[Support] Djoss - Nginx Proxy Manager


Djoss

Recommended Posts

8 hours ago, scud133b said:

I can't seem to generate any new SSL certs. All my old ones are still working fine... but when I tried to proxy a new service today (and after doing several tests) I'm getting this error every time:

 


Command failed: /usr/sbin/nginx -t 
nginx: [emerg] BIO_new_file(\"/etc/letsencrypt/live/npm-14/fullchain.pem\") failed (SSL: error:02001002:system library:fopen:No such file or 
directory:fopen('/etc/letsencrypt/live/npm-14/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

It appears to be an access issue, like somehow the app lost the ability to save the cert files... I did recently run Docker Safe New Perms but that shouldn't have affected this container (right?).

 

Any ideas?

Not sure... I just made this one about an hour ago ago.  No issues.  

 

Something you can try is either make sure you're up to date on the docker image or roll back to v1.7.0 and see if that fixes the issue.  I know, as I stated in my post above, there was an IPv6 situation that was causing some issues.

Screenshot_2020-04-13_20-14-47.png

Edited by debit lagos
Link to comment
2 hours ago, debit lagos said:

Try creating the certificate first, then go and setup the proxy host.  If you hover over the offline, what does the the little popup window say?  I attached an example pic of the hover over popup.

Not running IPv6 internally yet.

 

So I couldn't create the certificate - got an internal error. Logs show:

 

Failed authorization procedure. subdomain.domain.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://subdomain.domain.com/.well-known/acme-challenge/blahblah: Timeout during connect (likely firewall problem)/.

Like I said, I can get it to work without any certificate over http. I did a https://check-your-website.server-daten.de/ look and it looked good there.

Link to comment
20 hours ago, tknx said:

I had this working before but had to redo some other networking and it all seems to have fallen apart.

 

1. I setup a proxy host, let's say bitwarden.mydomain.com

2. If I don't select a certificate, it works fine on http (except that bitwarden requires https).

3. If I request a certificate, I get an "Internal Error". I can close the window, edit it, and then select the certificate.

4. Then depending on settings I get either offline or invalid certificate.

 

Any thoughts on what is going on - I am using google domains dynamic DNS and have the ports forwarded appropriately.

This is the same behavior I'm getting in v2.2.2

 

Here's a screenshot of my error:

 

error.png

Edited by scud133b
Link to comment

@tknx and @scud133b - 

 

Are you guys using the default docker installation config?  No crazy change to the folder structure in the docker setup?  My wife got a bit pee'od because I fully deleted my NPM docker and recreated it (Plex was down for about 35 minutes), just to see if I could recreate the scenario.  I'm using NoIP as my dyndns and I just can't seem to mimic your situation.

 

Have you tried reverting back to a version like v.1.7.0 to see if that cures the issue(s)? (repo = jlesage/nginx-proxy-manager:v1.7.0)

 

BTW, just trying to help.... another set of eyes...

Edited by debit lagos
Link to comment
4 hours ago, debit lagos said:

@tknx and @scud133b - 

 

Are you guys using the default docker installation config?  No crazy change to the folder structure in the docker setup?  My wife got a bit pee'od because I fully deleted my NPM docker and recreated it (Plex was down for about 35 minutes), just to see if I could recreate the scenario.  I'm using NoIP as my dyndns and I just can't seem to mimic your situation.

 

Have you tried reverting back to a version like v.1.7.0 to see if that cures the issue(s)? (repo = jlesage/nginx-proxy-manager:v1.7.0)

 

BTW, just trying to help.... another set of eyes...

In my case -- no changes to the container config beyond changing ports to avoid conflicts.

 

I tried downgrading to v1.7.0 and now I have another issue -- I can't actually load the Proxy Hosts page in the UI anymore. Click the link and nothing happens... the other pages work fine (Redirection Hosts, Streams, 404 Hosts). The browser address bar even updates to the correct address (http://server:port/nginx/proxy) but nothing on the page changes at all. So that's fun, doesn't seem related but maybe it is (?).

 

Edit: I should add that when I actually view the files in /nginx/proxy_host/ this new config file is NOT there. So it looks like maybe the database thinks it created the proxy config, but it never actually generated and saved the file correctly.

 

Edited by scud133b
Link to comment

In case it helps here's an example log I just grabbed:

 

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-app-niceness.sh: executing...
[cont-init.d] 00-app-niceness.sh: exited 0.
[cont-init.d] 00-app-script.sh: executing...
[cont-init.d] 00-app-script.sh: exited 0.
[cont-init.d] 00-app-user-map.sh: executing...
[cont-init.d] 00-app-user-map.sh: exited 0.
[cont-init.d] 00-clean-logmonitor-states.sh: executing...
[cont-init.d] 00-clean-logmonitor-states.sh: exited 0.
[cont-init.d] 00-clean-tmp-dir.sh: executing...
[cont-init.d] 00-clean-tmp-dir.sh: exited 0.
[cont-init.d] 00-set-app-deps.sh: executing...
[cont-init.d] 00-set-app-deps.sh: exited 0.
[cont-init.d] 00-set-home.sh: executing...
[cont-init.d] 00-set-home.sh: exited 0.
[cont-init.d] 00-take-config-ownership.sh: executing...
[cont-init.d] 00-take-config-ownership.sh: exited 0.
[cont-init.d] 00-xdg-runtime-dir.sh: executing...
[cont-init.d] 00-xdg-runtime-dir.sh: exited 0.
[cont-init.d] nginx-proxy-manager.sh: executing...
[cont-init.d] nginx-proxy-manager.sh: Starting database...
[mysqld] starting...
2020-04-14 19:27:17 0 [Note] /usr/bin/mysqld (mysqld 10.3.22-MariaDB) starting as process 359 ...
2020-04-14 19:27:17 0 [Note] InnoDB: Using Linux native AIO
2020-04-14 19:27:17 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2020-04-14 19:27:17 0 [Note] InnoDB: Uses event mutexes
2020-04-14 19:27:17 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2020-04-14 19:27:17 0 [Note] InnoDB: Number of pools: 1
2020-04-14 19:27:17 0 [Note] InnoDB: Using SSE2 crc32 instructions
2020-04-14 19:27:17 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
2020-04-14 19:27:17 0 [Note] InnoDB: Completed initialization of buffer pool
2020-04-14 19:27:17 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
[cont-init.d] 00-take-config-ownership.sh: exited 0.
[cont-init.d] 00-xdg-runtime-dir.sh: executing...
[cont-init.d] 00-xdg-runtime-dir.sh: exited 0.
[cont-init.d] nginx-proxy-manager.sh: executing...
[cont-init.d] nginx-proxy-manager.sh: Starting database...
[mysqld] starting...
2020-04-14 19:27:17 0 [Note] /usr/bin/mysqld (mysqld 10.3.22-MariaDB) starting as process 359 ...
2020-04-14 19:27:17 0 [Note] InnoDB: Using Linux native AIO
2020-04-14 19:27:17 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2020-04-14 19:27:17 0 [Note] InnoDB: Uses event mutexes
2020-04-14 19:27:17 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2020-04-14 19:27:17 0 [Note] InnoDB: Number of pools: 1
2020-04-14 19:27:17 0 [Note] InnoDB: Using SSE2 crc32 instructions
2020-04-14 19:27:17 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
2020-04-14 19:27:17 0 [Note] InnoDB: Completed initialization of buffer pool
2020-04-14 19:27:17 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
2020-04-14 19:27:17 0 [Note] InnoDB: 128 out of 128 rollback segments are active.
2020-04-14 19:27:17 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2020-04-14 19:27:17 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2020-04-14 19:27:17 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
2020-04-14 19:27:17 0 [Note] InnoDB: 10.3.22 started; log sequence number 2894528; transaction id 29983
2020-04-14 19:27:17 0 [Note] InnoDB: Loading buffer pool(s) from /config/mysql/ib_buffer_pool
2020-04-14 19:27:17 0 [Note] InnoDB: Buffer pool(s) load completed at 200414 19:27:17
2020-04-14 19:27:17 0 [Note] Plugin 'FEEDBACK' is disabled.
2020-04-14 19:27:17 0 [Note] Server socket created on IP: '::'.
2020-04-14 19:27:17 0 [Note] Reading of all Master_info entries succeeded
2020-04-14 19:27:17 0 [Note] Added new Master_info '' to hash table
2020-04-14 19:27:17 0 [Note] /usr/bin/mysqld: ready for connections.
Version: '10.3.22-MariaDB' socket: '/run/mysqld/mysqld.sock' port: 3306 MariaDB Server

[cont-init.d] nginx-proxy-manager.sh: Upgrading database if required...
[cont-init.d] nginx-proxy-manager.sh: Shutting down database...
2020-04-14 19:27:18 0 [Note] /usr/bin/mysqld (initiated by: unknown): Normal shutdown
2020-04-14 19:27:18 0 [Note] Event Scheduler: Purging the queue. 0 events
2020-04-14 19:27:18 0 [Note] InnoDB: FTS optimize thread exiting.
2020-04-14 19:27:18 0 [Note] InnoDB: Starting shutdown...
2020-04-14 19:27:18 0 [Note] InnoDB: Dumping buffer pool(s) to /config/mysql/ib_buffer_pool
2020-04-14 19:27:19 0 [Note] InnoDB: Buffer pool(s) dump completed at 200414 19:27:19
2020-04-14 19:27:19 0 [Note] InnoDB: Buffer pool(s) dump completed at 200414 19:27:19
2020-04-14 19:27:20 0 [Note] InnoDB: Shutdown completed; log sequence number 2894537; transaction id 30003
2020-04-14 19:27:20 0 [Note] InnoDB: Removed temporary tablespace data file: "ibtmp1"
2020-04-14 19:27:20 0 [Note] /usr/bin/mysqld: Shutdown complete

chown: /config/log/nginx/nginx: No such file or directory
[cont-init.d] nginx-proxy-manager.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] starting s6-fdholderd...
[services.d] starting statusmonitor...
[services.d] starting logrotate...
[statusmonitor] no file to monitor: disabling service...
[services.d] starting logmonitor...
[services.d] starting mysqld...
[logmonitor] no file to monitor: disabling service...
[logrotate] starting...
[mysqld] starting...
2020-04-14 19:27:47 0 [Note] /usr/bin/mysqld (mysqld 10.3.22-MariaDB) starting as process 31753 ...
2020-04-14 19:27:47 0 [Note] InnoDB: Using Linux native AIO
2020-04-14 19:27:47 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2020-04-14 19:27:47 0 [Note] InnoDB: Uses event mutexes
2020-04-14 19:27:47 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2020-04-14 19:27:47 0 [Note] InnoDB: Number of pools: 1
2020-04-14 19:27:47 0 [Note] InnoDB: Using SSE2 crc32 instructions
2020-04-14 19:27:47 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
2020-04-14 19:27:47 0 [Note] InnoDB: Completed initialization of buffer pool
2020-04-14 19:27:47 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
2020-04-14 19:27:47 0 [Note] InnoDB: 128 out of 128 rollback segments are active.
2020-04-14 19:27:47 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2020-04-14 19:27:47 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2020-04-14 19:27:47 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
2020-04-14 19:27:47 0 [Note] InnoDB: Waiting for purge to start
2020-04-14 19:27:47 0 [Note] InnoDB: 10.3.22 started; log sequence number 2894537; transaction id 29983
2020-04-14 19:27:47 0 [Note] InnoDB: Loading buffer pool(s) from /config/mysql/ib_buffer_pool
2020-04-14 19:27:47 0 [Note] InnoDB: Buffer pool(s) load completed at 200414 19:27:47
2020-04-14 19:27:47 0 [Note] Plugin 'FEEDBACK' is disabled.
2020-04-14 19:27:47 0 [Note] Server socket created on IP: '::'.
2020-04-14 19:27:47 0 [Note] Reading of all Master_info entries succeeded
2020-04-14 19:27:47 0 [Note] Added new Master_info '' to hash table
2020-04-14 19:27:47 0 [Note] /usr/bin/mysqld: ready for connections.
Version: '10.3.22-MariaDB' socket: '/run/mysqld/mysqld.sock' port: 3306 MariaDB Server

[services.d] starting nginx...
[services.d] starting app...
[nginx] starting...
[app] starting Nginx Proxy Manager...
[services.d] done.
[services.d] starting nginx...
[services.d] starting app...
[nginx] starting...
[app] starting Nginx Proxy Manager...
[services.d] done.
[4/14/2020] [7:27:49 PM] [Migrate ]   info Current database version: 20190227065017

[4/14/2020] [7:27:49 PM] [IP Ranges]   info Fetching IP Ranges from online services...
[4/14/2020] [7:27:49 PM] [IP Ranges]   info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[4/14/2020] [7:27:49 PM] [IP Ranges]   info Fetching https://www.cloudflare.com/ips-v4
[4/14/2020] [7:27:49 PM] [IP Ranges]   info Fetching https://www.cloudflare.com/ips-v6
[4/14/2020] [7:27:49 PM] [SSL ]   info Let's Encrypt Renewal Timer initialized
[4/14/2020] [7:27:49 PM] [SSL ]   info Renewing SSL certs close to expiry...
[4/14/2020] [7:27:49 PM] [IP Ranges]   info IP Ranges Renewal Timer initialized
[4/14/2020] [7:27:49 PM] [Global ]   info Backend PID 31823 listening on port 3000 ...
`QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0
`QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0
QueryBuilder#omit is deprecated. This method will be removed in version 3.0

 

Link to comment
36 minutes ago, scud133b said:

I tried downgrading to v1.7.0 and now I have another issue -- I can't actually load the Proxy Hosts page in the UI anymore. Click the link and nothing happens... the other pages work fine (Redirection Hosts, Streams, 404 Hosts). The browser address bar even updates to the correct address (http://server:port/nginx/proxy) but nothing on the page changes at all. So that's fun, doesn't seem related but maybe it is (?).

This is definitely browser related.  Had the same issue with using Brave verses Firefox.  Works perfectly fine in Firefox, but Brave does exactly what you stated.

 

When you said you had to change ports to address deconfliction issues, which ports did you have to change?

Link to comment

I'll try downgrading next, but here is my docker log with my domain and email taken out.

 

Can't open /etc/letsencrypt/live/npm-6/fullchain.pem for reading, No such file or directory
22563200637800:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('/etc/letsencrypt/live/npm-6/fullchain.pem','r')

22563200637800:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:

unable to load certificate
)
[4/14/2020] [6:39:22 PM] [Nginx ] › ℹ info Reloading Nginx
[4/14/2020] [6:39:22 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #7: bitwarden.mydomain.com
[4/14/2020] [6:39:37 PM] [Nginx ] › ℹ info Reloading Nginx
[4/14/2020] [6:39:37 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-7" --agree-tos --email "[email protected]" --preferred-challenges "dns,http" --webroot --domains "bitwarden.mydomain.com"

Saving debug log to /config/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for bitwarden.mydomain.com
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. bitwarden.mydomain.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://bitwarden.mydomain.com/.well-known/acme-challenge/zNyaWAy23XZm7n1djCZl82AUFQHIiEFQx6XYQrYq_vA: Timeout during connect (likely firewall problem)

 

Link to comment

Hello all, I have NPM working well (in docker) with my own domain name and using duckdns as the dynamic DNS service. My subdomains (sonarr, radarr etc, also in docker) are set to use http but what settings do I need to change to use https? For example I change the radarr subdomain to https scheme and then request a new certificate which appears to work but if i then try to navigate to https://radarr.mydomain.co.uk I get 'ERR_CONNECTION_CLOSED' in Chrome. Do I need to change any other settings anywhere?

Link to comment
16 hours ago, debit lagos said:

This is definitely browser related.  Had the same issue with using Brave verses Firefox.  Works perfectly fine in Firefox, but Brave does exactly what you stated.

 

When you said you had to change ports to address deconfliction issues, which ports did you have to change?

Also using Brave and you're right. Works fine in Chrome. :( 

 

I only changed the http/https ports (e.g., the container gets ports 1880 1443) and I have my router properly forwarding to them. That config has been totally fine until I tried to create a new proxy host this week.

Edited by scud133b
Link to comment

Another data point: it appears the app never correctly saved the certificate for my new proxy host. The error refers to the folder /etc/letsencrypt/live/npm-14/.... and that isn't in the file system. I see the other folders for other proxy hosts (like npm-3, npm-5, etc.) but not npm-14.

 

So for some reason the new SSL cert and the associated files are not being saved in the appdata folder for any new hosts I try to create.

Link to comment
5 hours ago, scud133b said:

Also using Brave and you're right. Works fine in Chrome. :( 

 

I only changed the http/https ports (e.g., the container gets ports 1880 1443) and I have my router properly forwarding to them. That config has been totally fine until I tried to create a new proxy host this week.

And now another fun finding: I got the entire process to work by doing it in Chrome. So apparently the errors happening in the Brave browser prevented the proxy host from being fully created -- but doing it in Chrome worked fine. So I'm all green again and everything's working now. *shrug*

  • Like 1
Link to comment
On 4/15/2020 at 8:47 AM, bwelsher said:

Hello all, I have NPM working well (in docker) with my own domain name and using duckdns as the dynamic DNS service. My subdomains (sonarr, radarr etc, also in docker) are set to use http but what settings do I need to change to use https? For example I change the radarr subdomain to https scheme and then request a new certificate which appears to work but if i then try to navigate to https://radarr.mydomain.co.uk I get 'ERR_CONNECTION_CLOSED' in Chrome. Do I need to change any other settings anywhere?

Here is how I have my sonarr (for example) setup.  BLUF, the scheme should be to point to your docker via http, then force the use of SSL cert using the "Force SSL" option.  The only docker I had to point to it via https was Plex.  Then I still used the force SSL option to my own subdomain name and SSL cert.  Hope the picture helps.

Screenshot_2020-04-16_11-11-58.png

Link to comment
19 hours ago, scud133b said:

And now another fun finding: I got the entire process to work by doing it in Chrome. So apparently the errors happening in the Brave browser prevented the proxy host from being fully created -- but doing it in Chrome worked fine. So I'm all green again and everything's working now. *shrug*

I haven't spent a whole lot of time to understand what all Brave blocks and situations it severs when it comes to web browsing, but I'm now back to using two different browsers to get things done...'ole well.  Better than have parity drive issues I guess...

 

Glad you're up and running!!!!!!!!!!!!!!!!!!!

Link to comment
32 minutes ago, debit lagos said:

Here is how I have my sonarr (for example) setup.  BLUF, the scheme should be to point to your docker via http, then force the use of SSL cert using the "Force SSL" option.  The only docker I had to point to it via https was Plex.  Then I still used the force SSL option to my own subdomain name and SSL cert.  Hope the picture helps.

Screenshot_2020-04-16_11-11-58.png

Thanks for the advice. I've changed the setting to http and 'force ssl' but i still get 'ERR_CONNECTION_CLOSED' unfortunately.

Link to comment
On 4/14/2020 at 9:49 PM, tknx said:

Same error with the downgrade, which is just plain weird since it used to work fine.

Are you using the same subdomain you used last time?  Meaning, bitwarden.mydomain.com.  Can you confirm in your router that your dyndns is updating?  Lastly, something worth maybe trying is creating a different subdomain name and seeing if you have the same issue.  I keep looking at this statement in or error message:  

 

The server could not connect to the client to verify the domain :: Fetching http://bitwarden.mydomain.com/.well-known/acme-challenge/zNyaWAy23XZm7n1djCZl82AUFQHIiEFQx6XYQrYq_vA: Timeout during connect (likely firewall problem)

It's makes me thing that either your router isn't serving or dyndns or the dyndns isn't serving the subdomain name.

Link to comment

After several days and lots of help on the unifi forums - answer is it didn't like to be bridge or host and once I gave it its own IP, worked fine. No idea why.

 

Next question, for ACLs, I enter in the logins and passwords I want them to have. Then do I need to change the Access parameter? Whenever I setup an ACL for a particular one, it doesn't work anymore.

Link to comment
18 hours ago, debit lagos said:

Check and see if you have SSL enabled in Sonarr... if so, disable it and try again.  Also, what browser are you using?

Hi, yes it was enabled but disabling it hasn't changed the result.

I am using chrome on android to try and access sonarr. My router doesn't support NAT loopback so I can't test the external address through the laptop.

Link to comment

How to see config? nginx -T inside docker says:

/tmp # nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] getpwnam("nginx") failed
nginx: configuration file /etc/nginx/nginx.conf test failed

 

I try to find out why nginx shows me 403 when i ask url like http://xyz:8090/blablabla&tr=udp://lalala&tr=http://hohoho.com

If i delete "http" in URL then this URL is OK for nginx.  Why nginx does not like when more than two "http" persist in url ?

Link to comment

just download this and trying to use this with bitwarden.  Issue is I cannot seem to get a LetsEncrypt cert - every time I try to create one I get an "internal error".

if I look at my proxy error its basically missing the .pem file (probably related to the error)

 

edit: read through the above now understanding it a bit better - no luck. giving its own unique IP has the same error.

 

Edited by rilles
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.