Jump to content
Djoss

[Support] Djoss - Nginx Proxy Manager

122 posts in this topic Last Reply

Recommended Posts

1 minute ago, Djoss said:

Things like 2fa are usually implemented by the application this container is proxying to.  Nginx itself has some way to limit the number of requests that are done.  I can check if there is anything configured by default for this.

When configuring a proxy host, it does have an option to enable blocking common exploits, but I haven't found any documentation for what this entails.

Share this post


Link to post
On 12/26/2018 at 2:05 PM, dukiethecorgi said:

Does this have fail2ban?

No!  But this kind of functionality could be provided by another docker container (if one exists).

Share this post


Link to post
On 12/25/2018 at 3:59 AM, JohanSF said:

Thank you for the work, a nice GUI for overview is always great.

 

A guide to move from the LE docker with subfolders, subdomains, organizr, settings etc. to this would be greatly appreciated.

 

On 12/26/2018 at 11:00 AM, gacpac said:

Hey, 

 

I'm a little bit excited about this new app. I might migrate from let's encrypt to this one but need some help setting up the proxy host. Is there some guide somewhere here or the GitHub. 

 

There is no guide currently.  There is some built-in help in the UI however.  But note that since subfolders are not supported yet, you may not be able to migrate from LE docker.

  • Like 1

Share this post


Link to post
On 12/27/2018 at 5:07 AM, L0rdRaiden said:

I am comming from letsencrypt docker.

how can I access to edit the nginx.conf file?

https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/nginx.conf

 

or other configuration files like

conf.d/include/block-exploits.conf

conf.d/include/proxy.conf

 

these do not appear when I access with SAMBA

This docker is for people with little to no knowledge about nginx.  It was not done with manual configuration file editing in mind.  Some static configuration files are inside the container itself (/etc/nginx), while generated files are stored under the app data folder.

 

If you want to migrate from LE docker, you should not try to replicate your config files, but instead, use the UI to re-create the same functionality (again, this container doesn't support subfolders yet).

  • Upvote 1

Share this post


Link to post
On 12/27/2018 at 11:02 AM, drkpeezy said:

I get the follow when I try to start the container

 


[mysqld] starting...
2018-12-27 9:57:55 23424764251016 [Note] /usr/bin/mysqld (mysqld 10.2.15-MariaDB) starting as process 1998 ...
2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Uses event mutexes
2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Compressed tables use zlib 1.2.11
2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Using Linux native AIO
2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Number of pools: 1
2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Using SSE2 crc32 instructions
2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Completed initialization of buffer pool
2018-12-27 9:57:55 23424421186280 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
2018-12-27 9:57:55 23424764251016 [ERROR] InnoDB: The Auto-extending innodb_system data file './ibdata1' is of a different size 0 pages than specified in the .cnf file: initial 768 pages, max 0 (relevant if non-zero) pages!
2018-12-27 9:57:55 23424764251016 [ERROR] InnoDB: Plugin initialization aborted with error Generic error

[2018-12-27] [09:57:55] [Global ] › ✖ error connect ECONNREFUSED 127.0.0.1:3306

2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Starting shutdown...
2018-12-27 9:57:55 23424764251016 [ERROR] Plugin 'InnoDB' init function returned error.
2018-12-27 9:57:55 23424764251016 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
2018-12-27 9:57:55 23424764251016 [Note] Plugin 'FEEDBACK' is disabled.
2018-12-27 9:57:55 23424764251016 [ERROR] Could not open mysql.plugin table. Some plugins may be not loaded
2018-12-27 9:57:55 23424764251016 [ERROR] Unknown/unsupported storage engine: InnoDB
2018-12-27 9:57:55 23424764251016 [ERROR] Aborting

 

Did the DB created successfully the first time?

Share this post


Link to post
On 12/27/2018 at 12:47 PM, Michael_P said:

My Install never gets past this point:

 


[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-app-niceness.sh: executing...
[cont-init.d] 00-app-niceness.sh: exited 0.
[cont-init.d] 00-app-script.sh: executing...
[cont-init.d] 00-app-script.sh: exited 0.
[cont-init.d] 00-app-user-map.sh: executing...
[cont-init.d] 00-app-user-map.sh: exited 0.
[cont-init.d] 00-clean-logmonitor-states.sh: executing...
[cont-init.d] 00-clean-logmonitor-states.sh: exited 0.
[cont-init.d] 00-clean-tmp-dir.sh: executing...
[cont-init.d] 00-clean-tmp-dir.sh: exited 0.
[cont-init.d] 00-set-app-deps.sh: executing...
[cont-init.d] 00-set-app-deps.sh: exited 0.
[cont-init.d] 00-set-home.sh: executing...
[cont-init.d] 00-set-home.sh: exited 0.
[cont-init.d] 00-take-config-ownership.sh: executing...
[cont-init.d] 00-take-config-ownership.sh: exited 0.
[cont-init.d] 00-xdg-runtime-dir.sh: executing...
[cont-init.d] 00-xdg-runtime-dir.sh: exited 0.
[cont-init.d] nginx-proxy-manager.sh: executing...
[cont-init.d] nginx-proxy-manager.sh: Initializing database data directory...
[cont-init.d] nginx-proxy-manager.sh: Database data directory initialized.
[cont-init.d] nginx-proxy-manager.sh: Starting database to perform its intialization...
[cont-init.d] nginx-proxy-manager.sh: Securing database installation...

 

Even after a couple of minutes?

Share this post


Link to post
On 12/27/2018 at 3:33 PM, bigdave said:

I see this error in the init_db.log 


/mnt/user/appdata/NginxProxyManager/log# more init_db.log
Installing MariaDB/MySQL system tables in '/config/mysql' ...
2018-12-27 14:32:02 22714951916424 [ERROR] InnoDB: preallocating 12582912 bytes for file ./ibdata1 failed with error 95
2018-12-27 14:32:02 22714951916424 [ERROR] InnoDB: Could not set the file size of './ibdata1'. Probably out of disk space
2018-12-27 14:32:02 22714951916424 [ERROR] InnoDB: Database creation was aborted with error Generic error. You may need to delete the ibdata1 file before trying to start
 up again.
2018-12-27 14:32:03 22714951916424 [ERROR] Plugin 'InnoDB' init function returned error.
2018-12-27 14:32:03 22714951916424 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
2018-12-27 14:32:03 22714951916424 [ERROR] Unknown/unsupported storage engine: InnoDB
2018-12-27 14:32:03 22714951916424 [ERROR] Aborting

 

So I guess that you have enough space on your cache drive?

Are you using the default mapping for /config?

Share this post


Link to post
26 minutes ago, Saldash said:

When configuring a proxy host, it does have an option to enable blocking common exploits, but I haven't found any documentation for what this entails.

When enabled, queries can be blocked by checking the user-agent and the query string of the URL.

You can see the rules here:

https://github.com/jc21/nginx-proxy-manager/blob/master/rootfs/etc/nginx/conf.d/include/block-exploits.conf

Share this post


Link to post
15 minutes ago, Saldash said:

This docker allows you to create user access lists and assign them to specific proxy hosts.

From the main dashboard, click Access Lists in the menu. Create a new list and specify a username and password (up to five distinct users).

Once created, go to the proxy host you want to secure, click edit to open the modal and at the bottom of the modal, select your access list from the dropdown and save.

 

From the help text:

 

Brilliant.... so easy....! My first example worked.

 

Thank you!

 

 

Share this post


Link to post
2 minutes ago, hernandito said:

Brilliant.... so easy....! My first example worked.

 

Thank you!

 

 

So you are now able to generate LE certificates?

Share this post


Link to post
21 hours ago, Djoss said:

 

 

There is no guide currently.  There is some built-in help in the UI however.  But note that since subfolders are not supported yet, you may not be able to migrate from LE docker.

Thank you so much @Djoss ,

 

I'll keep the docker installed and check the forum for the latest updates. I assume the process will get easier over time. 

Share this post


Link to post
On 12/29/2018 at 5:12 PM, Djoss said:

Even after a couple of minutes?

I let it sit for 15 minutes, did not move past that step

Share this post


Link to post

@Djoss I've added some hosts, now on the SSL Certificate screen and trying to get an LE certificate for one of the host.  All I get is "Internal Error" once I submit the information. If I acknowledge the error it goes back to the main page but doesn't show anything.  If I refresh the page, the cert that was created shows up but doesn't seem to be working.

 

Update 2019/01/01

Got my problem figured out. Awesome and easy docker @Djoss. I've been using standalone NGINX standalone reverse proxies and never got around to doing LE, so with this - just like @Squid - no need to learn LE at this point or file it later for learning.

 

For my specific issue, I tried creating the Hosts w/ LE before the hosts were actually ready and properly forwarded.  After getting the other dockers bridged and setup correctly, I blew away the NginxProxyManager container and re-did it.  It's definitely working now :).

 

Now I just have to figure out getting this to work with NextCloud docker.

Edited by koshia
More information.

Share this post


Link to post
On 12/29/2018 at 5:13 PM, Djoss said:

So I guess that you have enough space on your cache drive?

Are you using the default mapping for /config?

Yes and yes.  Just tried deleting and reinstalling with the same result.

Share this post


Link to post

 

On 12/22/2018 at 7:46 PM, repomanz said:

I like this docker.  Question about this, in context of unraid and hardening.  What suggestions are available regarding securing the let's encrypt requirement of having 80 and 443 open on the firewall and this docker?  Does the docker have a lockout function, anti-brute force, yubikey or 2fa functions (or will it eventually)?

On 12/29/2018 at 10:48 PM, Djoss said:

Things like 2fa are usually implemented by the application this container is proxying to.  Nginx itself has some way to limit the number of requests that are done.  I can check if there is anything configured by default for this.

 

...anyone with the skills to implement/manage to configure this https://github.com/clems4ever/authelia in a set of dockers or VM? 

Share this post


Link to post
On 12/30/2018 at 6:03 PM, Michael_P said:

I let it sit for 15 minutes, did not move past that step

Can you provide log/init_db.log from the appdata folder?

Share this post


Link to post
On 12/30/2018 at 10:10 PM, koshia said:

@Djoss I've added some hosts, now on the SSL Certificate screen and trying to get an LE certificate for one of the host.  All I get is "Internal Error" once I submit the information. If I acknowledge the error it goes back to the main page but doesn't show anything.  If I refresh the page, the cert that was created shows up but doesn't seem to be working.

 

Is the docker container accessible from the internet on port 80?

Share this post


Link to post
On 12/31/2018 at 12:57 AM, bigdave said:

Yes and yes.  Just tried deleting and reinstalling with the same result.

Can you provide log/init_db.log from the appdata folder?

Share this post


Link to post
23 hours ago, GreenEyedMonster said:

Any idea's how to host a wordpress website with this?

This docker container is not for hosting websites.  You can use another docker container to host your website and then use this one to proxy.

Share this post


Link to post
48 minutes ago, Djoss said:

Can you provide log/init_db.log from the appdata folder?

root@unraid:/mnt/user/appdata/NginxProxyManager/log# more init_db.log
Installing MariaDB/MySQL system tables in '/config/mysql' ...
2019-01-01 17:43:17 22792248212360 [ERROR] InnoDB: preallocating 12582912 bytes for file ./ibdata1 failed with error 95
2019-01-01 17:43:17 22792248212360 [ERROR] InnoDB: Could not set the file size of './ibdata1'. Probably out of disk space
2019-01-01 17:43:17 22792248212360 [ERROR] InnoDB: Database creation was aborted with error Generic error. You may need to delete the ibdata1 file before tr
ying to start up again.
2019-01-01 17:43:17 22792248212360 [ERROR] Plugin 'InnoDB' init function returned error.
2019-01-01 17:43:17 22792248212360 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
2019-01-01 17:43:17 22792248212360 [ERROR] Unknown/unsupported storage engine: InnoDB
2019-01-01 17:43:18 22792248212360 [ERROR] Aborting


Installation of system tables failed!  Examine the logs in
/config/mysql for more information.

The problem could be conflicting information in an external
my.cnf files. You can ignore these by doing:

    shell> /usr/bin/mysql_install_db --defaults-file=~/.my.cnf

You can also try to start the mysqld daemon with:

    shell> /usr/bin/mysqld --skip-grant-tables --general-log &

and use the command line tool /usr/bin/mysql
to connect to the mysql database and look at the grant tables:

    shell> /usr/bin/mysql -u root mysql
    mysql> show tables;

Try 'mysqld --help' if you have problems with paths.  Using
--general-log gives you a log in /config/mysql that may be helpful.

The latest information about mysql_install_db is available at
https://mariadb.com/kb/en/installing-system-tables-mysql_install_db
You can find the latest source at https://downloads.mariadb.org and
the maria-discuss email list at https://launchpad.net/~maria-discuss

Please check all of the above before submitting a bug report
at http://mariadb.org/jira

/mnt/user/appdata is large enough for this.

Share this post


Link to post
16 hours ago, bigdave said:

root@unraid:/mnt/user/appdata/NginxProxyManager/log# more init_db.log
Installing MariaDB/MySQL system tables in '/config/mysql' ...
2019-01-01 17:43:17 22792248212360 [ERROR] InnoDB: preallocating 12582912 bytes for file ./ibdata1 failed with error 95
2019-01-01 17:43:17 22792248212360 [ERROR] InnoDB: Could not set the file size of './ibdata1'. Probably out of disk space
2019-01-01 17:43:17 22792248212360 [ERROR] InnoDB: Database creation was aborted with error Generic error. You may need to delete the ibdata1 file before tr
ying to start up again.
2019-01-01 17:43:17 22792248212360 [ERROR] Plugin 'InnoDB' init function returned error.
2019-01-01 17:43:17 22792248212360 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
2019-01-01 17:43:17 22792248212360 [ERROR] Unknown/unsupported storage engine: InnoDB
2019-01-01 17:43:18 22792248212360 [ERROR] Aborting


Installation of system tables failed!  Examine the logs in
/config/mysql for more information.

The problem could be conflicting information in an external
my.cnf files. You can ignore these by doing:

    shell> /usr/bin/mysql_install_db --defaults-file=~/.my.cnf

You can also try to start the mysqld daemon with:

    shell> /usr/bin/mysqld --skip-grant-tables --general-log &

and use the command line tool /usr/bin/mysql
to connect to the mysql database and look at the grant tables:

    shell> /usr/bin/mysql -u root mysql
    mysql> show tables;

Try 'mysqld --help' if you have problems with paths.  Using
--general-log gives you a log in /config/mysql that may be helpful.

The latest information about mysql_install_db is available at
https://mariadb.com/kb/en/installing-system-tables-mysql_install_db
You can find the latest source at https://downloads.mariadb.org and
the maria-discuss email list at https://launchpad.net/~maria-discuss

Please check all of the above before submitting a bug report
at http://mariadb.org/jira

/mnt/user/appdata is large enough for this.

Do you have Settings -> Global Share Settings -> Tunable (enable DirectIO) set to Yes instead of Auto?

Share this post


Link to post
1 minute ago, Djoss said:

Do you have Settings -> Global Share Settings -> Tunable (enable DirectIO) set to Yes instead of Auto?

No, it's Auto.  Changing it now.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now