blackvoid NGINX proxy manager

Currently reading
blackvoid NGINX proxy manager

NGINX proxy manager

Guess this article was one long overdue considering how many Docker containers I run and a decent amount of those are running via reverse proxy.

Considering that I run Docker on Synology NAS, I used the built-in reverse proxy feature for years for several reasons. It was built in, it offered enough options out of the box, and I was lazy to run my separate one.

Well as it turns out, there are some solutions out there that require several features inside your reverse proxy to make them run correctly. This was the main reason why I made the switch to NGINX proxy manager.

Let's see how to run your version in parallel to your Synology NAS one.

Continue reading...
 
I might be missing something... I have tried every possible option but still, NPM doesn't work for me. When the RP is set in NPM it just hits the DSM page (mydomain.synology.me). Do you know guys why?
 
When the RP is set in NPM it just hits the DSM page (mydomain.synology.me).
Do you mean for a specific app? How did you configure your NPM regarding ports and how is the port forward configured on your router?

Are you sure that the outside requests are hitting the NPM container and not the bare-metal one?
 
Do you mean for a specific app? How did you configure your NPM regarding ports and how is the port forward configured on your router?

Are you sure that the outside requests are hitting the NPM container and not the bare-metal one?
You're right, my bad, I didn't specify I was trying to access bitwarden.mydomain.synology.me. Forward rules on my router are set to my nginx IP address port 443 and 80. FYI the nginx container is running on a macvlan network so ports are the default ones.
 
You're right, my bad, I didn't specify I was trying to access bitwarden.mydomain.synology.me. Forward rules on my router are set to my nginx IP address port 443 and 80. FYI the nginx container is running on a macvlan network so ports are the default ones.
That will not work if BW is a container on the NAS in bridge configuration.

Macvlan interfaces are not allowed to communicate with the parent interface, in this case, the NAS. So unless you have BW running on a separate macvlan or on a different host I think this is the reason it doesn't work.
 
That will not work if BW is a container on the NAS in bridge configuration.

Macvlan interfaces are not allowed to communicate with the parent interface, in this case, the NAS. So unless you have BW running on a separate macvlan or on a different host I think this is the reason it doesn't work.
That should be ok, since i have allowed the routing of the parent interface between macvlan and eth0 because i have also my pihole running in MacVlan and some containers (such as radarr and sonarr) running in bridge network need to access the internet.
 
In that case, can you try and configure that BW domain name to another docker container just to see if that host record is ok and to see if there is something wrong with the BW setup?
Not working either. Hope it's not something related to a misconfigured local DNS, but that looks fine I double-checked it a billion times.
 
This could be a LE DNS configuration problem. Do you have the TXT record in your domain with the name _acme-challenge and value vlnet.nl? Certbot needs to have that in order to use the DNS validation method.

Give that a go.

So I did this. Then tried again, took over a couple of minutes loading and then it times out. But the new cert is added and works.. Funny...


Now I try to add a wildcard cert of another domain I own via Cloudflare, and this is all I get everytime:

1621769017734.png


Code:
Error: Command failed: /opt/certbot/bin/certbot certonly --non-interactive --cert-name "npm-12" --agree-tos --email "info@***.com" --domains "*.***.com" --authenticator dns-cloudflare --dns-cloudflare-credentials "/etc/letsencrypt/credentials/credentials-12"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-cloudflare, Installer None
An unexpected error occurred:
OSError: [Errno 95] Operation not supported: '../../archive/npm-12/cert1.pem' -> '/etc/letsencrypt/live/npm-12/cert.pem'
Please see the logfiles in /var/log/letsencrypt for more details.

    at ChildProcess.exithandler (node:child_process:326:12)
    at ChildProcess.emit (node:events:369:20)
    at maybeClose (node:internal/child_process:1067:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)

Anyone has any quick suggestions for me while I try to deep further into this?
 
Now I try to add a wildcard cert of another domain I own via Cloudflare, and this is all I get everytime:

1621769017734.png


Code:
Error: Command failed: /opt/certbot/bin/certbot certonly --non-interactive --cert-name "npm-12" --agree-tos --email "info@***.com" --domains "*.***.com" --authenticator dns-cloudflare --dns-cloudflare-credentials "/etc/letsencrypt/credentials/credentials-12"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-cloudflare, Installer None
An unexpected error occurred:
OSError: [Errno 95] Operation not supported: '../../archive/npm-12/cert1.pem' -> '/etc/letsencrypt/live/npm-12/cert.pem'
Please see the logfiles in /var/log/letsencrypt for more details.

at ChildProcess.exithandler (node:child_process:326:12)
at ChildProcess.emit (node:events:369:20)
at maybeClose (node:internal/child_process:1067:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)
Anyone has any quick suggestions for me while I try to deep further into this?

OK, this may be caused by the fact that I've mounted /etc/letsencrypt to a SMB-mounted folder. I have this Docker Container running on a seperate Ubuntu VM and the SMB-mounted folder is a share on my NAS.

Certbot seems to work with symlinks. Symlinks and fileshares aren't the best friends.... hmm...
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Article
Following the latest reveal during this year's Computex expo in Taiwan, Synology has presented several new...
Replies
0
Views
388
  • Article
Welcome to NASCompares YouTube channel! Check out our next video below...
Replies
0
Views
990

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top