Snipe3000 Posted April 14, 2021 Share Posted April 14, 2021 16 minutes ago, mattie112 said: How is your setup? You have NPM to port 8080? And your router forwarded to unraid-ip:8080? Or do you have it in bridge mode? What exactly do you want to check with nmap? To see if the correct port is open? You should be able to do `netstat -tulpn` on your Unraid. Or simply go (perferalby external) to http://your-external-ip you should see a "congratulations NPM" page, if not 80 is not forwarded/open and then letsencrypt won't work. Perhaps your provider blocks 80? But yeah if for any reason you only have 443 you can still manually add DNS certificates and those should work. (or try out the letsencrypt DNS based verification but I have no experience with that so I have no idea how that works) NPM container settings: Router forwarding: netstat from within NPM container: netstat from Unraid: Quote Link to comment
mattie112 Posted April 14, 2021 Share Posted April 14, 2021 Allright that is looking good! Can you share your external IP (or host) then I can try to see if it works or not. It could very well be that your provider blocks port 80 ven though you can 'open' it. Quote Link to comment
Snipe3000 Posted April 14, 2021 Share Posted April 14, 2021 (edited) 46 minutes ago, mattie112 said: Allright that is looking good! Can you share your external IP (or host) then I can try to see if it works or not. It could very well be that your provider blocks port 80 ven though you can 'open' it. I think I'm going to try a different route than letsencrypt Edited April 14, 2021 by Snipe3000 Quote Link to comment
mattie112 Posted April 14, 2021 Share Posted April 14, 2021 (edited) Allright that's fine then you can use the custom certificate option from my screenshot a couple of posts back. edit: And just to confirm, I can contact :443 on your ip but not :80 (timeout) so I think it is blocked by your provider or perhaps your router has the web UI on port 80 and therefore no port forward? Edited April 14, 2021 by mattie112 Quote Link to comment
balder Posted April 14, 2021 Share Posted April 14, 2021 I'm having a weird issue. I recently re-installed NPM, and now I can no longer add wildcard subdomains (i.e. *.mydomain.com), it used to work fine, but since I re-installed it will not let me add them at all. Does anyone have any ideas how I might get it to work again? Quote Link to comment
mattie112 Posted April 14, 2021 Share Posted April 14, 2021 For wildcard certificates you MUST use DNS verification, did you set that up correctly? Quote Link to comment
julianbr Posted April 14, 2021 Share Posted April 14, 2021 (edited) Hi guys! I think I'm a bit lost and I need some help. I'm sure there is a really simple and logical reason for this, but I can't see it atm. NPM with cloudflare and a custom domain works great if I set the "Forward Hostname / IP" in NPM to my internal unraid IP (192.168.1.85) and port to an docker running on say 8080 or 7878. This works both locally and remote. What I can't get to work is the forwarding to the local ip of my VM that is running Emby (192.168.1.75:8096). When I change it from 192.168.1.85 to 192.168.1.75 I get error 502 right away. Is there something wrong with my network config? NPM docker (and all other dockers) is using in "Brigde" and my VM is using br0. EDIT: NVM, It's working now, after a reboot. Edited April 15, 2021 by julianbr Fixed 1 Quote Link to comment
learnin2walk Posted April 14, 2021 Share Posted April 14, 2021 Any idea why a subdomain would start throwing 502 gateway errors after it has been working for months? My ApacheGuacamole docker. I can no longer connect to it from outside my network. Getting 502 error. If I try the internal IP it works fine. No changes in UNRAID or docker configs. It just stopped working. I've restarted both containers. Everything was working correctly. Setup with Letsencrypt and cloudflare. I have 8 other proxyhosts with no issues setup the same way. ApacheGuac is setup with custom:br0 interface with separate IP than unraid server Any ideas would be appreciated. Quote Link to comment
Nanobug Posted April 16, 2021 Share Posted April 16, 2021 Hello, I'm getting a "502 Bad Gateway" error. So I tried to remove the proxy host, and the sub domain, and set it up one step at a time. When I add the DNS record, it points me to the congratulations page. When I add it to the proxy hosts, set it up, it just gives me the error. I have the same issue on other subdomains. I did have it working before. Then I change some IP's and ports, and edited it in NPM as well, and it started doing the same. I'm not sure how to proceed from here. I can use the internal IP and port in a browser, so it works. Am I missing something? Quote Link to comment
mattie112 Posted April 16, 2021 Share Posted April 16, 2021 A 502 error is usually that NPM is not able to (correctly) reach the target. You can try something to debug it: docker exec -it NginxProxyManager bash ping <ip-of-your-container> nc <ip-of-your-container> <port> and then type "GET /" Just some commands to see if it can indeed request something from the target. Quote Link to comment
45leopard Posted April 16, 2021 Share Posted April 16, 2021 How do I edit or remove a host? Tried removing NGINX container and then reinstalling, but kept old hosts Quote Link to comment
Nanobug Posted April 16, 2021 Share Posted April 16, 2021 51 minutes ago, mattie112 said: A 502 error is usually that NPM is not able to (correctly) reach the target. You can try something to debug it: docker exec -it NginxProxyManager bash ping <ip-of-your-container> nc <ip-of-your-container> <port> and then type "GET /" Just some commands to see if it can indeed request something from the target. docker exec -it NginxProxyManager bash bash-5.0# ping 192.168.100.50 PING 192.168.100.50 (192.168.100.50): 56 data bytes --- 192.168.100.50 ping statistics --- 57 packets transmitted, 0 packets received, 100% packet loss bash-5.0# nc 192.168.100.50:32400 bash-5.0# ..... From Windows C:\Users\Nanobug>ping 192.168.100.50 Pinging 192.168.100.50 with 32 bytes of data: Reply from 192.168.100.50: bytes=32 time<1ms TTL=63 Reply from 192.168.100.50: bytes=32 time<1ms TTL=63 Reply from 192.168.100.50: bytes=32 time<1ms TTL=63 Reply from 192.168.100.50: bytes=32 time<1ms TTL=63 Ping statistics for 192.168.100.50: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\Users\Nanobug> So, how do I fix this? Quote Link to comment
mattie112 Posted April 16, 2021 Share Posted April 16, 2021 1 hour ago, 45leopard said: How do I edit or remove a host? Tried removing NGINX container and then reinstalling, but kept old hosts Remove /mnt/user/appdata/NginxProxyManager to clear everything Quote Link to comment
mattie112 Posted April 16, 2021 Share Posted April 16, 2021 44 minutes ago, Nanobug said: docker exec -it NginxProxyManager bash bash-5.0# ping 192.168.100.50 PING 192.168.100.50 (192.168.100.50): 56 data bytes --- 192.168.100.50 ping statistics --- 57 packets transmitted, 0 packets received, 100% packet loss bash-5.0# nc 192.168.100.50:32400 bash-5.0# ..... From Windows C:\Users\Nanobug>ping 192.168.100.50 Pinging 192.168.100.50 with 32 bytes of data: Reply from 192.168.100.50: bytes=32 time<1ms TTL=63 Reply from 192.168.100.50: bytes=32 time<1ms TTL=63 Reply from 192.168.100.50: bytes=32 time<1ms TTL=63 Reply from 192.168.100.50: bytes=32 time<1ms TTL=63 Ping statistics for 192.168.100.50: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\Users\Nanobug> So, how do I fix this? So yeah your NPM container cannot reach your 'target'. What is your target? Is that the IP of your unraid host or a container in the bridge network with it's own IP? Also what network is your NPM container in? ('br0' is the network, could also be something else) And just for funs: from the NPM container can you ping something like 1.1.1.1 or 8.8.8.8 or 192.168.100.1 (assuming this is your router IP) Quote Link to comment
Nanobug Posted April 16, 2021 Share Posted April 16, 2021 39 minutes ago, mattie112 said: So yeah your NPM container cannot reach your 'target'. What is your target? Is that the IP of your unraid host or a container in the bridge network with it's own IP? Also what network is your NPM container in? ('br0' is the network, could also be something else) And just for funs: from the NPM container can you ping something like 1.1.1.1 or 8.8.8.8 or 192.168.100.1 (assuming this is your router IP) Everything is on 192.168.100.0/24. I'm in the process of moving it back to bridged, so it's on the same IP, just a different port. I used ot have it all at it's own IP. And yes, I could ping the router: bash-5.0# ping 192.168.100.1 PING 192.168.100.1 (192.168.100.1): 56 data bytes 64 bytes from 192.168.100.1: seq=0 ttl=64 time=0.387 ms 64 bytes from 192.168.100.1: seq=1 ttl=64 time=2.297 ms 64 bytes from 192.168.100.1: seq=2 ttl=64 time=0.196 ms 64 bytes from 192.168.100.1: seq=3 ttl=64 time=0.185 ms 64 bytes from 192.168.100.1: seq=4 ttl=64 time=0.408 ms 64 bytes from 192.168.100.1: seq=5 ttl=64 time=0.263 ms --- 192.168.100.1 ping statistics --- 6 packets transmitted, 6 packets received, 0% packet loss round-trip min/avg/max = 0.185/0.622/2.297 ms I guess I'll just reinstall it later. Quote Link to comment
mattie112 Posted April 16, 2021 Share Posted April 16, 2021 Do you have these settings? In network: In docker: Quote Link to comment
Nanobug Posted April 16, 2021 Share Posted April 16, 2021 2 hours ago, mattie112 said: Do you have these settings? In network: In docker: Not the docker one. Is it needed? Quote Link to comment
mattie112 Posted April 17, 2021 Share Posted April 17, 2021 I think it was needed for when a bridge network is used. You can try it at least to see if it solves your problem? Than at least we know. Quote Link to comment
ados Posted April 18, 2021 Share Posted April 18, 2021 I think there is a crippling bug in a new release but I unfortunately don't know which specifically. What I can say is with the latest build when you try changing any SSL certs you get a local error. Removing a proxy host will give the same error and when docker is rebooted logs show errors that it cannot find/load the SSL which prevents the container form working any further. I created a new container (no retained settings) and tired adding just one SSL with the same issue. Delete completely and used a version from November last year with multiple SSLs added the same way without issue. Quote Link to comment
ados Posted April 18, 2021 Share Posted April 18, 2021 Having used a few NGINX based reverse proxies this one is the best by far. Its clean GUI allows for easier management of hosts and is better if your new to the platform. However, since its based on GUI and not nitty gritty config files it can make getting troublesome dockers to work. I struggled to get Deluge working and had little issues with the 10+ other dockers. Now that I have it working I would like to share the solution which you will find here: https://forums.unraid.net/topic/44109-support-binhex-delugevpn/?do=findComment&comment=980069 Quote Link to comment
balder Posted April 18, 2021 Share Posted April 18, 2021 On 4/14/2021 at 1:51 PM, mattie112 said: For wildcard certificates you MUST use DNS verification, did you set that up correctly? I can live without wildcard SSL certs - the problem I have is that the web UI won't accept wildcards at all, even if the domain is not set up for SSL. It works fine if I edit the config files manually, but they of course get overridden if I edit the domain in the web UI, so I'd really like for the UI to accept wildcards. Quote Link to comment
ados Posted April 18, 2021 Share Posted April 18, 2021 51 minutes ago, balder said: I can live without wildcard SSL certs - the problem I have is that the web UI won't accept wildcards at all, even if the domain is not set up for SSL. It works fine if I edit the config files manually, but they of course get overridden if I edit the domain in the web UI, so I'd really like for the UI to accept wildcards. @balder thats correct, MGINX PM only supports wildcards in SSL but will work with subdomains. If you want wildcards you would be better with raw NGINX docker using config files. You should have no exposed instances to internet without a login wall and if you have that you should have SSL. Quote Link to comment
Froberg Posted April 18, 2021 Share Posted April 18, 2021 Help please. I just moved everything away from cache to replace my dual 256G drives with dual 1TB drives. Everything seems to have transferred nicely, but nginx is broken - and as a consequence as is my Nextcloud instance. nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/npm-5/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/npm-5/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) Is what it's saying in the log file. I assume I must have lost something in transit. I tried removing the container and re-adding it, hoping that would help resolve it. So what do I do? Transfer any necessary configs, remove the old directory and start over? Please advise I'm a bit out of my depth on this one. Quote Link to comment
mattie112 Posted April 18, 2021 Share Posted April 18, 2021 55 minutes ago, Froberg said: Help please. I just moved everything away from cache to replace my dual 256G drives with dual 1TB drives. Everything seems to have transferred nicely, but nginx is broken - and as a consequence as is my Nextcloud instance. nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/npm-5/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/npm-5/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) Is what it's saying in the log file. I assume I must have lost something in transit. I tried removing the container and re-adding it, hoping that would help resolve it. So what do I do? Transfer any necessary configs, remove the old directory and start over? Please advise I'm a bit out of my depth on this one. Check if the correct folder is mounted (it should contain both config and certificates). Also make sure these files are readable by the specified user/group. Quote Link to comment
Froberg Posted April 18, 2021 Share Posted April 18, 2021 3 hours ago, mattie112 said: Check if the correct folder is mounted (it should contain both config and certificates). Also make sure these files are readable by the specified user/group. Cheers mate. Reading your suggestion made me realize "hey, it wasn't that tough setting up in the first place.." so I just changed the folder and started over. Back up n' running. Thanks for the help though! 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.