[Support] Djoss - Nginx Proxy Manager


Djoss

1455 posts in this topic Last Reply

Recommended Posts

If you go to yourip:8181/nginx/certificates you can 'renew' the certificate. This should generate a new one and store it to your disk. I'm not really sure if you can see what site "9" is so I guess the first one on that page? Or perhaps an error is already displayed there?

 

edit:

You can see it in the config files /mnt/user/appdata/NginxProxyManager/nginx/proxy_host and then look into (`cat`) the 9.conf file

Edited by mattie112
Link to post
  • Replies 1.5k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

Support for Nginx Proxy Manager docker container   Application Name: Nginx Proxy Manager Application Site: https://nginxproxymanager.jc21.com Docker Hub: https://hub.docker.com/r/jlesage/ngi

You can use my fork for now: https://hub.docker.com/r/mattie112/docker-nginx-proxy-manager (which I will delete if/when this gets implemented by Djoss)   My fork is 100% the same c

I ended up adding a completely new NPM container and was able to register new certs without issue, i guess I'll see if they renew in a couple months. Thanks for your help in troubleshooting, I'm still

Posted Images

The 8181 port should be the webinterface, but perhaps you use an other port? You can also go to the docker tab in unraid and then click on NPM end then choose "WebUI".

 

I think the container uses certbot internally but I'm not 100% sure so if the UI works I would suggest to try that first.

Link to post

Hm that is strange (perhaps restart your container?)

 

But yes you should be able to do it from the CLI. Again SSH to your unraid and do:

docker exec -it NginxProxyManager sh

(If your container has a different name use that you can see it on the web UI from Unraid)

 

In your container do:

certbot renew
or
certbot renew --force-renewal

This will renew everything or use the --cert-name flag to only do the ones you need

 

edit:

I would restart my container after doing this.

Edited by mattie112
Link to post

@Rejserr, the web server is not starting because of the missing certificate file.  If the certbot command suggested by @mattie112 doesn't fix the problem, you should try to edit the file under /mnt/user/appdata/NginxProxyManager/nginx/proxy_host/ that contains the following lines:

  ssl_certificate /etc/letsencrypt/live/npm-9/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-9/privkey.pem;

And comment them:

#  ssl_certificate /etc/letsencrypt/live/npm-9/fullchain.pem;
#  ssl_certificate_key /etc/letsencrypt/live/npm-9/privkey.pem;

 

Link to post

hey guys, does your NPM have updated to 2.7.1? Im stuck at 2.6.2, Tried force update, tried remove and reinstall, tried setting :latest as a tag.
Nothing worked.


EDIT* Now i realised this isn't the official docker image, i'll have to wait until this image is updated to 2.7.1 :) 

Edited by skois
Link to post

Ok, for the past few days I've been trying to get a cert and keep getting the following error:

 

Quote

Internal Error

 

Error: Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-23" --agree-tos --email "thespectralforce@gmail.com" --preferred-challenges "dns,http" --domains "irc.spectralforceservers.net" Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for irc.spectralforceservers.net Using the webroot path /config/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Challenge failed for domain irc.spectralforceservers.net http-01 challenge for irc.spectralforceservers.net Cleaning up challenges Some challenges have failed. at ChildProcess.exithandler (child_process.js:303:12) at ChildProcess.emit (events.js:315:20) at maybeClose (internal/child_process.js:1021:16) at Process.ChildProcess._handle.onexit (internal/child_process.js:286:5)

 

If anyone has a resolution or could shed some light on the subject, it would be greatly appreciated.

 

Note: I have tried the renew certbot command previously mentioned.  Thanks in advance for any help.

Link to post

Can you check the logfile mentioned: /var/log/letsencrypt/letsencrypt.log

(this file exists in your docker container so docker exec -it NginxProxyManager sh and then cat /var/log/letsencrypt/letsencrypt.log)

 

Also:

Is this the only domain that fails or does everything fail?

Link to post
10 hours ago, mattie112 said:

Can you check the logfile mentioned: /var/log/letsencrypt/letsencrypt.log

(this file exists in your docker container so docker exec -it NginxProxyManager sh and then cat /var/log/letsencrypt/letsencrypt.log)

 

Also:

Is this the only domain that fails or does everything fail?

@mattie112   I haven't tried any other domain as I haven't need any others.  As for the log file, I can add it here as long as there's no sensitive info in it.

Link to post
On 11/20/2020 at 11:56 AM, skois said:

hey guys, does your NPM have updated to 2.7.1? Im stuck at 2.6.2, Tried force update, tried remove and reinstall, tried setting :latest as a tag.
Nothing worked.


EDIT* Now i realised this isn't the official docker image, i'll have to wait until this image is updated to 2.7.1 :) 

Container image has been updated.

Link to post
On 11/20/2020 at 12:43 PM, skois said:

Also if anyone could explain when to use Websocket Support and Cache Assets (or what is the benefits/cons of using them) Thanks!

WebSocket support must be enabled only when your proxied application requires it.

When enabling Cache Assets, some assets, like images, will be served by NPM instead of your proxied application.  I guess this can provide some performance improvements when a lot of them need to be loaded.

Link to post
WebSocket support must be enabled only when your proxied application requires it.
When enabling Cache Assets, some assets, like images, will be served by NPM instead of your proxied application.  I guess this can provide some performance improvements when a lot of them need to be loaded.
I have enabled it on all, didn't see any problems or any difference when disabled, so I left it on! But I'll keep an eye if I have any problem

Thanks!!

Sent from my Mi 10 Pro using Tapatalk

Link to post

I have linuxserver's letsencrypt (now SWAG) container working just fine but would like to switch over to this as it makes adding entries so much easier through the UI. I also followed Spaceinvaderone's video of setting up each container that needs to be proxied via a custom proxynet network interface. Is this still necessary? Any other considerations for migrating over? Anything like fail2ban in here?

Edited by nimaim
Link to post
On 11/23/2020 at 8:48 AM, mattie112 said:

Perhaps you can try `certbot renew --dry-run` just to see if that works? Or perhaps `certbot --test-cert` ro verify letsencrypt could be reached.

 

And just to be really sure: can you ping from within the NPM container to the internet?

@mattie112

 

Getting back to this.  I can ping from the container.  When I do the dry run, it says Cerbot is already running.

 

I get the following error from the log 

Quote

 

2020-11-30 09:56:46,228:DEBUG:acme.client:Storing nonce: 0003zHntUKE9Oxgxpsq2L1IDEF4VMp9I5SDSoDg3GCK8AHw
2020-11-30 09:56:46,228:WARNING:certbot._internal.auth_handler:Challenge failed for domain irc.spectralforceservers.net
2020-11-30 09:56:46,229:INFO:certbot._internal.auth_handler:http-01 challenge for irc.spectralforceservers.net
2020-11-30 09:56:46,229:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:

Domain: irc.spectralforceservers.net
Type:   unauthorized
Detail: Invalid response from http://irc.spectralforceservers.net/.well-known/acme-challenge/vxRjJMhh-i5YTWmGUfElTq9CLZQrqNrmZKE1pWMI8OI [172.98.192.36]: "<html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://irc.spectralfor"

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2020-11-30 09:56:46,229:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

 

My CNAME and duckdns.org url are linked.  Thanks for your help!

Link to post

So it seems that letsencrypt cannot access the fiel it want's. When I go to the website mentioned I get redirected to a site "survey-smiles" (with a huge alert from MalwareBytes) so I can only assume that letsencrypt faces the same issue.

 

If you go to your site do you end up correctly? (Assuming the survey-smiles thing is not yours).

 

And just for funs here is the output of that domain:

 

xx@xx:~# curl irc.spectralforceservers.net
<html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://irc.spectralforceservers.net/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQ<removed>TUsInRzIjoxNjA2NzQ5MjE1MzI2OTIyfQ.iwTewrvuWy6FWsN3bbD0pVnXh36dwDhFwp0Hamm07RY&sid=9db9<removed>cc3238fa');</script></body></html>

So yes your site does issue a redirect (the same happens with /.well-kown/acme-challenge/somerandomstring)

Edited by mattie112
Link to post
15 minutes ago, mattie112 said:

So it seems that letsencrypt cannot access the fiel it want's. When I go to the website mentioned I get redirected to a site "survey-smiles" (with a huge alert from MalwareBytes) so I can only assume that letsencrypt faces the same issue.

 

If you go to your site do you end up correctly? (Assuming the survey-smiles thing is not yours).

 

And just for funs here is the output of that domain:

 


xx@xx:~# curl irc.spectralforceservers.net
<html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://irc.spectralforceservers.net/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQ<removed>TUsInRzIjoxNjA2NzQ5MjE1MzI2OTIyfQ.iwTewrvuWy6FWsN3bbD0pVnXh36dwDhFwp0Hamm07RY&sid=9db9<removed>cc3238fa');</script></body></html>

So yes your site does issue a redirect (the same happens with /.well-kown/acme-challenge/somerandomstring)

Yeah that's definitely wrong.  I'll try changing the subdomain and see if that works.

 

Even with a new subdomain it still is going to that smiles survey, which is weird, should I contact my domain provider at this point?

Edited by Spectral Force
Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.