Djoss Posted May 19, 2020 Author Share Posted May 19, 2020 On 5/17/2020 at 8:33 AM, bdydrp said: Thanks - Have left it in bridge for now! Tho, the other docker im accessing (jellyfin) has an IP assigned, and i can still access it Cheers If I remember correctly, a container in bridge mode can't access another container with an assigned IP (unless you use a vlan I think). Just remember that port mappings work only in bridge network mode. So if you use NPM in another mode, you need to work with ports of the container (i.e. 8080, 4443 and 8181). Quote Link to comment
Djoss Posted May 19, 2020 Author Share Posted May 19, 2020 On 5/17/2020 at 11:48 PM, VinceB said: Hi everyone, I am quite a newbie, but found UNRAID solutaion based on dockerized app so powerful ! after several tryouts, came to the conclusion of having "Nginx Proxy Mangager" app that take care of : - reverse proxy set-up - fetching SSL from let's encrypt I used to work with LE container but the Reverse Proxy side was sometimes quite tough to configure. Now my question is : I am using nginx container from Linux IO guys to power multiple websites. I would like to use the certificates retrieved by "Nginx Rerverse Proxy" in the nginx site conf file : ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; (this was a template based on LE) So my point is how to get the path from "Nginx Reverse Proxy" inside this Nginx container ? Do i need the add a custom path to the NGINX template ? Thanks for your support ! Vince B You don't need to transfer certs. Nginx Proxy Manager will re-generate them. Quote Link to comment
tknx Posted May 19, 2020 Share Posted May 19, 2020 When I don't put /web/ I end up with an XML document tree. Quote Link to comment
Froberg Posted May 19, 2020 Share Posted May 19, 2020 On 5/17/2020 at 2:33 PM, bdydrp said: Thanks - Have left it in bridge for now! Tho, the other docker im accessing (jellyfin) has an IP assigned, and i can still access it Cheers Yeah me too. My piHole is in br0 and has an IP address assigned, and I can access it just fine. NPM just can't, to my knowledge, access the other virtual networks for the remapping. Anyone feel free to correct me, of course. Quote Link to comment
tknx Posted May 21, 2020 Share Posted May 21, 2020 Well - it isn't working again. No idea why since I literally didn't touch any settings. Can't access the webui even. Started complaining about a semicolon in a conf file. Then it had problems with the letsencrypt.pem file. Honestly this is the fourth time it has collapsed without warning, so I don't know what is going on with it. I checked my drives for corruption and they were fine. So something is causing problems, but I think I will go try Caddy. Quote Link to comment
TexasDave Posted May 23, 2020 Share Posted May 23, 2020 I have moved to Nginx Proxy Manager from LetsEncypt and really like it - Thanks! I am still using my old LetsEncrypt "proxynet" - Is this ok? Seems like it should be and isolates the dockers on my reverse proxy? But this seems to not allow me to expose the Netdata docker as that sits on the "Host" netowrk? Should I keep using "proxynet"? And is it possuble (and wise?) to expose Netdata via a reverse proxy (specifically Nginx Proxy Manager). Thanks! Quote Link to comment
TexasDave Posted May 23, 2020 Share Posted May 23, 2020 (edited) I am exposing ubooquity via reverse proxy. If my domain name is example.com https://comics.example.com/ubooquity/ works fine.... But https://comics.example.com does not work and I get a error 500 HTTP ERROR 500 Problem accessing /. Reason: Could not find matching provider (wrong URL) Can I fix this in Nginx Proxy Manager or someplace else? Thanks! Edited May 23, 2020 by TexasDave Quote Link to comment
Djoss Posted May 24, 2020 Author Share Posted May 24, 2020 On 5/21/2020 at 2:07 PM, tknx said: Well - it isn't working again. No idea why since I literally didn't touch any settings. Can't access the webui even. Started complaining about a semicolon in a conf file. Then it had problems with the letsencrypt.pem file. Honestly this is the fourth time it has collapsed without warning, so I don't know what is going on with it. I checked my drives for corruption and they were fine. So something is causing problems, but I think I will go try Caddy. What is your last issue? Something in the container log? Quote Link to comment
Djoss Posted May 24, 2020 Author Share Posted May 24, 2020 On 5/23/2020 at 6:45 AM, TexasDave said: I am exposing ubooquity via reverse proxy. If my domain name is example.com https://comics.example.com/ubooquity/ works fine.... But https://comics.example.com does not work and I get a error 500 HTTP ERROR 500 Problem accessing /. Reason: Could not find matching provider (wrong URL) Can I fix this in Nginx Proxy Manager or someplace else? Thanks! Try to add the following line under the Advanced tab: location = /{return 301 $scheme://$http_host/ubooquity/;} 1 Quote Link to comment
mata7 Posted May 25, 2020 Share Posted May 25, 2020 hi first thanks great docker nice interface i just setup my first reverse proxy domain and all work great hosted at clouflare, however when i scan my site on securityheaders i get this red warning Headers Content-Security-Policy X-Frame-Options Referrer-Policy Feature-Policy can someone please tell me how to fix this to get green, thanks in advanced 1 Quote Link to comment
TexasDave Posted May 25, 2020 Share Posted May 25, 2020 From @Djoss: Try to add the following line under the Advanced tab: location = /{return 301 $scheme://$http_host/ubooquity/;} Many thanks! Works perfectly. I am loving me some Nignix Proxy Server. I find it so much easier to work with. And prettier! 🙂 Quote Link to comment
TexasDave Posted May 25, 2020 Share Posted May 25, 2020 8 hours ago, mata7 said: hi first thanks great docker nice interface i just setup my first reverse proxy domain and all work great hosted at clouflare, however when i scan my site on securityheaders i get this red warning Headers Content-Security-Policy X-Frame-Options Referrer-Policy Feature-Policy can someone please tell me how to fix this to get green, thanks in advanced Before I used Nginx Proxy Server and used LetsEnncrypt, I reaplced the "ssl.conf" file with "strong-ssl.conf" found here: https://github.com/gilbN/Nostromo/blob/master/Server/nginx/strong-ssl.conf Not sure how one would do that in NPS. But I would also like to get the nice green A+ report from "Security Headers". Quote Link to comment
mata7 Posted May 25, 2020 Share Posted May 25, 2020 thanks for you help really apreciated, i add location = /{return 301 $scheme://$http_host/ubooquity/;} to advanced but dont work, i still get same red reports just to make sure here is where i add it Quote Link to comment
Djoss Posted May 25, 2020 Author Share Posted May 25, 2020 2 hours ago, mata7 said: thanks for you help really apreciated, i add location = /{return 301 $scheme://$http_host/ubooquity/;} to advanced but dont work, i still get same red reports just to make sure here is where i add it Adding location = /{return 301 $scheme://$http_host/ubooquity/;} is only if you reverse proxy ubooquity. This has nothing to do with security report results. SSL settings are not (easily) editable with NPM. Having a nice green report also implies that your site has less compatibility with different devices... So there is no set of settings that will fit everybody needs. Quote Link to comment
mata7 Posted May 26, 2020 Share Posted May 26, 2020 lol i dint see the ubooquity i just copy and paste, thanks Quote Link to comment
Greygoose Posted May 30, 2020 Share Posted May 30, 2020 (edited) Hi, Just come across this docker, ashamed since i use lets encrypt so much. Very impressed, had nextcloud up running in around 2 minutes. I am now however not able to run airsonic, ive made the cert and proxy config exactly like nextcloud but with a new SSL cert for airsonic. But im getting 502 bad gateway. Any help would be appreciated EDIT: solved above How i fixed it: I turned it to http under the proxy settings but forced it to use SSL. Next question please: I have to goto https://airsonic.example.com/airsonic to reach the login. can i change it to reach it via a normal method, ie https://airsonic.example.com Edited May 30, 2020 by Greygoose Quote Link to comment
Froberg Posted May 30, 2020 Share Posted May 30, 2020 13 hours ago, Greygoose said: Next question please: I have to goto https://airsonic.example.com/airsonic to reach the login. can i change it to reach it via a normal method, ie https://airsonic.example.com That would be exactly how my own nextcloud container is running. Not sure how you'd get it to do that in the first place. Maybe it's a nextcloud config issue. i set up sub.tld.dom for mine and it works just fine. Quote Link to comment
Gdtech Posted June 1, 2020 Share Posted June 1, 2020 Just install Nginx Proxy Manager Docker, not able to login, using [email protected] and password changeme, It comes up with No relevant user found Any help would be appreciated. Thanks Quote Link to comment
Djoss Posted June 1, 2020 Author Share Posted June 1, 2020 (edited) On 5/30/2020 at 2:22 AM, Greygoose said: Next question please: I have to goto https://airsonic.example.com/airsonic to reach the login. can i change it to reach it via a normal method, ie https://airsonic.example.com Adding this under the Advanced tab will probably do the trick: location = /{return 301 $scheme://$http_host/airsonic;} Edited June 1, 2020 by Djoss Quote Link to comment
Djoss Posted June 1, 2020 Author Share Posted June 1, 2020 1 hour ago, Gdtech said: Just install Nginx Proxy Manager Docker, not able to login, using [email protected] and password changeme, It comes up with No relevant user found Any help would be appreciated. Thanks I would try again with a clean appdata folder: Stop the container. Remove /mnt/user/appdata/NginxProxyManager Start the container. Quote Link to comment
sjoerd Posted June 2, 2020 Share Posted June 2, 2020 (edited) Hey I got this question/issue I used to run my webserver on baremetal right behind the router. The server (ubuntu 16.x lts) had a the ufw (just iptables wrapper) installed and I had quite a blacklist to prevent known nets and ip-addresses from spamming / hacking the site. Last week I moved the entire website to a vm and all trafic goes through NPM. - apache2 does'nt know where the traffic comes from (yeah, the reverse proxy). When it was not behind the reverse proxy I had this line but that does not work anymore LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy - ufw does'nt know it either since everything comes from the reverse proxy How can I fix these issues? Edited June 2, 2020 by sjoerd Quote Link to comment
Abigel Posted June 3, 2020 Share Posted June 3, 2020 Hi, is it possible to import my default and proxy config from my letsencrypt-docker? Quote Link to comment
JM2005 Posted June 3, 2020 Share Posted June 3, 2020 I am thinking about setting up NextCloud & Bitwardenrs dockers on my unraid system. I am sure this has been asked before but how safe is it to use a reverse proxy? I have never used a reverse proxy before and currently use VPN to access my server remotely. Quote Link to comment
AquaGoat Posted June 5, 2020 Share Posted June 5, 2020 Do the "HTTP Port" and "HTTPs Port" variables in the template do anything? Regardless of what I set those to, any conf files generated by Nginx-proxy-manager are always listening on 8080 and 4443. Quote Link to comment
knalbone Posted June 5, 2020 Share Posted June 5, 2020 Hello, I've been running this container for a while now. Over a year at least. I've had no issues until today when I setup a new proxy host and attempted to request a new certificate from LetsEncrypt. I receive this error when attempting to request the certificate. "Internal Error" I found this in the container logs [6/5/2020] [12:39:21 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-14" --agree-tos --email "[email protected]" --preferred-challenges "dns,http" --webroot --domains "myhost.mydomain.com" Another instance of Certbot is already running. How can I troubleshoot this issue? Any other clues I should look for or anyone else who's seen this? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.