cagemaster Posted December 27, 2020 Share Posted December 27, 2020 On 12/23/2020 at 9:21 PM, CorneliousJD said: I am getting the same error as of today when trying to add certs. Anyone else also getting this issue? EDIT: I let the container sit for 15 minutes or so and tried again and it worked... lol This is still not working for me, can you help? Quote Link to comment
CorneliousJD Posted December 28, 2020 Share Posted December 28, 2020 16 hours ago, cagemaster said: This is still not working for me, can you help? I didn't really do anything? I have ~35 proxy hosts though so I had just assumed certbot was running trying to process/check renewals, so I just let it sit and it started working. Not having any other issues with it. Have you checked logs to see what might be up? Quote Link to comment
CorneliousJD Posted December 28, 2020 Share Posted December 28, 2020 On 12/24/2020 at 5:20 PM, IKWeb said: Hello All Can I ask for confirmation? I assume I would either use NginxProxyManager or SWAG - you wouldnt use both? I assume NginxProxyManager has a copy of SWAG within it? TIA You would pick one or the other, correct. NPM and SWAG are different (NPM does not contain SWAG), but they both run their reverse proxies via Nginx. SWAG is all config-file based, but can support some really advanced configs. NPM is GUI-based and keeps everything really simple. This can make some advanced configs challenging, but I've been able to work around that and have migrated from SWAG to NPM personally. If you're just getting started, I'd suggest NPM for sure. If you hit a wall with NPM and have an actual need for more advanced configs, you can easily swap over to SWAG if you ever need to. 1 Quote Link to comment
Januszmirek Posted December 28, 2020 Share Posted December 28, 2020 Hello, I am using NPM with linuxio/nextcloud. Everything works perfectly except one issue. I have problem when someone tries to download a file more than 1GB in size. It either stops downloading a file or breaks the download entirely. In other topics I found different solutions how to address this issue but all solutions point towards letsencrypt config. Can anyone point me towards a solution with NPM and how to enable download of files >1GB? Much appreciate your input. Thanks. Below suggested solutions I found so far but had no luck with finding files mentioned below: Quote I think I found a solution Inside of the let's encrypt conf file for nextcloud I found location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_nextcloud nextcloud; proxy_max_temp_file_size 2048m; proxy_pass https://$upstream_nextcloud:443; } } Quote Edit /config/letsencrypt/nginx/site-confs/nextcloud location / { proxy_pass https://192.168.0.1:444/; proxy_max_temp_file_size 2048m; include /config/nginx/proxy.conf; } Change 2048m to a size that works for you. Quote Link to comment
nextgenpotato Posted December 30, 2020 Share Posted December 30, 2020 (edited) On 8/26/2020 at 7:57 AM, LoneTraveler said: Hi, Just wanted to stop by and say thanks to @Djoss for this container, I've found it much easier to use as my knowledgebase regarding Nginx is limited. I've managed to setup Bitwarden, Droppy, Radarr, Sonarr and NextCloud, and everything has worked great. I'm even getting a complete clean security bill of health in NextCloud which I never managed with Letsencrypt (however no disrespect to the Linuxserver guys, it will have been down to my lack of understanding). @LoneTraveler I've got nextcloud working on my first try within 5 min. However I cannot get droppy or bitwarden to work with NPM. Any suggestions? Droppy shows login page but I get a blank page after login. I'm not even trying https. Edited December 30, 2020 by nextgenpotato Quote Link to comment
i1mran92 Posted January 3, 2021 Share Posted January 3, 2021 On 12/23/2020 at 4:55 AM, CorneliousJD said: So I did PM you but ended up plugging away at this today and I got it... I updated NPM's GitHub issue #40 about this. https://github.com/jc21/nginx-proxy-manager/issues/40#issuecomment-749770892 In short, /plex sitll woudn't work for me, but adding /web DID work. I think it's because the way the plex container expects /web at the end of everything that it worked like this, but regardless, it allows me to fix my issue! I now have Organizr setup with Plex OAuth, SSO across Plex, Ombi, Tautulli, and "watch on plex" buttons working, all via NPM hope this comment helps someone else in the future! hi there. could you show me exactly how you were able to get it work? i did the location to /web and it it still prompt me to log in in plex in organizr Quote Link to comment
CorneliousJD Posted January 3, 2021 Share Posted January 3, 2021 15 hours ago, i1mran92 said: hi there. could you show me exactly how you were able to get it work? i did the location to /web and it it still prompt me to log in in plex in organizr I'm tight on time right now but hope this helps. If not let me know - can work to gather more info later. Primary domain.com setup in NPM which hosts Organizr -- this should be perfectly straight forward. Next is custom locations. - first part is for organizr auth - you can ignore this part if you don't want it, and focus on the /web part at the bottom. NOTE the HTTPS part on my /web -- I needed this to get it to work correctly, and it HAD to be /web too, /plex didn't work for me here at all. Organizr SSO settings. Media/Plex tab settings. Happy to try and help more if this doesn't do it for you - but replicate this exactly first and if it's still erroring out let me know. Quote Link to comment
NickAll Posted January 5, 2021 Share Posted January 5, 2021 Any Reason why I cannot use port 80 and 443 on the outside? Quote Link to comment
jamesp469 Posted January 5, 2021 Share Posted January 5, 2021 On 11/8/2020 at 10:42 PM, [email protected] said: Hi all, I have two issues. 1. Unable to get the Letsencrypt SSL cert. it says "Internal Error" always 2. I got a certificate and private key from my cloudflare tool and saved them as .pem files and now while uploading them i am getting this error. (also attaching a screenshot) Upload failed: Certificate Key is not valid (Command failed: openssl ec -in /tmp/8dce0efe-c119-448b-809e-c7b1408fb42e/tmp -check -noout 2>&1 ) Kindly help. thanks. You need to change "-----BEGIN PRIVATE KEY-----" to "-----BEGIN RSA PRIVATE KEY-----" in your key crt file to get this to work. No idea when the requirement changed, but this fixed the issue for me last night. Quote Link to comment
mattie112 Posted January 5, 2021 Share Posted January 5, 2021 3 hours ago, NickAll said: Any Reason why I cannot use port 80 and 443 on the outside? Unraid is already using 80 (and potentially 443) so if you want to use those ports you should give your NPM a dedicated IP Quote Link to comment
xaositek Posted January 5, 2021 Share Posted January 5, 2021 I have two certs and four separate proxy hosts defined, but today I noticed that I started getting the following error when I try to create a new cert. I have redacted my email address and domain utilized. Error: Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-8" --agree-tos --email "[email protected]" --preferred-challenges "dns,http" --domains "SUB.DOMAIN.COM" Traceback (most recent call last): File "/usr/bin/certbot", line 11, in load_entry_point('certbot==1.4.0', 'console_scripts', 'certbot')() File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 490, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 2862, in load_entry_point return ep.load() File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 2462, in load return self.resolve() File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 2468, in resolve module = __import__(self.module_name, fromlist=['__name__'], level=0) File "/usr/lib/python3.8/site-packages/certbot/main.py", line 2, in from certbot._internal import main as internal_main File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 9, in import configobj File "", line 991, in _find_and_load File "", line 975, in _find_and_load_unlocked File "", line 671, in _load_unlocked File "", line 779, in exec_module File "", line 911, in get_code File "", line 580, in _compile_bytecode ValueError: bad marshal data (unknown type code) at ChildProcess.exithandler (child_process.js:303:12) at ChildProcess.emit (events.js:315:20) at maybeClose (internal/child_process.js:1021:16) at Process.ChildProcess._handle.onexit (internal/child_process.js:286:5) Quote Link to comment
njdowdy Posted January 8, 2021 Share Posted January 8, 2021 On 12/14/2020 at 7:56 AM, mattie112 said: You can try to stop your docker container and then use the `exec` step so that you are the only one running certbot. I assume a restart of the container did not work? You can check to see if your DNS is configured correctly by using https://dnscheck.ripe.net/ for example. (Or sharing your domain here) I believe the issue was with my new ISP. I'm using CloudFlare now without issue. Thanks for taking the time to respond. Quote Link to comment
michaelb Posted January 16, 2021 Share Posted January 16, 2021 Hi everyone, I have successfully set up Nginx Proxy Manager. When making the Proxy Hosts publicly available, I can access them both from my LAN as well as from the web via my domain. Now, I would like to make access more restrictive: the Proxy Hosts should only available locally or, when I am outside of my LAN, I would like to connect to my VPN (on my Unifi USG) and then access the Proxy Hosts. So I have specified an access list with the static IP I get from my ISP, also my LAN IP and VPN IP. Still, when I am outside my LAN and connecting via VPN, I get the "403 forbidden" message. I can still access the services via their IP and port but not using the domains I created. Is there anything else I need to think of (e.g. firewall rules, changes to the access list)? Do you have any advice how I can check (e.g. in logs) to see what's going wrong? Thanks! Quote Link to comment
ZappyZap Posted January 16, 2021 Share Posted January 16, 2021 I am getting from CA Fix Common Problems : Quote Docker application NginxProxyManager has volumes being passed that are mounted by Unassigned Devices, but they are not mounted with the slave option Usually i go to the docker config and switch the Access Mode: to RW/Slave to fix the issue on other containers. but on this one there is no edit button ? anyway to fix this ? Note: my Appdata in on a NVME Unassigned devices who is not my Cache Drive Thanks Quote Link to comment
trurl Posted January 16, 2021 Share Posted January 16, 2021 3 minutes ago, ZappyZap said: no edit button No edit button for the appdata mapping? Or you don't actually see the appdata mapping on the screen? Quote Link to comment
ZappyZap Posted January 16, 2021 Share Posted January 16, 2021 2 minutes ago, trurl said: No edit button for the appdata mapping? Or you don't actually see the appdata mapping on the screen? there is no edit button...... Usually for some other container there is an edit button, or i just go to show more setting and there is edit button but on this one there is only the path Quote Link to comment
ZappyZap Posted January 16, 2021 Share Posted January 16, 2021 NVM i was in basic view. thanks Quote Link to comment
bmfrosty Posted January 17, 2021 Share Posted January 17, 2021 Is there a template for this? I'd like to give it a try, but don't want to make too much of a project of it just getting off the ground. Quote Link to comment
mattie112 Posted January 17, 2021 Share Posted January 17, 2021 17 hours ago, michaelb said: Hi everyone, I have successfully set up Nginx Proxy Manager. When making the Proxy Hosts publicly available, I can access them both from my LAN as well as from the web via my domain. Now, I would like to make access more restrictive: the Proxy Hosts should only available locally or, when I am outside of my LAN, I would like to connect to my VPN (on my Unifi USG) and then access the Proxy Hosts. So I have specified an access list with the static IP I get from my ISP, also my LAN IP and VPN IP. Still, when I am outside my LAN and connecting via VPN, I get the "403 forbidden" message. I can still access the services via their IP and port but not using the domains I created. Is there anything else I need to think of (e.g. firewall rules, changes to the access list)? Do you have any advice how I can check (e.g. in logs) to see what's going wrong? Thanks! So: You have some hosts you want to be able to access publicly? And some host you only want to use internally. I also consider VPN internally. In that case you can simple leave out the access list for the first one and on the second one you should only have to add your internal IP range (e.g. 192.168.x.x/24 or whatever your range is). Your VPN will most likely assign you an IP in your internal/private range. If it uses an other range you should allow that range as well. If you still have trouble provide us with some more info in your IP ranges and a screenshot on how NPM is configured. Quote Link to comment
mgutt Posted January 17, 2021 Share Posted January 17, 2021 @Djoss Small bug: And the container does not map the port which is set through Web UI Port: Quote Link to comment
michaelb Posted January 18, 2021 Share Posted January 18, 2021 (edited) On 1/17/2021 at 11:13 AM, mattie112 said: So: You have some hosts you want to be able to access publicly? And some host you only want to use internally. I also consider VPN internally. In that case you can simple leave out the access list for the first one and on the second one you should only have to add your internal IP range (e.g. 192.168.x.x/24 or whatever your range is). Your VPN will most likely assign you an IP in your internal/private range. If it uses an other range you should allow that range as well. If you still have trouble provide us with some more info in your IP ranges and a screenshot on how NPM is configured. Thanks so much! Yes, some hosts can be publicly available, some of them should only be available internally (and when I am outside my LAN through VPN). In my access list, I have my LAN IP range (192.168.1.0/24) and the one that my VPN assigns to its clients (192.168.2.1/24). My understanding was, that I should also add my external IP, which is a static IP I get from my ISP. When I am outside my LAN and connecting to my VPN, this is external IP I have. With this setup, I can still not access the hosts through VPN via the domain, just by using their IP address and port. Any ideas? Edited January 20, 2021 by michaelb Quote Link to comment
secretsquirrel Posted January 18, 2021 Share Posted January 18, 2021 On 1/17/2021 at 4:49 PM, mgutt said: @Djoss Small bug: And the container does not map the port which is set through Web UI Port: Must admit i thought this was just me - I can't change the HTTP and HTTPS ports on mine, they are different inside the edit view than they are reflecting on the docker view. Will keep an eye out to see if a fix appears as i am trying to only serve internally and need the ports to be standard 80/443 since i am updating the DNS records on PI hole to point at the Docker Fixed IP as an experiment. Quote Link to comment
KrisMin Posted January 23, 2021 Share Posted January 23, 2021 (edited) Can anyone explain me why NPM does not work if both, the NPM and the APP sit on the LAN ("br0" in mine) and not in the unraid default bridge. I gave a local static IP to the NPM container and also to the APP container I wanted to proxy to. When done so, APP can not be reached with its domain name (Both can be reached with their IP's). In detail: - my router redirects all 80 to NPM IP:PORT and all 443 to NPM IP:PORT - my NPM has a proxy host: app.mydomain.com to APP IP:PORT I get connection refused error. may I ask why please? Edited January 23, 2021 by KrisMin Quote Link to comment
mgutt Posted January 23, 2021 Share Posted January 23, 2021 6 minutes ago, KrisMin said: I get connection refused error In den NPM Dashboard or where? Open the Containers console and check with curl if you can reach your router and your app container. Like: curl IP:80 > router webgui If curl is missing: apk add curl Quote Link to comment
KrisMin Posted January 23, 2021 Share Posted January 23, 2021 (edited) 19 minutes ago, mgutt said: In den NPM Dashboard or where? Open the Containers console and check with curl if you can reach your router and your app container. Like: curl IP:80 > router webgui If curl is missing: apk add curl Sorry if i didn't explain it too well. Error in the web browser when trying to reach the app by the domain name. Both, the NPM and theAPP were reachable by their LAN IP's Edited January 23, 2021 by KrisMin Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.