Cat_Seeder Posted March 9, 2019 Share Posted March 9, 2019 Hi guys, Thanks for the great container. Amazing work. I'm currently trying to migrate from the also excellent (but CLI oriented) Jason Wilder nginx-proxy container. So far I have a couple of problems: IPv6 support. Looks like the proxy is failing to forward to the desired destination when I reach it over IPv6. I'm looking for something around the lines of nginx-proxy's: ENABLE_IPV6=true Is IPv6 supported? I've tried manually adding listen [::]:8080; to the server block in /config/nginx/proxy_host/3.conf, however, the proxy is currently returning 502 Bad Gateway: $curl -g -6 -v -H "Host: mydomain.local" http://[::1]:8080 * Rebuilt URL to: http://[::1]:8080/ * Trying ::1... * TCP_NODELAY set * Connected to ::1 (::1) port 8080 (#0) > GET / HTTP/1.1 > Host: mydomain.local > User-Agent: curl/7.60.0 > Accept: */* > < HTTP/1.1 502 Bad Gateway < Server: nginx < Date: Sat, 09 Mar 2019 16:06:32 GMT < Content-Type: text/html < Content-Length: 166 < Connection: keep-alive < <html> <head><title>502 Bad Gateway</title></head> <body bgcolor="white"> <center><h1>502 Bad Gateway</h1></center> <hr><center>nginx</center> </body> </html> * Connection #0 to host ::1 left intact Error logs: [error] 872#872: *2 connect() failed (111: Connection refused) while connecting to upstream, client: 172.17.0.1, server: mydomain.local, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:3000/", host: "mydomain.local" I can reach port 3000 directly from my host. nginx-proxy container is also able to proxy it with no issues. Consolidated logs. Another problem is consolidating and formatting the logs. I would like to have a consolidated view of the logs (i.e., everything at /config/nginx-proxy-manager/logs/) so that I can send it to another tool. I would also like to be able to customise its format. At the moment I'm using multitail to consolidate the logs and manually editing nginx configuration files to customise formatting. However, it would be great if there was a more permanent solution to the problem. All of the best Quote Link to comment
thrroow Posted March 10, 2019 Share Posted March 10, 2019 (edited) I feel like I am missing a step in setting this up. LetsEncrypt docker serves works perfectly, but when I switch to this I can't reach any dockers. Here's what I did: 1) Went to CloudFlare and turned off any HTTPS on their end. Tried both auto and normal DNS forwarding to my IP for each subdomain 2) Router is forwarding ports 80/443 to 180/1443 found in the NGINX Proxy Manager docker install page. 3) Switch dockers to all be on bridge mode 4) Added entries to Proxy manager, for example: radarr.mysite.com, scheme: http or https, ip: 192.168.1.99, port: 7878, SSL cert: LE radarr.mysite.com I either get a 502 BAD GATEWAY or ERR_TOO_MANY_REDIRECTS based on what settings I play around with. The single docker I've gotten to run is the HTML5 Speedtest, and that is the only one to my knowledge that doesn't use SSL. So I believe it to be a cloudflare or LE SSL issue. Any advice? edit: also, I can head to nondockersubdomain.mydomain.com and itll bring me to the "congratulation landing page". Edited March 10, 2019 by thrroow Quote Link to comment
littlebudha Posted March 11, 2019 Share Posted March 11, 2019 (edited) 20 hours ago, thrroow said: I feel like I am missing a step in setting this up. LetsEncrypt docker serves works perfectly, but when I switch to this I can't reach any dockers. Here's what I did: 1) Went to CloudFlare and turned off any HTTPS on their end. Tried both auto and normal DNS forwarding to my IP for each subdomain 2) Router is forwarding ports 80/443 to 180/1443 found in the NGINX Proxy Manager docker install page. 3) Switch dockers to all be on bridge mode 4) Added entries to Proxy manager, for example: radarr.mysite.com, scheme: http or https, ip: 192.168.1.99, port: 7878, SSL cert: LE radarr.mysite.com I either get a 502 BAD GATEWAY or ERR_TOO_MANY_REDIRECTS based on what settings I play around with. The single docker I've gotten to run is the HTML5 Speedtest, and that is the only one to my knowledge that doesn't use SSL. So I believe it to be a cloudflare or LE SSL issue. Any advice? edit: also, I can head to nondockersubdomain.mydomain.com and itll bring me to the "congratulation landing page". Have you created the origin certificate in cloudflare (under Crypto Tab)? once you create these you save them as .pem and .key files. Use these to create the SSL certificate in proxy manager. I had to use these SSL certificate to make it work instead of the letsencrypt ones. Edited March 11, 2019 by littlebudha Quote Link to comment
thrroow Posted March 11, 2019 Share Posted March 11, 2019 41 minutes ago, littlebudha said: Have you created the origin certificate in cloudflare (under Crypto Tab)? once you create these you save them as .pem and .key files. Use these to create the SSL certificate in proxy manager. I had to use these SSL certificate to make it work instead of the letsencrypt ones. No, I have not. You use the .key as the Certificate Key and the .PEM as the Certificate and the Intermediate Certificate? Quote Link to comment
Nyghthawk Posted March 11, 2019 Share Posted March 11, 2019 (edited) Okay I am going to need a bit more help. This whole time I thought I was setup properly for reverse proxy, and low and behold, it ONLY works when I am on my LAN....of course right!?!??! So i have nginx proxy manager installed. http 1880 https 18443 On my router, I have Ports 80 forwarded to ip (my unraid server) 192.168.0.133:1880 Ports 443 forwarded to ip (my unraid server) 192.168.0.133:18443 On my domain I have A Record Host * (to allow all subdomains) Value: My IP (its static) TTL Automatic On NGINX setup I would have Source: subdomain.mydomain.com Destination: 192.168.0.133:PortToService So when I go to subdomain.mydomain.com it would load up. Thinking this worked Tried from outside, and got buttsquatt. When I go to http://mypublicip:80 or http://mypublicip I get the 404 error nginx (that I setup with the proxy) So I tried Source: subdomain.mydomain.com Destination: publicIP:PortToService And get a 502 Error. Please help? EDIT: to add. When I go to http://mypublicip or http://mypublicip:80 I get the 404 error code I setup with the proxy manager. Edited March 11, 2019 by Nyghthawk Quote Link to comment
Djoss Posted March 11, 2019 Author Share Posted March 11, 2019 On 3/8/2019 at 4:15 PM, Nyghthawk said: Trying to get my unifi controller accessible. When I am local and i type http://localip:port to access the login, it lets me log in, then gives me an error on the certificate, etc. When I type in http://unifi.domain it asks to log in like normal, but then does not log in giving me an error. Did you enabled WebSocket support? On 3/8/2019 at 4:15 PM, Nyghthawk said: also, I did a blanket wildcard record on my domain, so all subdomains will point to "proxy manager has not been setup yet" is this ok? If you don't have a lot of subdomains to manage, I guess it's better to not have a wildcard record. Else you can also edit this default page and replace it with a 404 error or something that fit your needs. On 3/8/2019 at 4:15 PM, Nyghthawk said: also tried to add SSL, and i get an "internal error", and nothing works, any help with that? apparently creates an SSL but then i get a cipher mismatch or something like that error. Is the container reachable from the Internet through port 80? Quote Link to comment
Nyghthawk Posted March 11, 2019 Share Posted March 11, 2019 3 minutes ago, Djoss said: Did you enabled WebSocket support? If you don't have a lot of subdomains to manage, I guess it's better to not have a wildcard record. Else you can also edit this default page and replace it with a 404 error or something that fit your needs. Is the container reachable from the Internet through port 80? Not sure if you saw my latest post. Problem so far. Can reach the nginx proxy landing page from IP:80, but cannot access ANY other container. Quote Link to comment
Djoss Posted March 11, 2019 Author Share Posted March 11, 2019 On 3/9/2019 at 11:42 AM, Cat_Seeder said: Error logs: [error] 872#872: *2 connect() failed (111: Connection refused) while connecting to upstream, client: 172.17.0.1, server: mydomain.local, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:3000/", host: "mydomain.local" I can reach port 3000 directly from my host. nginx-proxy container is also able to proxy it with no issues. The upstream server IP is 127.0.0.1. You should set instead a local IP. If the service is running on unRAID, use the unRAID's IP. Quote Link to comment
Djoss Posted March 11, 2019 Author Share Posted March 11, 2019 5 minutes ago, Nyghthawk said: Not sure if you saw my latest post. Problem so far. Can reach the nginx proxy landing page from IP:80, but cannot access ANY other container. But it's from working from your LAN? Look at the logs for your proxy host (under /mnt/user/appdata/NginxProxyManager/log/nginx/). Quote Link to comment
Nyghthawk Posted March 11, 2019 Share Posted March 11, 2019 4 minutes ago, Djoss said: But it's from working from your LAN? Look at the logs for your proxy host (under /mnt/user/appdata/NginxProxyManager/log/nginx/). it was working from the lan, so i started over..... Just a question.... in the nginx proxy manger, destination IP would be my "local" ip? or my "public"? (I thought it would be my "local" ip) Quote Link to comment
Djoss Posted March 11, 2019 Author Share Posted March 11, 2019 Just now, Nyghthawk said: it was working from the lan, so i started over..... Just a question.... in the nginx proxy manger, destination IP would be my "local" ip? or my "public"? (I thought it would be my "local" ip) Yes, you need to use the local IP. Quote Link to comment
Nyghthawk Posted March 11, 2019 Share Posted March 11, 2019 2 minutes ago, Djoss said: Yes, you need to use the local IP. So...I was right with that at least. So This is mysetup. As a test, just in case my IP is randomly changing (which it shouldn't) I have a free account at duckdns.org. so I have mydomain.duckdns.org pointing to my IP (which is my static ip). I have mydomain.com with a CNAME record for subdomain1, subdomain2 pointing to mydomain.duckdns.org. I gave it 30 minutes + to propagate. In nginx proxy manager I have subdomain1.mydomain.com pointing to internal IP of my unraid server 192.168.0.133 Port ####. In my local network, I go to subdomain1.mydomain.com and I get my proper container. When I try to access subdomain1.mydomain.com from OUTSIDE the LAN, it does not work, however, when I access mystaticip:80 from outside the LAN I get the proxy landing page of "log in to your admin account to setup". So I figured the following: Port 80 is correctly forwarded. subdomain on mydomain is correctly forwarding to mydomain.duckdns.org to my home IP. Problem now, is ANYTHING other than port 80 is not working. And I thought the purpose of this proxy manager was to avoid opening up EVERY single port for EVERY single docker. Or do I need to forward EVERY single dockerport in my firewall? Quote Link to comment
Djoss Posted March 11, 2019 Author Share Posted March 11, 2019 4 minutes ago, Nyghthawk said: So...I was right with that at least. So This is mysetup. As a test, just in case my IP is randomly changing (which it shouldn't) I have a free account at duckdns.org. so I have mydomain.duckdns.org pointing to my IP (which is my static ip). I have mydomain.com with a CNAME record for subdomain1, subdomain2 pointing to mydomain.duckdns.org. I gave it 30 minutes + to propagate. In nginx proxy manager I have subdomain1.mydomain.com pointing to internal IP of my unraid server 192.168.0.133 Port ####. In my local network, I go to subdomain1.mydomain.com and I get my proper container. When I try to access subdomain1.mydomain.com from OUTSIDE the LAN, it does not work, however, when I access mystaticip:80 from outside the LAN I get the proxy landing page of "log in to your admin account to setup". So I figured the following: Port 80 is correctly forwarded. subdomain on mydomain is correctly forwarding to mydomain.duckdns.org to my home IP. Problem now, is ANYTHING other than port 80 is not working. And I thought the purpose of this proxy manager was to avoid opening up EVERY single port for EVERY single docker. Or do I need to forward EVERY single dockerport in my firewall? So when you access http://subdomain1.mydomain.com from outside the LAN, which error the browser is reporting exactly? Quote Link to comment
Nyghthawk Posted March 11, 2019 Share Posted March 11, 2019 Just now, Djoss said: So when you access http://subdomain1.mydomain.com from outside the LAN, which error the browser is reporting exactly? on my iphone "safari could not open the page because the server stopped responding" would you like to try? organizr.ispoweredup.com Quote Link to comment
Djoss Posted March 11, 2019 Author Share Posted March 11, 2019 4 minutes ago, Nyghthawk said: on my iphone "safari could not open the page because the server stopped responding" would you like to try? organizr.ispoweredup.com From here port 80 is not reachable... You can check with https://www.yougetsignal.com/tools/open-ports/ Quote Link to comment
Nyghthawk Posted March 11, 2019 Share Posted March 11, 2019 7 minutes ago, Djoss said: From here port 80 is not reachable... You can check with https://www.yougetsignal.com/tools/open-ports/ so port 443 is open, but I cannot get port 80 to be open, wtf! Quote Link to comment
Djoss Posted March 11, 2019 Author Share Posted March 11, 2019 2 minutes ago, Nyghthawk said: so port 443 is open, but I cannot get port 80 to be open, wtf! Is it blocked by your Internet provider? Quote Link to comment
Nyghthawk Posted March 11, 2019 Share Posted March 11, 2019 2 minutes ago, Djoss said: Is it blocked by your Internet provider? no idea.... Quote Link to comment
Nyghthawk Posted March 11, 2019 Share Posted March 11, 2019 (edited) 15 minutes ago, Djoss said: Is it blocked by your Internet provider? can i bypass this, override it with a different ip? i mean port? verified blocked Edited March 11, 2019 by Nyghthawk Quote Link to comment
Djoss Posted March 11, 2019 Author Share Posted March 11, 2019 1 hour ago, Nyghthawk said: can i bypass this, override it with a different ip? i mean port? verified blocked Then you could use https (443) only, but you would need to provide your own certificates (free certificates through Let'sEncrypt require port 80)... Quote Link to comment
Nyghthawk Posted March 11, 2019 Share Posted March 11, 2019 2 minutes ago, Djoss said: Then you could use https (443) only, but you would need to provide your own certificates (free certificates through Let'sEncrypt require port 80)... how do i do this? lol! Quote Link to comment
Djoss Posted March 11, 2019 Author Share Posted March 11, 2019 3 minutes ago, Nyghthawk said: how do i do this? lol! What? Getting your certificates? Since it seems that your domain comes from namecheap, you can buy certificates from them: https://www.namecheap.com/security/ssl-certificates/ But if you search a little bit, you will find a lot of other places. Once you have the certificate, you can add it in NginxProxyManager (SSLCertificates->Add SSL Certificate->Custom). Quote Link to comment
Nyghthawk Posted March 11, 2019 Share Posted March 11, 2019 (edited) 21 minutes ago, Djoss said: What? Getting your certificates? Since it seems that your domain comes from namecheap, you can buy certificates from them: https://www.namecheap.com/security/ssl-certificates/ But if you search a little bit, you will find a lot of other places. Once you have the certificate, you can add it in NginxProxyManager (SSLCertificates->Add SSL Certificate->Custom). can I just force someone to use the different port? like http://subdomain.domain:180 Its not for production or anything. Just to give a few users outside access to like 1 or 2 subdomains. I can deal without accessing my dockers outside. Edited March 11, 2019 by Nyghthawk Quote Link to comment
Djoss Posted March 12, 2019 Author Share Posted March 12, 2019 6 minutes ago, Nyghthawk said: can I just force someone to use the different port? like http://subdomain.domain:180 Its not for production or anything. Just to give a few users outside access to like 1 or 2 subdomains. I can deal without accessing my dockers outside. Sure this is possible. Quote Link to comment
Nyghthawk Posted March 12, 2019 Share Posted March 12, 2019 (edited) 2 minutes ago, Djoss said: Sure this is possible. is this accomplished through proxy manager? or just opening up the few ports? could i setup a reverse proxy on an outside host? so domain.com would forward all requests to remotehost.com which would then put all requests to my homeip:180 (which runs the home reverse proxy)....im just so confused because of this stupid port block...... Edited March 12, 2019 by Nyghthawk Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.