[Support] Djoss - Nginx Proxy Manager


Djoss

Recommended Posts

Hello,

I've been running this container for a while now. Over a year at least. I've had no issues until today when I setup a new proxy host and attempted to request a new certificate from LetsEncrypt. 

 

I receive this error when attempting to request the certificate.

"Internal Error"

 

I found this in the container logs

 

[6/5/2020] [12:39:21 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-14" --agree-tos --email "myemail@gmail.com" --preferred-challenges "dns,http" --webroot --domains "myhost.mydomain.com"
Another instance of Certbot is already running.

 

How can I troubleshoot this issue? Any other clues I should look for or anyone else who's seen this?

Link to comment

Unfortunately there are several issues with this latest version, I only had success deleting everything and starting at v1.5.3, but there are several bugs there, too.

 

I can see OP has a lot of service requests on here.  Perhaps it's time to pay him/her and have the bugs ironed out?

 

I would pay for a fully working version.

 

 

Link to comment

I completely deleted the docker and the Appdata and I redid it all.

It's a bit of a mess, in my config I have 3 redirections so it didn't bother me but actually on a big config it's another problem.

The .conf don't have the same writing inside and me the MariaDB database didn't start. (Clean installation > enjoy)

Link to comment
On 6/2/2020 at 7:57 AM, sjoerd said:

Hey

 

I got this question/issue

 

I used to run my webserver on baremetal right behind the router. The server (ubuntu 16.x lts) had a the ufw (just iptables wrapper) installed and I had quite a blacklist to prevent known nets and ip-addresses from spamming / hacking the site. Last week I moved the entire website to a vm and all trafic goes through NPM.

 

- apache2 does'nt know where the traffic comes from (yeah, the reverse proxy). When it was not behind the reverse proxy I had this line but that does not work anymore     


LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy

- ufw does'nt know it either since everything comes from the reverse proxy

 

How can I fix these issues?

 

 

If you want to pass the real IP to your apache2 server, you can try to add the following line under the advanced tab of your proxy host config:

proxy_set_header X-Forwarded-For $remote_addr;

 

Link to comment
On 6/3/2020 at 7:59 PM, JM2005 said:

I am thinking about setting up NextCloud & Bitwardenrs dockers on my unraid system.  I am sure this has been asked before but how safe is it to use a reverse proxy?  I have never used a reverse proxy before and currently use VPN to access my server remotely. 

I cannot say if its more or less secure than VPN, but both Nginx and Nexcloud are internet-facing applications that are widely used...

Link to comment
On 6/5/2020 at 9:18 AM, AquaGoat said:

Do the "HTTP Port" and "HTTPs Port" variables in the template do anything?

 

Regardless of what I set those to, any conf files generated by Nginx-proxy-manager are always listening on 8080 and 4443.

Is the "Network Type" in container's setting set to "Bridge" ?  This is the only type where these variables works.  With other types, you need to use 8080 and 4443.

Link to comment

So ive had this working for some time now, but the other day i noticed that me port forward setting dissapeared from my router.

I have set them up again, but cant get any of my subdomains to forward to where they should go.

If i use https://domain name i get site cant be reached error, 

and if i use http://subdomain i reach my router webui (which i have not entered its IP anywhere

 

NPM is set to bridge, with all setting leftas default

This is my router port forward settings:

 NPM.thumb.png.12f0e7ec16b1fb38ab59e1f3ce73bf45.png

And this is the proxy settings:

1995683275_NPMproxy.thumb.png.5f266908d5e49b2a45580c2946d13aa8.png

 

Is there someting else im forgetting?

 

Cheers

Edited by bdydrp
Link to comment
6 hours ago, bdydrp said:

So ive had this working for some time now, but the other day i noticed that me port forward setting dissapeared from my router.

I have set them up again, but cant get any of my subdomains to forward to where they should go.

If i use https://domain name i get site cant be reached error, 

and if i use http://subdomain i reach my router webui (which i have not entered its IP anywhere

 

NPM is set to bridge, with all setting leftas default

This is my router port forward settings:

 NPM.thumb.png.12f0e7ec16b1fb38ab59e1f3ce73bf45.png

And this is the proxy settings:

1995683275_NPMproxy.thumb.png.5f266908d5e49b2a45580c2946d13aa8.png

 

Is there someting else im forgetting?

 

Cheers

Your should setup only 2 ports in your router, instead the 80-1800 range.

So you should have 2 entries:

  1. External start/end set to 80, internal start/end to 1880.
  2. External start/end set to 443, internal start/end to 18443
Link to comment
24 minutes ago, Djoss said:

Your should setup only 2 ports in your router, instead the 80-1800 range.

So you should have 2 entries:

  1. External start/end set to 80, internal start/end to 1880.
  2. External start/end set to 443, internal start/end to 18443

Like so?

NPM.thumb.png.c61adc059e38196f532b925355d1ecea.png

If yes, i get a 502 - Bad gateway error, when accessing domain name

 

EDIT - In NPM, i had my Proxy Host set as HTTPS, changed to HTTP and all works now..

Thanks

Edited by bdydrp
Link to comment
  • 2 weeks later...

Is there some "standard" steps to debug issues that I am having? My reverse proxies have been working for months using Nginx Proxy Manager and all of a sudden they have stopped working. I am on Cloudflare DNS and Cheapnames for my custom domain name. Nothing showing up in my logs so will pings, traceroutes or some other standard netwrok tools help me figure out where the issues are?
 

EDIT: Everything is now working. No changes on my side. I suspect some kind of DNS issue at Cloudfare? Still would be curious as to good steps to try to narrow down where to debug.

Edited by TexasDave
Link to comment
On 6/5/2020 at 9:18 AM, AquaGoat said:

Do the "HTTP Port" and "HTTPs Port" variables in the template do anything?

 

Regardless of what I set those to, any conf files generated by Nginx-proxy-manager are always listening on 8080 and 4443.

Same problem here. They don't seem to do anything. I wonder if there's a way to pass a parameter that overrides the default setting since I'd like to have NPM function on my LAN more than my WAN.

Link to comment
On 6/21/2020 at 12:35 PM, TexasDave said:

Is there some "standard" steps to debug issues that I am having? My reverse proxies have been working for months using Nginx Proxy Manager and all of a sudden they have stopped working. I am on Cloudflare DNS and Cheapnames for my custom domain name. Nothing showing up in my logs so will pings, traceroutes or some other standard netwrok tools help me figure out where the issues are?
 

EDIT: Everything is now working. No changes on my side. I suspect some kind of DNS issue at Cloudfare? Still would be curious as to good steps to try to narrow down where to debug.

I good place to start is to look at the log file for your proxy host under /mnt/user/appdata/NginxProxyManager/log/nginx/.

  • Like 1
Link to comment
23 hours ago, Slappy said:

Same problem here. They don't seem to do anything. I wonder if there's a way to pass a parameter that overrides the default setting since I'd like to have NPM function on my LAN more than my WAN.

Port mappings only apply when you use the "bridge" network type.

Link to comment

HI Djoss,

I love that you have added this to unraid and I use it for all my proxied containers and the all works mint, EXCEPT one "onlyofficedockument server". Pulling my hair on this one, the manual talks about  X-Forwarded-Proto and X-Forwarded-Host and I suspect it is the call back to 443 that buggers it up, either my settings on the different containers (owncloud, onlyoffice, or NPM). Have you got any clue who to set it up and connect to it? All containers works perfect, I can connect to them all proxied but the ony thin is that I cant connect from nextcloud to the Onyloffice servera and get it to call back.

Any pointers would be appriciated.

Kru-x

Link to comment

here is a working from letsencrypt, may some lines to add in extras in your config, i dont use nginx proxy manager anymore so cant tell for sure

 

may that helps ... fetched it from onlyoffice site from nginx sample there and builded to work with letsencrypt

 

my working conf for usage nextcloud with external onlyoffice, when using the lsio nextcloud docker.

# Use this example for proxy HTTPS traffic to the document server running at 'backendserver-address'.
# Replace {{SSL_CERTIFICATE_PATH}} with the path to the ssl certificate file
# Replace {{SSL_KEY_PATH}} with the path to the ssl private key file

map $http_host $this_host {
    "" $host;
    default $http_host;
}

map $http_x_forwarded_proto $the_scheme {
     default $http_x_forwarded_proto;
     "" $scheme;
}

map $http_x_forwarded_host $the_host {
    default $http_x_forwarded_host;
    "" $this_host;
}

map $http_upgrade $proxy_connection {
  default upgrade;
  "" close;
}

server {
  listen 443 ssl;
  listen [::]:443 ssl;

  server_name office-alturismo.*;

  server_tokens off;

  include /config/nginx/ssl.conf;

  add_header Strict-Transport-Security max-age=31536000;
  # add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;

  location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection $proxy_connection;
		proxy_set_header X-Forwarded-Host $the_host;
		proxy_set_header X-Forwarded-Proto $the_scheme;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://192.168.1.93;
  }
}

 

Edited by alturismo
Link to comment
On 7/1/2020 at 1:41 PM, Kru-x said:

HI Djoss,

I love that you have added this to unraid and I use it for all my proxied containers and the all works mint, EXCEPT one "onlyofficedockument server". Pulling my hair on this one, the manual talks about  X-Forwarded-Proto and X-Forwarded-Host and I suspect it is the call back to 443 that buggers it up, either my settings on the different containers (owncloud, onlyoffice, or NPM). Have you got any clue who to set it up and connect to it? All containers works perfect, I can connect to them all proxied but the ony thin is that I cant connect from nextcloud to the Onyloffice servera and get it to call back.

Any pointers would be appriciated.

Kru-x

I don't use this myself, but looking at the provided examples, it seem that web socket support may be needed.  Did you enabled that ?

Link to comment
On 7/2/2020 at 10:59 PM, sdballer said:

How do deal with port 80 being blocked by ISP?

If port 80 is blocked, you won't be able to get SSL certificates from Letsencrypt.  HTTP validation is the only method supported by Nginx Proxy Manager.

You may try the letsencrypt container instead, which I think supports other verification methods, like DNS.

Link to comment
On 7/3/2020 at 12:10 PM, bdydrp said:

Think i worked it out.

Logged into duckdns account and noticed it had not updated my IP. Once i manually updated mg IP, everything worked again

That's make sense: the Internal Error is usually due to the Letsencrypt service not being table to reach your container.

  • Like 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.