Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Djoss - Nginx Proxy Manager

Featured Replies

  • Author
10 hours ago, flippedcracker said:

Tunable is set to Auto. File system is reiserfs. I've had this server for many many years.

The problem is the filesystem.  Mariadb uses an operation (fallocate) which is not supported by reiserfs...

  • Replies 2k
  • Views 517.2k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • You can use my fork for now: https://hub.docker.com/r/mattie112/docker-nginx-proxy-manager (which I will delete if/when this gets implemented by Djoss)   My fork is 100% the same c

  • sdchoni
    sdchoni

    To temporarily resolve this issue, you can use the previous release of Nginx Proxy Manager. Edit the app and change the repository to: jlesage/nginx-proxy-manager:v25.09.1 Once this is resolved, you

  • Please verify that the problem is fixed with the latest version.

Posted Images

  • Author
4 hours ago, Kaizac said:

I have the NginxProxyManager docker on it's own IP in the same VLAN as my other dockers. All other dockers also have their own IP in this VLAN. So I put the NginxProxyManager on ports 80 and 443 and I opened and forwarded these ports on my router to the IP of the NginxProxyManager.

 

Then when I add my proxy hosts and request the certificates I always get the error "Internal Error". When I look in my log it says the following:


Failed authorization procedure. bitwarden.mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://bitwarden.mydomain.com/.well-known/acme-challenge/As3xDn2mZgCJzRpsFyGtlXKog3UZBRzrsHVaActeN6s: Connection refused

 

The container is not reachable from the Internet.  Note that when assigning an IP to the container, you cannot choose the ports used by the container.   So you need to forward to the container HTTPs port 4443 and HTTP port 8080.

14 minutes ago, Djoss said:

The container is not reachable from the Internet.  Note that when assigning an IP to the container, you cannot choose the ports used by the container.   So you need to forward to the container HTTPs port 4443 and HTTP port 8080.

Ok so I changed this and it give the error below. So then I disabled the Cloudflare CDN protection. And it works. So is it possible to get this working with the Cloudflare CDN/protection on you think?

Failed authorization procedure. bitwarden.mydomain (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://bitwarden.mydomain/.well-known/acme-challenge/Z6vJRYrurz18JbcCPEeexbC1IhmWJoxfOFIY3jVRatw [2606:4700:30::681b:80cc]: "<!DOCTYPE html>\n<!--[if lt IE 7]> <html class=\"no-js ie6 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 7]> <html class=\"no-js "

 

  • Author
15 minutes ago, Kaizac said:

Ok so I changed this and it give the error below. So then I disabled the Cloudflare CDN protection. And it works. So is it possible to get this working with the Cloudflare CDN/protection on you think?


Failed authorization procedure. bitwarden.mydomain (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://bitwarden.mydomain/.well-known/acme-challenge/Z6vJRYrurz18JbcCPEeexbC1IhmWJoxfOFIY3jVRatw [2606:4700:30::681b:80cc]: "<!DOCTYPE html>\n<!--[if lt IE 7]> <html class=\"no-js ie6 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 7]> <html class=\"no-js "

 

What the protection is doing?  If it forces redirection to HTTPs, then I guess it won't work.  Unless you can disable the protection for specific URLs...

6 minutes ago, Djoss said:

What the protection is doing?  If it forces redirection to HTTPs, then I guess it won't work.  Unless you can disable the protection for specific URLs...

You made me remember, it's not the IP/CDN protection it's a setting in Cloudflare. Someone else in this topic mentioned it. You have to disable the HTTPS rewrites. So I got most of my subdomains working. Two aren't though or not as desired (Nextcloud and OnlyOffice). Both which require a more specific configuration. So what I can do is put my older NGINX config in, but then it has includes which it can't find.

I see that the standard configs are including files like block-exploits.conf. Are those accessible and editable somewhere? I can't find them, so I wonder if they are hardcoded/somewhere hidden.

  • Author
10 hours ago, Kaizac said:

I see that the standard configs are including files like block-exploits.conf. Are those accessible and editable somewhere? I can't find them, so I wonder if they are hardcoded/somewhere hidden.

Yes they are hard-coded files.  They are located under /etc/nginx in the container.

  • Author

For people who were waiting for it: subfolders support is now there :)

 

Just a heads up, the latest build does not respect custom ports.  Default right back to the stock ports :)

  • Author
2 hours ago, Jclendineng said:

Just a heads up, the latest build does not respect custom ports.  Default right back to the stock ports :)

What do you mean exactly by "does not respect custom ports"?  You mean the port mappings between the host and the container?

I change the ports when I set up the container but it does not see them for some reason.  I deleted the container and xml and started over with same results.  I changed the ports to 80, 443 and 8080 but the default ports still override it.

Are you talking about host ports or container ports? I have an nginx proxy manager container running on a vps with custom ports and it's working. It's not the latest version tho

do i still need like duck dns to give it a name or something?

Just now, Nyghthawk said:

do i still need like duck dns to give it a name or something?

If you don't have a static public IP, you need something like DuckDNS point your domain/subdomains to your unRaid Server :)

16 minutes ago, Raz said:

If you don't have a static public IP, you need something like DuckDNS point your domain/subdomains to your unRaid Server :)

have static ip....but then need to remember my IP for each "subdomain"? sonarr.##.##.##.## etc?

Edited by Nyghthawk

Just now, Nyghthawk said:

have static ip....but then need to remember my IP for each "subdomain"? sonarr.##.##.##.## etc?

Don't you have a domain name? You still need a domain name! If you don't have it, you have to use Duck DNS

3 minutes ago, Raz said:

Don't you have a domain name? You still need a domain name! If you don't have it, you have to use Duck DNS

so if i just buy a domain name from <insert provider> I just create subdomains there and nameserver it to my static ip? or

sonarr.mydomain.com points to 111.222.333.444:1234 ? or should i still use this to hide the ports?

so then its sonarr.mydomain points to sonarr.mypublicip

Edited by Nyghthawk

6 minutes ago, Nyghthawk said:

so if i just buy a domain name from <insert provider> I just create subdomains there and nameserver it to my static ip? or

sonarr.mydomain.com points to 111.222.333.444:1234 ? or should i still use this to hide the ports?

so then its sonarr.mydomain points to sonarr.mypublicip

If you buy your domain, you have to change the dns records to point it to your public ip. So something like "sonarr.mydomain.com" points to "yourpublicip" and on nginx proxy manager you setup everything according to your configurations :)

4 minutes ago, Raz said:

If you buy your domain, you have to change the dns records to point it to your public ip. So something like "sonarr.mydomain.com" points to "yourpublicip" and on nginx proxy manager you setup everything according to your configurations :)

thank you, will get on that!

On 3/2/2019 at 7:38 PM, Djoss said:

So if you have specific domain names, can't you block the ones you don't want by adding "404 Hosts"?

 

Btw, the ability to customize/disable the default page is a feature that as been requested on the project.

I can add 404 hosts, have have add the IP address as one as a temporary bandaid, but that works until my dynamic IP changes.  Then I have to know that and manually change the 404 host.  Ideally, anything other than requests from mysubdomain.mydomain.com would just gets dropped.  Even with 404 I see foreign bad guys trying to run exploits in the dead-hosts log.

On 3/2/2019 at 7:38 PM, Djoss said:

So if you have specific domain names, can't you block the ones you don't want by adding "404 Hosts"?

 

Btw, the ability to customize/disable the default page is a feature that as been requested on the project.

I just saw in the new version of the container that updated while I was back at the day job that there is a settings open to change the default site.  Well done, thanks!  My next question would be which is the best option for deterring bad guys?  404, 444, or maybe redirect?  Or do they all say enough to the prying eyes that the server is responding to reqeuests so they keep at it?

 

Also, is fail2ban implementation forthcoming?  That would help solve the problem.

Edited by KG_NV

First of all, I would like to thank you for developing this docker. This is a fantastic tool for users with limited understanding of networking (like myself).

 

Now, on to the problem:

  • I configured Nginx Proxy Manager for 5 different proxy hosts - Sabnzbd, Sonarr, Radarr, Lidarr and Ombi
  • Everything else seems to work flawlessly except Ombi.
  • With Ombi, although I am able to get to the login page, it keeps looping back to the same page, when I click on the login button.
  • i.e. Instead of logging me into Ombi, it open a new tab / window and goes back to the login screen.
  • Also, the same behavior is persistent on both Ombi native login and plex authorization. Have even tried the option to log a user based on just the username, but even that does not work.
  • I have checked the configuration file for Ombi and the options selected on that file are exactly the same as other proxy host config files.
  • I have included my config file below for your assistance:

# ------------------------------------------------------------
# ombi.mydomain.com
# ------------------------------------------------------------


server {
  set $forward_scheme http;
  set $server         "x.x.x.x";
  set $port           3579;

  listen 8080;
listen 4443 ssl http2;

  server_name ombi.mydomain.com;


  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /etc/letsencrypt/live/npm-7/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-7/privkey.pem;


# Asset Caching
  include conf.d/include/assets.conf;


  # Block Exploits
  include conf.d/include/block-exploits.conf;


  access_log /data/logs/proxy_host-5.log proxy;

  location / {


    # Force SSL
    include conf.d/include/force-ssl.conf;

    
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_http_version 1.1;
    

    # Proxy!
    include conf.d/include/proxy.conf;
  }
}

 

---------------------------

 

Any help would be much appreciated.

 

Edit : Managed to fix the issue by disabling the support websockets option. 

Edited by Dragnoballz

Is fail2ban also in place?

  • Author
20 hours ago, KG_NV said:

My next question would be which is the best option for deterring bad guys?  404, 444, or maybe redirect?

I would use 444, which makes nginx to close the connection.

  • Author
20 hours ago, KG_NV said:

Also, is fail2ban implementation forthcoming?  That would help solve the problem.

 

24 minutes ago, malac said:

Is fail2ban also in place?

 

This container doesn't have fail2ban.  I'm not sure this is the right place to implement it.  Doing so will probably cause issues if another container also implements it.  I think the best way would be to have one container (or the host) implementing fail2ban.  This instance could be used to monitor multiple log files from multiple containers.

So i had this long post about things not working. And I got it working.

 

However, need a bit of help on this last one.

 

Trying to get my unifi controller accessible. When I am local and i type http://localip:port to access the login, it lets me log in, then gives me an error on the certificate, etc. When I type in http://unifi.domain it asks to log in like normal, but then does not log in giving me an error. 

ASKuMq5.png

 

is this a setting I am missing, do i need to customize my commands for this one?

So far I think everything else is working. (crosses fingers)

 

 

also, I did a blanket wildcard record on my domain, so all subdomains will point to "proxy manager has not been setup yet" is this ok?

 

also tried to add SSL, and i get an "internal error", and nothing works, any help with that? apparently creates an SSL but then i get a cipher mismatch or something like that error.

Edited by Nyghthawk

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.