August 6, 20205 yr 2 hours ago, Mattyfaz said: Is there another method of hosting a static site on my UnRaid Server I am not across? The LSIO Letsencrypt container would be the typical choice. This particular container is set up for proxy, not hosting.
August 6, 20205 yr 9 minutes ago, jonathanm said: The LSIO Letsencrypt container would be the typical choice. This particular container is set up for proxy, not hosting. Sorry, I should've clarified that having Authentication in front of the Static Site is a requirement. Which is the reason I went for NPM.
August 6, 20205 yr 38 minutes ago, Mattyfaz said: Sorry, I should've clarified that having Authentication in front of the Static Site is a requirement. Which is the reason I went for NPM. I'm not quite following, but if you need to have NPM as the gateway, then just use a plain vanilla apache or nginx container to host the static site and point NPM to that container. I use LSIO's LE with basic authentication for some static pages as well as using it to reverse proxy a bunch of other sites in my LAN, some on Unraid, some hosted on VM's, etc.
August 6, 20205 yr Ohhh right, sorry I totally misunderstood. I'm still confused on how to setup LSIO's LE container with Authentication (and multiple domain names), but regardless I can confirm this solution has worked brilliantly: 47 minutes ago, jonathanm said: just use a plain vanilla apache or nginx container to host the static site and point NPM to that container. Thanks @jonathanm - all sorted now Edited August 6, 20205 yr by Mattyfaz
August 9, 20205 yr hoping someone could help me track down an issue. I'm no longer able to access my proxy hosts from external. I have mydomain.duckdnsorg set to forward to my Jellyfin docker container - But i keep getting error 504 Gateway timeout. When i disable the proxy, i'm greeted with the Congratulations landing page! I have double checked that duckdns has the correct external IP - which it does! Also, to double check port forward rules are working, i disabled them, and my domains just time out. With the testing ive done, i can only put it down to NPM not forwarding to proxy hosts?? Is there something else i can check?? Cheers
August 12, 20205 yr So i tried removing the container completely and re-installing. My duck DNS name just resolves the the Congratulations landing page.. Now at a loss as to the cause
August 12, 20205 yr Hi Guys. I had nginix working last month, not sure what happened, I am unable to renew certs. I get an error "timedout". I'm probably missing something simple here, but im more of a Windows person vs Linux. Thanks for any help. -Will [8/12/2020] [3:53:46 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-4" --preferred-challenges "dns,http" --disable-hook-validation Another instance of Certbot is already running. [8/12/2020] [3:48:21 PM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates for Cert #4: o**i.s*******8.net [8/12/2020] [3:49:13 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-4" --preferred-challenges "dns,http" --disable-hook-validation Saving debug log to /config/log/letsencrypt/letsencrypt.log Cert is due for renewal, auto-renewing... Non-interactive renewal: random delay of 36 seconds Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for o**i.s*******8.net Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Cleaning up challenges Attempting to renew cert (npm-4) from /etc/letsencrypt/renewal/npm-4.conf produced an unexpected error: Failed authorization procedure. o**i.s*******8.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://o**i.s*******8.net/.well-known/acme-challenge/mhVyDF2lpreiKo_kMhAhFdIYNBa6FX3yHvN11vXQKkU: Timeout during connect (likely firewall problem). Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/npm-4/fullchain.pem (failure) 1 renew failure(s), 0 parse failure(s) Edited August 12, 20205 yr by smartkid808
August 14, 20205 yr im having with renewing certs also ive rebuilt the image and re saved all the domains and still no luck also some domains listed as expired in the SSL page but if i check the site its self it has a newer cert then listed [8/14/2020] [7:26:01 AM] [SSL ] › ✖ error Error: Command failed: /usr/bin/certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation Attempting to renew cert (npm-6) from /etc/letsencrypt/renewal/npm-6.conf produced an unexpected error: Failed authorization procedure. n***a.d****-r****r.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://n***a.d****-r****r.co.uk/.well-known/acme-challenge/8m7FHu7FrVb7tV2aGGYfLZfhFP5TvqO1iHAu6-mG3Mg [*.*.*.*]: "<html>\r\n<head><title>401 Authorization Required</title><link rel=\"stylesheet\" type=\"text/css\" href=\"https://gilbn.github.io/them". Skipping. Attempting to renew cert (npm-20) from /etc/letsencrypt/renewal/npm-20.conf produced an unexpected error: Failed authorization procedure. n***a.d****-r****r.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://n***a.d****-r****r.co.uk/.well-known/acme-challenge/DRtRZr77KhC32wvEbt0iN33aUNP22_YB-7enTpaJ56o [*.*.*.*]: "<html>\r\n<head><title>401 Authorization Required</title><link rel=\"stylesheet\" type=\"text/css\" href=\"https://gilbn.github.io/them". Skipping. Attempting to renew cert (npm-22) from /etc/letsencrypt/renewal/npm-22.conf produced an unexpected error: Failed authorization procedure. **b.d*****r.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://**b.d*****r.co.uk/.well-known/acme-challenge/ZMAZSCwrIoLr-8bcIQgBKNH-0ehqEcT_IJVkvkYIOmA [*.*.*.*]: "<!DOCTYPE html>\n<html>\n <head>\n <script src=\"https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\"></script>\n ". Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/npm-6/fullchain.pem (failure) /etc/letsencrypt/live/npm-20/fullchain.pem (failure) /etc/letsencrypt/live/npm-22/fullchain.pem (failure) 3 renew failure(s), 0 parse failure(s) i have no idea what happened but the issue seems to have fixed its self and all are being renewed now Edited August 14, 20205 yr by Dark-Raptor issue fixed its self
August 19, 20205 yr How does one revoke a cert with this? Or, more to the point, revoke a cert created by this? There doesn't seem to be a lot of real world tutorials out there, at least none that I have found. Any pointers would be appreciated. Thank you!
August 21, 20205 yr Does anyone have pihole running with this? I tried lots of custom configs but i keep getting 502 errors.
August 23, 20205 yr My certs are to expire tomorrow and i'm trying to renew in the proxy manager and it gives an error. Help please error i get [8/23/2020] [8:38:40 AM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --preferred-challenges "dns,http" --disable-hook-validation Edited August 23, 20205 yr by Greygoose
August 23, 20205 yr Can i use http load balancer with this container? Edited August 23, 20205 yr by Nuke
August 24, 20205 yr How to disable any logs for NPM ? I have a tons of gigs in /mnt/cache/appdata/NginxProxyManager/log here i see error.log with "2020/08/24 13:04:06 [warn] 2546#2546: *907484 an upstream response is buffered to a temporary file /var/tmp/nginx/proxy/2/42/0000000422 while reading upstream ..........." and proxy_host-1.log with "[24/Aug/2020:12:55:29 +0300] - 404 404 - POST http" this is because i use custom config with location ~ /(settings/write|torrent/rem|torrent/restart|shutdown) { auth_basic "Authorization required"; auth_basic_user_file /data/access/1; so clients see 404 for this pages and this normal. i just need to disable 100 strings per second to logs
August 26, 20205 yr Hi, Just wanted to stop by and say thanks to @Djoss for this container, I've found it much easier to use as my knowledgebase regarding Nginx is limited. I've managed to setup Bitwarden, Droppy, Radarr, Sonarr and NextCloud, and everything has worked great. I'm even getting a complete clean security bill of health in NextCloud which I never managed with Letsencrypt (however no disrespect to the Linuxserver guys, it will have been down to my lack of understanding). For reference, the only things I had to do in order to transition from Letsencrypt/Swag to Nginx Proxy Manager were; *Delete all prior certificates generated by Letsencrypt, *I haven't had any issues having NPM on its own network rather than Bridge, *Disable Cloudflare proxy protection for each of my subdomains, and *Add my NextCloud domain to the nextcloud config file, under "trusted domains". Keep up the great work! Edited August 26, 20205 yr by LoneTraveler
August 26, 20205 yr Author On 8/9/2020 at 10:06 AM, bdydrp said: hoping someone could help me track down an issue. I'm no longer able to access my proxy hosts from external. I have mydomain.duckdnsorg set to forward to my Jellyfin docker container - But i keep getting error 504 Gateway timeout. When i disable the proxy, i'm greeted with the Congratulations landing page! I have double checked that duckdns has the correct external IP - which it does! Also, to double check port forward rules are working, i disabled them, and my domains just time out. With the testing ive done, i can only put it down to NPM not forwarding to proxy hosts?? Is there something else i can check?? Cheers The 504 error seems to indicate that NPM cannot reach your Jellyfin container...
August 26, 20205 yr Author On 8/12/2020 at 4:59 PM, smartkid808 said: Hi Guys. I had nginix working last month, not sure what happened, I am unable to renew certs. I get an error "timedout". I'm probably missing something simple here, but im more of a Windows person vs Linux. Thanks for any help. -Will [8/12/2020] [3:53:46 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-4" --preferred-challenges "dns,http" --disable-hook-validation Another instance of Certbot is already running. [8/12/2020] [3:48:21 PM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates for Cert #4: o**i.s*******8.net [8/12/2020] [3:49:13 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-4" --preferred-challenges "dns,http" --disable-hook-validation Saving debug log to /config/log/letsencrypt/letsencrypt.log Cert is due for renewal, auto-renewing... Non-interactive renewal: random delay of 36 seconds Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for o**i.s*******8.net Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Cleaning up challenges Attempting to renew cert (npm-4) from /etc/letsencrypt/renewal/npm-4.conf produced an unexpected error: Failed authorization procedure. o**i.s*******8.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://o**i.s*******8.net/.well-known/acme-challenge/mhVyDF2lpreiKo_kMhAhFdIYNBa6FX3yHvN11vXQKkU: Timeout during connect (likely firewall problem). Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/npm-4/fullchain.pem (failure) 1 renew failure(s), 0 parse failure(s) According to the error, NPM was not reachable through port 80 from the Internet. Did you verified this ?
August 26, 20205 yr Author On 8/19/2020 at 3:11 PM, kcgodwins said: How does one revoke a cert with this? Or, more to the point, revoke a cert created by this? There doesn't seem to be a lot of real world tutorials out there, at least none that I have found. Any pointers would be appreciated. Thank you! I think that deleting the certificate will also revoke it.
August 26, 20205 yr Author On 8/21/2020 at 8:56 AM, mwwb said: Does anyone have pihole running with this? I tried lots of custom configs but i keep getting 502 errors. The 502 error seems to indicate that NPM cannot reach pihole. Double check you proxy host settings.
August 27, 20205 yr Author On 8/23/2020 at 10:51 AM, Nuke said: Can i use http load balancer with this container? No, this is not something that can be configured with NPM.
August 27, 20205 yr Author On 8/24/2020 at 6:08 AM, Nuke said: How to disable any logs for NPM ? I have a tons of gigs in /mnt/cache/appdata/NginxProxyManager/log here i see error.log with "2020/08/24 13:04:06 [warn] 2546#2546: *907484 an upstream response is buffered to a temporary file /var/tmp/nginx/proxy/2/42/0000000422 while reading upstream ..........." and proxy_host-1.log with "[24/Aug/2020:12:55:29 +0300] - 404 404 - POST http" this is because i use custom config with location ~ /(settings/write|torrent/rem|torrent/restart|shutdown) { auth_basic "Authorization required"; auth_basic_user_file /data/access/1; so clients see 404 for this pages and this normal. i just need to disable 100 strings per second to logs Not sure if you saw the answer on GitHub, but I would try to add the following under "location": error_log off; access_log off;
August 29, 20205 yr I have a few proxy hosts setup and working fine with Lets Encrypt certs for a few months. Tried creating a new proxy host today and keep getting "Internal Error" in GUI. Log is pasted below [8/28/2020] [9:04:14 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #15: grocy.domain.com [8/28/2020] [9:04:16 PM] [Nginx ] › ℹ info Reloading Nginx [8/28/2020] [9:04:16 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-15" --agree-tos --email "[email protected]" --preferred-challenges "dns,http" --webroot --domains "grocy.domain.com" Saving debug log to /config/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for grocy.domain.com Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Cleaning up challenges Failed authorization procedure. grocy.domain.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://grocy.domain.com/.well-known/acme-challenge/-e-long-string-of-characters-4 [2606:4700:3037::681c:12a2]: "<!DOCTYPE html>\n<!--[if lt IE 7]> <html class=\"no-js ie6 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 7]> <html class=\"no-js " Edited August 29, 20205 yr by itlists
August 30, 20205 yr On 8/27/2020 at 9:55 AM, Djoss said: The 504 error seems to indicate that NPM cannot reach your Jellyfin container... Thanks Jellyfin definitely works locally, so i will try and see if i can access another container on my network EDIT: so i have tried a number of different IP:PORT NUMBERS and it seems there is 2 containers i cant reach NodeRed @ 192.168.20.10:1880 and Unifi @ 192.168.1.4:8443 as well as Jellyfin container. But i can reach other devices on my network which have a web interface So im at a loss, as to why i cant reach 3 containers. AFAIK, there is nothing blocking incoming requests via proxy Edited September 1, 20205 yr by bdydrp
September 3, 20205 yr Having a few errors with this container. Setup: First being, the nginx config fails to pass test straight out of the box: /var/tmp/nginx/proxy/3/60 # nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: [emerg] getpwnam("nginx") failed nginx: configuration file /etc/nginx/nginx.conf test failed Secondly, it's also failing to reverse proxy next cloud (with permissions errors): 2020/09/03 15:57:57 [crit] 1516#1516: *3015 open() "/var/tmp/nginx/proxy/3/59/0000000593" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /core/img/actions/error-white.svg?v=1 HTTP/1.1", upstream: "https://10.0.0.3:82/core/img/actions/error-white.svg?v=1", host: "cloud.anglur.io" 2020/09/03 15:57:57 [crit] 1516#1516: *3007 open() "/var/tmp/nginx/proxy/4/59/0000000594" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /js/core/merged-template-prepend.js?v=a3beacbc-0 HTTP/1.1", upstream: "https://10.0.0.3:82/js/core/merged-template-prepend.js?v=a3beacbc-0", host: "cloud.anglur.io" 2020/09/03 15:57:58 [crit] 1516#1516: *3017 open() "/var/tmp/nginx/proxy/5/59/0000000595" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /core/img/actions/confirm.svg?v=2 HTTP/1.1", upstream: "https://10.0.0.3:82/core/img/actions/confirm.svg?v=2", host: "cloud.anglur.io" 2020/09/03 15:57:58 [crit] 1516#1516: *3019 open() "/var/tmp/nginx/proxy/6/59/0000000596" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /core/img/actions/confirm-white.svg?v=2 HTTP/1.1", upstream: "https://10.0.0.3:82/core/img/actions/confirm-white.svg?v=2", host: "cloud.anglur.io" 2020/09/03 15:57:58 [crit] 1516#1516: *3021 open() "/var/tmp/nginx/proxy/7/59/0000000597" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /core/img/logo/logo.svg?v=1 HTTP/1.1", upstream: "https://10.0.0.3:82/core/img/logo/logo.svg?v=1", host: "cloud.anglur.io" 2020/09/03 15:57:58 [crit] 1516#1516: *3023 open() "/var/tmp/nginx/proxy/8/59/0000000598" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /core/img/actions/checkmark-white.svg?v=1 HTTP/1.1", upstream: "https://10.0.0.3:82/core/img/actions/checkmark-white.svg?v=1", host: "cloud.anglur.io" 2020/09/03 15:57:58 [crit] 1516#1516: *3025 open() "/var/tmp/nginx/proxy/9/59/0000000599" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /core/img/background.png?v=2 HTTP/1.1", upstream: "https://10.0.0.3:82/core/img/background.png?v=2", host: "cloud.anglur.io" 2020/09/03 15:57:58 [crit] 1516#1516: *3035 open() "/var/tmp/nginx/proxy/0/60/0000000600" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /core/img/background.png?v=0 HTTP/1.1", upstream: "https://10.0.0.3:82/core/img/background.png?v=0", host: "cloud.anglur.io" 2020/09/03 15:57:58 [crit] 1516#1516: *3027 open() "/var/tmp/nginx/proxy/1/60/0000000601" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /apps/theming/img/core/filetypes/text.svg?v=0 HTTP/1.1", upstream: "https://10.0.0.3:82/apps/theming/img/core/filetypes/text.svg?v=0", host: "cloud.anglur.io" 2020/09/03 15:57:58 [crit] 1516#1516: *3029 open() "/var/tmp/nginx/proxy/2/60/0000000602" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /apps/theming/img/core/filetypes/folder.svg?v=0 HTTP/1.1", upstream: "https://10.0.0.3:82/apps/theming/img/core/filetypes/folder.svg?v=0", host: "cloud.anglur.io" 2020/09/03 15:57:58 [crit] 1516#1516: *3033 open() "/var/tmp/nginx/proxy/3/60/0000000603" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /apps/theming/img/core/filetypes/folder-drag-accept.svg?v=0 HTTP/1.1", upstream: "https://10.0.0.3:82/apps/theming/img/core/filetypes/folder-drag-accept.svg?v=0", host: "cloud.anglur.io" Edited September 3, 20205 yr by Jonatino adding screenshot
September 7, 20205 yr Hello, I'm getting a few unexpected results. I left all settings default when installing the Docker, other than changing the network from a bridge on the host to br02 so it can have its own address. Why does Docker show that the mapped resources, specifically the ports it is using, do not match what are in the docker settings? Also, I think I have an outdated version of the application, though that could be an issue with the Docker image. Do I have an issue, or am I just missing something that should be obvious? Screenshots attached.
September 8, 20205 yr the custom br2 network here is like a host network, it wont map ports, it ll use the native ports from the app(s), so its all correct.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.