[Support] Djoss - Nginx Proxy Manager


Djoss

Recommended Posts

I Solved it , for any having this trouble :

all i did is editing the file in " \appdata\NginxProxyManager\nginx\proxy_host " for proxy you went and add the following text after this line 

" location / {  "

 

add_header Content-Security-Policy "upgrade-insecure-requests";
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-UA-Compatible "IE=Edge" always;
add_header Cache-Control "no-transform" always;
add_header Referrer-Policy "same-origin" always;
add_header Feature-Policy "autoplay 'none'; camera 'none'" always;

 

and restart the docker for the Nginx Proxy Manager .

 

--------------------------------------------------

 

 

Docker : CalibreWeb from linuxserver 

if any could help me please , is there any danger if left alone because every thing is working we me 

i tired the https://securityheaders.com

to see if every thing is right in security Department but got red ones there any way to fix them ?

>i tried  adding "add_header X-Frame-Options "SAMEORIGIN";" but didn't do any.

 

316839152_securityheaders-2.thumb.PNG.800e5323f3e055ea8c873cfcf8de4593.PNGimageproxy.php?img=&key=e5eec7c5c933ca16

securityheaders - 1.PNG

 

 

 

 

Edited by xxsxx47
adding the answer for my problem
Link to comment

UPDATE - 

Quote

Hi All,

 

Im having trouble accessing my "cacti Docker" "through Nginx Proxy Manager"....

 

I have.  jc21/nginx-proxy-manager:2 Docker running the manager.....

&

I have. quantumobject/docker-cacti Docker running cacti......  The docker already have Apache2 running in it and since its not my docker i'm not tampering with it. 

 

The question im asking is.....How can i get the Proxy manager to add the "/cacti"  to the end of the domain name? 

Https://custom_domain.CO.UK/cacti..... if i manually add it i can access the web ui lovely.  All help would be appreciated.

Hi Again All, I figured it out ....

Under the Proxy settings for the site/server you want to forward.....

 

  • Click on edit of the desired proxy host,
  • Click on the Advance tab
  • In the box insert the following line  -      location = /{return 301 $scheme://$http_host/cacti;}      OR  

                                                                    location = /{return 301 $scheme://$https_host/cacti;}    

  • "Replace the part in red with your desired sub folder"

 

Example 

 

if your server is "192.168.29.100:2020/cacti" if placed under the details tab as is you will end up with invalid and non loading URL, So for this to work place the following line above under the advance tab to get the following.

Http:// or Https://mydomain.co.uk/cacti

 

If Requested I can write a complete guide to this

 

162757329_Screenshot2020-05-02at02_53_02.thumb.png.a6669ce10ea71f1ce83dc53b4f897eca.png

Edited by MrGamecase
SOLVED
Link to comment

Out of nowhere today I am getting this error in logs and it isn't working:

 

[nginx] starting...
nginx: [emerg] invalid IPv6 address in resolver "[fe80::46d9:e7ff:fe95:e3db%br0]" in /etc/nginx/conf.d/include/resolvers.conf:1

 

Any thoughts on why this is happening?

Link to comment

So I reinstalled and now it wants to be on bridge and not a custom br0 IP address.  No idea why.  
 

something probably wonky with Unraids networking.  
 

Anyway, back to Jitsi.  If I don’t map any of the custom locations, I can see myself and people on my lan can join and see me.  When I map the custom locations it becomes a mess. So something about 5280 for BOSH and the web socket aren’t working right. 

Link to comment

I am having issues with container to container communication I believe.

 

I have both containers up and running on unraid. I use PFsense as a router with pfblockerng being my only ad blocking (it is disabled for troubleshooting this issue currently).

 

I got synclounge.mydomain.com working in the sense that I can log in to plex within synclounge and I can create a room. When I join the room I see my plex server and it is listing the correct name of the plex server so it can definitely see it, but it says "Unable to connect. Please try disabling your ad blocker".

I am so close to making this work I just can't figure out what is missing. The synclounge container is on the proxynet network type since it is behind NGINX Proxy Manager.  Other services like bitwarden, nextcloud and jellyfin are working just fine on NGINX Proxy Manager, so I have the correct idea for how this all works on some level.

 

The plex container is currently on HOST network.   I've tried bridge/br0 as well as proxynet. Putting plex on anything but host seems to totally break access for me.

Anyone have a clue what I'm missing? Both containers are running on the same unraid server.

 

Thanks!

Link to comment

tower-diagnostics-20200502-2239.zipHi every one.

 

I am tired of trying to fix my problem. it is 3 days now trying everything and read all the related topics and proposals . nginx proxy manager was working fine. i dont know what i did that it effected this docker. anyway it starts when i found that one of my hosts are not reaching my spreedbox which is available inside my network and reachable by the unraid server by ping. 

 

i failed on trying everything including removing it and re installing it. anyway i come to find that the site is accessible from  other machines and behind a vpn. but when try to access it from home specially from  my main machine it gives me time out.

 

i am attaching all my configuration with logs and server diagnosis folder. i will appreciate if one can tell me what i am doing wrong.

 

 

 

 

network1.jpg

network2.jpg

 

nginx-manager-edit.jpg

nginxmanager-log.jpg

tower-diagnostics-20200502-2239.zipnginxmanager-log.thumb.jpg.440a98570f37f3705c9b38c63074ce61.jpg

port forwarding.jpg

nginx-manager.jpg

Edited by m975261
crossover my domain name
Link to comment
On 5/2/2020 at 8:50 PM, m975261 said:

tower-diagnostics-20200502-2239.zipHi every one.

 

I am tired of trying to fix my problem. it is 3 days now trying everything and read all the related topics and proposals . nginx proxy manager was working fine. i dont know what i did that it effected this docker. anyway it starts when i found that one of my hosts are not reaching my spreedbox which is available inside my network and reachable by the unraid server by ping. 

 

 

You're saying that it works outside your network? I had a similar issue with a Linksys router, that had a feature that I of course can't remember what was, that specifically prevented something like nginx working from inside the network.

Outside it was fine. Maybe look at your router settings and try turning some stuff off?

 

Link to comment

Everything has been smooth with this container forever.  Suddenly when I attempt to access the web UI, I am prompted for an email address and password.  I've never seen this before, and I can't seem to get past it.  Any help would be greatly appreciated.

 

EDIT:  I tried the default email address and password with no luck.  I ended up just trashing the container and files, and just starting over again.  Back up and running now.

 

image.png.a0245f009ba193097672e4e158d5968f.png

Edited by PaulieORF
Link to comment

Lol - i got same issue here; well not exactly

 

I installed thisdocker months ago so i could move my websites from bare-metal to unraid as vm's. Ready now to start using is. During setup email and passwords were asked tho during the setup (no clue why since no "lost password" functionality and everything runs locally). I was apparently stupid enough to not put them in my password manager...

 

Is there a way to reset this or to re-setup the docker ?

 

regards

 

Edited by sjoerd
Link to comment

Yes, well, the intent of the docker is to expose it to the internet to some degree, makes sense to me that it's password protected by default.

 

If you haven't actually made any setup, just remove it and re-install. If it persists with the data during this, you can always use Community Application Cleanup App Data to get a fresh start - or just specify a different app-data directory (config directory) during initial setup of the docker.

The config directory if you wanna poke around in console is @ /mnt/user/appdata/NginxProxyManager per default, I couldn't find anything to manually define a local user at a cursory glance.

Link to comment

Ive read through this topic, and think i have everything set correctly.

When i have NPM set to Bridge, and forwarded ports 80>1880 & 443>18443 everthing works. I can access my docker via dns name.

But, when i set NPM to br0 and forward ports 4443>4443 & 8080>8080 to NPM IP, my dns name rerturns error - Site cant be reached

 

Is there something im missing in using br0?

 

Cheers

Adam

Edited by bdydrp
Link to comment
On 5/15/2020 at 4:30 AM, bdydrp said:

Ive read through this topic, and think i have everything set correctly.

When i have NPM set to Bridge, and forwarded ports 80>1880 & 443>18443 everthing works. I can access my docker via dns name.

But, when i set NPM to br0 and forward ports 4443>4443 & 8080>8080 to NPM IP, my dns name rerturns error - Site cant be reached

 

Is there something im missing in using br0?

 

Cheers

Adam

It has been a while since I set it up, but I think it only functions correctly when used in bridge, otherwise it can't access what it needs. I went through the same issue, I'm pretty sure, actually.

Point being; I'm fairly sure it that it needs to be in bridge mode for it to be able to reach the addresses of other systems in bridge mode.

 

Not sure if creating an entirely separate network for nginx and web-facing services would work though.

Link to comment
On 5/16/2020 at 4:10 PM, Froberg said:

It has been a while since I set it up, but I think it only functions correctly when used in bridge, otherwise it can't access what it needs. I went through the same issue, I'm pretty sure, actually.

Point being; I'm fairly sure it that it needs to be in bridge mode for it to be able to reach the addresses of other systems in bridge mode.

 

Not sure if creating an entirely separate network for nginx and web-facing services would work though.

Thanks - Have left it in bridge for now!

Tho, the other docker im accessing (jellyfin) has an IP assigned, and i can still access it

Cheers

Edited by bdydrp
Link to comment

Hi everyone,

 

I am quite a newbie, but found UNRAID solutaion based on dockerized app so powerful ! after several tryouts, came to the conclusion of having "Nginx Proxy Mangager" app that take care of :

 

- reverse proxy set-up

- fetching SSL from let's encrypt

 

I used to work with LE container but the Reverse Proxy side was sometimes quite tough to configure. 

 

Now my question is

 

I am using nginx container from Linux IO guys to power multiple websites. I would like to use the certificates retrieved by "Nginx Rerverse Proxy" in the nginx site conf file :

 

ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

 

(this was a template based on LE)

 

So my point is how to get the path from "Nginx Reverse Proxy" inside this Nginx container ?

 

Do i need the add a custom path to the NGINX template ?

 

Thanks for your support !

 

Vince B

 

Link to comment
[5/18/2020] [10:06:42 AM] [SSL ] › ✖ error Error: Command failed: /usr/bin/certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation

Attempting to renew cert (npm-7) from /etc/letsencrypt/renewal/npm-7.conf produced an unexpected error: Failed authorization procedure. www.<url>.duckdns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.<url>.duckdns.org/.well-known/acme-challenge/Jb367VYQH9J4400DRSnsmJLlsdA9A_g29wY_gLhFhec [72.230.229.213]: "<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 B". Skipping.

All renewal attempts failed. The following certs could not be renewed:
a
/etc/letsencrypt/live/npm-7/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

at ChildProcess.exithandler (child_process.js:294:12)
at ChildProcess.emit (events.js:182:13)
at maybeClose (internal/child_process.js:962:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:251:5)
[5/18/2020] [10:07:04 AM] [Express ] › ⚠ warning invalid signature

`QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0
`QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0
QueryBuilder#omit is deprecated. This method will be removed in version 3.0

Duplicate relation "access_list" in a relation expression. You should use "a.[b, c]" instead of "[a.b, a.c]". This will cause an error in objection 2.0

[5/18/2020] [10:08:05 AM] [Nginx ] › ℹ info Reloading Nginx
[5/18/2020] [10:08:05 AM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #4: www.<url>.duckdns.org
[5/18/2020] [10:08:06 AM] [Nginx ] › ℹ info Reloading Nginx
[5/18/2020] [10:08:06 AM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-4" --agree-tos --email "thecheshireunion@gmail.com" --preferred-challenges "dns,http" --webroot --domains "www.<url>.duckdns.org"

Everything was working but my cert expired and failed to renew. I'm unable to renew it now. 

When i try to renew it says 'internal error' and this is the logs.

I've tried wiping out the docker and reinstalling fresh and still wont create an ssl cert.

 

I've tried removing/adding new proxy hosts.

Not sure what could be wrong.

Link to comment
On 2/4/2020 at 1:51 PM, Iceman24 said:

If that Docker is setup to only run on HTTP, the scheme needs to be HTTP. You can still force SSL in the SSL tab, but the scheme must be whatever the Docker is setup to use. Also, I would recommend blocking out your domain. Nobody needs to know that to help anyways.

 

Just wondering if this solved the problem.

I have the proxy setup, can access first page of CSMM, but then try and auth steam and it takes ages to load and then gives a 502 error.

Link to comment
20 hours ago, Knoxie89 said:

[5/18/2020] [10:06:42 AM] [SSL ] › ✖ error Error: Command failed: /usr/bin/certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation

Attempting to renew cert (npm-7) from /etc/letsencrypt/renewal/npm-7.conf produced an unexpected error: Failed authorization procedure. www.<url>.duckdns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.<url>.duckdns.org/.well-known/acme-challenge/Jb367VYQH9J4400DRSnsmJLlsdA9A_g29wY_gLhFhec [72.230.229.213]: "<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 B". Skipping.

All renewal attempts failed. The following certs could not be renewed:
a
/etc/letsencrypt/live/npm-7/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

at ChildProcess.exithandler (child_process.js:294:12)
at ChildProcess.emit (events.js:182:13)
at maybeClose (internal/child_process.js:962:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:251:5)
[5/18/2020] [10:07:04 AM] [Express ] › ⚠ warning invalid signature

`QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0
`QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0
QueryBuilder#omit is deprecated. This method will be removed in version 3.0

Duplicate relation "access_list" in a relation expression. You should use "a.[b, c]" instead of "[a.b, a.c]". This will cause an error in objection 2.0

[5/18/2020] [10:08:05 AM] [Nginx ] › ℹ info Reloading Nginx
[5/18/2020] [10:08:05 AM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #4: www.<url>.duckdns.org
[5/18/2020] [10:08:06 AM] [Nginx ] › ℹ info Reloading Nginx
[5/18/2020] [10:08:06 AM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-4" --agree-tos --email "thecheshireunion@gmail.com" --preferred-challenges "dns,http" --webroot --domains "www.<url>.duckdns.org"

Everything was working but my cert expired and failed to renew. I'm unable to renew it now. 

When i try to renew it says 'internal error' and this is the logs.

I've tried wiping out the docker and reinstalling fresh and still wont create an ssl cert.

 

I've tried removing/adding new proxy hosts.

Not sure what could be wrong.

I was able to fix this issue, I'm not 100% sure if its the real solution or a coincidence but I unchecked 'cache assetts' after doing a bunch of clean installs and restarts and that seemed to be the only thing that when i changed it worked.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.