigned not null, `address` varchar(255) not null, `directive` varchar(255) not null, `meta` json not null) - ER_TABLE_EXISTS_ERROR: Table 'access_list_client' already exists [4/20/2020] [5:49:29 PM] [Global ] › ✖ error create table `access_list_client` (`id` int unsigned not null auto_increment primary key, `created_on` datetime not null, `modified_on` datetime not null, `access_list_id` int unsigned not null, `address` varchar(255) not null, `directive` varchar(255) not null, `meta` json not null) - ER_TABLE_EXISTS_ERROR: Table 'access_list_client' already exists [4/20/2020] [5:49:30 PM] [Migrate ] › ℹ info Current database version: 20190227065017 [4/20/2020] [5:49:30 PM] [Migrate ] › ℹ info [access_list_client] Migrating Up... migration file "20200410143839_access_list_client.js" failed migration failed with error: create table `access_list_client` (`id` int unsigned not null auto_increment primary key, `created_on` datetime not null, `modified_on` datetime not null, `access_list_id` int unsigned not null, `address` varchar(255) not null, `directive` varchar(255) not null, `meta` json not null) - ER_TABLE_EXISTS_ERROR: Table 'access_list_client' already exists looks like something to do with access list, but i've not setup anything wif access list, any help will be appreciated. Sorry i'm kinda noob, i may need some help in collecting information for troubleshooting ****Edit****** Hi, I've manage to resolve the problems...... Edited April 23, 2020 by huangtf Quote Link to comment
windlok1010 Posted April 21, 2020 Share Posted April 21, 2020 HELP! ALL websites that require http auth are not accessible. They are, according to chrome, either ERR_HTTP2_PROTOCOL_ERROR or NET::ERR_CERT_AUTHORITY_INVALID. However those do not need a username and password are working perfectly fine. All the changes I made today was updating Unraid from 6.8.2 to 6.8.3 and add one more proxy host. Any idea what may have caused it? Thanks! Quote Link to comment
tknx Posted April 23, 2020 Share Posted April 23, 2020 Anyone able to point to how to use this with Spaceinvaderone's recent jitsi guide? He uses nginx/LE with conf files and his sample nginx conf file is posted at the bottom here. I am not sure how to point at containers the same way... # make sure that your dns has a cname set for jitsi this file assumes the subdomain is meet.yourdomain.com server { listen 80; listen 443 ssl http2; listen [::]:443 ssl http2; server_name meet.*; location / { # enable the next two lines for http auth # auth_basic "Ask for password from your organisation"; # auth_basic_user_file /config/nginx/.htpasswd; ssi on; proxy_pass http://meet.jitsi; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $http_host; } # BOSH location /http-bind { proxy_pass http://xmpp.meet.jitsi:5280/http-bind; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $http_host; } # xmpp websockets location /xmpp-websocket { proxy_pass http://xmpp.meet.jitsi:5280/xmpp-websocket; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; tcp_nodelay on; } } Quote Link to comment
Djoss Posted April 24, 2020 Author Share Posted April 24, 2020 On 4/13/2020 at 1:58 PM, License said: I am currently getting a Cloud flare 502 Bad Gateway when attempting to access a subdomain that I set up through the proxy manager. I've watched the logs as I create the Proxy Hosts and do not see any errors in the logs. Any advice would be greatly appreciated! Will provide any additional information that is needed to help triage. Is cloud flare reporting the 502 or Nginx Proxy Manger itself? You can look at log files under /mnt/user/appdata/NginxProxyManager/log/nginx/proxy_host-* to see if NPM is actually reached or not. Quote Link to comment
Djoss Posted April 24, 2020 Author Share Posted April 24, 2020 On 4/18/2020 at 10:25 AM, Nuke said: How to see config? nginx -T inside docker says: /tmp # nginx -T nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: [emerg] getpwnam("nginx") failed nginx: configuration file /etc/nginx/nginx.conf test failed I try to find out why nginx shows me 403 when i ask url like http://xyz:8090/blablabla&tr=udp://lalala&tr=http://hohoho.com If i delete "http" in URL then this URL is OK for nginx. Why nginx does not like when more than two "http" persist in url ? The view the nginx config, it's probably better to look directly at /etc/nginx/nginx.conf inside the container, along with the different included files. You can also look at log files under /mnt/user/appdata/NginxProxyManager/log/nginx/proxy_host-* to maybe get more details on the error. Quote Link to comment
Djoss Posted April 24, 2020 Author Share Posted April 24, 2020 On 4/18/2020 at 2:09 PM, rilles said: just download this and trying to use this with bitwarden. Issue is I cannot seem to get a LetsEncrypt cert - every time I try to create one I get an "internal error". if I look at my proxy error its basically missing the .pem file (probably related to the error) edit: read through the above now understanding it a bit better - no luck. giving its own unique IP has the same error. Are you sure the container is reachable from the internet on port 80 ? Quote Link to comment
Djoss Posted April 24, 2020 Author Share Posted April 24, 2020 On 4/20/2020 at 5:41 AM, Veuchez said: Hello to all, has the way to specify ssl_ciphers been implemented? Is it possible to generate RSA 4096bits keys? Thank you! This is currently not something that can be customized. You could try to manually edit files, but these changes would be lost every time the container is re-created/updated. Quote Link to comment
Djoss Posted April 24, 2020 Author Share Posted April 24, 2020 On 4/21/2020 at 4:09 PM, windlok1010 said: HELP! ALL websites that require http auth are not accessible. They are, according to chrome, either ERR_HTTP2_PROTOCOL_ERROR or NET::ERR_CERT_AUTHORITY_INVALID. However those do not need a username and password are working perfectly fine. All the changes I made today was updating Unraid from 6.8.2 to 6.8.3 and add one more proxy host. Any idea what may have caused it? Thanks! Did you try with another browser? If you disable the access list, does it work? Quote Link to comment
Djoss Posted April 24, 2020 Author Share Posted April 24, 2020 On 4/22/2020 at 8:46 PM, tknx said: Anyone able to point to how to use this with Spaceinvaderone's recent jitsi guide? He uses nginx/LE with conf files and his sample nginx conf file is posted at the bottom here. I am not sure how to point at containers the same way... In proxy_pass settings, you can use IP address (of containers) instead of dns names. Quote Link to comment
Veuchez Posted April 25, 2020 Share Posted April 25, 2020 On 24/4/2020 at 04:02, Djoss said: Questo non è attualmente qualcosa che può essere personalizzato. È possibile provare a modificare manualmente i file, ma queste modifiche andrebbero perse ogni volta che il contenitore viene ricreato / aggiornato. Is it something that will be implemented in future releases? Quote Link to comment
dalben Posted April 25, 2020 Share Posted April 25, 2020 I was changing some IPs and ran into all sorts of problems with ngix letsencrypt. Without changing anything, if I request a new cert I get the following error message: nginx: [emerg] unexpected ";" in /data/nginx/proxy_host/18.conf:46 [nginx] starting... 18.conf in this case is the proxy host I was trying to renew. Line 46 has the following: # Access checks must... ; It seems to be missing the 'satisfy any' string be foe the semi-colon. If I manually add the satisy any, so it looks like this: # Access checks must... satisy any; it start's the renewal, goes a fair bit further until it throws this error: Duplicate relation "access_list" in a relation expression. You should use "a.[b, c]" instead of "[a.b, a.c]". This will cause an error in objection 2.0 [4/25/2020] [10:18:33 PM] [Nginx ] › ℹ info Reloading Nginx [4/25/2020] [10:18:33 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #61: nb.rdkl.me [4/25/2020] [10:18:36 PM] [Express ] › ⚠ warning Command failed: /usr/sbin/nginx -t nginx: [emerg] unexpected ";" in /data/nginx/proxy_host/18.conf:46 nginx: configuration file /etc/nginx/nginx.conf test failed [4/25/2020] [10:18:36 PM] [Express ] › ⚠ warning Command failed: /usr/sbin/nginx -t nginx: [emerg] unexpected ";" in /data/nginx/proxy_host/18.conf:46 nginx: configuration file /etc/nginx/nginx.conf test failed At that point if I reload 18.conf, the satisfy any has been removed and the solitary semi-colon throws the error. Any ideas? At this point I can't touch any working proxy-host config as doing so will break it. Quote Link to comment
Jaska Posted April 25, 2020 Share Posted April 25, 2020 Hi. How would you pass the ip info to the reverse proxied service? Everything shows the NPM IP instead of the true ip (it's proxied, I know). Otherwise NPM works butter smooth and does exactly what I need it to do. Quote Link to comment
Djoss Posted April 25, 2020 Author Share Posted April 25, 2020 3 hours ago, Veuchez said: Is it something that will be implemented in future releases? I'm packaging the application into a Docker container, but I'm not the one developing features. You could ask such requests to the project owner: https://github.com/jc21/nginx-proxy-manager Quote Link to comment
Djoss Posted April 25, 2020 Author Share Posted April 25, 2020 3 hours ago, dalben said: I was changing some IPs and ran into all sorts of problems with ngix letsencrypt. Without changing anything, if I request a new cert I get the following error message: nginx: [emerg] unexpected ";" in /data/nginx/proxy_host/18.conf:46 [nginx] starting... 18.conf in this case is the proxy host I was trying to renew. Line 46 has the following: # Access checks must... ; It seems to be missing the 'satisfy any' string be foe the semi-colon. If I manually add the satisy any, so it looks like this: # Access checks must... satisy any; it start's the renewal, goes a fair bit further until it throws this error: Duplicate relation "access_list" in a relation expression. You should use "a.[b, c]" instead of "[a.b, a.c]". This will cause an error in objection 2.0 [4/25/2020] [10:18:33 PM] [Nginx ] › ℹ info Reloading Nginx [4/25/2020] [10:18:33 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #61: nb.rdkl.me [4/25/2020] [10:18:36 PM] [Express ] › ⚠ warning Command failed: /usr/sbin/nginx -t nginx: [emerg] unexpected ";" in /data/nginx/proxy_host/18.conf:46 nginx: configuration file /etc/nginx/nginx.conf test failed [4/25/2020] [10:18:36 PM] [Express ] › ⚠ warning Command failed: /usr/sbin/nginx -t nginx: [emerg] unexpected ";" in /data/nginx/proxy_host/18.conf:46 nginx: configuration file /etc/nginx/nginx.conf test failed At that point if I reload 18.conf, the satisfy any has been removed and the solitary semi-colon throws the error. Any ideas? At this point I can't touch any working proxy-host config as doing so will break it. Is this proxy host mapped to an access list ? Did you try to just edit the proxy host and save, to see if the config file is correctly re-generated ? Quote Link to comment
Djoss Posted April 25, 2020 Author Share Posted April 25, 2020 3 hours ago, Jaska said: Hi. How would you pass the ip info to the reverse proxied service? Everything shows the NPM IP instead of the true ip (it's proxied, I know). Otherwise NPM works butter smooth and does exactly what I need it to do. The real IP is passed to the proxied service via HTTP headers (added by nginx). Quote Link to comment
GreenEyedMonster Posted April 25, 2020 Share Posted April 25, 2020 (edited) I have a "dumb" question. I have a Terraria docker setup for my niece and nephew to use. I used NPM to pass the ip and port to a specific web page. http://terraria.randomwebpage.com When I use Terraria to log in and put the web address in it shows the correct Ip for my server but I can't connect. I assumed that this would allow me not to have to port forward anything on my router as NPM would handle that. Am I wrong? Update: After more testing... once in a while it starts giving me NameCheaps (my provider - 192.64.119.194) IP address instead of my own servers IP address. Any idea why?? Edited April 25, 2020 by GreenEyedMonster Quote Link to comment
tknx Posted April 25, 2020 Share Posted April 25, 2020 On 4/23/2020 at 7:48 PM, Djoss said: In proxy_pass settings, you can use IP address (of containers) instead of dns names. So this? Quote Link to comment
dalben Posted April 26, 2020 Share Posted April 26, 2020 13 hours ago, Djoss said: Is this proxy host mapped to an access list ? Did you try to just edit the proxy host and save, to see if the config file is correctly re-generated ? Yeah, it was. They all are. After much fiddling and reinstalling etc, I got everything back up again. I need to create the proxy hosts as publicly available and pull down the cert in that setup. Once the cert is applied and all is running, I then change the security from Public to Access group. Save that and all is good. Quote Link to comment
Djoss Posted April 26, 2020 Author Share Posted April 26, 2020 17 hours ago, GreenEyedMonster said: I have a "dumb" question. I have a Terraria docker setup for my niece and nephew to use. I used NPM to pass the ip and port to a specific web page. http://terraria.randomwebpage.com When I use Terraria to log in and put the web address in it shows the correct Ip for my server but I can't connect. I assumed that this would allow me not to have to port forward anything on my router as NPM would handle that. Am I wrong? Update: After more testing... once in a while it starts giving me NameCheaps (my provider - 192.64.119.194) IP address instead of my own servers IP address. Any idea why?? Sorry I'm not sure I follow you. Who starts giving you wrong IP addresses ? Terraria ? I never tried this docker, so I'm not sure what we should expect. Quote Link to comment
Djoss Posted April 26, 2020 Author Share Posted April 26, 2020 15 hours ago, tknx said: So this? You can look at the generated config file in the appdata folder to see if it looks like the example you provided earlier. Quote Link to comment
rilles Posted April 26, 2020 Share Posted April 26, 2020 On 4/23/2020 at 9:57 PM, Djoss said: Are you sure the container is reachable from the internet on port 80 ? that was the issue. when I first started dong this I did not realize that letsencrypt requires the rproxy to allow inbound access from the internet. Quote Link to comment
GreenEyedMonster Posted April 26, 2020 Share Posted April 26, 2020 (edited) 7 hours ago, Djoss said: Sorry I'm not sure I follow you. Who starts giving you wrong IP addresses ? Terraria ? I never tried this docker, so I'm not sure what we should expect. No worries! I'll try to make it a little bit more clear. So in Terraria when you search for a server you enter the IP address of that server and then the port number. The first screen you enter the IP address of the server. (In my case the web site I have the docker forwarded to.) In the next screen you enter the port number of server. (I used my dockers port number. This might be the issue.) The last screen translate the website address to an IP address. This sometimes translate to my servers IP address sometimes it translates it to the my website hosts provider IP address. So I think part of it is that I should be forwarding my port on my router. The second part I don't understand why IP switches at times to NameCheap vs my servers IP. Also, thank you for all you have done. This docker is my favorite by far!! Edited April 26, 2020 by GreenEyedMonster Quote Link to comment
Djoss Posted April 26, 2020 Author Share Posted April 26, 2020 3 hours ago, GreenEyedMonster said: No worries! I'll try to make it a little bit more clear. So in Terraria when you search for a server you enter the IP address of that server and then the port number. The first screen you enter the IP address of the server. (In my case the web site I have the docker forwarded to.) In the next screen you enter the port number of server. (I used my dockers port number. This might be the issue.) The last screen translate the website address to an IP address. This sometimes translate to my servers IP address sometimes it translates it to the my website hosts provider IP address. So I think part of it is that I should be forwarding my port on my router. The second part I don't understand why IP switches at times to NameCheap vs my servers IP. Also, thank you for all you have done. This docker is my favorite by far!! Are you using the docker server available on the Community Apps ? If yes, it seems that this server runs on a single port (7777) and is not a web application. In this, case, I think you don't need NPM. Just the DNS name pointing to your public IP and port forwarding like you did. As for the IP, the problem could be a conflict about perceived IP of your server. From the internet, your server appears to have your public IP. But if the server also advertises/reports its own IP, it will probably be the internal one. Quote Link to comment
tknx Posted April 27, 2020 Share Posted April 27, 2020 So oddly enough it started working with a simple https redirect to the appropriate IP and port without any of the location stuff. Haven't thoroughly tested it yet though. Quote Link to comment
xxsxx47 Posted May 1, 2020 Share Posted May 1, 2020 (edited) I Solved it , for any having this trouble : all i did is editing the file in " \appdata\NginxProxyManager\nginx\proxy_host " for proxy you went and add the following text after this line " location / { " add_header Content-Security-Policy "upgrade-insecure-requests"; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header X-UA-Compatible "IE=Edge" always; add_header Cache-Control "no-transform" always; add_header Referrer-Policy "same-origin" always; add_header Feature-Policy "autoplay 'none'; camera 'none'" always; and restart the docker for the Nginx Proxy Manager . -------------------------------------------------- Docker : CalibreWeb from linuxserver if any could help me please , is there any danger if left alone because every thing is working we me i tired the https://securityheaders.com to see if every thing is right in security Department but got red ones there any way to fix them ? >i tried adding "add_header X-Frame-Options "SAMEORIGIN";" but didn't do any. Edited May 4, 2020 by xxsxx47 adding the answer for my problem Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.