Docker compose Nginx Proxy Manager

Hi Dietpi team,

I get this when trying to follow the instructions for NPM installation:

"ERROR: for nginx_app_1  Cannot start service app: driver failed programming external connectivity on endpoint nginx_app_1 (34dfb51be386dd5cd47e6f5f0fcab8f3b1e572d636a4717728dcd23d0d8832fb): Error starting userland proxy: listen tcp4 0.0.0.0:80: bind: address already in use

ERROR: for app  Cannot start service app: driver failed programming external connectivity on endpoint nginx_app_1 (34dfb51be386dd5cd47e6f5f0fcab8f3b1e572d636a4717728dcd23d0d8832fb): Error starting userland proxy: listen tcp4 0.0.0.0:80: bind: address already in use
ERROR: Encountered errors while bringing up the project."

can anybody help me, please?

Yes you need stop the web server you are running outside docker or switch it to another port. NPM require port 80 being available

I only have pihole on that device. how can I change the pihole port?

What web server you have chosen to run Pihole?

sorry, I don’t know. standard dietpi-pihole installation!

btw: thanks again for helping me out! :slight_smile:

When I update, will this change stick? PiHole listens on 443, too?

let’s assume it’s Lighttpd. In this case you need to adjust server.port in /etc/lighttpd/lighttpd.conf and change it to something else than 80.

but that will be port 80 when updating pihole.
would it be better to run nginx proxy manager on another machine? I can create another virtual machine with dietpi inside.

but that will be port 80 when updating pihole.

not sure what you mean by this. Could you be more specific?

pihole will overwrite those settings. therefore I might just create another virtual machine to run NPM. should solve the port conflict, right?

usually PiHole will not do this

I installed docker/docker compose/portainer and NPM now in a new virtual machine. after adding the new domain (CNAME) it gives me “Placeholder page
The owner of this web site has not put up any web pages yet. Please come back later.”

But it should redirect to my plex-server running on port 32400.

maybe have a look to plex forum https://forums.plex.tv/t/remote-access-solved-with-nginx-proxy-manager/746764/14

thanks for your help. made my day. HTTP access works now.

But I cannot get SSL to work:


you need to forward port 80/443 from your router to NPM

done. otherwise NPM would not allow plex to be redirected. plex works fine outside the network using the reverse proxy (plex remote access DISABLED).
but SSL will just not activate.

maybe you would need to check with NPM guys what the issue might be and what logs you could look into.

works now, started from scratch. also tautulli (plex.py) says insecure, I guess this is because the redirection from NPM to plex media server is HTTP, the way from NPM to the client is HTTPS, I guess.
insecure plex.png

Hi, Joulinar sorry I still bother You on that forum :slight_smile:
I find that thread and I want to try Nginx Proxy Manager with my installations. I read something about Nginx Proxy Manager but still have some doubts.
My installations looks like that:

  1. Nextcloud, Emby, Plex, home Assistant, Lets encrypt installed with dietpi-software.
  2. Hostname with no-ip.com and use SSL for Nextcloud, Emby and Plex.
  3. Mosquitto, zigbee2mqtt installed with docker-compose.yml
version: '3.8'
services:
  mqtt:
    image: eclipse-mosquitto:2.0
    restart: unless-stopped
    volumes:
      - "./mosquitto-data:/mosquitto"
    ports:
      - "1883:1883"
      - "9001:9001"
    command: "mosquitto -c /mosquitto-no-auth.conf"

  zigbee2mqtt:
    container_name: zigbee2mqtt
    restart: unless-stopped
    image: koenkk/zigbee2mqtt
    volumes:
      - ./zigbee2mqtt-data:/app/data
      - /run/udev:/run/udev:ro
    ports:
      - 8080:8080
    environment:
      - TZ=Europe/Berlin
    devices:
      - /dev/ttyUSB0:/dev/ttyUSB0
  1. Nginx Proxy Manager installed with docker-compose.yml:
version: '3'
services:
  nginx-proxy-manager:
    image: jlesage/nginx-proxy-manager
    ports:
      - "8181:8181"
      - "8080:8080"
      - "4443:4443"
    network:
      - host
    volumes:
      - "/home/dietpi/.config/nginx-proxy-manager:/config:rw"
  1. I install Overseerr with docker-compose:
---
version: '3'

services:
  overseerr:
    image: sctx/overseerr:latest
    container_name: overseerr
    environment:
      - LOG_LEVEL=debug
      - TZ=Europe/Warsaw
    ports:
      - 5055:5055
    volumes:
      - /home/dietpi/.config/overseerr:/app/config
    restart: unless-stopped
  1. I have now ports forwarded on my home router like this:
    External port: internal Host/IP: Internal port: Protocol: Enabled:

https://pasteboard.co/CxLcjK1vdvn8.jpg

I have few question with that:

  1. Is it safe for my installations to set all traffic with Nginx Proxy Manager?
  2. How to set ports forwarding?
  3. If I forward ports 80 and 443 only for Nginx Proxy Manager do I have to delete forwarding for all other ports from my router?
  4. Will my domain name myserver.ddns.net from no-ip and my SSL certificate I already have will handle all that (Nextcloud, Emby, Plex, Overseerr, Home Assistant)?
  5. How to set in Nginx Proxy Manager:
    A) New Proxy host
  • Details tab:
    Domains name:
    myserver.ddns.net
    schema: https
    forward hostname/IP: 192.168.0.19
    forward port: …?
  • Custom locations?
    add custom locations for all my apps? Or every app as One New Proxy Host?
  • SSL tab
    (don’t see my actual SSL certificate)
  • generate new certificate? Can I use new certificate for my hostname myserver.ddns.net if I already have SSL on no-ip?

I hope You not mad at me :slight_smile:
Regards.

Not sure why but you are not using the original docker image for NPM as this would be jc21/nginx-proxy-manager https://nginxproxymanager.com/

The one you are using I never tested and not sure how it is working. At least you would need to forward port 80/443 on your router to port 8080/4443 on the system running the docker image. As well all other port forwarding could be deleted as your proxy should handle the access for all application you like to share with the internet.

As already stated on the other forum post, you should remove ssl handling from your web server and your apps, as this will be a task of the proxy. Inside the proxy you could reuse your DDNS domain and recreate your certificates. There is no need to transfer certificates.

OK, thanks.
I will remove that docker image and install original. Then I don’t have to do anything with my ports 80 and 443? Just delete port forwarding for Emby and Plex?
Then Remove lets encrypt with dietpi-software and remove SSL configs in apps dashboard: in Emby and Plex? How to do that in Nextcloud?
Regards.