[Support] Djoss - Nginx Proxy Manager


Djoss

Recommended Posts

I am having a problem with Argo Tunnel and NPM.   Any client connecting to my environment, through https- gets logged as the Docker Network IP and not the CF Connecting IP.  Has anyone gotten the Real IP to come through both Argo Tunnel into NPM?   Its a config issue in NPM that I can not ascertain.

Link to comment

Hey there,

 

I've got a Nextcloud docker configured to be accessible at nextcloud.mydomain.com

This works perfectly but when I just input "nextcloud.mydomain.com" into a browser it defaults to http, even though "https://nextcloud.mydomain.com" also works perfectly fine.

How can I get Nginx to use https as default?

Changing the "Scheme" to https results in the Docker not to be accessible anymore.

 

Sorry if this is a rookie question but I'm trying to get this to work for an eternity now and did't find anything elsewhere using the GUI.

 

 

Thanks and greetings 

 

ShadowNovo

Link to comment

Hello,

I have for the second time a problem with nginx proxy manager.

I can't log in.... message "No relevant user found"

nothing has been done since last connection.

last time it happened, I couldn't do anything so I unintalled and redo everything.

since then no issues and actually it is working fine.

I juste can't log in

is the problem knowned?

thanks

Edited by Nexius2
Link to comment

I am in need of help.

 

Running unRaid with Nginx Proxy Manager + Cloudflare. I have nextcloud setup and have previously been using duckdns to access it, but since setting up nginx and cloudflare, have swapped to nextcloud.domainname.net.

I have set cloudflare and nginx up correctly in unraid as i can access everything else without an issue, but whenever i try and access nextcloud.domainname.net, it will constantly url swap back to my previous duckdns link and error.
I have confirmed through "curl -i -l https://nextcloud.domainname.net" that everything is working well until it hits on a location address "https://nextcloud.duckdns.org" instead of what i want. searching thoroughly confirms it is a 302 url rerouting error from nginx and needs the conf file to be edited. this is where my problem gets worse.

There is no nginx.conf file locatable on my system at all. it does not appear to exist. 

locations i have checked include:-

/etc/ (every sub folder)

/usr/ (every sub folder)

/root/ (every sub folder)

*/appdata/ (every sub folder)

I am at a loss where the conf file is or how i can simply resolve the issue with the 302 rerouting issue.

 

Quote

/tmp # curl -i -l https://nextcloud.domainname.net
HTTP/2 302 
date: Sun, 10 Oct 2021 09:43:33 GMT
content-type: text/html; charset=UTF-8
location: https://nextcloud.duckdns.org/login
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: oc_sessionPassphrase=****; path=/; secure; HttpOnly; SameSite=Lax
set-cookie: oc0rpib6w2sx=1iilp1jdtbf0koqrg0pn55aalq; path=/; secure; HttpOnly; SameSite=Lax
set-cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
set-cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
content-security-policy: default-src 'self'; script-src 'self' 'nonce-****='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
referrer-policy: no-referrer
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: none
x-xss-protection: 1; mode=block
x-served-by: nextcloud.domainname.net
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=****,"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 69bee7adaed96a72-SYD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

 

Link to comment
15 hours ago, mattie112 said:

Is this not an setting/issue with nextcloud? Does that have a redirect / force domain option?

 

 

I thank you so much, I was able to find the file to exit in the nextcloud/www/config/*.php file.. that was a huge pain in the a... thank you.

Edited by Schmackei
solved the issue.
Link to comment

I currently run this app on unraid, have been using it for a while and never had any issues until recently. My logs started showing this

 

[nginx] starting... nginx: [warn] low address bits of 192.168.1.0/16 are meaningless in /data/nginx/proxy_host/10.conf:111 nginx: [warn] low address bits of 192.168.1.0/16 are meaningless in /data/nginx/proxy_host/11.conf:124 nginx: [warn] low address bits of 192.168.1.0/16 are meaningless in /data/nginx/proxy_host/15.conf:111 nginx: [warn] low address bits of 192.168.1.0/16 are meaningless in /data/nginx/proxy_host/20.conf:119 nginx: [warn] low address bits of 192.168.1.0/16 are meaningless in /data/nginx/proxy_host/22.conf:124 nginx: [warn] low address bits of 192.168.1.0/16 are meaningless in /data/nginx/proxy_host/24.conf:124 nginx: [warn] low address bits of 192.168.1.0/16 are meaningless in /data/nginx/proxy_host/25.conf:124 nginx: [warn] low address bits of 192.168.1.0/16 are meaningless in /data/nginx/proxy_host/28.conf:124 nginx: [warn] low address bits of 192.168.1.0/16 are meaningless in /data/nginx/proxy_host/29.conf:124 nginx: [warn] low address bits of 192.168.1.0/16 are meaningless in /data/nginx/proxy_host/3.conf:111 nginx: [warn] low address bits of 192.168.1.0/16 are meaningless in /data/nginx/proxy_host/33.conf:124 nginx: [warn] low address bits of 192.168.1.0/16 are meaningless in /data/nginx/proxy_host/35.conf:124 nginx: [warn] low address bits of 192.168.1.0/16 are meaningless in /data/nginx/proxy_host/37.conf:124 nginx: [warn] low address bits of 192.168.1.0/16 are meaningless in /data/nginx/proxy_host/4.conf:111 nginx: [warn] low address bits of 192.168.1.0/16 are meaningless in /data/nginx/proxy_host/5.conf:111 nginx: [warn] low address bits of 192.168.1.0/16 are meaningless in /data/nginx/proxy_host/6.conf:111 nginx: [warn] low address bits of 192.168.1.0/16 are meaningless in /data/nginx/proxy_host/8.conf:124 nginx: [warn] low address bits of 192.168.1.0/16 are meaningless in /data/nginx/proxy_host/9.conf:124 nginx: [warn] could not build optimal variables_hash, you should increase either variables_hash_max_size: 1024 or variables_hash_bucket_size: 64; ignoring variables_hash_bucket_size

 

 

When I try to access any of my proxy hosts I get error 521, webserver is down. I haven't made any changes and I cant think of what would have triggered this error. Any help would be appreciated.

Link to comment

Hello @Djoss/Folks,

I wanted to Set up authenticated origin pulls from CA, any help would be highly appreciated.

I am not able to figure out what files need to to change.

 

Here is the link from Cloudflare and What it says:

 

Cloudflare Setup link

 

1. Install the above certificate at the origin web server to authenticate all connections. - What location to place the cert ?

2. For this example, you would have saved the certificate to /etc/nginx/certs/cloudflare.crt. - Which file to change for this ?

ssl_client_certificate /etc/nginx/certs/cloudflare.crt;
ssl_verify_client on;

 

Thanks in advance.

Link to comment

I have problems generating SSL certificates.

When I add my subdomain "*.rikdegraaff.nl" I get an internal error while generating the SSL certificate.

After I close the add Proxy Host window, it shows as a Proxy Host with HTTP only.

When I click on my freshly added subdomain it sends me to my webUI inlog page of unRAID, instead of the docker page.

So you see the default unRAID webUI login screen...

 

Certbot also tries to get to ACME verification (default) through **************.unraid.net:443 instead of my local 192.168.2.*:443 address.

Can failing to generate a certificate cohere with trying to generate through unraid.net instead of my local network??

 

And how am I supposed to solve this?

My ports are forwarded as following:

 

  • 192.168.2.* TCP&UDP 80:80

  • 192.168.2.* TCP&UDP 443:443

  • 192.168.2.* TCP&UDP 180:180

  • 192.168.2.* TCP&UDP 1443:1443

  • 192.168.2.* TCP&UDP 4443:4443

  • 192.168.2.* TCP&UDP 8080:8080

  • 192.168.2.* TCP&UDP 1880:1880

  • 192.168.2.* TCP&UDP 18443:18443

  • 192.168.2. *TCP&UDP 7818:7818

 

I hope that someone can help me out.

Thanks in advance!!!

 

Link to comment

You should only forward external ports 80 and 443 to your container. Is what you list the port forward in your router or the container ports?

 

The 8181 port is just for management and should not be forwarded (in my opinion)

 

So:

external 80 -> container 1880

external 443 -> container 18443

  • Thanks 1
Link to comment
2 hours ago, mattie112 said:

You should only forward external ports 80 and 443 to your container. Is what you list the port forward in your router or the container ports?

 

The 8181 port is just for management and should not be forwarded (in my opinion)

 

So:

external 80 -> container 1880

external 443 -> container 18443


Thanks man, it worked.

 

I removed all the port that were set in my router, that list was my port forward at the router side.

Then added external 80 -> private 1880 and external 443 -> private 18443, and everything worked flawless.

 

I was being busy with this yesterday the whole day, and could not come up with the above port forwardings....

You're a hero @mattie112, thanks! 😁

Edited by rikdegraaff
typo
  • Like 1
Link to comment
On 9/26/2021 at 4:25 PM, mattie112 said:

There should be an option to redirect traffic to HTTPS ('force https' or something like that). I can't currently check how it is called exactly as I am having some PSU issues so my server is offline :)

Hey, sry for the late reply 😅

Hope your server is fine again :D

 

Where do you think I should be able to find that option? As I already stated, changing the scheme in the Edit menu just makes the subdomain unavailable :C

This was the only option I found that has to do with https..

 

Thanks for the help 

 

ShadowNovo :D

Bild_2021-11-02_004150.png

Link to comment
13 hours ago, ShadowNovo said:

Where do you think I should be able to find that option? As I already stated, changing the scheme in the Edit menu just makes the subdomain unavailable :C

This was the only option I found that has to do with https..

 

 

Try this.  Note that my container port is 444, not the default 443.

 

 

Next1.JPG

Link to comment

So I feel like this must have been covered by someone in here, but when I'm connected to my home wifi I can't access any of my domains. I know it has something to do with NAT and DNS or something like that but I don't understand it. I use PfSense so if someone could point me in a direction I'd really appreciate it.

 

Thanks guys for all your help btw I'm getting a lot of stuff up and running here and it's really cool to me to be able to set up access like this.

Link to comment
On 9/26/2021 at 9:22 AM, ShadowNovo said:

Hey there,

 

I've got a Nextcloud docker configured to be accessible at nextcloud.mydomain.com

This works perfectly but when I just input "nextcloud.mydomain.com" into a browser it defaults to http, even though "https://nextcloud.mydomain.com" also works perfectly fine.

How can I get Nginx to use https as default?

Changing the "Scheme" to https results in the Docker not to be accessible anymore.

 

Sorry if this is a rookie question but I'm trying to get this to work for an eternity now and did't find anything elsewhere using the GUI.

 

 

Thanks and greetings 

 

ShadowNovo

So if you look at these two pics you'll see the details tab, you need to set this to match whatever the service your trying to forward uses. so if when you open the web UI and you get to a http site you need to choose HTTP, if you open it up and it uses https you need to choose HTTPS.

 

It's under the SSL tab where you set up whether you want the page served to the client device as HTTP or HTTPS.

If you want HTTPS you'll need to set up a cert. I personally use the cloudflare API for a DNS challenge. I honestly don't exactly understand how all that stuff works with SSL and what not I mean yes I use it but it was a confusing worm hole for me to learn how to do it but that doesn't mean I understand how it works exactly...Feel free to send me a PM if you need help I can try to help you out the best I can. I am a noob myself but we'll make it happen. 

Screenshot 2021-11-06 at 11-30-50 Nginx Proxy Manager.png

Screenshot 2021-11-06 at 11-31-05 Nginx Proxy Manager.png

Link to comment
50 minutes ago, rbh00723 said:

So I feel like this must have been covered by someone in here, but when I'm connected to my home wifi I can't access any of my domains. I know it has something to do with NAT and DNS or something like that but I don't understand it. I use PfSense so if someone could point me in a direction I'd really appreciate it.

 

Thanks guys for all your help btw I'm getting a lot of stuff up and running here and it's really cool to me to be able to set up access like this.

https://docs.netgate.com/pfsense/en/latest/nat/reflection.html

  • Thanks 1
Link to comment

I'm not overly familiar with GitHub, but what is the time frame usually for the develop branch to get merged into a master branch? Or, if there a way with the unRAID docker to switch to using the dev branch instead of master? The latest dev release has a vital upgrade (haven't been able to access my arr apps via reverse proxy address in several days because something in the code had to be renamed) that was released today but it isn't reflecting in unRAID yet. Thanks!

Link to comment

Having issues accessing some of my domains. "NET::ERR_CERT_DATE_INVALID"

 

Log reporting:

Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation

All renewals failed. The following certificates could not be renewed:

 

Can anyone offer any guidance here? Thank you.

Link to comment

Hoping someone can help me. I have the docker up and running (bridge network) and it’s  forwarding to Unraid dockers just fine. I have 2 web apps running on separate Hyper V VM's - Hudu and HumHum. These two webapps work find when port forwarding go directly to them, however will not work when port forwarding goes to NPM. Both apps have letsencrypt SSL built in however I don't think that's the issue - it may however be another issue down the track.

 

I have tried;

Turning off forced SSL on NPM - HTTP2 error

With SSL turned on (NPM) - Redirection error.

Various 'custom location' configs - although I don't really know what I'm doing.

Various 'Advanced' configs - again, basically guesswork in the hope of noticing a helpful behavioral change.

Various changes to the 'default' file of Hudu

 

I spent weeks (or more) trying to set up a reverse proxy a year or so ago but ended up giving up so I really want to get this running. Would be great to be able to host more than one thing through a single WAN connection. I have the feeling that it's as trust issue and hoping it's a simple inclusion to each app, and not individual script each and every time.

 

Any help is greatly appreciated.

 

EDIT Since posting this I've notice an embarrassing oversight - http vs https selection when creating Proxy Host. I now have some consistency at least - Bad Gateway on both Web Apps. Will continue trouble shooting but hope someone can swoop in and save the day with the missing piece of the puzzle.

 

EDIT: Thanks everyone for the help. I got it sorted. An embarrassing number of hours spent... I completely missed the HTTPS selection, and then just needed to set the port to 443 instead of 80.

 

I hope this helps someone else.

Edited by Philby1975
Link to comment
6 hours ago, mattie112 said:


Still failing after running both renewal commands:


"Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet."

 

Edited by damnshaneisthatu
Link to comment
8 hours ago, Philby1975 said:

Hoping someone can help me. I have the docker up and running (bridge network) and it’s  forwarding to Unraid dockers just fine. I have 2 web apps running on separate Hyper V VM's - Hudu and HumHum. These two webapps work find when port forwarding go directly to them, however will not work when port forwarding goes to NPM. Both apps have letsencrypt SSL built in however I don't think that's the issue - it may however be another issue down the track.

 

I have tried;

Turning off forced SSL on NPM - HTTP2 error

With SSL turned on (NPM) - Redirection error.

Various 'custom location' configs - although I don't really know what I'm doing.

Various 'Advanced' configs - again, basically guesswork in the hope of noticing a helpful behavioral change.

Various changes to the 'default' file of Hudu

 

I spent weeks (or more) trying to set up a reverse proxy a year or so ago but ended up giving up so I really want to get this running. Would be great to be able to host more than one thing through a single WAN connection. I have the feeling that it's as trust issue and hoping it's a simple inclusion to each app, and not individual script each and every time.

 

Any help is greatly appreciated.

 

EDIT Since posting this I've notice an embarrassing oversight - http vs https selection when creating Proxy Host. I now have some consistency at least - Bad Gateway on both Web Apps. Will continue trouble shooting but hope someone can swoop in and save the day with the missing piece of the puzzle.

 

So your apps already have SSL? Why do you want NPM then?

 

A bad gateway error is that NPM cannot access your application.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.