Jump to content
Djoss

[Support] Djoss - Nginx Proxy Manager

1023 posts in this topic Last Reply

Recommended Posts

22 hours ago, Froberg said:

Try forcing SSL for a start.

I just enabled Force SSL and the proxy host still says offline.

I don't know if it's related but when I go to the domain validation file that Let's Encrypt generates in my browser, I get a 403 error. I thought that Let's Encrypt would be looking for a 200 response on that file so I feel like that's not good.

Edited by deadletters
added a word

Share this post


Link to post

I have zerotier running on my unraid box and only want to use NPM with my zerotier IP. Reason is services I want to expose to the internet don’t need to be accessible on my WAN IP. Every device I use to connect has a zerotier client installed so I figure it’s better security (defense in depth) to limit access to zerotier IP

 

Is this possible to configure?

 

Share this post


Link to post

So far these are the only settings I've found that will show the Proxy Host is online:
1jbymFA.png

 

eLAyWDf.png

 

However, this generates an NGINX 400 Error:
xobWYAA.png

 

I'll also just add that I can pull everything up by going to https://public-ip:port without a problem.

Edited by deadletters
more info

Share this post


Link to post
On 7/26/2019 at 12:38 AM, PSYCHOPATHiO said:

yes, it is in docker mode.

I tried every possible variation from docker mode, host mode, different ips & last night I wiped my pfsense & reinstalled fresh copy & spent a couple of hours re-configuring to find out i still get bad gateway.

I think the problem is somewhere in the docker configuration or network on the unraid server it self but I cant find it.

Usually the bad gateway error occurs when NPM can't communicate with the service.  Can you share a screenshot of your Docker page so we can see basic config of your containers?

 

Share this post


Link to post
On 7/28/2019 at 2:35 PM, tmchow said:

I have zerotier running on my unraid box and only want to use NPM with my zerotier IP. Reason is services I want to expose to the internet don’t need to be accessible on my WAN IP. Every device I use to connect has a zerotier client installed so I figure it’s better security (defense in depth) to limit access to zerotier IP

 

Is this possible to configure?

 

nginx has the ability to "allow" and/or "deny" IP addresses/subnets (see http://etapien.com/guides/nginx-allow-access-certain-ips/ for examples).  Try the add this under the "Advanced" tab of your proxy host configuration.

 

Share this post


Link to post
On 7/28/2019 at 8:46 PM, deadletters said:

I ended up just reinstalling NPM and purchasing my own cert :/

Did you check the reason why your proxy host was offline?  You can check it by letting your mouse pointer on the red dot.

Share this post


Link to post
On 7/30/2019 at 6:29 AM, cagemaster said:

Can someone explain the functionality of the 'streams' function? I want to know how it works and what is does :)

It allows you to forward UDP/TCP traffic to another host.  You can google for "nginx stream module" for more details.

Share this post


Link to post
2 hours ago, Djoss said:

Usually the bad gateway error occurs when NPM can't communicate with the service.  Can you share a screenshot of your Docker page so we can see basic config of your containers?

 

never mind, I hosted NPM docker on my other unraid server & it works.

Share this post


Link to post

I am able to connect to novnc after setting up the reverse proxy but I keep getting stuck at the connecting screen and get error "Failed to connect to server". Do I have to do some further configuration on novnc part to get it to work? Any help is appreciated.

Share this post


Link to post
On 8/7/2019 at 10:34 AM, mysterio0 said:

I am able to connect to novnc after setting up the reverse proxy but I keep getting stuck at the connecting screen and get error "Failed to connect to server". Do I have to do some further configuration on novnc part to get it to work? Any help is appreciated.

Did you enabled WebSocket support?

Share this post


Link to post
On 12/29/2018 at 10:07 PM, Djoss said:

This docker is for people with little to no knowledge about nginx.  It was not done with manual configuration file editing in mind.  Some static configuration files are inside the container itself (/etc/nginx), while generated files are stored under the app data folder.

 

If you want to migrate from LE docker, you should not try to replicate your config files, but instead, use the UI to re-create the same functionality (again, this container doesn't support subfolders yet).

Hi,

 

I have a need to access the nginx.conf file to try and fix a problem I'm having with larger header sizes with IdentityServer.
Specifically in relation to: https://stackoverflow.com/a/48971393/4953847

 

How can I set the following values for this container?

http{
...
proxy_buffer_size   128k;
proxy_buffers   4 256k;
proxy_busy_buffers_size   256k;
large_client_header_buffers 4 16k;
...
}

Currently I'm able to authenticate my app but I immediately get redirected to a 502 Bad Gateway from nginx.

Edited by Saldash

Share this post


Link to post

First of all, thanks a lot for creating this docker container. 

 

I‘ve run into a couple of issues, I simply couldn‘t solve myself.

 

What I‘ve done so far:

1) I opened ports 80 and 443 on my router and forwarded them to 1880 and 18443 on the server. Both ports seem to be open.

 

2) I set up a DuckDNS container and verified that it shows my public IP.

 

3) I registered a domain and created a few CNAMES, i.e. sonarr.mydomain.com and plex.mydomain.com, both of which point to the DuckDNS domain (see above). I pinged sonarr.mydomain.com to verify that I see my public IP and it worked.

 

4) I installed the Nginx Proxy Manager docker and it proceeded without any errors. I didn’t have to set up a MariaDB database, which was odd for me, because I thought I‘d have to create a DB on my own. I then changed the admin password and I was able to access the GUI.

 

5) I created a new host entry for Sonarr and I used HTTP to check if it works. After that, I was able to access sonarr.mydomain.com. To secure it, I then wanted to set up https with a LE cert. I opened the Sonarr container, enabled SSL and headed back to the Nginx Proxy Manager docker, where I switched the host entry to https and change the port according to Sonarr‘s SSL port. 

 

 

Problem:

This is where I got stuck. I couldn‘t access the site anymore and had to switch back to HTTP. For now, I’ve closed both ports for security reasons before I sit down and try to solve the issue with your appreciated input.

 

Tl;dr: HTTP access works, HTTPS doesn‘t. Both ports seem to be forwarded correctly, custom domain.

Share this post


Link to post

I've searched the thread but couldn't find a clear and simple way of using this docker to stop the Unifi Controller docker from throwing security errors.  What's the easiest way to add a letsencrypt cert to the unifi container?

Edited by dalben

Share this post


Link to post

I have a number of dockers already setup and working correctly with NPM but when I try to add Ombi I get the following error.

 

Saving debug log to /config/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ombi.jerseyknoll.com
Using the webroot path /config/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. ombi.jerseyknoll.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://ombi.jerseyknoll.com/.well-known/acme-challenge/pXsn4eZtFYYbBeoXjGKd93cmOWqgMFCFqnatTan-6_I [69.162.80.56]: "<html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://ombi.jerseyknol"

letsencrypt.log

Share this post


Link to post
On 8/10/2019 at 5:28 PM, Saldash said:

Hi,

 

I have a need to access the nginx.conf file to try and fix a problem I'm having with larger header sizes with IdentityServer.
Specifically in relation to: https://stackoverflow.com/a/48971393/4953847

 

How can I set the following values for this container?


http{
...
proxy_buffer_size   128k;
proxy_buffers   4 256k;
proxy_busy_buffers_size   256k;
large_client_header_buffers 4 16k;
...
}

Currently I'm able to authenticate my app but I immediately get redirected to a 502 Bad Gateway from nginx.

Did you try to add the settings under the Advanced tab of your host?

Share this post


Link to post
On 8/12/2019 at 8:39 AM, Karatekid said:

Is there a possibility to reset the user and password.

Not currently.  There is probably a way to do it by manually editing the database, but I didn't dig into it.

Share this post


Link to post
On 8/13/2019 at 3:38 AM, Orejo said:

5) I created a new host entry for Sonarr and I used HTTP to check if it works. After that, I was able to access sonarr.mydomain.com. To secure it, I then wanted to set up https with a LE cert. I opened the Sonarr container, enabled SSL and headed back to the Nginx Proxy Manager docker, where I switched the host entry to https and change the port according to Sonarr‘s SSL port. 

You don't need to change the Sonarr config.  Just change the NginxProxyManager config to use SSL.  NginxProxyManager is the one that handle the SSL connection, not Sonarr.

Share this post


Link to post
On 8/13/2019 at 11:35 PM, dalben said:

I've searched the thread but couldn't find a clear and simple way of using this docker to stop the Unifi Controller docker from throwing security errors.  What's the easiest way to add a letsencrypt cert to the unifi container?

You need to add a proxy host, where the forward ip and port point to your Unifi docker.

Share this post


Link to post
On 8/15/2019 at 10:06 AM, jerseyknoll said:

I have a number of dockers already setup and working correctly with NPM but when I try to add Ombi I get the following error.

 

Saving debug log to /config/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ombi.jerseyknoll.com
Using the webroot path /config/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. ombi.jerseyknoll.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://ombi.jerseyknoll.com/.well-known/acme-challenge/pXsn4eZtFYYbBeoXjGKd93cmOWqgMFCFqnatTan-6_I [69.162.80.56]: "<html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://ombi.jerseyknol"

letsencrypt.log 18.45 kB · 0 downloads

Is your DNS name points to the correct IP address?

Share this post


Link to post
On 8/19/2019 at 11:01 AM, Djoss said:

Did you try to add the settings under the Advanced tab of your host?

I've literally just come back to it today, tried that and was about to post that it's worked for me before I saw your post. xD

Had no idea if it was going to work or not but it was a shot in the dark that got the mark for me.

 

Thank you anyway!

Share this post


Link to post

I'm sure this is a very basic question but I can't seem to find the answerr.  Is the nginx install of this docker geared/configured purely for remote proxy, or can it be used as a webserver as well?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.