[Support] Djoss - Nginx Proxy Manager


Djoss

1451 posts in this topic Last Reply

Recommended Posts

Thanks mate but I actually followed that exact video and still got the error I mentioned :(

 

EDIT: Got it all sorted except for this:

 

Quote

EDIT: Also very important to mention that the "Force SSL" option on Nginx Proxy Manager causes an infinite redirect error when used in parallel with Cloudfare's "Always HTTPS" mode... cost me at least 5 hours of troubleshooting thanks to that... Not sure which is best to use but I've opted to keep it off on NPM and on, on Cloudfare.

 

... anyway most of my problems were due to running my containers on different virtual networks...

Edited by plantsandbinary
Link to post
  • Replies 1.5k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

Support for Nginx Proxy Manager docker container   Application Name: Nginx Proxy Manager Application Site: https://nginxproxymanager.jc21.com Docker Hub: https://hub.docker.com/r/jlesage/ngi

You can use my fork for now: https://hub.docker.com/r/mattie112/docker-nginx-proxy-manager (which I will delete if/when this gets implemented by Djoss)   My fork is 100% the same c

For people who were waiting for it: subfolders support is now there  

Posted Images

There appears to be a bug in this package: If I use the "br0" interface for the connection, i.e. the container obtains its own IP address from the DHCP server/router in the network in which unraid lives, the http/https ports that I specify are ignored. The default values, e.g. 8080, are used, which is bad in case you just want ot use normal http/https behaviour (but with its own ip) and your router doesn't allow portforwarding to another port.

Link to post
1 hour ago, RT87 said:

There appears to be a bug in this package: If I use the "br0" interface for the connection, i.e. the container obtains its own IP address from the DHCP server/router in the network in which unraid lives, the http/https ports that I specify are ignored. The default values, e.g. 8080, are used, which is bad in case you just want ot use normal http/https behaviour (but with its own ip) and your router doesn't allow portforwarding to another port.

That's the way that br0 works.  Any and all port mappings are ignored by docker itself.

Link to post

Edit: solved it, posting the solution

 

Hi there,

 

some sort of issue seems to have gotten its way into my system since my last login in NPM in January.

My list of proxy hosts and SSL Certificates will not be displayed. the UI shows me an error "The owner is null".

The reason behind this error is the deletion of two user accounts ind NPM. Those users happen to be the owners of those proxy host entries.

 

In order to fix the issue, i went inside the container and edited the sqlite database, resetting the owner to the id of the remaining user (1).

 

unraid# docker exec -it NginxProxyManager bash
bash-5.0# sqlite3 /data/database.sqlite
sqlite> UPDATE proxy_host  SET owner_user_id = 1 where owner_user_id != 1;
sqlite> UPDATE certificate SET owner_user_id = 1 where owner_user_id != 1;

 

image.png.0fdbd94836e9813da3b1348b5030dfe2.png

 

TypeError: owner is null
    exports https://nginx.x.duckdns.org/js/7.bundle.7.js:1
    render https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:306
    <anonymous> https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:299
    _renderTemplate https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    render https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    ae https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    _getBuffer https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    H https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    _getBuffer https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    _renderChildren https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    filter https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    sort https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    render https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    ae https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    show https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    showChildView https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    onRender https://nginx.x.duckdns.org/js/7.bundle.7.js:1
    O https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    render https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    ae https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    show https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    showChildView https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    onRender https://nginx.x.duckdns.org/js/7.bundle.7.js:1
    promise callback*onRender https://nginx.x.duckdns.org/js/7.bundle.7.js:1
    O https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    render https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    ae https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    show https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    showChildView https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    showAppContent https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:306
    showNginxProxy https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    showNginxProxy https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    promise callback*showNginxProxy https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    xe https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    i https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    Y https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    execute https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    route https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    loadUrl https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    F https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    loadUrl https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    navigate https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    navigate https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    click ui.links@https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:306
    dispatch https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
    handle https://nginx.x.duckdns.org/js/main.bundle.js?v=2.8.1:27
7.bundle.7.js:1:1293

 

Edited by taifleh
Link to post

I'm having an issue with an initial setup of NPM.  Whenever I login for the first time using admin@example.com / changeme, the application has me change my information as normal. After I change it though, if I logout at any point and try to login again, it says "No Relevant User Found".

Any ideas? Am I missing a step to save my account? It appears in the users tab just fine and I've even tried resetting the password in there to confirm it was changed.

Link to post

UPDATE -seems to be working now at least with the single proxy host. Thanks 

 

Duckdns works but my domain does not.

 

I want to use my domain. I have it set using ddns and the cloudflareDNS docker. The docker log shows that it is checking the ip and it hasn’t changed. But for whatever reason I can’t reach my server using the domain, sub domain or anything. Btw, I dam trying to setup nginx manager. 

 

However if I use duckdns instead of my own domain and cloudflare is works immediately. I have been trying to get the domain to work for over a week.  The current error is -520 web server is returning an unknown error.

Would really like to use my domain and sub domains instead of duckdns. 

Thanks in advance for your help.

 

This certificate looks good BUT it is not my origin’s certificate. Could it be this mismatch that is cause me trouble? Why isn’t it showing that certificate?

I just want to reach my server and services safely, securely, and quickly. Thanks for your help.

 

794788A0-AFDD-42E2-A0D9-07C293AEED91.png

Edited by Profezor
Link to post
14 hours ago, RyanOver9000 said:

I'm having an issue with an initial setup of NPM.  Whenever I login for the first time using admin@example.com / changeme, the application has me change my information as normal. After I change it though, if I logout at any point and try to login again, it says "No Relevant User Found".

Any ideas? Am I missing a step to save my account? It appears in the users tab just fine and I've even tried resetting the password in there to confirm it was changed.


I think I figured it out.  The user email has to be typed all lowercase when logging in. It seems when changing from the original admin account it will automatically lowercase everything.

Link to post
On 3/26/2021 at 1:25 PM, RT87 said:

There appears to be a bug in this package: If I use the "br0" interface for the connection, i.e. the container obtains its own IP address from the DHCP server/router in the network in which unraid lives, the http/https ports that I specify are ignored. The default values, e.g. 8080, are used, which is bad in case you just want ot use normal http/https behaviour (but with its own ip) and your router doesn't allow portforwarding to another port.

Had the same problem and was luckily able to fix it. It's not a bug though, it's intended behavior. Here's how you can fix the problem.

 

If you are running Unraid 6.8.3+ then under Settings > Docker > Advanced view you will find the option 'Host access to custom networks'. To enable this option you will first need to stop Docker by setting Enable Docker to No. Then simply change the option to Enabled and re-enable Docker.

 

More information here:

 

Link to post
On 4/2/2021 at 2:21 PM, demc19 said:

 

 

If you are running Unraid 6.8.3+ then under Settings > Docker > Advanced view you will find the option 'Host access to custom networks'. To enable this option you will first need to stop Docker by setting Enable Docker to No. Then simply change the option to Enabled and re-enable Docker.

 

 

I already have this enabled and Nginx still only listens on port 8080 (needing it to listen on port 80). Did you do anything else to get it to work?

Link to post
On 4/7/2021 at 3:25 PM, Candle said:

I already have this enabled and Nginx still only listens on port 8080 (needing it to listen on port 80). Did you do anything else to get it to work?

If you want to have it listen to 80/443 you need to change the container itself. When using bridge network mode there is no such thing as "port mapping" so whatever you do it still will be 8080

 

But: I also needed 80/443 so I forked this project and change the ports so you can use that :)

 

 

 

Link to post

When adding a new host, I am unable to get the SSL certificate from Let's Encrypt. Output from logs

 

[4/8/2021] [9:44:11 PM] [Nginx ] › ℹ info Reloading Nginx
[4/8/2021] [9:44:11 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #3: sub.domain.uk
[4/8/2021] [9:44:15 PM] [Nginx ] › ℹ info Reloading Nginx
[4/8/2021] [9:44:15 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-3" --agree-tos --email "boyturtle@domain.uk" --preferred-challenges "dns,http" --domains "sub.domain.uk"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for sub.domain.uk
Using the webroot path /config/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain sub.domain.uk
http-01 challenge for sub.domain.uk
Cleaning up challenges
Some challenges have failed.

The output states --preferred-challenges "dns,http", I have purposly left dns challenge disabled when adding the host.

At first I thought the install was corrupt, so I uninstalled the docker and deleted the folder in appdata, before reinstalling it. It still behaves the same way.

Any suggestions on how to fix this?

Edited by Boyturtle
Link to post

Love this container.

Swag is garbage in comparison. Set up swag, worked till next update... then broke. Would not work again despite numerous deletions, re-installs.

This was simple to set up the SSL cert, simple to add in a proxy and further conditions. Took less than 5 minutes from install, to wildcard cert working as expected.

It literally just works. Keep up the awesome work dev!

Link to post
15 hours ago, Boyturtle said:

When adding a new host, I am unable to get the SSL certificate from Let's Encrypt. Output from logs

 


[4/8/2021] [9:44:11 PM] [Nginx ] › ℹ info Reloading Nginx
[4/8/2021] [9:44:11 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #3: sub.domain.uk
[4/8/2021] [9:44:15 PM] [Nginx ] › ℹ info Reloading Nginx
[4/8/2021] [9:44:15 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-3" --agree-tos --email "boyturtle@domain.uk" --preferred-challenges "dns,http" --domains "sub.domain.uk"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for sub.domain.uk
Using the webroot path /config/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain sub.domain.uk
http-01 challenge for sub.domain.uk
Cleaning up challenges
Some challenges have failed.

The output states --preferred-challenges "dns,http", I have purposly left dns challenge disabled when adding the host.

At first I thought the install was corrupt, so I uninstalled the docker and deleted the folder in appdata, before reinstalling it. It still behaves the same way.

Any suggestions on how to fix this?

And you can resolve your domain correctly? Both ipv4 and ipv6? It looks like it is doing a http challenge but that fails so most likely letsencrypt cannot reach your domain to verify.

Link to post
5 hours ago, mattie112 said:

And you can resolve your domain correctly? Both ipv4 and ipv6? It looks like it is doing a http challenge but that fails so most likely letsencrypt cannot reach your domain to verify.

I have set up a DDNS A record and several CNAME records off the back of that on Cloudflare, inc root and www. I am able to ping them all just fine.  Is there anything else I should be looking at?

FWIW, I am able to add an origin certificate and use that for the hosts, but I would like to get the Let's Encrypt certificate working, in case I need it at some point in the future.

When I try to add the Let's Encrypt certificate, I get this error within the nginx proxy manager

Error: Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-16" --agree-tos --email "boyturtle@domain.uk" --preferred-challenges "dns,http" --domains "domain.uk" 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for domain.uk
Using the webroot path /config/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain domain.uk
http-01 challenge for domain.uk
Cleaning up challenges
Some challenges have failed.

    at ChildProcess.exithandler (child_process.js:308:12)
    at ChildProcess.emit (events.js:314:20)
    at maybeClose (internal/child_process.js:1022:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5)

 

Link to post

If your DNS is resolving to cloudflare are you 100% sure the '/config/letsencrypt-acme-challenge' is also forwarded correctly? Letsencrypt needs to contact your server (over http) to verify the signature.

Link to post
10 hours ago, mattie112 said:

If your DNS is resolving to cloudflare are you 100% sure the '/config/letsencrypt-acme-challenge' is also forwarded correctly? Letsencrypt needs to contact your server (over http) to verify the signature.

Bingo. That sorted it, thanks. I'd got an old rule blocking port 80 sitting at the bottom of my rules list that I'd missed and forgotten to disable again. I've unblocked it and Letsencrypt can now issue the certificate 😊

Link to post

Quick question, everything so far works beautifull no issues whatsoever, however when I try to connect from my local network to my reverse proxy this doesn't work, now after a bit of research I've been pointed in the direction to setup NAT on my firewall so it translates mydomain to the local dockers but I'm a bit of an idiot and I can't get this to work.

Alternatively I have managed to setup up a dns rewrite through adguard so docker.my.domain does get translated to the ip adres of the unraid server however I still need to specify the port.

 

In short; docker.my.domain -> works remote but not locally

docker.my.domain:port -> works locally but not remote

 

Is there a way to set things up that I can simply use docker.my.domain from both my local network as well as from a remote network?

 

Link to post

What router do you have? You can try to lookup "hairpin nat" for your router.

 

Or perhaps you can add a static DNS entry in your router

your.server.dns -> 192.x.x.x

So that it always resolves to an internal IP.

 

Link to post
5 minutes ago, mattie112 said:

What router do you have? You can try to lookup "hairpin nat" for your router.

 

Or perhaps you can add a static DNS entry in your router

your.server.dns -> 192.x.x.x

So that it always resolves to an internal IP.

 

 

I've got a watchguard, so that should be possible somewhere, just not a network specialist haha

Link to post

Yeah I thought something like that, most consumer routers normally work out of the box (although the how might be a bit unexpected) but most advanced require some config. I have a Mikrotik and that also took some trying to get it to work. You might want to check https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/nat/nat_loopback_static_c.html

 

On my router it was enough to specify a "dst address" on my NAT rules (instead of not filling that in) and a masquerade rule but yours might need something different. 

 

If you just want to know if everything works you can either add a static DNS in your router (to your local IP) or your pc HOSTS file (/etc/hosts or c:\windows\system32\drivers\etc\hosts).

 

Link to post

You can add your own certificates. Just buy them wherever you want and upload them in the UI:

 

image.png.18736d1ec8baf89e2c3673feaf86100a.png

 

Just don't forget you need to renew them manually.... We can also try to debug your Letsencrypt issues. I have 0 problems with letsencrypt as long as port 80 is open (it needs to do the challenges over http).

Edited by mattie112
Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.