[Support] Djoss - Nginx Proxy Manager


Djoss

Recommended Posts

14 hours ago, binhex said:

certainly worth not included any advanced custom nginx config if possible, just so you can identify the issue, i dont have anything defined in there and auth works correctly so its possible that its overriding the authentication, or its simply a bug in npm.

Boom! Okay I can confirm it does prompt for username and password if I remove the advanced config!

So for some reason adding this to the advanced config kills the authentication:

location / {
root /websites/guide;
}

That is the only way I know how to host a static site with Auth though... Is this expected behavior? Is there another method of hosting a static site on my UnRaid Server with Auth that I am not across?

Edited by Mattyfaz
Added that Auth is a requirement of the Static Site.
Link to comment
9 minutes ago, jonathanm said:

The LSIO Letsencrypt container would be the typical choice. This particular container is set up for proxy, not hosting.

Sorry, I should've clarified that having Authentication in front of the Static Site is a requirement. Which is the reason I went for NPM.

Link to comment
38 minutes ago, Mattyfaz said:

Sorry, I should've clarified that having Authentication in front of the Static Site is a requirement. Which is the reason I went for NPM.

I'm not quite following, but if you need to have NPM as the gateway, then just use a plain vanilla apache or nginx container to host the static site and point NPM to that container.

 

I use LSIO's LE with basic authentication for some static pages as well as using it to reverse proxy a bunch of other sites in my LAN, some on Unraid, some hosted on VM's, etc.

  • Thanks 1
Link to comment

Ohhh right, sorry I totally misunderstood.

I'm still confused on how to setup LSIO's LE container with Authentication (and multiple domain names), but regardless I can confirm this solution has worked brilliantly:

47 minutes ago, jonathanm said:

just use a plain vanilla apache or nginx container to host the static site and point NPM to that container.

Thanks @jonathanm - all sorted now :)

Edited by Mattyfaz
Link to comment

hoping someone could help me track down an issue.

I'm no longer able to access my proxy hosts from external.

I have mydomain.duckdnsorg set to forward to my Jellyfin docker container - But i keep getting error 504 Gateway timeout.

When i disable the proxy, i'm greeted with the Congratulations landing page! 

I have double checked that duckdns has the correct external IP - which it does!

Also, to double check port forward rules are working, i disabled them, and my domains just time out.

 

With the testing ive done, i can only put it down to NPM not forwarding to proxy hosts??

Is there something else i can check??

 

Cheers

Link to comment

Hi Guys.  I had nginix working last month, not sure what happened, I am unable to renew certs. I get an error "timedout".    I'm probably missing something simple here, but im more of a Windows person vs Linux. Thanks for any help.

-Will
 

[8/12/2020] [3:53:46 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-4" --preferred-challenges "dns,http" --disable-hook-validation

Another instance of Certbot is already running.


 

[8/12/2020] [3:48:21 PM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates for Cert #4: o**i.s*******8.net
[8/12/2020] [3:49:13 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-4" --preferred-challenges "dns,http" --disable-hook-validation

Saving debug log to /config/log/letsencrypt/letsencrypt.log
Cert is due for renewal, auto-renewing...
Non-interactive renewal: random delay of 36 seconds
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for o**i.s*******8.net
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (npm-4) from /etc/letsencrypt/renewal/npm-4.conf produced an unexpected error: Failed authorization procedure. o**i.s*******8.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://o**i.s*******8.net/.well-known/acme-challenge/mhVyDF2lpreiKo_kMhAhFdIYNBa6FX3yHvN11vXQKkU: Timeout during connect (likely firewall problem). Skipping.

All renewal attempts failed. The following certs could not be renewed:

/etc/letsencrypt/live/npm-4/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

 

Edited by smartkid808
Link to comment

im having with renewing certs also

 

ive rebuilt the image and re saved all the domains and still no luck

also some domains listed as expired in the SSL page but if i check the site its self it has a newer cert then listed

 

[8/14/2020] [7:26:01 AM] [SSL ] › ✖ error Error: Command failed: /usr/bin/certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation
Attempting to renew cert (npm-6) from /etc/letsencrypt/renewal/npm-6.conf produced an unexpected error: Failed authorization procedure. n***a.d****-r****r.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://n***a.d****-r****r.co.uk/.well-known/acme-challenge/8m7FHu7FrVb7tV2aGGYfLZfhFP5TvqO1iHAu6-mG3Mg [*.*.*.*]: "<html>\r\n<head><title>401 Authorization Required</title><link rel=\"stylesheet\" type=\"text/css\" href=\"https://gilbn.github.io/them". Skipping.
Attempting to renew cert (npm-20) from /etc/letsencrypt/renewal/npm-20.conf produced an unexpected error: Failed authorization procedure. n***a.d****-r****r.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://n***a.d****-r****r.co.uk/.well-known/acme-challenge/DRtRZr77KhC32wvEbt0iN33aUNP22_YB-7enTpaJ56o [*.*.*.*]: "<html>\r\n<head><title>401 Authorization Required</title><link rel=\"stylesheet\" type=\"text/css\" href=\"https://gilbn.github.io/them". Skipping.
Attempting to renew cert (npm-22) from /etc/letsencrypt/renewal/npm-22.conf produced an unexpected error: Failed authorization procedure. **b.d*****r.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://**b.d*****r.co.uk/.well-known/acme-challenge/ZMAZSCwrIoLr-8bcIQgBKNH-0ehqEcT_IJVkvkYIOmA [*.*.*.*]: "<!DOCTYPE html>\n<html>\n <head>\n <script src=\"https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\"></script>\n ". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/npm-6/fullchain.pem (failure)
/etc/letsencrypt/live/npm-20/fullchain.pem (failure)
/etc/letsencrypt/live/npm-22/fullchain.pem (failure)
3 renew failure(s), 0 parse failure(s)

 

 

i have no idea what happened but the issue seems to have fixed its self and all are being renewed now

Edited by Dark-Raptor
issue fixed its self
Link to comment

My certs are to expire tomorrow and i'm trying to renew in the proxy manager and it gives an error.

 

Help please :)

 

error i get

 

[8/23/2020] [8:38:40 AM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --preferred-challenges "dns,http" --disable-hook-validation

Edited by Greygoose
Link to comment

How to disable any logs for NPM ?

I have a tons of gigs in /mnt/cache/appdata/NginxProxyManager/log

here i see error.log with

"2020/08/24 13:04:06 [warn] 2546#2546: *907484 an upstream response is buffered to a temporary file /var/tmp/nginx/proxy/2/42/0000000422 while reading upstream ..........."

 

and proxy_host-1.log with

"[24/Aug/2020:12:55:29 +0300] - 404 404 - POST http"

 

this is because i use custom config with

location ~ /(settings/write|torrent/rem|torrent/restart|shutdown) {
    auth_basic            "Authorization required";
    auth_basic_user_file  /data/access/1;

 

so clients see 404 for this pages and this normal. i just need to disable 100 strings per second to logs

Link to comment

Hi, 

 

Just wanted to stop by and say thanks to @Djoss for this container, I've found it much easier to use as my knowledgebase regarding Nginx is limited. I've managed to setup Bitwarden, Droppy, Radarr, Sonarr and NextCloud, and everything has worked great. I'm even getting a complete clean security bill of health in NextCloud which I never managed with Letsencrypt (however no disrespect to the Linuxserver guys, it will have been down to my lack of understanding). 

 

For reference, the only things I had to do in order to transition from Letsencrypt/Swag to Nginx Proxy Manager were;

*Delete all prior certificates generated by Letsencrypt, 

*I haven't had any issues having NPM on its own network rather than Bridge, 

*Disable Cloudflare proxy protection for each of my subdomains, and

*Add my NextCloud domain to the nextcloud config file, under "trusted domains". 

 

Keep up the great work! 

 

 

20200826_134820.jpg

20200826_113256.jpg

20200826_113344.jpg

Edited by LoneTraveler
Link to comment
On 8/9/2020 at 10:06 AM, bdydrp said:

hoping someone could help me track down an issue.

I'm no longer able to access my proxy hosts from external.

I have mydomain.duckdnsorg set to forward to my Jellyfin docker container - But i keep getting error 504 Gateway timeout.

When i disable the proxy, i'm greeted with the Congratulations landing page! 

I have double checked that duckdns has the correct external IP - which it does!

Also, to double check port forward rules are working, i disabled them, and my domains just time out.

 

With the testing ive done, i can only put it down to NPM not forwarding to proxy hosts??

Is there something else i can check??

 

Cheers

The 504 error seems to indicate that NPM cannot reach your Jellyfin container...

Link to comment
On 8/12/2020 at 4:59 PM, smartkid808 said:

Hi Guys.  I had nginix working last month, not sure what happened, I am unable to renew certs. I get an error "timedout".    I'm probably missing something simple here, but im more of a Windows person vs Linux. Thanks for any help.

-Will
 


[8/12/2020] [3:53:46 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-4" --preferred-challenges "dns,http" --disable-hook-validation

Another instance of Certbot is already running.


 


[8/12/2020] [3:48:21 PM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates for Cert #4: o**i.s*******8.net
[8/12/2020] [3:49:13 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-4" --preferred-challenges "dns,http" --disable-hook-validation

Saving debug log to /config/log/letsencrypt/letsencrypt.log
Cert is due for renewal, auto-renewing...
Non-interactive renewal: random delay of 36 seconds
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for o**i.s*******8.net
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (npm-4) from /etc/letsencrypt/renewal/npm-4.conf produced an unexpected error: Failed authorization procedure. o**i.s*******8.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://o**i.s*******8.net/.well-known/acme-challenge/mhVyDF2lpreiKo_kMhAhFdIYNBa6FX3yHvN11vXQKkU: Timeout during connect (likely firewall problem). Skipping.

All renewal attempts failed. The following certs could not be renewed:

/etc/letsencrypt/live/npm-4/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

 

According to the error, NPM was not reachable through port 80 from the Internet.  Did you verified this ?

Link to comment
On 8/19/2020 at 3:11 PM, kcgodwins said:

How does one revoke a cert with this?  Or, more to the point, revoke a cert created by this?

 

There doesn't seem to be a lot of real world tutorials out there, at least none that I have found.  Any pointers would be appreciated.

 

Thank you!

I think that deleting the certificate will also revoke it.

Link to comment
On 8/21/2020 at 8:56 AM, mwwb said:

Does anyone have pihole running with this? I tried lots of custom configs but i keep getting 502 errors.

The 502 error seems to indicate that NPM cannot reach pihole.  Double check you proxy host settings. 

Link to comment
On 8/24/2020 at 6:08 AM, Nuke said:

How to disable any logs for NPM ?

I have a tons of gigs in /mnt/cache/appdata/NginxProxyManager/log

here i see error.log with

"2020/08/24 13:04:06 [warn] 2546#2546: *907484 an upstream response is buffered to a temporary file /var/tmp/nginx/proxy/2/42/0000000422 while reading upstream ..........."

 

and proxy_host-1.log with

"[24/Aug/2020:12:55:29 +0300] - 404 404 - POST http"

 

this is because i use custom config with

location ~ /(settings/write|torrent/rem|torrent/restart|shutdown) {
    auth_basic            "Authorization required";
    auth_basic_user_file  /data/access/1;

 

so clients see 404 for this pages and this normal. i just need to disable 100 strings per second to logs

Not sure if you saw the answer on GitHub, but I would try to add the following under "location":

error_log    off;
access_log    off;

 

  • Like 1
Link to comment

I have a few proxy hosts setup and working fine with Lets Encrypt certs for a few months.

Tried creating a new proxy host today and keep getting "Internal Error" in GUI. Log is pasted below

 

[8/28/2020] [9:04:14 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #15: grocy.domain.com
[8/28/2020] [9:04:16 PM] [Nginx ] › ℹ info Reloading Nginx
[8/28/2020] [9:04:16 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-15" --agree-tos --email "email@address.com" --preferred-challenges "dns,http" --webroot --domains "grocy.domain.com"

Saving debug log to /config/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for grocy.domain.com
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. grocy.domain.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://grocy.domain.com/.well-known/acme-challenge/-e-long-string-of-characters-4 [2606:4700:3037::681c:12a2]: "<!DOCTYPE html>\n<!--[if lt IE 7]> <html class=\"no-js ie6 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 7]> <html class=\"no-js "

 

Edited by itlists
Link to comment
On 8/27/2020 at 9:55 AM, Djoss said:

The 504 error seems to indicate that NPM cannot reach your Jellyfin container...

Thanks

Jellyfin definitely works locally, so i will try and see if i can access another container on my network

 

EDIT: so i have tried a number of different IP:PORT NUMBERS  and it seems there is 2 containers i cant reach

NodeRed @ 192.168.20.10:1880 and Unifi @ 192.168.1.4:8443 as well as Jellyfin container.

But i can reach other devices on my network which have a web interface

 

So im at a loss, as to why i cant reach 3 containers. AFAIK, there is nothing blocking incoming requests via proxy

 

 

 

Edited by bdydrp
Link to comment

Having a few errors with this container.

 

Setup:

chrome_VrgH7JtfQV.png

 

First being, the nginx config fails to pass test straight out of the box:

/var/tmp/nginx/proxy/3/60 # nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] getpwnam("nginx") failed
nginx: configuration file /etc/nginx/nginx.conf test failed

 

Secondly, it's also failing to reverse proxy next cloud (with permissions errors):

2020/09/03 15:57:57 [crit] 1516#1516: *3015 open() "/var/tmp/nginx/proxy/3/59/0000000593" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /core/img/actions/error-white.svg?v=1 HTTP/1.1", upstream: "https://10.0.0.3:82/core/img/actions/error-white.svg?v=1", host: "cloud.anglur.io"
2020/09/03 15:57:57 [crit] 1516#1516: *3007 open() "/var/tmp/nginx/proxy/4/59/0000000594" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /js/core/merged-template-prepend.js?v=a3beacbc-0 HTTP/1.1", upstream: "https://10.0.0.3:82/js/core/merged-template-prepend.js?v=a3beacbc-0", host: "cloud.anglur.io"
2020/09/03 15:57:58 [crit] 1516#1516: *3017 open() "/var/tmp/nginx/proxy/5/59/0000000595" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /core/img/actions/confirm.svg?v=2 HTTP/1.1", upstream: "https://10.0.0.3:82/core/img/actions/confirm.svg?v=2", host: "cloud.anglur.io"
2020/09/03 15:57:58 [crit] 1516#1516: *3019 open() "/var/tmp/nginx/proxy/6/59/0000000596" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /core/img/actions/confirm-white.svg?v=2 HTTP/1.1", upstream: "https://10.0.0.3:82/core/img/actions/confirm-white.svg?v=2", host: "cloud.anglur.io"
2020/09/03 15:57:58 [crit] 1516#1516: *3021 open() "/var/tmp/nginx/proxy/7/59/0000000597" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /core/img/logo/logo.svg?v=1 HTTP/1.1", upstream: "https://10.0.0.3:82/core/img/logo/logo.svg?v=1", host: "cloud.anglur.io"
2020/09/03 15:57:58 [crit] 1516#1516: *3023 open() "/var/tmp/nginx/proxy/8/59/0000000598" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /core/img/actions/checkmark-white.svg?v=1 HTTP/1.1", upstream: "https://10.0.0.3:82/core/img/actions/checkmark-white.svg?v=1", host: "cloud.anglur.io"
2020/09/03 15:57:58 [crit] 1516#1516: *3025 open() "/var/tmp/nginx/proxy/9/59/0000000599" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /core/img/background.png?v=2 HTTP/1.1", upstream: "https://10.0.0.3:82/core/img/background.png?v=2", host: "cloud.anglur.io"
2020/09/03 15:57:58 [crit] 1516#1516: *3035 open() "/var/tmp/nginx/proxy/0/60/0000000600" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /core/img/background.png?v=0 HTTP/1.1", upstream: "https://10.0.0.3:82/core/img/background.png?v=0", host: "cloud.anglur.io"
2020/09/03 15:57:58 [crit] 1516#1516: *3027 open() "/var/tmp/nginx/proxy/1/60/0000000601" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /apps/theming/img/core/filetypes/text.svg?v=0 HTTP/1.1", upstream: "https://10.0.0.3:82/apps/theming/img/core/filetypes/text.svg?v=0", host: "cloud.anglur.io"
2020/09/03 15:57:58 [crit] 1516#1516: *3029 open() "/var/tmp/nginx/proxy/2/60/0000000602" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /apps/theming/img/core/filetypes/folder.svg?v=0 HTTP/1.1", upstream: "https://10.0.0.3:82/apps/theming/img/core/filetypes/folder.svg?v=0", host: "cloud.anglur.io"
2020/09/03 15:57:58 [crit] 1516#1516: *3033 open() "/var/tmp/nginx/proxy/3/60/0000000603" failed (13: Permission denied) while reading upstream, client: 74.12.144.41, server: cloud.anglur.io, request: "GET /apps/theming/img/core/filetypes/folder-drag-accept.svg?v=0 HTTP/1.1", upstream: "https://10.0.0.3:82/apps/theming/img/core/filetypes/folder-drag-accept.svg?v=0", host: "cloud.anglur.io"

 

Edited by Jonatino
adding screenshot
Link to comment

Hello,

I'm getting a few unexpected results. I left all settings default when installing the Docker, other than changing the network from a bridge on the host to br02 so it can have its own address.
Why does Docker show that the mapped resources, specifically the ports it is using, do not match what are in the docker settings?
Also, I think I have an outdated version of the application, though that could be an issue with the Docker image.
Do I have an issue, or am I just missing something that should be obvious?
Screenshots attached.

dockerconfig.PNG

dockerconfig2.PNG

version.PNG

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.