[Support] Djoss - Nginx Proxy Manager


Djoss

1415 posts in this topic Last Reply

Recommended Posts

On 12/22/2020 at 9:30 AM, cagemaster said:

When i try to add an SSL cert i get this error:

 

984729208_Screenshot2020-12-22at15_26_04.thumb.png.21e4a01f82c0ad9c5d7bb6fc5a4b85dc.png

 

Can you help me?

I am getting the same error as of today when trying to add certs. Anyone else also getting this issue? 

 

EDIT: I let the container sit for 15 minutes or so and tried again and it worked... lol

Edited by CorneliousJD
Link to post
  • Replies 1.4k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

Support for Nginx Proxy Manager docker container   Application Name: Nginx Proxy Manager Application Site: https://nginxproxymanager.jc21.com Docker Hub: https://hub.docker.com/r/jlesage/ngi

You can use my fork for now: https://hub.docker.com/r/mattie112/docker-nginx-proxy-manager (which I will delete if/when this gets implemented by Djoss)   My fork is 100% the same c

Found it; maybe others can be helped with this as well. Had to add the line add_header X-Frame-Options "SAMEORIGIN"; to the "default" config file in /appdata/nextcloud/nginx/site-conf

Posted Images

On 12/23/2020 at 9:21 PM, CorneliousJD said:

I am getting the same error as of today when trying to add certs. Anyone else also getting this issue? 

 

EDIT: I let the container sit for 15 minutes or so and tried again and it worked... lol

This is still not working for me, can you help?

Link to post
16 hours ago, cagemaster said:

This is still not working for me, can you help?

I didn't really do anything? I have ~35 proxy hosts though so I had just assumed certbot was running trying to process/check renewals, so I just let it sit and it started working. Not having any other issues with it. Have you checked logs to see what might be up? 

Link to post
On 12/24/2020 at 5:20 PM, IKWeb said:

Hello All 

 

Can I ask for confirmation? I assume I would either use NginxProxyManager or SWAG - you wouldnt use both? I assume NginxProxyManager has a copy of SWAG within it? 

TIA 

You would pick one or the other, correct.

 

NPM and SWAG are different (NPM does not contain SWAG), but they both run their reverse proxies via Nginx. 

SWAG is all config-file based, but can support some really advanced configs.

 

NPM is GUI-based and keeps everything really simple. This can make some advanced configs challenging, but I've been able to work around that and have migrated from SWAG to NPM personally. 

 

If you're just getting started, I'd suggest NPM for sure.

If you hit a wall with NPM and have an actual need for more advanced configs, you can easily swap over to SWAG if you ever need to. 

Link to post

Hello, I am using NPM with linuxio/nextcloud. Everything works perfectly except one issue. I have problem when someone tries to download a file more than 1GB in size. It either stops downloading a file or breaks the download entirely. In other topics I found different solutions how to address this issue but all solutions point towards letsencrypt config. Can anyone point me towards a solution with NPM and how to enable download of files >1GB? Much appreciate your input. Thanks.

 

Below suggested solutions I found so far but had no luck with finding files mentioned below:

Quote

I think I found a solution

 

Inside of the let's encrypt conf file for nextcloud I found

 


    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_nextcloud nextcloud;
        proxy_max_temp_file_size 2048m;
        proxy_pass https://$upstream_nextcloud:443;
    }
}

Quote

Edit /config/letsencrypt/nginx/site-confs/nextcloud

location / { proxy_pass https://192.168.0.1:444/; proxy_max_temp_file_size 2048m; include /config/nginx/proxy.conf; }

Change 2048m to a size that works for you.

 

Link to post
On 8/26/2020 at 7:57 AM, LoneTraveler said:

Hi, 

 

Just wanted to stop by and say thanks to @Djoss for this container, I've found it much easier to use as my knowledgebase regarding Nginx is limited. I've managed to setup Bitwarden, Droppy, Radarr, Sonarr and NextCloud, and everything has worked great. I'm even getting a complete clean security bill of health in NextCloud which I never managed with Letsencrypt (however no disrespect to the Linuxserver guys, it will have been down to my lack of understanding). 

 

 

 

 

 

@LoneTraveler

I've got nextcloud working on my first try within 5 min.

However I cannot get droppy or bitwarden to work with NPM. Any suggestions?

Droppy shows login page but I get a blank page after login. I'm not even trying https.

Edited by nextgenpotato
Link to post
On 12/23/2020 at 4:55 AM, CorneliousJD said:

So I did PM you but ended up plugging away at this today and I got it...

 

I updated NPM's GitHub issue #40 about this.

https://github.com/jc21/nginx-proxy-manager/issues/40#issuecomment-749770892

 

In short, /plex sitll woudn't work for me, but adding /web DID work.

I think it's because the way the plex container expects /web at the end of everything that it worked like this, but regardless, it allows me to fix my issue!

I now have Organizr setup with Plex OAuth, SSO across Plex, Ombi, Tautulli, and "watch on plex" buttons working, all via NPM :)
hope this comment helps someone else in the future!

 

 

image.png.c44f5551572f1accaeac4f67f8daec81.png

hi there.

 

could you show me exactly how you were able to get it work?

i did the location to /web and it it still prompt me to log in in plex in organizr

 

Link to post
15 hours ago, i1mran92 said:

hi there.

 

could you show me exactly how you were able to get it work?

i did the location to /web and it it still prompt me to log in in plex in organizr

 

I'm tight on time right now but hope this helps. If not let me know - can work to gather more info later.

 

 

Primary domain.com setup in NPM which hosts Organizr -- this should be perfectly straight forward.

image.png.7112c2d565b1cc1cab4d165b9dda0c3e.png

 

Next is custom locations. - first part is for organizr auth - you can ignore this part if you don't want it, and focus on the /web part at the bottom.

NOTE the HTTPS part on my /web -- I needed this to get it to work correctly, and it HAD to be /web too, /plex didn't work for me here at all.

 

image.thumb.png.c24f0fa75ea90604371c5553b36a6254.png

 

Organizr SSO settings.

image.png.3be487ae977ad60556dbcfd107d963aa.png

 

Media/Plex tab settings.

 

image.thumb.png.4f10df6482b4c131eca6587cb2520549.png

 

Happy to try and help more if this doesn't do it for you - but replicate this exactly first and if it's still erroring out let me know. 

 

Link to post
On 11/8/2020 at 10:42 PM, imranchaudhry@hotmail.com said:

Hi all, I have two issues.

 

1. Unable to get the Letsencrypt SSL cert. it says "Internal Error" always

 

2. I got a certificate and private key from my cloudflare tool and saved them as .pem files and now while uploading them i am getting this error. (also attaching a screenshot)

 

Upload failed: Certificate Key is not valid (Command failed: openssl ec -in /tmp/8dce0efe-c119-448b-809e-c7b1408fb42e/tmp -check -noout 2>&1 ) 

1120496865_ScreenShot2020-11-09at10_38_39AM.thumb.png.67149915802b07cd8b08974bc31f5b22.png

 

Kindly help. thanks. 

You need to change "-----BEGIN PRIVATE KEY-----" to "-----BEGIN RSA PRIVATE KEY-----" in your key crt file to get this to work.  No idea when the requirement changed, but this fixed the issue for me last night.

Link to post
3 hours ago, NickAll said:

Any Reason why I cannot use port 80 and 443 on the outside?

 

 

 

 

ports.png

docker.png

Unraid is already using 80 (and potentially 443) so if you want to use those ports you should give your NPM a dedicated IP

Link to post

I have two certs and four separate proxy hosts defined, but today I noticed that I started getting the following error when I try to create a new cert.

 

I have redacted my email address and domain utilized.

 

Error: Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-8" --agree-tos --email "MYEMAIL@MAC.COM" --preferred-challenges "dns,http" --domains "SUB.DOMAIN.COM"

Traceback (most recent call last):

  File "/usr/bin/certbot", line 11, in

    load_entry_point('certbot==1.4.0', 'console_scripts', 'certbot')()

  File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 490, in load_entry_point

    return get_distribution(dist).load_entry_point(group, name)

  File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 2862, in load_entry_point

    return ep.load()

  File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 2462, in load

    return self.resolve()

  File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 2468, in resolve

    module = __import__(self.module_name, fromlist=['__name__'], level=0)

  File "/usr/lib/python3.8/site-packages/certbot/main.py", line 2, in

    from certbot._internal import main as internal_main

  File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 9, in

    import configobj

  File "", line 991, in _find_and_load

  File "", line 975, in _find_and_load_unlocked

  File "", line 671, in _load_unlocked

  File "", line 779, in exec_module

  File "", line 911, in get_code

  File "", line 580, in _compile_bytecode

ValueError: bad marshal data (unknown type code)

 

    at ChildProcess.exithandler (child_process.js:303:12)

    at ChildProcess.emit (events.js:315:20)

    at maybeClose (internal/child_process.js:1021:16)

    at Process.ChildProcess._handle.onexit (internal/child_process.js:286:5)

 

Link to post
On 12/14/2020 at 7:56 AM, mattie112 said:

You can try to stop your docker container and then use the `exec` step so that you are the only one running certbot. I assume a restart of the container did not work? You can check to see if your DNS is configured correctly by using https://dnscheck.ripe.net/ for example. (Or sharing your domain here)

I believe the issue was with my new ISP. I'm using CloudFlare now without issue. Thanks for taking the time to respond.

Link to post

Hi everyone, I have successfully set up Nginx Proxy Manager. When making the Proxy Hosts publicly available, I can access them both from my LAN as well as from the web via my domain.

 

Now, I would like to make access more restrictive: the Proxy Hosts should only available locally or, when I am outside of my LAN, I would like to connect to my VPN (on my Unifi USG) and then access the Proxy Hosts.

 

So I have specified an access list with the static IP I get from my ISP, also my LAN IP and VPN IP. Still, when I am outside my LAN and connecting via VPN, I get the "403 forbidden" message. I can still access the services via their IP and port but not using the domains I created. Is there anything else I need to think of (e.g. firewall rules, changes to the access list)? Do you have any advice how I can check (e.g. in logs) to see what's going wrong?

 

Thanks!

Link to post

I am getting from CA Fix Common Problems :
 

Quote

Docker application NginxProxyManager has volumes being passed that are mounted by Unassigned Devices, but they are not mounted with the slave option


Usually i go to the docker config and switch the Access Mode: to RW/Slave to fix the issue on other containers.
but on this one there is no edit button ?
 

anyway to fix this ?
 

Note: my Appdata in on a NVME Unassigned devices who is not my Cache Drive

Thanks

Link to post
2 minutes ago, trurl said:

No edit button for the appdata mapping? Or you don't actually see the appdata mapping on the screen? 

there is no edit button......

Usually for some other container there is an edit button, or  i just go to show more setting and there is  edit button 

but on this one there is only the path 

 

noedit.PNG

Link to post
17 hours ago, michaelb said:

Hi everyone, I have successfully set up Nginx Proxy Manager. When making the Proxy Hosts publicly available, I can access them both from my LAN as well as from the web via my domain.

 

Now, I would like to make access more restrictive: the Proxy Hosts should only available locally or, when I am outside of my LAN, I would like to connect to my VPN (on my Unifi USG) and then access the Proxy Hosts.

 

So I have specified an access list with the static IP I get from my ISP, also my LAN IP and VPN IP. Still, when I am outside my LAN and connecting via VPN, I get the "403 forbidden" message. I can still access the services via their IP and port but not using the domains I created. Is there anything else I need to think of (e.g. firewall rules, changes to the access list)? Do you have any advice how I can check (e.g. in logs) to see what's going wrong?

 

Thanks!

 

So:

You have some hosts you want to be able to access publicly? And some host you only want to use internally. I also consider VPN internally.

 

In that case you can simple leave out the access list for the first one and on the second one you should only have to add your internal IP range (e.g. 192.168.x.x/24 or whatever your range is). Your VPN will most likely assign you an IP in your internal/private range. If it uses an other range you should allow that range as well. 

 

If you still have trouble provide us with some more info in your IP ranges and a screenshot on how NPM is configured.

Link to post
On 1/17/2021 at 11:13 AM, mattie112 said:

 

So:

You have some hosts you want to be able to access publicly? And some host you only want to use internally. I also consider VPN internally.

 

In that case you can simple leave out the access list for the first one and on the second one you should only have to add your internal IP range (e.g. 192.168.x.x/24 or whatever your range is). Your VPN will most likely assign you an IP in your internal/private range. If it uses an other range you should allow that range as well. 

 

If you still have trouble provide us with some more info in your IP ranges and a screenshot on how NPM is configured.

 

Thanks so much! Yes, some hosts can be publicly available, some of them should only be available internally (and when I am outside my LAN through VPN).

 

In my access list, I have my LAN IP range (192.168.1.0/24) and the one that my VPN assigns to its clients (192.168.2.1/24). My understanding was, that I should also add my external IP, which is a static IP I get from my ISP. When I am outside my LAN and connecting to my VPN, this is external IP I have.

 

With this setup, I can still not access the hosts through VPN via the domain, just by using their IP address and port.

 

Any ideas?

Edited by michaelb
Link to post
On 1/17/2021 at 4:49 PM, mgutt said:

@Djoss

Small bug:

855886686_2021-01-1716_49_27.png.b2f381abed8882924643faa6e56cc8dd.png

 

And the container does not map the port which is set through Web UI Port:

195782390_2021-01-1718_31_31.thumb.png.04025179263dddc86a8913856d933df6.png

 

Must admit i thought this was just me - I can't change the HTTP and HTTPS ports on mine, they are different inside the edit view than they are reflecting on the docker view.

 

Will keep an eye out to see if a fix appears as i am trying to only serve internally and need the ports to be standard 80/443 since i am updating the DNS records on PI hole to point at the Docker Fixed IP as an experiment.

Link to post

Can anyone explain me why NPM does not work if both, the NPM and the APP sit on the LAN ("br0" in mine) and not in the unraid default bridge.

I gave a local static IP to the NPM container and also to the APP container I  wanted to proxy to. When done so, APP can not be reached with its domain name (Both can be reached with their IP's).

In detail:

- my router redirects all 80 to NPM IP:PORT and all 443 to NPM IP:PORT

- my NPM has a proxy host: app.mydomain.com to APP IP:PORT

I get connection refused error. may I ask why please?

Edited by KrisMin
Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.