[Support] Djoss - Nginx Proxy Manager


Djoss

Recommended Posts

4 minutes ago, mattie112 said:

You can add your own certificates. Just buy them wherever you want and upload them in the UI:

 

image.png.18736d1ec8baf89e2c3673feaf86100a.png

 

Just don't forget you need to renew them manually.... We can also try to debug your Letsencrypt issues. I have 0 problems with letsencrypt as long as port 80 is open (it needs to do the challenges over http).

I havnt had much luck debugging network issues in Unraid, there's no way to get nmap or anything, but my router is setup correctly.

Link to comment

How is your setup? You have NPM to port 8080? And your router forwarded to unraid-ip:8080? Or do you have it in bridge mode?

 

What exactly do you want to check with nmap? To see if the correct port is open? You should be able to do `netstat -tulpn` on your Unraid. Or simply go (perferalby external) to http://your-external-ip you should see a "congratulations NPM" page, if not 80 is not forwarded/open and then letsencrypt won't work. Perhaps your provider blocks 80? But yeah if for any reason you only have 443 you can still manually add DNS certificates and those should work.

 

(or try out the letsencrypt DNS based verification but I have no experience with that so I have no idea how that works)

 

Link to comment
16 minutes ago, mattie112 said:

How is your setup? You have NPM to port 8080? And your router forwarded to unraid-ip:8080? Or do you have it in bridge mode?

 

What exactly do you want to check with nmap? To see if the correct port is open? You should be able to do `netstat -tulpn` on your Unraid. Or simply go (perferalby external) to http://your-external-ip you should see a "congratulations NPM" page, if not 80 is not forwarded/open and then letsencrypt won't work. Perhaps your provider blocks 80? But yeah if for any reason you only have 443 you can still manually add DNS certificates and those should work.

 

(or try out the letsencrypt DNS based verification but I have no experience with that so I have no idea how that works)

 

NPM container settings:

NPM1.thumb.jpg.1fd2cee3e48c58b673cb4710419b06cb.jpg

 

Router forwarding:

NPM2.jpg.4aeda120a40485598fcbcd7f3170bc89.jpg

 

netstat from within NPM container:

NPM3.thumb.jpg.7d2cd493b2ce2aeef9e50bc5451f355a.jpg

 

netstat from Unraid:

NPM4.thumb.jpg.bbda4cf63d458750a2374542b44de475.jpg

Link to comment
46 minutes ago, mattie112 said:

Allright that is looking good! Can you share your external IP (or host) then I can try to see if it works or not. It could very well be that your provider blocks port 80 ven though you can 'open' it.

 

I think I'm going to try a different route than letsencrypt

Edited by Snipe3000
Link to comment

Allright that's fine then you can use the custom certificate option from my screenshot a couple of posts back.

 

edit:

And just to confirm, I can contact :443 on your ip but not :80 (timeout) so I think it is blocked by your provider or perhaps your router has the web UI on port 80 and therefore no port forward?

Edited by mattie112
Link to comment

I'm having a weird issue. I recently re-installed NPM, and now I can no longer add wildcard subdomains (i.e. *.mydomain.com), it used to work fine, but since I re-installed it will not let me add them at all. Does anyone have any ideas how I might get it to work again?

Link to comment

Hi guys! I think I'm a bit lost and I need some help.

 

I'm sure there is a really simple and logical reason for this, but I can't see it atm.

 

NPM with cloudflare and a custom domain works great if I set the "Forward Hostname / IP" in NPM to my internal unraid IP (192.168.1.85) and port to an docker running on say 8080 or 7878. This works both locally and remote.

 

What I can't get to work is the forwarding to the local ip of my VM that is running Emby (192.168.1.75:8096). When I change it from 192.168.1.85 to 192.168.1.75 I get error 502 right away. 

 

Is there something wrong with my network config? NPM docker  (and all other dockers) is using in "Brigde" and my VM is using br0.

 

EDIT: NVM, It's working now, after a reboot.

Edited by julianbr
Fixed
  • Like 1
Link to comment

Any idea why a subdomain would start throwing 502 gateway errors after it has been working for months? My ApacheGuacamole docker. I can no longer connect to it from outside my network. Getting 502 error. If I try the internal IP it works fine. No changes in UNRAID or docker configs. It just stopped working. I've restarted both containers. Everything was working correctly.

Setup with Letsencrypt and cloudflare. I have 8 other proxyhosts with no issues setup the same way.  ApacheGuac is setup with custom:br0 interface with separate IP than unraid server

Any ideas would be appreciated.

Link to comment

Hello,
I'm getting a "502 Bad Gateway" error. So I tried to remove the proxy host, and the sub domain, and set it up one step at a time.
When I add the DNS record, it points me to the congratulations page. When I add it to the proxy hosts, set it up, it just gives me the error.

I have the same issue on other subdomains.

I did have it working before. Then I change some IP's and ports, and edited it in NPM as well, and it started doing the same.
I'm not sure how to proceed from here. I can use the internal IP and port in a browser, so it works.
Am I missing something?

Link to comment

A 502 error is usually that NPM is not able to (correctly) reach the target.

 

You can try something to debug it:

 

docker exec -it NginxProxyManager bash

ping <ip-of-your-container>

nc <ip-of-your-container> <port> and then type "GET /"

 

Just some commands to see if it can indeed request something from the target.

Link to comment
51 minutes ago, mattie112 said:

A 502 error is usually that NPM is not able to (correctly) reach the target.

 

You can try something to debug it:

 

docker exec -it NginxProxyManager bash

ping <ip-of-your-container>

nc <ip-of-your-container> <port> and then type "GET /"

 

Just some commands to see if it can indeed request something from the target.

docker exec -it NginxProxyManager bash
bash-5.0# ping 192.168.100.50
PING 192.168.100.50 (192.168.100.50): 56 data bytes

--- 192.168.100.50 ping statistics ---
57 packets transmitted, 0 packets received, 100% packet loss
bash-5.0# nc 192.168.100.50:32400
bash-5.0#

..... 

From Windows
 

C:\Users\Nanobug>ping 192.168.100.50

Pinging 192.168.100.50 with 32 bytes of data:
Reply from 192.168.100.50: bytes=32 time<1ms TTL=63
Reply from 192.168.100.50: bytes=32 time<1ms TTL=63
Reply from 192.168.100.50: bytes=32 time<1ms TTL=63
Reply from 192.168.100.50: bytes=32 time<1ms TTL=63

Ping statistics for 192.168.100.50:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\Nanobug>

So, how do I fix this?

Link to comment
44 minutes ago, Nanobug said:

docker exec -it NginxProxyManager bash
bash-5.0# ping 192.168.100.50
PING 192.168.100.50 (192.168.100.50): 56 data bytes

--- 192.168.100.50 ping statistics ---
57 packets transmitted, 0 packets received, 100% packet loss
bash-5.0# nc 192.168.100.50:32400
bash-5.0#

..... 

From Windows
 

C:\Users\Nanobug>ping 192.168.100.50

Pinging 192.168.100.50 with 32 bytes of data:
Reply from 192.168.100.50: bytes=32 time<1ms TTL=63
Reply from 192.168.100.50: bytes=32 time<1ms TTL=63
Reply from 192.168.100.50: bytes=32 time<1ms TTL=63
Reply from 192.168.100.50: bytes=32 time<1ms TTL=63

Ping statistics for 192.168.100.50:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\Nanobug>

So, how do I fix this?

So yeah your NPM container cannot reach your 'target'. 

 

What is your target? Is that the IP of your unraid host or a container in the bridge network with it's own IP? Also what network is your NPM container in?

 

image.png.81e34c6631ca4a71fe703ffe479a56fd.png

('br0' is the network, could also be something else)

 

And just for funs: from the NPM container can you ping something like 1.1.1.1 or 8.8.8.8 or 192.168.100.1 (assuming this is your router IP)

Link to comment
39 minutes ago, mattie112 said:

So yeah your NPM container cannot reach your 'target'. 

 

What is your target? Is that the IP of your unraid host or a container in the bridge network with it's own IP? Also what network is your NPM container in?

 

image.png.81e34c6631ca4a71fe703ffe479a56fd.png

('br0' is the network, could also be something else)

 

And just for funs: from the NPM container can you ping something like 1.1.1.1 or 8.8.8.8 or 192.168.100.1 (assuming this is your router IP)

Everything is on 192.168.100.0/24.
I'm in the process of moving it back to bridged, so it's on the same IP, just a different port. I used ot have it all at it's own IP.

And yes, I could ping the router:

bash-5.0# ping 192.168.100.1
PING 192.168.100.1 (192.168.100.1): 56 data bytes
64 bytes from 192.168.100.1: seq=0 ttl=64 time=0.387 ms
64 bytes from 192.168.100.1: seq=1 ttl=64 time=2.297 ms
64 bytes from 192.168.100.1: seq=2 ttl=64 time=0.196 ms
64 bytes from 192.168.100.1: seq=3 ttl=64 time=0.185 ms
64 bytes from 192.168.100.1: seq=4 ttl=64 time=0.408 ms
64 bytes from 192.168.100.1: seq=5 ttl=64 time=0.263 ms
--- 192.168.100.1 ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max = 0.185/0.622/2.297 ms

I guess I'll just reinstall it later.

Link to comment

I think there is a crippling bug in a new release but I unfortunately don't know which specifically.

What I can say is with the latest build when you try changing any SSL certs you get a local error.

Removing a proxy host will give the same error and when docker is rebooted logs show errors that it cannot find/load the SSL which prevents the container form working any further.

 

I created a new container (no retained settings) and tired adding just one SSL with the same issue.

Delete completely and used a version from November last year with multiple SSLs added the same way without issue.

Link to comment

Having used a few NGINX based reverse proxies this one is the best by far.

Its clean GUI allows for easier management of hosts and is better if your new to the platform.

However, since its based on GUI and not nitty gritty config files it can make getting troublesome dockers to work.

 

I struggled to get Deluge working and had little issues with the 10+ other dockers.

Now that I have it working I would like to share the solution which you will find here:
https://forums.unraid.net/topic/44109-support-binhex-delugevpn/?do=findComment&comment=980069

Link to comment
On 4/14/2021 at 1:51 PM, mattie112 said:

For wildcard certificates you MUST use DNS verification, did you set that up correctly?

 

I can live without wildcard SSL certs - the problem I have is that the web UI won't accept wildcards at all, even if the domain is not set up for SSL. It works fine if I edit the config files manually, but they of course get overridden if I edit the domain in the web UI, so I'd really like for the UI to accept wildcards.

Link to comment
51 minutes ago, balder said:

 

I can live without wildcard SSL certs - the problem I have is that the web UI won't accept wildcards at all, even if the domain is not set up for SSL. It works fine if I edit the config files manually, but they of course get overridden if I edit the domain in the web UI, so I'd really like for the UI to accept wildcards.

@balder thats correct, MGINX PM only supports wildcards in SSL but will work with subdomains.

If you want wildcards you would be better with raw NGINX docker using config files.

You should have no exposed instances to internet without a login wall and if you have that you should have SSL.

Link to comment

Help please. 

 

I just moved everything away from cache to replace my dual 256G drives with dual 1TB drives. 

Everything seems to have transferred nicely, but nginx is broken - and as a consequence as is my Nextcloud instance. 

 

nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/npm-5/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/npm-5/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

 

Is what it's saying in the log file. 

I assume I must have lost something in transit. 

I tried removing the container and re-adding it, hoping that would help resolve it. 

 

So what do I do? Transfer any necessary configs, remove the old directory and start over? Please advise I'm a bit out of my depth on this one. 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.