nginxproxymanager / nginx-proxy-manager Goto Github PK

Can you add the bandwidth usage log with graph for this project?

Health check page is not available?

2018/09/04 19:06:12 [error] 223#223: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: localhost, request: "GET /health HTTP/1.1", upstream: "http://127.0.0.1:81/health", host: "localhost:9876"

2018/09/04 19:06:27 [error] 223#223: *3 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: localhost, request: "GET /health HTTP/1.1", upstream: "http://127.0.0.1:81/health", host: "localhost:9876"

I cannot upload certificate files,
It just does nothing and then says: "Upload failed: 0"

As the title says, a proxy or redirect should be able to be disabled using a checkbox on the edit modal.

Hi,

great work so far!

I was trying to add a custom certificate and only got a popup showing "internal error".
Also got the following log entry:
[Express ] › ⚠ warning dir is not defined

Looks like the dir variable is not available in the then function here:
https://github.com/jc21/nginx-proxy-manager/blob/a4b918e648d6b992ca1934196253a3643aeb175d/src/backend/internal/certificate.js#L444

Thanks

I am trying to run this on my raspberry pi but this error keeps looping when I attach to the docker container, it doesn't shows up when I set my engine to mysql

[9/19/2018] [6:05:56 PM] [Global ] › ✖ error Cannot find module './dialects/mariadb/index.js' { Error: Cannot find module './dialects/mariadb/index.js' at Function.Module._resolveFilename (internal/modules/cjs/loader.js:581:15) at Function.Module._load (internal/modules/cjs/loader.js:507:25) at Module.require (internal/modules/cjs/loader.js:637:17) at require (internal/modules/cjs/helpers.js:20:18) at Knex (/app/node_modules/knex/lib/index.js:49:15) at Object.<anonymous> (/app/src/backend/db.js:27:33) at Module._compile (internal/modules/cjs/loader.js:689:30) at Object.Module._extensions..js (internal/modules/cjs/loader.js:700:10) at Module.load (internal/modules/cjs/loader.js:599:32) at tryModuleLoad (internal/modules/cjs/loader.js:538:12) at Function.Module._load (internal/modules/cjs/loader.js:530:3) at Module.require (internal/modules/cjs/loader.js:637:17) at require (internal/modules/cjs/helpers.js:20:18) at Object.<anonymous> (/app/src/backend/migrate.js:3:16) at Module._compile (internal/modules/cjs/loader.js:689:30) at Object.Module._extensions..js (internal/modules/cjs/loader.js:700:10) code: 'MODULE_NOT_FOUND' } nginx: [emerg] mkdir() "/var/cache/nginx/proxy_temp" failed (2: No such file or directory) nginx: [emerg] mkdir() "/var/cache/nginx/proxy_temp" failed (2: No such file or directory) nginx: [emerg] mkdir() "/var/cache/nginx/proxy_temp" failed (2: No such file or directory)

Hi! As I am noob with nginx is it possible to enable the GeoIP module so we can limit access also by location?
https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-by-geoip/

Thank you!

Hello,

I wonder if it would be possible to allow the use of DNS names, rather than just IP addresses, when defining proxy hosts? This would be useful, for example, for proxying to Docker containers on the same network, rather than having to expose ports/assign static IPs using a custom network.

Thanks in advance, and thanks for your work on this project - it has helped me out immensely!

Hello,

This may be more of an NGINX issue, but I'm trying to proxy my internal services (just HTTP at this point)(Sonarr/Radarr/Lidarr/etc.) to my server that's running the services, but all show the 404 page.

I'm trying to access, for example:

my.site/emby

My config for this is:

location /emby/ {
proxy_pass http://127.0.0.1:8096; # Local emby ip and non SSL port

proxy_hide_header X-Powered-By;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

#Next three lines allow websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}

I have a working config on another machine (just command line/config files only) where this works.

For other services, I had to use:

proxy_pass http://localip:8800/sabnzbd/

Which appends a "/sabnzbd" after the Port number (Sonarr/Radarr/Lidarr/Sabnzbd require this).

My questions are:

• For the 1st example (emby), is there something I'm missing to be able to get this to work? I can provide my other config (for the Server section) if needed.
• For the 2nd example (Sonarr/Radarr/Lidarr), is there a way to append that URL piece after the Port?

Hello, I loved this tool makes it much easier to use domains in docker. It is better than any other existing option.

But I'd like to give the idea of ​​putting user authentication to make it secure, and also allow administrators to be able to free access for certain users.

It would also be interesting to choose an external SSL certificate besides lets encrypt.

Congratulations on the project, I hope to see these implementations one day. : D

It would be nice to allow the user to specify the content for the following pages

• upstream 404
• upstream 500
• upstream unavailable error
• default page when no matching hostname is configured

On the "Add Custom Certificate" page, after selecting a file, it still says "Choose file" instead of switch to the file name of the file about to be uploaded.

I have tried this with both Firefox and Chrome.

Would it be possible to consolidate all 3 paths that need to be set for docker into 1 using symbolic links in the container by using the dockerfile? When using docker volumes it would be much easier to forward 1, instead of 2 plus linking a single file somehow. (not really easy in portainer, though I am still learning to use it)

From my own testing it seems that the /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf rules prevents access to the letsencrypt tokens/acme-challenges of any hosts configured as proxy_host.

This is probably because it's trying to access it's own letsencrypt challenges, which ofcourse isn't going to work.

If this isn't something that can be fixed to be allowed for proxy_hosts, can it be disabled in the meanwhile?
It will currently prevent my services of renewing it's certificate when the Nginx-proxy-manager docker container is going to update (and I forget to "fix"/disable the letsencrypt rules).

Alternatively, a way of making these config files persistent would be great too.

EDIT: I just noticed that doing this prevents the proxy-manager from updating it's letsencrypt certificates..

Hello,

I'm trying to get this running by following your examples, but am running into some issues. I'm brand new to Docker/Docker-compose, but I've been trying to google/look through the issues list, but don't see this one.

Here is my config.json:
{ "database": { "engine": "mysql", "host": "db", "name": "nginxproxymanager", "user": "nginxproxymanager", "password": "password", "port": 3306 } }

(I had 127.0.0.1 in the Host value, but it gave me a connection refused error)

and here is my docker-compose.yaml file:

version: "3" services: app: image: jc21/nginx-proxy-manager:2 restart: always ports: - 80:80 - 81:81 - 443:443 volumes: - ./config.json:/app/config/production.json - ./data:/data - ./letsencrypt:/etc/letsencrypt depends_on: - db environment: # if you want pretty colors in your docker logs: - FORCE_COLOR=1 db: image: mysql restart: always environment: MYSQL_ROOT_PASSWORD: "password" MYSQL_DATABASE: "nginxproxymanager" MYSQL_USER: "nginxproxymanager" MYSQL_PASSWORD: "password" volumes: - ./data/mysql:/var/lib/mysql

After running the "docker-compose up -d" command, I get the following error over and over (as seen in the Portainer UI):
ER_NOT_SUPPORTED_AUTH_MODE: Client does not support authentication protocol requested by server; consider upgrading MySQL client,

I'm sure I'm missing some noob step, so if so I apologize. Any ideas on what this could be?

Dear, Developers
I met an issue 'Certificate file is too large (> 5kb)', When i try to uploading custom ssl certification which purchased from godaddy.

Your Sincerely!

Hello, I saw in the list of options of the project "Nginx proxy manager", that you could install custom certificates.
I saw a folder in the data folder that had a name "custom ssl", I tried to upload the certificates to this place.
I had no effect on the web interface ( I also read the issues on custom certificates, but I'm not advanced, how to install them)
I do not know where and how to install them?

NOTE: This is a first time trying to log in after deploying the container.

"Internal error" appears on the screen after entering the provided username and password.

This line appears in the logs.
[9/3/2018] [12:18:47 PM] [Express ] › ⚠ warning Configuration property "jwt.pub" is not defined

Hi,
thanks for the quick reaction on my previous isse.

After beeing able to upload the certificate without errors the proxy won't come up if I set it up to use my custom ssl certificate.

I manager to steal some time off work (;-)) and debugged the issue so far:

Creating a new certificate calls the create function and in the create function the writeCustomCert function is called. However the certificates are not uploaded yet to the express backend but are transferred in a seperate, later upload request.
The upload request triggers an update (instead of create) but nowhere in the upload/update functions the files are written to the disk.
I've added the following code after the patchAndFetchById call in the update method. After Line 230 here: https://github.com/jc21/nginx-proxy-manager/blob/5ac0e3dc95960301ce331e54b68711c484dbad57/src/backend/internal/certificate.js

...
.patchAndFetchById(row.id, data)
.then(certificate => {
  return internalCertificate.writeCustomCert(certificate)
    .then(() => {
      return certificate;
    });
})
.then(saved_row => {
...

It works in regards of the privkey and fullchain files in the data directory but I'm not sure if it's the correct outcome on the database side as the file contents are kept and written in the database.
Perhaps a better place would be the cleanMeta function? Or the upload function itself.

p.s. also the writeCustomCert part in the create function is probably obsolete

hey! 2.0.3 works fine, but 2.0.4 doesn't let me load the admin portal on port 81 - just endless reloads with an internal server error access /api/tokens

I currently have the problem that the Unifi controller wants the following header set:

proxy_set_header Authorization ""; .

Which is also no problem, I simply entered the header manually in the proxy_host config. But this config is always re-provisioned after a change anywhere in nginx proxy manager.
Does anyone have an idea how I can set this persistent?

I'm getting a classic nginx 504 Gateway Time-out error page response when adding an new custom certificate:

POST http://proxy.docker/api/nginx/certificates/validate

there are no log entries appearing during the period between submit request and timout response. However, there are 2 lines that don't look healthy:

[11/19/2018] [3:44:21 PM] [Access  ] › ✖  error                        users:get 1 Knex: Timeout acquiring a connection. The pool is probably full. Are you missing a .transacting(trx) call?
[11/19/2018] [3:44:21 PM] [Express ] › ⚠  warning                      Permission Denied

this also means that it's probably not issue #9 that returned?

Is there a place where I can discover more logging?

Hi again,

San certificate should be easy to management the site that have multiple domain names, can you add this feature also?

https://letsencrypt.org/docs/rate-limits/

hello again!
It's hard to figure the custom configuration without knowledge about linux and nginx. T_T
I've attached some server successfully like home assistant with custom confuguration, but now I'm hit the wall to handle web terminal called "butterfly".
currently, it's fine to run with redirection host and i'm now trying to do with reverse proxy.
the instruction is
https://github.com/paradoxxxzero/butterfly/wiki/Butterfly-with-nginx-reverse-proxy-and-https

server {
    listen       80;
    listen       443 ssl;

    listen       [::]:80;
    listen       [::]:443 ssl;

    server_name  example.com;
    ssl_certificate certs/example.com.chained.crt;
    ssl_certificate_key certs/example.com.key;

    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    charset utf-8;

    access_log  /var/log/nginx/$host.access.log;

    client_max_body_size 20M;

    root   /var/www/;
    index  index.html index.htm;

    if ($ssl_protocol = "") {
        return 301 https://$http_host$request_uri;
    }

    location / {
        try_files $uri $uri/ =404;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    location /butterfly {
        auth_basic "Authentication required";
        auth_basic_user_file /etc/nginx/.htpasswd;

        rewrite ^/butterfly/?(.*) /$1 break;
        proxy_pass http://127.0.0.1:57575;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header Origin "$scheme://$host";

        proxy_connect_timeout 7d;                                                                                                              
        proxy_send_timeout 7d;                                                                                                                 
        proxy_read_timeout 7d;

        sub_filter_once off;

        sub_filter_types text/css text/xml application/javascript;
        sub_filter /style.css '/butterfly/style.css';
        sub_filter /static '/butterfly/static';
        sub_filter /ws '/butterfly/ws';
        sub_filter /themes '/butterfly/themes';
        sub_filter location.pathname '"/"';
    }

    rewrite ^/theme/?(.*)/butterfly/?(.*) /butterfly/theme/$1/$2 permanent;
}

this instruction is for cname? domain like aaa.bbb.ccc/butterfly

but i'm trying to make subdomain butterfly.bbb.ccc

when I try to do location / , proxy status turns offline...

any help will be great for me!

thanks advance!

Would it be feasible to provide an installation process separate from docker containers?
I (think) I'd like the option to be able to perform a manual installation without using prebuilt containers.
This is primarily derived from our infrastructure running in a ProxMox environment that does make use of LXC containers natively, but getting docker running is a bit more of a challenge.

Hi,

First of all, sorry because is very possible that I misunderstood something or I'm doing something wrong.

The problem is I have some apps that runs only over SSL-enabled connections, so I need to reverse proxy to a SSL server but I can't find a way in the WebUI for this, this is the scenario:

User <----> (Signed SSL) Proxy <----> (Self-signed SSL) Server

The problem comes when in the UI I can type a server and port, but no the protocol (HTTP/HTTPS). Inside the app container, I can see in /etc/nginx/conf.d/include/proxy.conf the following variable filling:

proxy_pass http://$server:$port;

So I think this is ready to enter only the IP and HTTP port in the WebUI, witch fills this variables in the proxy config, but in anyway this will be http://[whatever]

The workarround for us is delete the http:// in this file, and fill the server input with the protocol (http://[whatever] or https://[whatever]) in the Web UI. This workarround worked like a charm.

SO

Is possible to add a dropdown just at the left of server imput field in "New Proxy Host" modal, to pick the protocol, and fill the variables in this way?

proxy_pass $protocol://$server:$port;

Many thanks,

Aitor.

Hi,

first, this is a very nice project. Thanks for the great work.
I think it would be nice to add the full support of stream_ssl_preread_module
http://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html

It will be possible to make tcp based forwarding with SNI.
so you can mix ssh and https on the same port for example, or openvpn https and normal web https.

So can you add this feature? I tested it and try to add manual config files, but with no success.

Regards
Peet

Allow to set a global LetsEncrypt email so that the field is filled by default

Currently, a proxy host is hard-coded to the / (root) location.

In addition to this, it would be very useful to support multiple subfolders that can be mapped to different upstream servers. For example:

/app1 --> 192.168.1.1
/app2 --> 192.168.1.2

Hi,

I've noticed that it isn't possible currently to set a custom nginx configuration to the default.conf.
Right now I would have to make my own script that gets applied every time the docker container gets built (ie: every update). Which isn't too bad, but could potentially result in that I'd overwrite any changes that got made to default.conf in a future update.

It'd be great if this could be configurable from the admin panel too, or at least for these files to be made persistent.

Uncaught Error: Cannot find module '/app/node_modules/nodemon/bin/nodemon.js'
FROM
Function.Module._resolveFilename (internal/modules/cjs/loader.js:1:1)
Function.Module._load (internal/modules/cjs/loader.js:1:1)
Function.Module.runMain (internal/modules/cjs/loader.js:1:1)
startup (internal/bootstrap/node.js:1:1)
bootstrapNodeJSCore (internal/bootstrap/node.js:1:1)

First of all, thanks for the awesome proxy manager! it's very easy to use like synology reverse proxy.

It's almost no problem, but some server won't work properly, so I digged in and I found nginx configuration.

https://portainer.readthedocs.io/en/stable/faq.html?highlight=proxy

upstream portainer {
    server ADDRESS:PORT;
}

server {
  listen 80;

  location /portainer/ {
      proxy_http_version 1.1;
      proxy_set_header Connection "";
      proxy_pass http://portainer/;
  }
  location /portainer/api/websocket/ {
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_http_version 1.1;
      proxy_pass http://portainer/api/websocket/;
  }
}

But the problem is I have no idea where to put this in.. I've tried to use the advanced tab's custom configuration, but it doesn't work..

Any help and how to guides would be great!

Sorry about this noob question.;;

Hi,

Don't really know if it's about this (awesome) proxy or on the other side but trying to use it with Cardigann (and Nginx auth) I got this error: Checking authentication...
Cardigann source: https://hub.docker.com/r/linuxserver/cardigann/
Nginx-proxy-manager: https://i.imgur.com/nRCh4ZX.png
Nginx auth (working with my others containers):
auth_basic "Restricted Content";
auth_basic_user_file /data/htpasswd/cardigann;

Please support this feature, it's really useful!
this is great project!

Please add support for IP based ACLs and Cloudflare IP correction.

https://support.cloudflare.com/hc/en-us/articles/200170706-How-do-I-restore-original-visitor-IP-with-Nginx-

Some upstream hosts only provide a SSL connection and they are sometimes using self signed certificates (EdgeOS is one such example).

Would be nice to have an option to specify that the upstream is SSL and the nginx proxy would ignore certificate errors because the server should be in control of the user who's creating the reverse proxy.

In most cases this means that the Proxy Host setup requires SSL as well and the added benefit here is that the edge host will be using a certified certificate at all times, regardless of what the upstream host has.

Please consider fail2ban
https://www.fail2ban.org/wiki/index.php/Main_Page

and a 2 step verification method
https://www.authelia.com/ 
https://github.com/clems4ever/authelia

BTW your software is being a total sucess here https://forums.unraid.net/topic/76460-support-djoss-nginx-proxy-manager/

Currently, there seems to be a restriction that you can't input any hostname when creating or editing a stream. It would be very useful, at least for me, if I could input any domain or hostname there.

Hey @jc21,

I'm trying to run docker-compose in development mode from JetBrains WebStorm IDE with exactly nginx-proxy-manager/bin/build-dev script meant for that purpose I suppose. I'm running docker-compose command from Docker for Windows in "linux containers" mode. As you may know, the bcrypt_lib.node contained in nodes_modules/bcrypt/lib/ is OS dependent, and all modules in node_modules are compiled with windows, and due to .:/app volume binding configuration in docker compose, the folder node_modules effectively compiled in windows is now in linux app container, and also contains an invalid bcrypt_lib.node, illisible by linux (Please see this link for more details about the problem).

I tried to switch docker for windows into "windows containers" mode, but docker-compose for windows version is too old (1.22, expected 1.24).

I finally tried to run into an ubuntu 18.04.1 VM, and the nginx-proxy-manager/bin/build-dev throws a third another error which is a weird thing like cannot find module '../'.

Can you please tell me in what environment you managed to run nginx-proxy-manager/bin/build-dev please ? I'm will try to do pull request about various enhancement and bugfixes, but it will be so good wether I could run it in development mode x)

My windows environment

WebStorm IDE version : 11.0.1
Docker 18.09.0
Docker compose 1.23.1
Docker Machine 0.16.0
Kitematic 0.17.5
Linux Kernel 4.9.125

Sincerely,

@sh4444dow

First of all, thanks for the npm app :)

Just like as the title, when I try to get a certificate, npm returns internal error.

The log is bellow

Command failed: /usr/bin/certbot certonly --cert-name "npm-2" --agree-tos --email "[email protected]" --preferred-challenges "http" -n -a webroot -d "test.example.com" 


/bin/sh: 1: /usr/bin/certbot: not found

I've looked into npm container /usr/bin, there is no certbot. It looks like changed to certbot-auto.

thanks again the npm!

Hello
Please add alias domain proxy in the next version.
Thanks

Can you add a way to generate a self signed cert and generate/download a CSR? I am using this for some .local addresses as well, so being able to do self signed certs would be nice.

I tried doing this manually and using the Microsoft Cert Authority to make a cert and it failed. I'm not exactly sure why, it just wouldn't upload (upload box wouldn't even close)

Hello,
I'm using my NAS which is already busy for the moment on port 80 and 443 to run this with docker-compose.
I get it up, but sadly nothing answers on port 81...
I got a terminal inside the container and nothing is bound to port 81.

Here is my docker-compose (note the port binding, also tried with 8081:81 first...):

version: "3"
services:
  app:
    image: jc21/nginx-proxy-manager:2
    restart: always
    ports:
      - 8080:80
      - 81:81
      - 8443:443
    volumes:
      - ./config.json:/app/config/production.json
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    depends_on:
      - db
  db:
    image: mariadb
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: "XXX"
      MYSQL_DATABASE: "nginxproxymanager"
      MYSQL_USER: "nginxproxymanager"
      MYSQL_PASSWORD: "YYY"
    volumes:
      - ./data/mysql:/var/lib/mysql

and my config.json:

{
  "database": {
    "engine": "mysql",
    "host": "127.0.0.1",
    "name": "nginxproxymanager",
    "user": "nginxproxymanager",
    "password": "YYY",
    "port": 3306
  }
}

When I start it it looks fine :

$ sudo docker-compose up
Starting nginxproxymanager_db_1 ...
Starting nginxproxymanager_db_1 ... done
Recreating nginxproxymanager_app_1 ...
Recreating nginxproxymanager_app_1 ... done
Attaching to nginxproxymanager_db_1, nginxproxymanager_app_1
db_1   | WARNING: no logs are available with the 'db' log driver
app_1  | WARNING: no logs are available with the 'db' log driver

But the app container spits an awefull lot of errors :

2018-10-05 18:03:08,stdout,[s6-init] making user provided files available at /var/run/s6/etc...exited 0.

2018-10-05 18:03:09,stdout,[s6-init] ensuring user provided files have correct perms...exited 0.
2018-10-05 18:03:09,stdout,[fix-attrs.d] applying ownership & permissions fixes...

2018-10-05 18:03:09,stdout,[fix-attrs.d] done.


2018-10-05 18:03:09,stdout,[cont-init.d] executing container initialization scripts...

2018-10-05 18:03:09,stdout,[cont-init.d] done.

2018-10-05 18:03:09,stdout,[services.d] starting services

2018-10-05 18:03:09,stdout,[services.d] done.

2018-10-05 18:03:11,stdout,[10/5/2018] [6:03:11 PM] [Global  ] › ✖  error                        connect ECONNREFUSED 127.0.0.1:3306

The last one keeps repeating every second as you can guess...

Opening a terminal inside the container gives a hint :

[root@docker-a98e0ffeecf8:/app]# ifconfig -a                                                                     
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500                                                       
        inet 172.18.0.3  netmask 255.255.0.0  broadcast 0.0.0.0                                                  
        ether 02:42:ac:12:00:03  txqueuelen 0  (Ethernet)                                                        
        RX packets 18706  bytes 42735084 (40.7 MiB)                                                              
        RX errors 0  dropped 0  overruns 0  frame 0                                                              
        TX packets 12506  bytes 853944 (833.9 KiB)                                                               
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0                                               
                                                                                                                 
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536                                                                     
        inet 127.0.0.1  netmask 255.0.0.0                                                                        
        loop  txqueuelen 1  (Local Loopback)                                                                     
        RX packets 5084  bytes 310909 (303.6 KiB)                                                                
        RX errors 0  dropped 0  overruns 0  frame 0                                                              
        TX packets 5084  bytes 310909 (303.6 KiB)                                                                
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0                                               
                                                                                                                 
sit0: flags=128<NOARP>  mtu 1480                                                                                 
        sit  txqueuelen 1  (IPv6-in-IPv4)                                                                        
        RX packets 0  bytes 0 (0.0 B)                                                                            
        RX errors 0  dropped 0  overruns 0  frame 0                                                              
        TX packets 0  bytes 0 (0.0 B)                                                                            
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0                                               
                                                                                                                 
[root@docker-a98e0ffeecf8:/app]# netstat -tulpn                                                                  
Active Internet connections (only servers)                                                                       
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name                 
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      191/nginx: master p              
tcp        0      0 127.0.0.11:39794        0.0.0.0:*               LISTEN      -                                
tcp        0      0 0.0.0.0:9876            0.0.0.0:*               LISTEN      191/nginx: master p              
udp        0      0 127.0.0.11:55989        0.0.0.0:*                           -                                

Nothing listening on port 81 or port 443...
I do get the "Congratulations" page on port 8080 from another computer...

My NAS is a Synology DS918+ running an intel x86 processor, so I think I didn't have to go for the arm version there.

Oh, and I did start it with the configfile (it's properly mounted in the /app/config/production inside the container) and I had an empty data and letsencrypt folder as well.

Will appreciate any help, will "docker compose down" for the moment but I'll be able to spin it up again if you like further checks.

Thanks in advance,
Regards,
Toxic.

Hi,
I'm using the docker on unRAID and I'm receiving "too many redirect" errors when configuring a domain for use.
Any ideas?

Regards,

Hi!
This looks like an awesome thing for a RaspberryPi, any chance of building a docker image for armv7l?

Best regards
//A

somehow the whole thing doesn't work out for me. The IP address of the reverse proxy always arrives at the remote hosts.

But I don't understand why.

Does anyone have the same problem?

Does this container support using wildcards for the LE certs? Can it do the dns challenge for google? I looked through the images for the LE interfaces but i don't see anything that would allow this.

I have tried installing this on Mysql 5.7 and Mysql 8.0 (both support JSON columns). When the container first loads it is in a 'starting' state. When I look at the logs it is filled with this error:

migration failed with error: create table auth (id int unsigned not null auto_increment primary key, created_on datetime not null, modified_on datetime not null, user_id int unsigned not null, type varchar(30) not null, secret varchar(255) not null, meta json not null default '{}', is_deleted int unsigned not null default '0') - ER_BLOB_CANT_HAVE_DEFAULT: BLOB, TEXT, GEOMETRY or JSON column 'meta' can't have a default value,
migration file "20180618015850_initial.js" failed

How can I get this to work? I have tried relaxing the sql_mode of Mysql in the hopes of letting it go in and then put that back but that doesn't seem to have an effect.

Hello,

This is about commit f987632. Not sure if you saw my comment there, but I think that keeping ssl_ciphers aNULL is a better approach.

With valid ciphers, the browser will show a warning about self-signed certificate. After the user accepts to continue, nginx will close the connection (because of the return code 444).

Using ssl_ciphers aNULL makes the connection fails immediately, even before the browser shows any certificate warning.

Since the goal of the default HTTPs site is to make sure that no page is served, it seems better to avoid the certificate warning.

Could you please add some settings as below config?

Because I have no idea to forward my site to my back-end https server? --> proxy_pass https://x.x.x.x/;.

I just modify the config file as below for make my site work now.

   location / {
	proxy_pass https://x.x.x.x/;
	proxy_http_version      1.1;
        proxy_set_header Connection "";
	proxy_read_timeout      360;
	proxy_pass_header       Date;
	proxy_pass_header       Server;
	proxy_pass_header       Authorization;
	proxy_set_header        Host $host;
	proxy_set_header        X-Real-IP $remote_addr;
	proxy_set_header        X-Forwarded-For  $proxy_add_x_forwarded_for;
	proxy_pass_request_headers on;
	proxy_set_header Accept-Encoding "";
	proxy_request_buffering off;
	proxy_buffering off;
	#proxy_set_header Connection "Keep-Alive";
	}

Many thanks.