Jump to content
Djoss

[Support] Djoss - Nginx Proxy Manager

866 posts in this topic Last Reply

Recommended Posts

1 hour ago, Brydezen said:

I only have one user named lol and the password is also lol. Does it only work if the username is admin?

EDIT: I just tried doing the auth in a new browser (firefox) and it worked flawlessly. But chrome seems to mess me up.

Ok, you may need to clear chrome's cache...

Share this post


Link to post

Is anyone using this with the home assistant docker? I can't get access to HA when going through this proxy. I get a bad gateway error.

 

Share this post


Link to post
On 10/21/2019 at 4:04 AM, jj_uk said:

Is anyone using this with the home assistant docker? I can't get access to HA when going through this proxy. I get a bad gateway error.

This error is usually caused by an incorrect configuration of your proxy host.  Make sure the forward host is properly set with the correct http scheme and port.

According to https://www.home-assistant.io/docs/ecosystem/nginx/, it seems that you need to enable WebSocket support.  You may also have to adjust the config of HA.

Share this post


Link to post
14 hours ago, TDA said:

Is there a way to implement fail2ban?

If you have an instance already running (in another container for examle), you can configure it to point to NginxProxyManager's log files and it should work.

Share this post


Link to post
This error is usually caused by an incorrect configuration of your proxy host.  Make sure the forward host is properly set with the correct http scheme and port.
According to https://www.home-assistant.io/docs/ecosystem/nginx/, it seems that you need to enable WebSocket support.  You may also have to adjust the config of HA.
Within the link posted, there is a nginx setup configuration. Is nginx already configured like this or do I need to change something?

Share this post


Link to post
4 hours ago, jj_uk said:
6 hours ago, Djoss said:
This error is usually caused by an incorrect configuration of your proxy host.  Make sure the forward host is properly set with the correct http scheme and port.
According to https://www.home-assistant.io/docs/ecosystem/nginx/, it seems that you need to enable WebSocket support.  You may also have to adjust the config of HA.

Within the link posted, there is a nginx setup configuration. Is nginx already configured like this or do I need to change something?

I think you don't need any advanced config.  Make sure to enable WebSocket.

Share this post


Link to post
3 hours ago, Djoss said:

I think you don't need any advanced config.  Make sure to enable WebSocket.

I can't get this to work. I've tried all sorts of configuration in HA. 

Share this post


Link to post
23 hours ago, Djoss said:

If you have an instance already running (in another container for examle), you can configure it to point to NginxProxyManager's log files and it should work.

Unfortunately I haven't one, and apparently there isn't any standalone docker in UNRAID for fail2ban.

Why is fail2ban not already implemented into NginxProxyManager?
How would you suggest to protect against brute-force-attacks and so on?

thx

Share this post


Link to post

I've got NPM up and running, and I've got it working with a host (jellyfin), however, when I enable/force SSL, it breaks. As soon as I disable SSL, it works again. I made sure to request a letsencrypt cert, and it seems to have been successful. It's behind a pfsense firewall, and any time port 80 appears, ports 443 and 81 appear with it (alias for web ports). Any suggestions/troubleshooting?

 

EDIT: Nevermind. Working flawlessly now. Not sure if it was that particular computer I was using, dns cache or what. Thanks for this program, it's saved me a lot of headache.

Edited by duskofdawn

Share this post


Link to post

I recently started having issues with Bookstack container and NginxProxyManager giving "502 Bad Gateway" when accessing from the domain pointed at it. The Bookstack container is accessible for it IP on local network, restarting the NginxProxyManager fixes the issue for a few minutes then back to 502

Share this post


Link to post
On 10/22/2019 at 4:18 PM, jj_uk said:

I can't get this to work. I've tried all sorts of configuration in HA. 

I have installed Home Assistant from scratch and created an account.  No other setting changed.

 

I have the following proxy host that works:

 

Scheme : http
Forward host: unRAID IP address
Port: 8123
WebSocket support : Enabled

 

Share this post


Link to post
On 10/23/2019 at 6:15 AM, TDA said:

Unfortunately I haven't one, and apparently there isn't any standalone docker in UNRAID for fail2ban.

Why is fail2ban not already implemented into NginxProxyManager?
How would you suggest to protect against brute-force-attacks and so on?

thx

Because fail2ban play with iptables rules on the host, one cannot have multiple instances of iptables running.  Thus, I feel that implementing fail2ban in this Docker container is not the right way to go, since fail2ban is potentially wanted by other containers as well.

 

Nginx as some built-in protections.  Maybe this is something you can look at: https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/

Share this post


Link to post
9 hours ago, swingline said:

I recently started having issues with Bookstack container and NginxProxyManager giving "502 Bad Gateway" when accessing from the domain pointed at it. The Bookstack container is accessible for it IP on local network, restarting the NginxProxyManager fixes the issue for a few minutes then back to 502

Do you have more details/log from the Bookstack container when the problem happens?

Share this post


Link to post
18 hours ago, Djoss said:

I have installed Home Assistant from scratch and created an account.  No other setting changed.

 

I have the following proxy host that works:

 


Scheme : http
Forward host: unRAID IP address
Port: 8123
WebSocket support : Enabled

 

 

"Scheme http" 

 

This fixed it for me, i was using "https" for the scheme as it connects with ssl. Clearly I don't understand the difference. Thanks for your help!

Edited by jj_uk

Share this post


Link to post
On 10/28/2019 at 4:22 AM, Djoss said:

Do you have more details/log from the Bookstack container when the problem happens?

Thanks for the reply. Here is everything in the bookstack logs.

 

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-adduser: executing...

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
App Key found - setting variable for seds
Running config - db_user set
/var/run/s6/etc/cont-init.d/50-config: line 63: warning: command substitution: ignored null byte in input
/var/run/s6/etc/cont-init.d/50-config: line 63: warning: command substitution: ignored null byte in input
Nothing to migrate.
[cont-init.d] 50-config: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.

 

Share this post


Link to post

SSL worked for about a day before breaking again. I'm not sure what I was doing that got it to work vs not work. I spun up a new VM, downloaded the example config, and after initial setup, created two hosts. They both point to the same server, one has SSL enabled with a letsencrypt certificate generated by NPM. The other is HTTP only. When I go to the SSL one (in CHrome), it throws up "Your connection is not private NTT::ERR_CERT_AUTHORITY_INVALID. The cert itself is from BMS. If I click advanced, and then proceed, I get ERR_EMPTY_RESPONSE.

Share this post


Link to post

I had an issue with another Docker image, so carried out a restore and I'm now seeing the following error in the logs;

 

[nginx] starting...
nginx: [emerg] PEM_read_bio_X509_AUX("/etc/letsencrypt/live/npm-1/fullchain.pem") failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

 

Any ideas?

Share this post


Link to post
On 10/30/2019 at 1:12 PM, swingline said:

Thanks for the reply. Here is everything in the bookstack logs.

 


[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-adduser: executing...

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
App Key found - setting variable for seds
Running config - db_user set
/var/run/s6/etc/cont-init.d/50-config: line 63: warning: command substitution: ignored null byte in input
/var/run/s6/etc/cont-init.d/50-config: line 63: warning: command substitution: ignored null byte in input
Nothing to migrate.
[cont-init.d] 50-config: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.

 

I would also check the log for your proxy host under /mnt/user/appdata/NginxProxyManager/log/nginx/ to see if you can get more details.

Do you have the issue only when you access the domain name from your own network?

Share this post


Link to post
On 10/30/2019 at 5:28 PM, duskofdawn said:

SSL worked for about a day before breaking again. I'm not sure what I was doing that got it to work vs not work. I spun up a new VM, downloaded the example config, and after initial setup, created two hosts. They both point to the same server, one has SSL enabled with a letsencrypt certificate generated by NPM. The other is HTTP only. When I go to the SSL one (in CHrome), it throws up "Your connection is not private NTT::ERR_CERT_AUTHORITY_INVALID. The cert itself is from BMS. If I click advanced, and then proceed, I get ERR_EMPTY_RESPONSE.

If the certificate is not from Letsencrypt, then you are probably not reaching the container... or are you using a DNS service that could interfer?

Share this post


Link to post
16 hours ago, WannabeMKII said:

I had an issue with another Docker image, so carried out a restore and I'm now seeing the following error in the logs;

 

[nginx] starting...
nginx: [emerg] PEM_read_bio_X509_AUX("/etc/letsencrypt/live/npm-1/fullchain.pem") failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

 

Any ideas?

Looks like a certificate is corrupted.... You can check if you can read the certificate at /mnt/user/appdata/NginxProxyManager/letsencrypt/live/npm-1/fullchain.pem.

Share this post


Link to post
9 hours ago, Djoss said:

Looks like a certificate is corrupted.... You can check if you can read the certificate at /mnt/user/appdata/NginxProxyManager/letsencrypt/live/npm-1/fullchain.pem.

Stupid question, but how would I test I can read it?

 

Krusader is reporting the file as 0 bytes in size?

 

Also, if I go into the webgui and try to edit one of the hosts and hit save, it comes back with a 'Internal Error'? 

 

Does any of that help?

Share this post


Link to post
16 hours ago, Djoss said:

I would also check the log for your proxy host under /mnt/user/appdata/NginxProxyManager/log/nginx/ to see if you can get more details.

Do you have the issue only when you access the domain name from your own network?

I have issues from all networks when accessing from domain. I have NAT refection turned on my firewall and all other domains I have are working. The container is accessible from its IP address. Below is a log excerpt from when it stops working. It never recovers unless I restart the NginxProxyManger container then fails after i close my session with the bookstack.

 

[02/Nov/2019:21:11:22 +0400] - 502 502 - GET https wiki.domain.pw "/" [Client 10.0.0.1] [Length 166] [Gzip -] [Sent-to 10.0.0.64] "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0" "http://10.0.0.77:8181/nginx/proxy"

 

[06/Nov/2019:23:10:18 +0400] - 502 502 - GET https wiki.domain.pw "/" [Client 10.0.0.1] [Length 166] [Gzip -] [Sent-to 10.0.0.64] "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0" "-"

 

Share this post


Link to post

Can someone help me getting custom locations to work? I want mydomain.com to link to 192.168.0.118:4001 (which it does). And then i want mydomain.com/radarr to link to 192.168.0.118:7878. So i added a custom location for for mydomain.com like so:

/radarr
http 192.168.0.118 7878

But it doesn't work. Why?

Thanks!

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.