mattie112 Posted November 18, 2020 Share Posted November 18, 2020 The 8181 port should be the webinterface, but perhaps you use an other port? You can also go to the docker tab in unraid and then click on NPM end then choose "WebUI". I think the container uses certbot internally but I'm not 100% sure so if the UI works I would suggest to try that first. Quote Link to comment
Rejserr Posted November 18, 2020 Share Posted November 18, 2020 webui is 8181, I checked, but can't connect. Can I create on another way cert and put in in folder ? Quote Link to comment
mattie112 Posted November 18, 2020 Share Posted November 18, 2020 (edited) Hm that is strange (perhaps restart your container?) But yes you should be able to do it from the CLI. Again SSH to your unraid and do: docker exec -it NginxProxyManager sh (If your container has a different name use that you can see it on the web UI from Unraid) In your container do: certbot renew or certbot renew --force-renewal This will renew everything or use the --cert-name flag to only do the ones you need edit: I would restart my container after doing this. Edited November 18, 2020 by mattie112 Quote Link to comment
Djoss Posted November 18, 2020 Author Share Posted November 18, 2020 @Rejserr, the web server is not starting because of the missing certificate file. If the certbot command suggested by @mattie112 doesn't fix the problem, you should try to edit the file under /mnt/user/appdata/NginxProxyManager/nginx/proxy_host/ that contains the following lines: ssl_certificate /etc/letsencrypt/live/npm-9/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/npm-9/privkey.pem; And comment them: # ssl_certificate /etc/letsencrypt/live/npm-9/fullchain.pem; # ssl_certificate_key /etc/letsencrypt/live/npm-9/privkey.pem; 1 Quote Link to comment
Rejserr Posted November 18, 2020 Share Posted November 18, 2020 Thank you mattie112 and Djoss for help, I was solved with certbot renew --force-renewal. Now is working again . 1 Quote Link to comment
skois Posted November 20, 2020 Share Posted November 20, 2020 (edited) hey guys, does your NPM have updated to 2.7.1? Im stuck at 2.6.2, Tried force update, tried remove and reinstall, tried setting :latest as a tag. Nothing worked. EDIT* Now i realised this isn't the official docker image, i'll have to wait until this image is updated to 2.7.1 Edited November 22, 2020 by skois Quote Link to comment
skois Posted November 20, 2020 Share Posted November 20, 2020 Also if anyone could explain when to use Websocket Support and Cache Assets (or what is the benefits/cons of using them) Thanks! Quote Link to comment
Spectral Force Posted November 21, 2020 Share Posted November 21, 2020 Ok, for the past few days I've been trying to get a cert and keep getting the following error: Quote Internal Error Error: Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-23" --agree-tos --email "[email protected]" --preferred-challenges "dns,http" --domains "irc.spectralforceservers.net" Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for irc.spectralforceservers.net Using the webroot path /config/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Challenge failed for domain irc.spectralforceservers.net http-01 challenge for irc.spectralforceservers.net Cleaning up challenges Some challenges have failed. at ChildProcess.exithandler (child_process.js:303:12) at ChildProcess.emit (events.js:315:20) at maybeClose (internal/child_process.js:1021:16) at Process.ChildProcess._handle.onexit (internal/child_process.js:286:5) If anyone has a resolution or could shed some light on the subject, it would be greatly appreciated. Note: I have tried the renew certbot command previously mentioned. Thanks in advance for any help. Quote Link to comment
mattie112 Posted November 22, 2020 Share Posted November 22, 2020 Can you check the logfile mentioned: /var/log/letsencrypt/letsencrypt.log (this file exists in your docker container so docker exec -it NginxProxyManager sh and then cat /var/log/letsencrypt/letsencrypt.log) Also: Is this the only domain that fails or does everything fail? Quote Link to comment
Spectral Force Posted November 22, 2020 Share Posted November 22, 2020 10 hours ago, mattie112 said: Can you check the logfile mentioned: /var/log/letsencrypt/letsencrypt.log (this file exists in your docker container so docker exec -it NginxProxyManager sh and then cat /var/log/letsencrypt/letsencrypt.log) Also: Is this the only domain that fails or does everything fail? @mattie112 I haven't tried any other domain as I haven't need any others. As for the log file, I can add it here as long as there's no sensitive info in it. Quote Link to comment
mattie112 Posted November 23, 2020 Share Posted November 23, 2020 I'm not sure what exactly is in this log (I don't seem to have this file so I guess it's only created when it fails). I would recommend to check it perhaps it is already clear then why it is failing? Quote Link to comment
Spectral Force Posted November 23, 2020 Share Posted November 23, 2020 I did a quick scan and it just said failure to renew. I'll look a more in depth after work to see if I can isolate the problem. If not and no sensitive info is in there I'll drop the log here. Best guess thus far is a failure to communicate. Quote Link to comment
mattie112 Posted November 23, 2020 Share Posted November 23, 2020 Perhaps you can try `certbot renew --dry-run` just to see if that works? Or perhaps `certbot --test-cert` ro verify letsencrypt could be reached. And just to be really sure: can you ping from within the NPM container to the internet? Quote Link to comment
Djoss Posted November 24, 2020 Author Share Posted November 24, 2020 On 11/20/2020 at 11:56 AM, skois said: hey guys, does your NPM have updated to 2.7.1? Im stuck at 2.6.2, Tried force update, tried remove and reinstall, tried setting :latest as a tag. Nothing worked. EDIT* Now i realised this isn't the official docker image, i'll have to wait until this image is updated to 2.7.1 Container image has been updated. Quote Link to comment
Djoss Posted November 24, 2020 Author Share Posted November 24, 2020 On 11/20/2020 at 12:43 PM, skois said: Also if anyone could explain when to use Websocket Support and Cache Assets (or what is the benefits/cons of using them) Thanks! WebSocket support must be enabled only when your proxied application requires it. When enabling Cache Assets, some assets, like images, will be served by NPM instead of your proxied application. I guess this can provide some performance improvements when a lot of them need to be loaded. Quote Link to comment
skois Posted November 24, 2020 Share Posted November 24, 2020 Container image has been updated.Thanks! Sent from my Mi 10 Pro using Tapatalk Quote Link to comment
skois Posted November 24, 2020 Share Posted November 24, 2020 WebSocket support must be enabled only when your proxied application requires it. When enabling Cache Assets, some assets, like images, will be served by NPM instead of your proxied application. I guess this can provide some performance improvements when a lot of them need to be loaded.I have enabled it on all, didn't see any problems or any difference when disabled, so I left it on! But I'll keep an eye if I have any problemThanks!! Sent from my Mi 10 Pro using Tapatalk Quote Link to comment
nimaim Posted November 28, 2020 Share Posted November 28, 2020 (edited) I have linuxserver's letsencrypt (now SWAG) container working just fine but would like to switch over to this as it makes adding entries so much easier through the UI. I also followed Spaceinvaderone's video of setting up each container that needs to be proxied via a custom proxynet network interface. Is this still necessary? Any other considerations for migrating over? Anything like fail2ban in here? Edited November 29, 2020 by nimaim Quote Link to comment
Spectral Force Posted November 30, 2020 Share Posted November 30, 2020 On 11/23/2020 at 8:48 AM, mattie112 said: Perhaps you can try `certbot renew --dry-run` just to see if that works? Or perhaps `certbot --test-cert` ro verify letsencrypt could be reached. And just to be really sure: can you ping from within the NPM container to the internet? @mattie112 Getting back to this. I can ping from the container. When I do the dry run, it says Cerbot is already running. I get the following error from the log Quote 2020-11-30 09:56:46,228:DEBUG:acme.client:Storing nonce: 0003zHntUKE9Oxgxpsq2L1IDEF4VMp9I5SDSoDg3GCK8AHw 2020-11-30 09:56:46,228:WARNING:certbot._internal.auth_handler:Challenge failed for domain irc.spectralforceservers.net 2020-11-30 09:56:46,229:INFO:certbot._internal.auth_handler:http-01 challenge for irc.spectralforceservers.net 2020-11-30 09:56:46,229:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server: Domain: irc.spectralforceservers.net Type: unauthorized Detail: Invalid response from http://irc.spectralforceservers.net/.well-known/acme-challenge/vxRjJMhh-i5YTWmGUfElTq9CLZQrqNrmZKE1pWMI8OI [172.98.192.36]: "<html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://irc.spectralfor" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. 2020-11-30 09:56:46,229:DEBUG:certbot._internal.error_handler:Encountered exception: Traceback (most recent call last): File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations self._poll_authorizations(authzrs, max_retries, best_effort) File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. My CNAME and duckdns.org url are linked. Thanks for your help! Quote Link to comment
mattie112 Posted November 30, 2020 Share Posted November 30, 2020 (edited) So it seems that letsencrypt cannot access the fiel it want's. When I go to the website mentioned I get redirected to a site "survey-smiles" (with a huge alert from MalwareBytes) so I can only assume that letsencrypt faces the same issue. If you go to your site do you end up correctly? (Assuming the survey-smiles thing is not yours). And just for funs here is the output of that domain: xx@xx:~# curl irc.spectralforceservers.net <html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://irc.spectralforceservers.net/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQ<removed>TUsInRzIjoxNjA2NzQ5MjE1MzI2OTIyfQ.iwTewrvuWy6FWsN3bbD0pVnXh36dwDhFwp0Hamm07RY&sid=9db9<removed>cc3238fa');</script></body></html> So yes your site does issue a redirect (the same happens with /.well-kown/acme-challenge/somerandomstring) Edited November 30, 2020 by mattie112 Quote Link to comment
Spectral Force Posted November 30, 2020 Share Posted November 30, 2020 (edited) 15 minutes ago, mattie112 said: So it seems that letsencrypt cannot access the fiel it want's. When I go to the website mentioned I get redirected to a site "survey-smiles" (with a huge alert from MalwareBytes) so I can only assume that letsencrypt faces the same issue. If you go to your site do you end up correctly? (Assuming the survey-smiles thing is not yours). And just for funs here is the output of that domain: xx@xx:~# curl irc.spectralforceservers.net <html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://irc.spectralforceservers.net/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQ<removed>TUsInRzIjoxNjA2NzQ5MjE1MzI2OTIyfQ.iwTewrvuWy6FWsN3bbD0pVnXh36dwDhFwp0Hamm07RY&sid=9db9<removed>cc3238fa');</script></body></html> So yes your site does issue a redirect (the same happens with /.well-kown/acme-challenge/somerandomstring) Yeah that's definitely wrong. I'll try changing the subdomain and see if that works. Even with a new subdomain it still is going to that smiles survey, which is weird, should I contact my domain provider at this point? Edited November 30, 2020 by Spectral Force Quote Link to comment
muwahhid Posted November 30, 2020 Share Posted November 30, 2020 Tell me, how can I get a certificate for one domain, but several ports? mydomain.com ports: 443, 444, 445? Quote Link to comment
Spectral Force Posted December 1, 2020 Share Posted December 1, 2020 18 hours ago, muwahhid said: Tell me, how can I get a certificate for one domain, but several ports? mydomain.com ports: 443, 444, 445? You get a cert for the subdomain not the ports. Quote Link to comment
mattie112 Posted December 2, 2020 Share Posted December 2, 2020 (edited) On 11/30/2020 at 4:24 PM, Spectral Force said: Yeah that's definitely wrong. I'll try changing the subdomain and see if that works. Even with a new subdomain it still is going to that smiles survey, which is weird, should I contact my domain provider at this point? I would suggest to do that yeah. It seems not to resolve correctly (or at least what you expect) On 11/30/2020 at 9:55 PM, muwahhid said: Tell me, how can I get a certificate for one domain, but several ports? mydomain.com ports: 443, 444, 445? You don't Your external ip: 1.1.1.1 Your NPM: 192.168.1.1 You forward external:80 and external:443 to NPM Then you can do: domainA.com -> 1.1.1.1 domainB.com -> 1.1.1.1 domainC.com -> 1.1.1.1 NPM can then do: if i get some connection that wants domainA.com -> go to 192.168.1.2:1234 domainB.com -> 192.168.1.123:80 domainC.com -> 192.168.1.1:9234 So NPM is your only "visible" endpoint and that takes care of multiple hosts / subdomains Edited December 2, 2020 by mattie112 Quote Link to comment
dbowerman Posted December 5, 2020 Share Posted December 5, 2020 I have been digging around for a while and I have been unsuccessful in figure this out. I am trying to get the visitor IP to pass through the proxy and to a host I have behind it. Is there a way I can do this using NPM? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.