JonathanM Posted August 6, 2020 Share Posted August 6, 2020 2 hours ago, Mattyfaz said: Is there another method of hosting a static site on my UnRaid Server I am not across? The LSIO Letsencrypt container would be the typical choice. This particular container is set up for proxy, not hosting. Quote Link to comment
MattFaz Posted August 6, 2020 Share Posted August 6, 2020 9 minutes ago, jonathanm said: The LSIO Letsencrypt container would be the typical choice. This particular container is set up for proxy, not hosting. Sorry, I should've clarified that having Authentication in front of the Static Site is a requirement. Which is the reason I went for NPM. Quote Link to comment
JonathanM Posted August 6, 2020 Share Posted August 6, 2020 38 minutes ago, Mattyfaz said: Sorry, I should've clarified that having Authentication in front of the Static Site is a requirement. Which is the reason I went for NPM. I'm not quite following, but if you need to have NPM as the gateway, then just use a plain vanilla apache or nginx container to host the static site and point NPM to that container. I use LSIO's LE with basic authentication for some static pages as well as using it to reverse proxy a bunch of other sites in my LAN, some on Unraid, some hosted on VM's, etc. 1 Quote Link to comment
MattFaz Posted August 6, 2020 Share Posted August 6, 2020 (edited) Ohhh right, sorry I totally misunderstood. I'm still confused on how to setup LSIO's LE container with Authentication (and multiple domain names), but regardless I can confirm this solution has worked brilliantly: 47 minutes ago, jonathanm said: just use a plain vanilla apache or nginx container to host the static site and point NPM to that container. Thanks @jonathanm - all sorted now Edited August 6, 2020 by Mattyfaz Quote Link to comment
bdydrp Posted August 9, 2020 Share Posted August 9, 2020 hoping someone could help me track down an issue. I'm no longer able to access my proxy hosts from external. I have mydomain.duckdnsorg set to forward to my Jellyfin docker container - But i keep getting error 504 Gateway timeout. When i disable the proxy, i'm greeted with the Congratulations landing page! I have double checked that duckdns has the correct external IP - which it does! Also, to double check port forward rules are working, i disabled them, and my domains just time out. With the testing ive done, i can only put it down to NPM not forwarding to proxy hosts?? Is there something else i can check?? Cheers Quote Link to comment
bdydrp Posted August 12, 2020 Share Posted August 12, 2020 So i tried removing the container completely and re-installing. My duck DNS name just resolves the the Congratulations landing page.. Now at a loss as to the cause Quote Link to comment
smartkid808 Posted August 12, 2020 Share Posted August 12, 2020 (edited) Hi Guys. I had nginix working last month, not sure what happened, I am unable to renew certs. I get an error "timedout". I'm probably missing something simple here, but im more of a Windows person vs Linux. Thanks for any help. -Will [8/12/2020] [3:53:46 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-4" --preferred-challenges "dns,http" --disable-hook-validation Another instance of Certbot is already running. [8/12/2020] [3:48:21 PM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates for Cert #4: o**i.s*******8.net [8/12/2020] [3:49:13 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-4" --preferred-challenges "dns,http" --disable-hook-validation Saving debug log to /config/log/letsencrypt/letsencrypt.log Cert is due for renewal, auto-renewing... Non-interactive renewal: random delay of 36 seconds Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for o**i.s*******8.net Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Cleaning up challenges Attempting to renew cert (npm-4) from /etc/letsencrypt/renewal/npm-4.conf produced an unexpected error: Failed authorization procedure. o**i.s*******8.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://o**i.s*******8.net/.well-known/acme-challenge/mhVyDF2lpreiKo_kMhAhFdIYNBa6FX3yHvN11vXQKkU: Timeout during connect (likely firewall problem). Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/npm-4/fullchain.pem (failure) 1 renew failure(s), 0 parse failure(s) Edited August 12, 2020 by smartkid808 Quote Link to comment
Dark-Raptor Posted August 14, 2020 Share Posted August 14, 2020 (edited) im having with renewing certs also ive rebuilt the image and re saved all the domains and still no luck also some domains listed as expired in the SSL page but if i check the site its self it has a newer cert then listed [8/14/2020] [7:26:01 AM] [SSL ] › ✖ error Error: Command failed: /usr/bin/certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation Attempting to renew cert (npm-6) from /etc/letsencrypt/renewal/npm-6.conf produced an unexpected error: Failed authorization procedure. n***a.d****-r****r.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://n***a.d****-r****r.co.uk/.well-known/acme-challenge/8m7FHu7FrVb7tV2aGGYfLZfhFP5TvqO1iHAu6-mG3Mg [*.*.*.*]: "<html>\r\n<head><title>401 Authorization Required</title><link rel=\"stylesheet\" type=\"text/css\" href=\"https://gilbn.github.io/them". Skipping. Attempting to renew cert (npm-20) from /etc/letsencrypt/renewal/npm-20.conf produced an unexpected error: Failed authorization procedure. n***a.d****-r****r.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://n***a.d****-r****r.co.uk/.well-known/acme-challenge/DRtRZr77KhC32wvEbt0iN33aUNP22_YB-7enTpaJ56o [*.*.*.*]: "<html>\r\n<head><title>401 Authorization Required</title><link rel=\"stylesheet\" type=\"text/css\" href=\"https://gilbn.github.io/them". Skipping. Attempting to renew cert (npm-22) from /etc/letsencrypt/renewal/npm-22.conf produced an unexpected error: Failed authorization procedure. **b.d*****r.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://**b.d*****r.co.uk/.well-known/acme-challenge/ZMAZSCwrIoLr-8bcIQgBKNH-0ehqEcT_IJVkvkYIOmA [*.*.*.*]: "<!DOCTYPE html>\n<html>\n <head>\n <script src=\"https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\"></script>\n ". Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/npm-6/fullchain.pem (failure) /etc/letsencrypt/live/npm-20/fullchain.pem (failure) /etc/letsencrypt/live/npm-22/fullchain.pem (failure) 3 renew failure(s), 0 parse failure(s) i have no idea what happened but the issue seems to have fixed its self and all are being renewed now Edited August 14, 2020 by Dark-Raptor issue fixed its self Quote Link to comment
kcgodwins Posted August 19, 2020 Share Posted August 19, 2020 How does one revoke a cert with this? Or, more to the point, revoke a cert created by this? There doesn't seem to be a lot of real world tutorials out there, at least none that I have found. Any pointers would be appreciated. Thank you! Quote Link to comment
mwwb Posted August 21, 2020 Share Posted August 21, 2020 Does anyone have pihole running with this? I tried lots of custom configs but i keep getting 502 errors. Quote Link to comment
Greygoose Posted August 23, 2020 Share Posted August 23, 2020 (edited) My certs are to expire tomorrow and i'm trying to renew in the proxy manager and it gives an error. Help please error i get [8/23/2020] [8:38:40 AM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --preferred-challenges "dns,http" --disable-hook-validation Edited August 23, 2020 by Greygoose Quote Link to comment
Nuke Posted August 23, 2020 Share Posted August 23, 2020 (edited) Can i use http load balancer with this container? Edited August 23, 2020 by Nuke Quote Link to comment
Nuke Posted August 24, 2020 Share Posted August 24, 2020 How to disable any logs for NPM ? I have a tons of gigs in /mnt/cache/appdata/NginxProxyManager/log here i see error.log with "2020/08/24 13:04:06 [warn] 2546#2546: *907484 an upstream response is buffered to a temporary file /var/tmp/nginx/proxy/2/42/0000000422 while reading upstream ..........." and proxy_host-1.log with "[24/Aug/2020:12:55:29 +0300] - 404 404 - POST http" this is because i use custom config with location ~ /(settings/write|torrent/rem|torrent/restart|shutdown) { auth_basic "Authorization required"; auth_basic_user_file /data/access/1; so clients see 404 for this pages and this normal. i just need to disable 100 strings per second to logs Quote Link to comment
ytddewqf Posted August 26, 2020 Share Posted August 26, 2020 (edited) Hi, Just wanted to stop by and say thanks to @Djoss for this container, I've found it much easier to use as my knowledgebase regarding Nginx is limited. I've managed to setup Bitwarden, Droppy, Radarr, Sonarr and NextCloud, and everything has worked great. I'm even getting a complete clean security bill of health in NextCloud which I never managed with Letsencrypt (however no disrespect to the Linuxserver guys, it will have been down to my lack of understanding). For reference, the only things I had to do in order to transition from Letsencrypt/Swag to Nginx Proxy Manager were; *Delete all prior certificates generated by Letsencrypt, *I haven't had any issues having NPM on its own network rather than Bridge, *Disable Cloudflare proxy protection for each of my subdomains, and *Add my NextCloud domain to the nextcloud config file, under "trusted domains". Keep up the great work! Edited August 26, 2020 by LoneTraveler Quote Link to comment
Djoss Posted August 26, 2020 Author Share Posted August 26, 2020 On 8/9/2020 at 10:06 AM, bdydrp said: hoping someone could help me track down an issue. I'm no longer able to access my proxy hosts from external. I have mydomain.duckdnsorg set to forward to my Jellyfin docker container - But i keep getting error 504 Gateway timeout. When i disable the proxy, i'm greeted with the Congratulations landing page! I have double checked that duckdns has the correct external IP - which it does! Also, to double check port forward rules are working, i disabled them, and my domains just time out. With the testing ive done, i can only put it down to NPM not forwarding to proxy hosts?? Is there something else i can check?? Cheers The 504 error seems to indicate that NPM cannot reach your Jellyfin container... Quote Link to comment
Djoss Posted August 26, 2020 Author Share Posted August 26, 2020 On 8/12/2020 at 4:59 PM, smartkid808 said: Hi Guys. I had nginix working last month, not sure what happened, I am unable to renew certs. I get an error "timedout". I'm probably missing something simple here, but im more of a Windows person vs Linux. Thanks for any help. -Will [8/12/2020] [3:53:46 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-4" --preferred-challenges "dns,http" --disable-hook-validation Another instance of Certbot is already running. [8/12/2020] [3:48:21 PM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates for Cert #4: o**i.s*******8.net [8/12/2020] [3:49:13 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-4" --preferred-challenges "dns,http" --disable-hook-validation Saving debug log to /config/log/letsencrypt/letsencrypt.log Cert is due for renewal, auto-renewing... Non-interactive renewal: random delay of 36 seconds Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for o**i.s*******8.net Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Cleaning up challenges Attempting to renew cert (npm-4) from /etc/letsencrypt/renewal/npm-4.conf produced an unexpected error: Failed authorization procedure. o**i.s*******8.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://o**i.s*******8.net/.well-known/acme-challenge/mhVyDF2lpreiKo_kMhAhFdIYNBa6FX3yHvN11vXQKkU: Timeout during connect (likely firewall problem). Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/npm-4/fullchain.pem (failure) 1 renew failure(s), 0 parse failure(s) According to the error, NPM was not reachable through port 80 from the Internet. Did you verified this ? Quote Link to comment
Djoss Posted August 26, 2020 Author Share Posted August 26, 2020 On 8/19/2020 at 3:11 PM, kcgodwins said: How does one revoke a cert with this? Or, more to the point, revoke a cert created by this? There doesn't seem to be a lot of real world tutorials out there, at least none that I have found. Any pointers would be appreciated. Thank you! I think that deleting the certificate will also revoke it. Quote Link to comment
Djoss Posted August 26, 2020 Author Share Posted August 26, 2020 On 8/21/2020 at 8:56 AM, mwwb said: Does anyone have pihole running with this? I tried lots of custom configs but i keep getting 502 errors. The 502 error seems to indicate that NPM cannot reach pihole. Double check you proxy host settings. Quote Link to comment
Djoss Posted August 27, 2020 Author Share Posted August 27, 2020 On 8/23/2020 at 10:51 AM, Nuke said: Can i use http load balancer with this container? No, this is not something that can be configured with NPM. 1 Quote Link to comment
Djoss Posted August 27, 2020 Author Share Posted August 27, 2020 On 8/24/2020 at 6:08 AM, Nuke said: How to disable any logs for NPM ? I have a tons of gigs in /mnt/cache/appdata/NginxProxyManager/log here i see error.log with "2020/08/24 13:04:06 [warn] 2546#2546: *907484 an upstream response is buffered to a temporary file /var/tmp/nginx/proxy/2/42/0000000422 while reading upstream ..........." and proxy_host-1.log with "[24/Aug/2020:12:55:29 +0300] - 404 404 - POST http" this is because i use custom config with location ~ /(settings/write|torrent/rem|torrent/restart|shutdown) { auth_basic "Authorization required"; auth_basic_user_file /data/access/1; so clients see 404 for this pages and this normal. i just need to disable 100 strings per second to logs Not sure if you saw the answer on GitHub, but I would try to add the following under "location": error_log off; access_log off; 1 Quote Link to comment
itlists Posted August 29, 2020 Share Posted August 29, 2020 (edited) I have a few proxy hosts setup and working fine with Lets Encrypt certs for a few months. Tried creating a new proxy host today and keep getting "Internal Error" in GUI. Log is pasted below [8/28/2020] [9:04:14 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #15: grocy.domain.com [8/28/2020] [9:04:16 PM] [Nginx ] › ℹ info Reloading Nginx [8/28/2020] [9:04:16 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-15" --agree-tos --email "[email protected]" --preferred-challenges "dns,http" --webroot --domains "grocy.domain.com" Saving debug log to /config/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for grocy.domain.com Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Cleaning up challenges Failed authorization procedure. grocy.domain.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://grocy.domain.com/.well-known/acme-challenge/-e-long-string-of-characters-4 [2606:4700:3037::681c:12a2]: "<!DOCTYPE html>\n<!--[if lt IE 7]> <html class=\"no-js ie6 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 7]> <html class=\"no-js " Edited August 29, 2020 by itlists Quote Link to comment
bdydrp Posted August 30, 2020 Share Posted August 30, 2020 (edited) On 8/27/2020 at 9:55 AM, Djoss said: The 504 error seems to indicate that NPM cannot reach your Jellyfin container... Thanks Jellyfin definitely works locally, so i will try and see if i can access another container on my network EDIT: so i have tried a number of different IP:PORT NUMBERS and it seems there is 2 containers i cant reach NodeRed @ 192.168.20.10:1880 and Unifi @ 192.168.1.4:8443 as well as Jellyfin container. But i can reach other devices on my network which have a web interface So im at a loss, as to why i cant reach 3 containers. AFAIK, there is nothing blocking incoming requests via proxy Edited September 1, 2020 by bdydrp Quote Link to comment
Jonatino Posted September 3, 2020 Share Posted September 3, 2020 (edited) Having a few errors with this container. Setup: First being, the nginx config fails to pass test straight out of the box: /var/tmp/nginx/proxy/3/60 # nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: [emerg] getpwnam("nginx") failed nginx: configuration file /etc/nginx/nginx.conf test failed Secondly, it's also failing to reverse proxy next cloud (with permissions errors): 2020/09/03 15:57:57 [crit] 1516#1516: *3015 open() "/var/tmp/nginx/proxy/3/59/0000000593" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /core/img/actions/error-white.svg?v=1 HTTP/1.1", upstream: "https://10.0.0.3:82/core/img/actions/error-white.svg?v=1", host: "cloud.anglur.io" 2020/09/03 15:57:57 [crit] 1516#1516: *3007 open() "/var/tmp/nginx/proxy/4/59/0000000594" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /js/core/merged-template-prepend.js?v=a3beacbc-0 HTTP/1.1", upstream: "https://10.0.0.3:82/js/core/merged-template-prepend.js?v=a3beacbc-0", host: "cloud.anglur.io" 2020/09/03 15:57:58 [crit] 1516#1516: *3017 open() "/var/tmp/nginx/proxy/5/59/0000000595" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /core/img/actions/confirm.svg?v=2 HTTP/1.1", upstream: "https://10.0.0.3:82/core/img/actions/confirm.svg?v=2", host: "cloud.anglur.io" 2020/09/03 15:57:58 [crit] 1516#1516: *3019 open() "/var/tmp/nginx/proxy/6/59/0000000596" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /core/img/actions/confirm-white.svg?v=2 HTTP/1.1", upstream: "https://10.0.0.3:82/core/img/actions/confirm-white.svg?v=2", host: "cloud.anglur.io" 2020/09/03 15:57:58 [crit] 1516#1516: *3021 open() "/var/tmp/nginx/proxy/7/59/0000000597" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /core/img/logo/logo.svg?v=1 HTTP/1.1", upstream: "https://10.0.0.3:82/core/img/logo/logo.svg?v=1", host: "cloud.anglur.io" 2020/09/03 15:57:58 [crit] 1516#1516: *3023 open() "/var/tmp/nginx/proxy/8/59/0000000598" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /core/img/actions/checkmark-white.svg?v=1 HTTP/1.1", upstream: "https://10.0.0.3:82/core/img/actions/checkmark-white.svg?v=1", host: "cloud.anglur.io" 2020/09/03 15:57:58 [crit] 1516#1516: *3025 open() "/var/tmp/nginx/proxy/9/59/0000000599" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /core/img/background.png?v=2 HTTP/1.1", upstream: "https://10.0.0.3:82/core/img/background.png?v=2", host: "cloud.anglur.io" 2020/09/03 15:57:58 [crit] 1516#1516: *3035 open() "/var/tmp/nginx/proxy/0/60/0000000600" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /core/img/background.png?v=0 HTTP/1.1", upstream: "https://10.0.0.3:82/core/img/background.png?v=0", host: "cloud.anglur.io" 2020/09/03 15:57:58 [crit] 1516#1516: *3027 open() "/var/tmp/nginx/proxy/1/60/0000000601" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /apps/theming/img/core/filetypes/text.svg?v=0 HTTP/1.1", upstream: "https://10.0.0.3:82/apps/theming/img/core/filetypes/text.svg?v=0", host: "cloud.anglur.io" 2020/09/03 15:57:58 [crit] 1516#1516: *3029 open() "/var/tmp/nginx/proxy/2/60/0000000602" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /apps/theming/img/core/filetypes/folder.svg?v=0 HTTP/1.1", upstream: "https://10.0.0.3:82/apps/theming/img/core/filetypes/folder.svg?v=0", host: "cloud.anglur.io" 2020/09/03 15:57:58 [crit] 1516#1516: *3033 open() "/var/tmp/nginx/proxy/3/60/0000000603" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /apps/theming/img/core/filetypes/folder-drag-accept.svg?v=0 HTTP/1.1", upstream: "https://10.0.0.3:82/apps/theming/img/core/filetypes/folder-drag-accept.svg?v=0", host: "cloud.anglur.io" Edited September 3, 2020 by Jonatino adding screenshot Quote Link to comment
Foxglove Posted September 7, 2020 Share Posted September 7, 2020 Hello, I'm getting a few unexpected results. I left all settings default when installing the Docker, other than changing the network from a bridge on the host to br02 so it can have its own address. Why does Docker show that the mapped resources, specifically the ports it is using, do not match what are in the docker settings? Also, I think I have an outdated version of the application, though that could be an issue with the Docker image. Do I have an issue, or am I just missing something that should be obvious? Screenshots attached. Quote Link to comment
alturismo Posted September 8, 2020 Share Posted September 8, 2020 the custom br2 network here is like a host network, it wont map ports, it ll use the native ports from the app(s), so its all correct. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.