Docker compose Nginx Proxy Manager

naddel81 · 7 November 2021 18:54

Hi Dietpi team,

I get this when trying to follow the instructions for NPM installation:

"ERROR: for nginx_app_1  Cannot start service app: driver failed programming external connectivity on endpoint nginx_app_1 (34dfb51be386dd5cd47e6f5f0fcab8f3b1e572d636a4717728dcd23d0d8832fb): Error starting userland proxy: listen tcp4 0.0.0.0:80: bind: address already in use

ERROR: for app  Cannot start service app: driver failed programming external connectivity on endpoint nginx_app_1 (34dfb51be386dd5cd47e6f5f0fcab8f3b1e572d636a4717728dcd23d0d8832fb): Error starting userland proxy: listen tcp4 0.0.0.0:80: bind: address already in use
ERROR: Encountered errors while bringing up the project."

can anybody help me, please?

Joulinar · 7 November 2021 19:01

Yes you need stop the web server you are running outside docker or switch it to another port. NPM require port 80 being available

naddel81 · 7 November 2021 19:40

I only have pihole on that device. how can I change the pihole port?

Joulinar · 7 November 2021 19:45

What web server you have chosen to run Pihole?

naddel81 · 7 November 2021 19:51

sorry, I don’t know. standard dietpi-pihole installation!

btw: thanks again for helping me out!

When I update, will this change stick? PiHole listens on 443, too?

Joulinar · 7 November 2021 20:20

let’s assume it’s Lighttpd. In this case you need to adjust server.port in /etc/lighttpd/lighttpd.conf and change it to something else than 80.

naddel81 · 7 November 2021 21:05

but that will be port 80 when updating pihole.
would it be better to run nginx proxy manager on another machine? I can create another virtual machine with dietpi inside.

Joulinar · 7 November 2021 21:16

but that will be port 80 when updating pihole.

not sure what you mean by this. Could you be more specific?

naddel81 · 7 November 2021 21:35

pihole will overwrite those settings. therefore I might just create another virtual machine to run NPM. should solve the port conflict, right?

Joulinar · 7 November 2021 21:36

usually PiHole will not do this

naddel81 · 7 November 2021 21:58

I installed docker/docker compose/portainer and NPM now in a new virtual machine. after adding the new domain (CNAME) it gives me “Placeholder page
The owner of this web site has not put up any web pages yet. Please come back later.”

But it should redirect to my plex-server running on port 32400.

Joulinar · 7 November 2021 22:09

maybe have a look to plex forum https://forums.plex.tv/t/remote-access-solved-with-nginx-proxy-manager/746764/14

naddel81 · 7 November 2021 22:32

thanks for your help. made my day. HTTP access works now.

But I cannot get SSL to work:

Joulinar · 7 November 2021 22:34

you need to forward port 80/443 from your router to NPM

naddel81 · 7 November 2021 23:09

done. otherwise NPM would not allow plex to be redirected. plex works fine outside the network using the reverse proxy (plex remote access DISABLED).
but SSL will just not activate.

Joulinar · 8 November 2021 08:51

maybe you would need to check with NPM guys what the issue might be and what logs you could look into.

naddel81 · 8 November 2021 20:49

works now, started from scratch. also tautulli (plex.py) says insecure, I guess this is because the redirection from NPM to plex media server is HTTP, the way from NPM to the client is HTTPS, I guess.
insecure plex.png

przemko · 17 November 2021 09:49

Hi, Joulinar sorry I still bother You on that forum
I find that thread and I want to try Nginx Proxy Manager with my installations. I read something about Nginx Proxy Manager but still have some doubts.
My installations looks like that:

Nextcloud, Emby, Plex, home Assistant, Lets encrypt installed with dietpi-software.
Hostname with no-ip.com and use SSL for Nextcloud, Emby and Plex.
Mosquitto, zigbee2mqtt installed with docker-compose.yml

version: '3.8'
services:
  mqtt:
    image: eclipse-mosquitto:2.0
    restart: unless-stopped
    volumes:
      - "./mosquitto-data:/mosquitto"
    ports:
      - "1883:1883"
      - "9001:9001"
    command: "mosquitto -c /mosquitto-no-auth.conf"

  zigbee2mqtt:
    container_name: zigbee2mqtt
    restart: unless-stopped
    image: koenkk/zigbee2mqtt
    volumes:
      - ./zigbee2mqtt-data:/app/data
      - /run/udev:/run/udev:ro
    ports:
      - 8080:8080
    environment:
      - TZ=Europe/Berlin
    devices:
      - /dev/ttyUSB0:/dev/ttyUSB0

Nginx Proxy Manager installed with docker-compose.yml:

version: '3'
services:
  nginx-proxy-manager:
    image: jlesage/nginx-proxy-manager
    ports:
      - "8181:8181"
      - "8080:8080"
      - "4443:4443"
    network:
      - host
    volumes:
      - "/home/dietpi/.config/nginx-proxy-manager:/config:rw"

I install Overseerr with docker-compose:

---
version: '3'

services:
  overseerr:
    image: sctx/overseerr:latest
    container_name: overseerr
    environment:
      - LOG_LEVEL=debug
      - TZ=Europe/Warsaw
    ports:
      - 5055:5055
    volumes:
      - /home/dietpi/.config/overseerr:/app/config
    restart: unless-stopped

I have now ports forwarded on my home router like this:
External port: internal Host/IP: Internal port: Protocol: Enabled:

https://pasteboard.co/CxLcjK1vdvn8.jpg

I have few question with that:

Is it safe for my installations to set all traffic with Nginx Proxy Manager?
How to set ports forwarding?
If I forward ports 80 and 443 only for Nginx Proxy Manager do I have to delete forwarding for all other ports from my router?
Will my domain name myserver.ddns.net from no-ip and my SSL certificate I already have will handle all that (Nextcloud, Emby, Plex, Overseerr, Home Assistant)?
How to set in Nginx Proxy Manager:
A) New Proxy host

Details tab:
Domains name:
myserver.ddns.net
schema: https
forward hostname/IP: 192.168.0.19
forward port: …?
Custom locations?
add custom locations for all my apps? Or every app as One New Proxy Host?
SSL tab
(don’t see my actual SSL certificate)
generate new certificate? Can I use new certificate for my hostname myserver.ddns.net if I already have SSL on no-ip?

I hope You not mad at me
Regards.

Joulinar · 17 November 2021 10:04

Not sure why but you are not using the original docker image for NPM as this would be jc21/nginx-proxy-manager https://nginxproxymanager.com/

The one you are using I never tested and not sure how it is working. At least you would need to forward port 80/443 on your router to port 8080/4443 on the system running the docker image. As well all other port forwarding could be deleted as your proxy should handle the access for all application you like to share with the internet.

As already stated on the other forum post, you should remove ssl handling from your web server and your apps, as this will be a task of the proxy. Inside the proxy you could reuse your DDNS domain and recreate your certificates. There is no need to transfer certificates.

przemko · 17 November 2021 11:02

OK, thanks.
I will remove that docker image and install original. Then I don’t have to do anything with my ports 80 and 443? Just delete port forwarding for Emby and Plex?
Then Remove lets encrypt with dietpi-software and remove SSL configs in apps dashboard: in Emby and Plex? How to do that in Nextcloud?
Regards.