Install the app
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

NGINX Proxy Manager issues

226
74
NAS
DS923+
Operating system
  1. Linux
  2. macOS
Mobile operating system
  1. iOS
Last edited:
Got inspired by @Rusty and the article on Blackvoid, I decided to give NGINX proxy manager a try.
Installed just fine via docker compose but I can't create any hew proxy host properly.

So far I have the containers up and running, no errors in log.

Used the following compose:

YAML:
version: '3'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    ports:
      - '8180:80'
      - '81:81'
      - '8443:443'
    environment:
      TZ: "Europe/Athens"
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: "npm"
      DB_MYSQL_NAME: "npm"
    volumes:
      - /volume2/docker/npm/data:/data
      - /volume2/docker/npm/letsencrypt:/etc/letsencrypt
  db:
    image: 'jc21/mariadb-aria:latest'
    environment:
      MYSQL_ROOT_PASSWORD: 'npm'
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'npm'
      MYSQL_PASSWORD: 'npm'
    volumes:
      - /volume2/docker/npm/data/mysql:/var/lib/mysql

Ports on my router are forwarded as following image:

Screenshot 2023-12-22 at 10.11.41.png


I created a test proxy host as following:

Screenshot 2023-12-22 at 10.10.57.png


When I open it I get a message from Web Station "Your web site is not setup yet"!
I uninstalled Web Station and still get the same page.

Screenshot 2023-12-22 at 10.10.31.webp


Any ideas?
 
Solution
Well, I finally managed to install NPM.
I don't know and I can't understand what could be the issue. I just uninstalled Web Station in the process of troubleshooting, installed again, then created again a stack with docker-compose directly from Nginx Proxy Manager web page as a base, same port forwarding on my router and now everything works! Nothing else changed from side.
Anyway, now just works, so I let the past as is...

I have only one issue left and I can't find somewhere an answer:
All services work just fine now after creating new proxy hosts in NPM, and appropriate certificates created. All services except one! This one service gives me the exact Web Station welcome page as above!
I cant't find any info but may be there...
You need to fix the volumes mappings such that the containers have unique paths. This is an old compose structure, IIRC, and permissions conflict between containers.

Code:
volumes:
      - /volume2/docker/npm/mysql:/var/lib/mysql
 
Upvote 0
You need to fix the volumes mappings such that the containers have unique paths. This is an old compose structure, IIRC, and permissions conflict between containers.

Code:
volumes:
      - /volume2/docker/npm/mysql:/var/lib/mysql

Thank you.
If I understand correctly, you suggest that I should map mysql in it's own folder in docker shared and not in a folder inside npm?
I will do ASAP. I don't see any relative errors in logs though. NPM seems to connect OK with mariadb container.
 
Upvote 0
No. Not in the data folder (left side) as I have shown.
Yes, you are right, now I noticed the detail.
Do you think these permission (possible) conflicts could be the reason for the Web Station notice appear?
 
Upvote 0
Got inspired by @Rusty and the article on Blackvoid, I decided to give NGINX proxy manager a try.
Installed just fine via docker compose but I can't create any hew proxy host properly.

So far I have the containers up and running, no errors in log.

Used the following compose:

YAML:
version: '3'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    ports:
      - '8180:80'
      - '81:81'
      - '8443:443'
    environment:
      TZ: "Europe/Athens"
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: "npm"
      DB_MYSQL_NAME: "npm"
    volumes:
      - /volume2/docker/npm/data:/data
      - /volume2/docker/npm/letsencrypt:/etc/letsencrypt
  db:
    image: 'jc21/mariadb-aria:latest'
    environment:
      MYSQL_ROOT_PASSWORD: 'npm'
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'npm'
      MYSQL_PASSWORD: 'npm'
    volumes:
      - /volume2/docker/npm/data/mysql:/var/lib/mysql

Ports on my router are forwarded as following image:

View attachment 14234

I created a test proxy host as following:

View attachment 14235

When I open it I get a message from Web Station "Your web site is not setup yet"!
I uninstalled Web Station and still get the same page.

View attachment 14238

Any ideas?
While Telos' suggestion is completely valid, imho this error might be relevant to the traffic still landing on the default reverse proxy (built-in nginx), and not NPM.

You are certain that port forward is targeting your NAS on that 8443 port? Can you test any other app via that NPM and see if you get the same issue? Like redirecting a DSM login page via reverse proxy or some other Docker container?
 
Upvote 0
I am quite certain for the port forwarding. It is as in the screenshot. When enabled, all reverse proxies stop working. When disabled (and of course enabled again 443:443) everything works.
I will try other containers too, but to be honest I don't understand why the problem should persist on this particular and very simple container.

I will try and I will report back.
 
Upvote 0
I checked almost all other containers as well as DSM access with no success.

Well, it seems that definetely has to do something with the port forwarding.
When forwarding router port 443 to containers port (8443 in my case) then my domain is not even reachable via site24x7 either within NPM or from it's webpage tool.
When normal forwarding 443-->443 is set, domain is reachable again.

The port forwarding process is quite easy and straightforward on my Fritzbox 5530, and I have done it a lot of times in the past so no case of mistake on my behalf I believe.
I also checked ports via Open Port Check Tool and appear open.
The same results occur even if I set up my router in DSM and let external access --> router configuration to open the ports.

I think I have come to an end as far as my knowledge is concerned...
 
Upvote 0
While Telos' suggestion is completely valid, imho this error might be relevant to the traffic still landing on the default reverse proxy (built-in nginx), and not NPM.
Yes... there may be multiple things here. The one I mentioned was due to docker compose “breakage” with version 4.10.2. See here 🙄
 
Upvote 0
I checked almost all other containers as well as DSM access with no success.

Well, it seems that definetely has to do something with the port forwarding.
When forwarding router port 443 to containers port (8443 in my case) then my domain is not even reachable via site24x7 either within NPM or from it's webpage tool.
When normal forwarding 443-->443 is set, domain is reachable again.

The port forwarding process is quite easy and straightforward on my Fritzbox 5530, and I have done it a lot of times in the past so no case of mistake on my behalf I believe.
I also checked ports via Open Port Check Tool and appear open.
The same results occur even if I set up my router in DSM and let external access --> router configuration to open the ports.

I think I have come to an end as far as my knowledge is concerned...
Ok two things to check here then.

Control panel > network > advanced setting (button). How are setting configured?

Guessing you have DSM firewall up and running? Any specific rules configured? Do you have a rule that allows your LAN subnet to communicate with your docker subnet(s)?

Also, your target container is it in the same docker network as your NPM or not?
 
Upvote 0
Ok two things to check here then.

Control panel > network > advanced setting (button). How are setting configured?

Like this:
Screenshot 2023-12-22 at 20.56.58.webp


Guessing you have DSM firewall up and running? Any specific rules configured? Do you have a rule that allows your LAN subnet to communicate with your docker subnet(s)?

Yes, I have firewall enabled but the same results are with firewall disabled. It was among the first things I checked...

Also, your target container is it in the same docker network as your NPM or not?

Some of my containers use a bridge network I created.
Others have no network specified, same as npm container. None works, as described in previous post.
As already said, not even dsm or file manager works with npm proxy host.
I believe that the main issue is that after forwarding ports for npm, my domain (synology created) is not reachable.
 
Upvote 0
FWIW... here is my compose file:
Code:
version: '3'
services:
  db:
    image: 'jc21/mariadb-aria:latest'
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: 'pwd'
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'telos'
      MYSQL_PASSWORD: 'pwdd'
    volumes:
      - /volume1/docker/npm/mysql:/var/lib/mysql
  app:
    depends_on:
      - db
    image: 'jc21/nginx-proxy-manager:2.10.4'
    restart: always
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    environment:
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "telos"
      DB_MYSQL_PASSWORD: "pwd"
      DB_MYSQL_NAME: "npm"
#    DISABLE_IPV6: "true"
    volumes:
      - /volume1/docker/npm/data:/data
      - /volume1/docker/npm/letsencrypt:/etc/letsencrypt
The primary differences are
  • the volume path (described earlier)
  • local ports
  • "depends on"
 
Upvote 0
FWIW... here is my compose file:
Code:
version: '3'
services:
  db:
    image: 'jc21/mariadb-aria:latest'
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: 'pwd'
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'telos'
      MYSQL_PASSWORD: 'pwdd'
    volumes:
      - /volume1/docker/npm/mysql:/var/lib/mysql
  app:
    depends_on:
      - db
    image: 'jc21/nginx-proxy-manager:2.10.4'
    restart: always
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    environment:
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "telos"
      DB_MYSQL_PASSWORD: "pwd"
      DB_MYSQL_NAME: "npm"
#    DISABLE_IPV6: "true"
    volumes:
      - /volume1/docker/npm/data:/data
      - /volume1/docker/npm/letsencrypt:/etc/letsencrypt
The primary differences are
  • the volume path (described earlier)
  • local ports
  • "depends on"

I see that you use ports 80 and 443 as is. How can I have the same?
I thought that these ports are reserved from DSM so I didn't even think that there should be a way to finally use them.
Could you please advise on that direction?
 
Upvote 0
Like this:
If this is the current state of advanced settings then by using VPN connection it is expected that you will be cut off as Nord does not port forward on their own.

Enable Multiple Gateways option reconnect VPN and then test it again.
 
Upvote 0
If this is the current state of advanced settings then by using VPN connection it is expected that you will be cut off as Nord does not port forward on their own.

Enable Multiple Gateways option reconnect VPN and then test it again.

I cannot understand what is the role of VPN at this situation.
I am not connected through vpn.
 
Upvote 0
Well, I finally managed to install NPM.
I don't know and I can't understand what could be the issue. I just uninstalled Web Station in the process of troubleshooting, installed again, then created again a stack with docker-compose directly from Nginx Proxy Manager web page as a base, same port forwarding on my router and now everything works! Nothing else changed from side.
Anyway, now just works, so I let the past as is...

I have only one issue left and I can't find somewhere an answer:
All services work just fine now after creating new proxy hosts in NPM, and appropriate certificates created. All services except one! This one service gives me the exact Web Station welcome page as above!
I cant't find any info but may be there is some kind of "cache" of Web Station or something similar that I should delete?
 
Upvote 0
Solution
(y)


Is this a DSM/Synology service by any chance?

No, it was one of my docker containers.
Finally I had to change the first part of the domain to something different for it to work. Strange to me, all other services had no such issues although I used the same exact domains as I had previously had in DSM's reverse proxy.

So, for now, the thread can be marked as "solved" though I cannot say what solved the issue! It must have something to do with Web Station as the issue stopped after uninstalling and reinstalling it. All other steps where exactly the same as before.

One last question.
At the moment I had to create one certificate for every service as I found that I cannot create a wildcard certificate for *.xxx.synology.me as I aleady had in DSM's certificates. Is there a problem with let's encrypt certificates regarding the amount of them being created? Are there any restrictions?
 
Upvote 0
At the moment I had to create one certificate for every service as I found that I cannot create a wildcard certificate for *.xxx.synology.me as I aleady had in DSM's certificates. Is there a problem with let's encrypt certificates regarding the amount of them being created? Are there any restrictions?
Wild card certs for xxxx.synology.me domain will not be possible to create via NPM as you can't verify that domain as yours own, but using DSM cert UI it does work.

Since DSM version 6.2.3-25423, Synology has included this in their release notes:

11. Added support for Let's Encrypt wildcard certificates

One month later they have included the following feature:

11. Added support for Let's Encrypt wildcard certificates for Synology DDNS
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

The only way to edit "advanced" reverse host parameters is to write your own conf file and place it via...
Replies
1
Views
258
Replies
11
Views
1,519

Thread Tags

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending content in this forum

Back
Top