[Support] Djoss - Nginx Proxy Manager


Djoss

Recommended Posts

3 hours ago, cesar_panter said:

Hummm... How do i implement the stream option? I mean, beside configure one in the stream panel; how do i link a name server to the stream? sorry for the inconvenience...

Thanks

Sorry I'm not enough familiar with the feature to answer.  You should try to find how this can be done with pure nginx and if it's possible or not to do it for a particular DNS name.  Then we can figure out how to add the config to NPM.

Link to comment
46 minutes ago, Djoss said:

Sorry I'm not enough familiar with the feature to answer.  You should try to find how this can be done with pure nginx and if it's possible or not to do it for a particular DNS name.  Then we can figure out how to add the config to NPM.

Thanks.

I wiil try, and if i find out, i'll post here

Link to comment
4 hours ago, Djoss said:

Sorry I'm not enough familiar with the feature to answer.  You should try to find how this can be done with pure nginx and if it's possible or not to do it for a particular DNS name.  Then we can figure out how to add the config to NPM.

I think, that coud be this i need:

 

non terminating, TLS pass through

Pass the TLS stream to an upstream server, based on the domain name from TLS SNI field. This does not terminate TLS.
The upstream server can serve HTTPS or other TLS secured TCP responses.

stream {

map $ssl_preread_server_name $targetBackend {

ab.mydomain.com upstream1.example.com:443;

xy.mydomain.com upstream2.example.com:443;

}

server {

listen 443;

 

proxy_connect_timeout 1s;

proxy_timeout 3s;

resolver 1.1.1.1;

 

proxy_pass $targetBackend; ssl_preread on;

}

}

 

Do you think i can use this in combination with the stream function, and the advanced settings function?

Thanks

 

source:https://gist.github.com/kekru/c09dbab5e78bf76402966b13fa72b9d2

Link to comment

Starting getting this today

nginx: [emerg] bind() to [::]:80 failed (13: Permission denied)

Don't know what happened. don't know if it started after the update or if i subconsciously mind melted it, but something is off. 

 

Anyone else having this or anything like it

Link to comment
23 hours ago, Djoss said:

What is not working exactly with NPM ?  Are you at least able to get the login page?

 

NPM is working, which allows me to get to the NVR log in page.  I can log in perfectly fine, but when I go to live stream a camera, it tells me it can't load the stream.

 

From the hours Google'ing I've done, it seems like there some command-line witchery needed for the proxy host to understand that there is another port required to make everything work (port 7446).  I'm struggling to understand how to implement the verbiage from this:

 

# UniFi Video
server {
  server_name server.*;
  listen   443 ssl http2;
  include   /config/nginx/ssl.conf;
  include   /config/nginx/proxy.conf;
  location  / {
    #proxy_redirect default;
        proxy_pass     https://server:7443;
	}
	location  /ws/ {
     
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "Upgrade";
        proxy_pass     https://server:7443;
		proxy_redirect default;
	}
}

server {
  server_name server.*;
  listen   7446 ssl http2;
  include   /config/nginx/ssl.conf;
  include   /config/nginx/proxy.conf;
  location  / {
    	proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "Upgrade";
        proxy_pass     https://server:7446;
	}
}

and this:

 

## Version 2019/10/23 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/proxy.conf

client_body_buffer_size 128k;

#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240s;
proxy_send_timeout 240s;
proxy_connect_timeout 240s;

# TLS 1.3 early data
proxy_set_header Early-Data $ssl_early_data;

# Basic Proxy Config
proxy_pass_request_headers on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect http:// $scheme://;
#proxy_redirect off; # generally okay.
proxy_http_version 1.1;
proxy_set_header Connection "";
#proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection "Upgrade";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;
proxy_headers_hash_bucket_size 128;
proxy_headers_hash_max_size 2048;

...into my host to reap the success.  Can you assist?  Here is the link again from the community.ui forum:  https://community.ui.com/questions/NGINX-Reverse-Proxy-in-a-Docker-Container/89509ee7-b920-4d9e-9736-73d981df97bb#answer/5b511459-5a02-46bb-ab60-a1b97c992189

 

BREAK BREAK - Did the docker update and it broken something.... weird.... rolled back to v1.7.0 and everything is working again.  Was getting some weird error message:

 

nginx: [emerg] bind() to [::]:80 failed (13: Permission denied)

Edited by debit lagos
updates
Link to comment
1 hour ago, Keebler said:

Starting getting this today


nginx: [emerg] bind() to [::]:80 failed (13: Permission denied)

Don't know what happened. don't know if it started after the update or if i subconsciously mind melted it, but something is off. 

 

Anyone else having this or anything like it

Yeap, started seeing those right after updating the docker.  Rolled back to v1.7.0 and things are working again.

Link to comment
1 hour ago, Keebler said:

Sorry to sound ignorant, but how does one roll back to the previous version?

It varies depending on where it pulls the docker image from. I usually go to dockerhub and search for what is the 'Repository' box on the update container page. When you find it on dockerhub, click the tab that says 'Tags". Then, find the version you want and copy the appropriate text from the box on the right that starts 'docker pull X:tag', where X:tag is the image and version.

Of course, I'm probably using incorrect terms. so be careful.

 

 

Oh yeah, and changing to v1.7.0 didn't fix this bind :80 issue for me either.

Edited by ndaringer
Link to comment
7 hours ago, Keebler said:

Starting getting this today


nginx: [emerg] bind() to [::]:80 failed (13: Permission denied)

Don't know what happened. don't know if it started after the update or if i subconsciously mind melted it, but something is off. 

 

Anyone else having this or anything like it

I'm getting the same things as well. 

I did get it to work again by rolling back to 1.7.0 but had to re-create my config. Looks like it's put some IPv6 code into the nginx conf file, I don't seem to be able to comment it out or remove it, it just gets re-created.

 

5 hours ago, Keebler said:

Sorry to sound ignorant, but how does one roll back to the previous version?

In the Docker setting I put the following the the repository section 

jlesage/nginx-proxy-manager:v1.7.0

 

 

Link to comment

So, I guess I should have explained my rollback perspective.  I had gone into NPM to play around with a host I just can't get to work and was starting to have issues building a new host and creating certs for it.  Things either went Offline, Unknown, or simply failed to complete.  Thought it was because of something I did to my unraid server, (in my case) when in doubt, delete and start over.

 

After doing so, I started seeing the error message and couldn't figure out how to fix it.  So, I deleted the docker again, but this time, I set it to version v1.7.0 and rebuilt from there.  I only have 8 hosts, 2 redirects, and one 404.  All is good now and I think I'm good with sticking things out here at 1.7.0 UFN.

Link to comment

I tried to switch to a custom bridge network, so I can use static ips for my containers. (Had problems with the ips changing and having to remap the containers in the manager)

That wasn't working so I tried to go back to the default Bridge but now I cant get it to work.

 

I removed the docker and deleted the appdata folder but its still not working. Im testing with a nzbget container but im only getting "ERR_EMPTY_RESPONSE" when trying to connect using the dyndns domain.

Link to comment

i had the same error it seems when i was on version 1.7.1 or somthing i made a change to one of my proxys and that seems to have added extra data into my config file  

listen 8080;
listen [::]:80;

 

this was causing the container not to work

i just did a notepad++ search in "NginxProxyManager\nginx\proxy_host" for "[::]:80" and it found it in 4.conf
after commenting the line out "#listen [::]:80;" the container then loaded with that host being unknown status then i just resaved and it corrected the file and add https

 

  listen 8080;
#listen [::]:80;

listen 4443 ssl http2;
#listen [::]:443;

 

with this change and adding "DISABLE_IPV6 true" i was able to get things working again

Link to comment
Quote

 listen 8080;
#listen [::]:80;

listen 4443 ssl http2;
#listen [::]:443;

This was it. you fix fixed it for me. I found one of the config files as you did was missing info.  I am up and running now. thanks for the help. Everyone who contributed, thank you

Link to comment

Hmm... looks like the version was the problem. Showed all other containers as offline even tho I was able to ping them.

Went back to 1.7 and everything works fine even with a custom network.

 

Edit: After everything was working I updated to latest again and it seems to work now... no clue whats happening here

Edited by TeKo
update
Link to comment

I can't seem to generate any new SSL certs. All my old ones are still working fine... but when I tried to proxy a new service today (and after doing several tests) I'm getting this error every time:

 

Command failed: /usr/sbin/nginx -t 
nginx: [emerg] BIO_new_file(\"/etc/letsencrypt/live/npm-14/fullchain.pem\") failed (SSL: error:02001002:system library:fopen:No such file or 
directory:fopen('/etc/letsencrypt/live/npm-14/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

It appears to be an access issue, like somehow the app lost the ability to save the cert files... I did recently run Docker Safe New Perms but that shouldn't have affected this container (right?).

 

Any ideas?

Edited by scud133b
Link to comment

I had this working before but had to redo some other networking and it all seems to have fallen apart.

 

1. I setup a proxy host, let's say bitwarden.mydomain.com

2. If I don't select a certificate, it works fine on http (except that bitwarden requires https).

3. If I request a certificate, I get an "Internal Error". I can close the window, edit it, and then select the certificate.

4. Then depending on settings I get either offline or invalid certificate.

 

Any thoughts on what is going on - I am using google domains dynamic DNS and have the ports forwarded appropriately.

Link to comment
53 minutes ago, tknx said:

I had this working before but had to redo some other networking and it all seems to have fallen apart.

 

1. I setup a proxy host, let's say bitwarden.mydomain.com

2. If I don't select a certificate, it works fine on http (except that bitwarden requires https).

3. If I request a certificate, I get an "Internal Error". I can close the window, edit it, and then select the certificate.

4. Then depending on settings I get either offline or invalid certificate.

 

Any thoughts on what is going on - I am using google domains dynamic DNS and have the ports forwarded appropriately.

Try creating the certificate first, then go and setup the proxy host.  If you hover over the offline, what does the the little popup window say?  I attached an example pic of the hover over popup.

 

Are you running the latest docker update?  I wonder if you are experiencing the IPv6 issue...

Screenshot_2020-04-13_20-05-06.png

Edited by debit lagos
additional comments
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.