Jump to content
Djoss

[Support] Djoss - Nginx Proxy Manager

442 posts in this topic Last Reply

Recommended Posts

So something like AdminCP for Nginx on Docker/Linux?

Freakin' awesome dude!

 

Thanks for making this available in a Docker for Unraid!

 

Hopefully I'll get to try it sometime. :)

Edited by Arndroid

Share this post


Link to post

First and foremost,  Thank you for this!  

This looks amazing and while I love CLI for most configurations,  nginx can get annoying.

 

With that said,  is there a way to "import" previously configured services from say, letsencrypt docker, to speed up the transition to nginx proxy manager?

 

Secondly, is there a way to support "wildcard" ssl certs?  *.domain.com in this docker?

Sadly self-answered, no.  https://github.com/jc21/nginx-proxy-manager/issues/36

Edited by fmp4m

Share this post


Link to post
18 minutes ago, fmp4m said:

With that said,  is there a way to "import" previously configured services from say, letsencrypt docker, to speed up the transition to nginx proxy manager?

I would think you could do this

image.png.f2375b83718eb994e6a1f9d6e5e66f67.png

Share this post


Link to post

I like this docker.  Question about this, in context of unraid and hardening.  What suggestions are available regarding securing the let's encrypt requirement of having 80 and 443 open on the firewall and this docker?  Does the docker have a lockout function, anti-brute force, yubikey or 2fa functions (or will it eventually)?

Edited by repomanz

Share this post


Link to post

Can’t wait to see if this works... but at the moment, when trying to generate the LE certificate, I get http://192.168.0.201:7818 internal error.

 

any ideas?

 

thanks,

 

h.

Share this post


Link to post

Trying to get this to work with gitlab-ce. Having basically zero luck. I'm super new to nginx and proxying different services to the web using it, was hoping a GUI would ease the learning curve.

So, for configuration in Nginx-Proxy-Manager I have this:
image.png.1fe938ff76290169bc096f2b3611f0f9.png

And I have it set to generate a new SSL certificate using LE, and force SSL.

From there, I've set gitlab-ce docker with the following extra options:
 


external_url 'https://git.mydomain.com/';
gitlab_rails['gitlab_ssh_host']='git.mydomain.com';
nginx['hsts_max_age'] = 0;
nginx['listen_port'] = 4080;
nginx['listen_https'] = false;

(I've taken the liberty of placing these on newlines for readability)

First I receive the same error as the above user - but refreshing the page shows that the entry was created, and the SSL certificate is shown on the certs tab. But when I attempt to reach gitlab via git.mydomain.com I get nothing. I can see that gitlab is running by checking the docker log.

I've got other services forwarded fine - but gitlab seems to be a PITA.


EDIT:

Figured it out. Other services weren't using a subdomain.

First, make sure you have your ports forwarded to this docker (or getting the certificates *will* fail)

Second, if you wish to use subdomains and are using a REAL domain name (not a dyndns style one) make sure you set up a catch-all entry for subdomains (CNAME * yourdomain.com)

Finally, create the entry using the GUI.

 

Scratch that - it doesn't seem to persist reboots very well, neither of my two SSL certificates continue to work following a reboot, and I'm getting this spammed in the log:

[nginx] starting...
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/npm-9/fullchain.pem") failed (SSL: error:02FFF002:system library:func(4095):No such file or directory:fopen('/etc/letsencrypt/live/npm-9/fullchain.pem', 'r') error:20FFF080:BIO routines:CRYPTO_internal:no such file)

Edit:
Deleted the appdata folder, recreated entries and all is working again.

 

Edited by Xaero

Share this post


Link to post

Thank you for the work, a nice GUI for overview is always great.

 

A guide to move from the LE docker with subfolders, subdomains, organizr, settings etc. to this would be greatly appreciated.

Share this post


Link to post

Hey, 

 

I'm a little bit excited about this new app. I might migrate from let's encrypt to this one but need some help setting up the proxy host. Is there some guide somewhere here or the GitHub. 

Share this post


Link to post
6 hours ago, gacpac said:

Hey, 

 

I'm a little bit excited about this new app. I might migrate from let's encrypt to this one but need some help setting up the proxy host. Is there some guide somewhere here or the GitHub. 

IMHO, this is such an easy app to use and set up that you don't need any guide.  I'd never sat down and used Let'sEncrypt (as I could never clear off something like a week to read the thread and play with setting it up), but I got this all going within 5 minutes, with no thought involved.  But, if you need subfolders and not subdomains then you've got to manually edit the nginx configs.  Myself, I'm just using subdomains.  But, for advanced features that you may or may not require (I don't for my use case), then this may not be for you.

 

That, and if you've already spent the time and aggravation setting up LE, why switch?

Edited by Squid

Share this post


Link to post
1 hour ago, Squid said:

IMHO, this is such an easy app to use and set up that you don't need any guide.  I'd never sat down and used Let'sEncrypt (as I could never clear off something like a week to read the thread and play with setting it up), but I got this all going within 5 minutes, with no thought involved.  But, if you need subfolders and not subdomains then you've got to manually edit the nginx configs.  Myself, I'm just using subdomains.  But, for advanced features that you may or may not require (I don't for my use case), then this may not be for you.

 

That, and if you've already spent the time and aggravation setting up LE, why switch?

1

I like the UI and how you can do the changes. I see the web app seems easy, but I need to put my customizations again, then there's no point.

Share this post


Link to post

I get the follow when I try to start the container

 

[mysqld] starting...
2018-12-27 9:57:55 23424764251016 [Note] /usr/bin/mysqld (mysqld 10.2.15-MariaDB) starting as process 1998 ...
2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Uses event mutexes
2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Compressed tables use zlib 1.2.11
2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Using Linux native AIO
2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Number of pools: 1
2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Using SSE2 crc32 instructions
2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Completed initialization of buffer pool
2018-12-27 9:57:55 23424421186280 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
2018-12-27 9:57:55 23424764251016 [ERROR] InnoDB: The Auto-extending innodb_system data file './ibdata1' is of a different size 0 pages than specified in the .cnf file: initial 768 pages, max 0 (relevant if non-zero) pages!
2018-12-27 9:57:55 23424764251016 [ERROR] InnoDB: Plugin initialization aborted with error Generic error

[2018-12-27] [09:57:55] [Global ] › ✖ error connect ECONNREFUSED 127.0.0.1:3306

2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Starting shutdown...
2018-12-27 9:57:55 23424764251016 [ERROR] Plugin 'InnoDB' init function returned error.
2018-12-27 9:57:55 23424764251016 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
2018-12-27 9:57:55 23424764251016 [Note] Plugin 'FEEDBACK' is disabled.
2018-12-27 9:57:55 23424764251016 [ERROR] Could not open mysql.plugin table. Some plugins may be not loaded
2018-12-27 9:57:55 23424764251016 [ERROR] Unknown/unsupported storage engine: InnoDB
2018-12-27 9:57:55 23424764251016 [ERROR] Aborting

 

Edited by drkpeezy

Share this post


Link to post

My Install never gets past this point:

 

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-app-niceness.sh: executing...
[cont-init.d] 00-app-niceness.sh: exited 0.
[cont-init.d] 00-app-script.sh: executing...
[cont-init.d] 00-app-script.sh: exited 0.
[cont-init.d] 00-app-user-map.sh: executing...
[cont-init.d] 00-app-user-map.sh: exited 0.
[cont-init.d] 00-clean-logmonitor-states.sh: executing...
[cont-init.d] 00-clean-logmonitor-states.sh: exited 0.
[cont-init.d] 00-clean-tmp-dir.sh: executing...
[cont-init.d] 00-clean-tmp-dir.sh: exited 0.
[cont-init.d] 00-set-app-deps.sh: executing...
[cont-init.d] 00-set-app-deps.sh: exited 0.
[cont-init.d] 00-set-home.sh: executing...
[cont-init.d] 00-set-home.sh: exited 0.
[cont-init.d] 00-take-config-ownership.sh: executing...
[cont-init.d] 00-take-config-ownership.sh: exited 0.
[cont-init.d] 00-xdg-runtime-dir.sh: executing...
[cont-init.d] 00-xdg-runtime-dir.sh: exited 0.
[cont-init.d] nginx-proxy-manager.sh: executing...
[cont-init.d] nginx-proxy-manager.sh: Initializing database data directory...
[cont-init.d] nginx-proxy-manager.sh: Database data directory initialized.
[cont-init.d] nginx-proxy-manager.sh: Starting database to perform its intialization...
[cont-init.d] nginx-proxy-manager.sh: Securing database installation...

 

Share this post


Link to post

I see this error in the init_db.log 

/mnt/user/appdata/NginxProxyManager/log# more init_db.log
Installing MariaDB/MySQL system tables in '/config/mysql' ...
2018-12-27 14:32:02 22714951916424 [ERROR] InnoDB: preallocating 12582912 bytes for file ./ibdata1 failed with error 95
2018-12-27 14:32:02 22714951916424 [ERROR] InnoDB: Could not set the file size of './ibdata1'. Probably out of disk space
2018-12-27 14:32:02 22714951916424 [ERROR] InnoDB: Database creation was aborted with error Generic error. You may need to delete the ibdata1 file before trying to start
 up again.
2018-12-27 14:32:03 22714951916424 [ERROR] Plugin 'InnoDB' init function returned error.
2018-12-27 14:32:03 22714951916424 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
2018-12-27 14:32:03 22714951916424 [ERROR] Unknown/unsupported storage engine: InnoDB
2018-12-27 14:32:03 22714951916424 [ERROR] Aborting

 

Share this post


Link to post
2 hours ago, bigdave said:

I see this error in the init_db.log 


/mnt/user/appdata/NginxProxyManager/log# more init_db.log
Installing MariaDB/MySQL system tables in '/config/mysql' ...
2018-12-27 14:32:02 22714951916424 [ERROR] InnoDB: preallocating 12582912 bytes for file ./ibdata1 failed with error 95
2018-12-27 14:32:02 22714951916424 [ERROR] InnoDB: Could not set the file size of './ibdata1'. Probably out of disk space
2018-12-27 14:32:02 22714951916424 [ERROR] InnoDB: Database creation was aborted with error Generic error. You may need to delete the ibdata1 file before trying to start
 up again.
2018-12-27 14:32:03 22714951916424 [ERROR] Plugin 'InnoDB' init function returned error.
2018-12-27 14:32:03 22714951916424 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
2018-12-27 14:32:03 22714951916424 [ERROR] Unknown/unsupported storage engine: InnoDB
2018-12-27 14:32:03 22714951916424 [ERROR] Aborting

 

What are you using for umask? My logs are the same...

Share this post


Link to post
17 minutes ago, drkpeezy said:

What are you using for umask? My logs are the same...

The default 000, you?

Share this post


Link to post

Terrific work, djoss. I predict this will soon be the go-to certificate manager in unraid.

 

Questions: How would a wildcard certificate be assembled through the proxy manager? How would we go about making the LetsEncrypt cert self-renewing?

 

Edit: Just found that Lets Encrypt wild cards don't work yet. Hope that comes soon.

Edited by madaroda
added clarification

Share this post


Link to post

Quick question please.... if I host a personal web site, that I access from outside.... where do I place all my www files and folders, the html files.

 

Thank you.

 

H.

Share this post


Link to post
4 hours ago, hernandito said:

Quick question please.... if I host a personal web site, that I access from outside.... where do I place all my www files and folders, the html files.

 

Thank you.

 

H.

If you already have a web server hosting those files inside your network, then exactly where they are is fine, just point the reverse proxy at that server.
If you don't have a web server running already, there are plenty of web server docker containers in Community Applications that will fit your needs.

 

I'd suggest getting familiar with how your web server is configured and making sure it's secure before giving the outside world access to it.

Share this post


Link to post

Thank you Saldash. I have been running my web server for years.... from a docker I cobbled together from LS... using Apache and LetsEncrypt. I was able to get all the reverse proxies figured out (thanks to my friend Neil). I was never able to get PHP, LE and Nginx working in their LE docker.

 

With my Docker, I can get to reverse proxy like this:

https://MyDomain.com/sonarr

https://MyDomain.com/radarr

https://MyDomain.com/www (a folder with my php files for web serving)

etc.

 

With this Docker, I can only reverse proxy

https://radarr.MyDomain.com...

I can set LE certificates for each of the prefixes. But I cannot secure the pages using the .htpassword method.

 

If anyone can provide some examples how to do this with this Docker, it would be greatly appreciated.

 

And I can certainly have it point to my Apache docker for php.

 

Thanks again,

 

H.

 

 

Share this post


Link to post
6 minutes ago, hernandito said:

I can set LE certificates for each of the prefixes. But I cannot secure the pages using the .htpassword method.

If anyone can provide some examples how to do this with this Docker, it would be greatly appreciated.

This docker allows you to create user access lists and assign them to specific proxy hosts.

From the main dashboard, click Access Lists in the menu. Create a new list and specify a username and password (up to five distinct users).

Once created, go to the proxy host you want to secure, click edit to open the modal and at the bottom of the modal, select your access list from the dropdown and save.

 

From the help text:

Quote

Access Lists provide authentication for the Proxy Hosts via Basic HTTP Authentication.

You can configure multiple usernames and passwords for a single Access List and then apply that to a Proxy Host.

This is most useful for forwarded web services that do not have authentication mechanisms built in.

 

Edited by Saldash

Share this post


Link to post
On 12/22/2018 at 1:46 PM, repomanz said:

I like this docker.  Question about this, in context of unraid and hardening.  What suggestions are available regarding securing the let's encrypt requirement of having 80 and 443 open on the firewall and this docker?  Does the docker have a lockout function, anti-brute force, yubikey or 2fa functions (or will it eventually)?

Things like 2fa are usually implemented by the application this container is proxying to.  Nginx itself has some way to limit the number of requests that are done.  I can check if there is anything configured by default for this.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.