/etc/nginx/conf.d/include/ip_ranges.conf contains HTML code of Cloudflare instead of IP addresses

NginxProxyManager / nginx-proxy-manager

Docker container for managing Nginx proxy hosts with a simple, powerful interface

https://nginxproxymanager.com

MIT License

22.92k stars 2.66k forks source link

/etc/nginx/conf.d/include/ip_ranges.conf contains HTML code of Cloudflare instead of IP addresses #1405

Open mgutt opened 3 years ago

mgutt commented 3 years ago

Error messages:

SSL error Error: Command failed: /usr/sbin/nginx -t -g "error_log off;"
nginx: [emerg] invalid number of arguments in "set_real_ip_from" directive in /etc/nginx/conf.d/include/ip_ranges.conf:274
nginx: configuration file /etc/nginx/nginx.conf test failed

Reason (NPM does not filter/check the API response): cat /etc/nginx/conf.d/include/ip_ranges.conf error1 png eee5ccabbc696f9061ef0723cf007f4f

Temporary solution:

Start Docker container with "--cap-add LINUX_IMMUTABLE"

open containers console and execute:

su
sed -i '/DOCTYPE/Q' /etc/nginx/conf.d/include/ip_ranges.conf
chattr +i /etc/nginx/conf.d/include/ip_ranges.conf

By that the HTML code is removed and the file is locked for further updates.

jc21 commented 3 years ago

Interesting. This is probably a temporary issue with Cloudflare judging by the content of the html. This ip range fetch happens on every start of the docker container, so the easy fix is to restart NPM assuming that Cloudflare has also resolved their issue. I tested myself just now and it's not happening for me.

Still, this highlights a need for better ip range management with the ability to handle this kind of outage.

mgutt commented 3 years ago

This is probably a temporary issue with Cloudflare judging by the content of the html.

Not for this user. I suggested him to open the URLs manually to solve the captcha for his public IP, but he - instead of the container - never faces the captcha: https://forums.unraid.net/topic/110245-support-nginx-proxy-manager-npm-official/page/4/?tab=comments#comment-1034255

I think filtering the API response for valid IP addresses should be done in any case. Better safe than sorry ;)

jc21 commented 3 years ago

Ah right. I didn't know this was behind throttling.

Taubin commented 2 years ago

Is there a way to manually edit this file to add the IP addresses? I am running the proxy manager on a remote server headless so opening the links in a browser to solve the captcha will not work for me.

github-actions[bot] commented 8 months ago

Issue is now considered stale. If you want to keep it open, please comment :+1:

jqknono commented 1 month ago

The Fetching https://ip-ranges.amazonaws.com/ip-ranges.json blocked at startup. Some times this will cost many time.

If you're blocked by this fetching too, just run:

NPM_CTR_NAME=nginxproxymanager
docker exec $NPM_CTR_NAME sed -i 's/\.then(internalIpRanges\.fetch)//g' /app/index.js
docker restart $NPM_CTR_NAME

This should skip the fetching at the startup.

jqknono commented 1 month ago

Fix with https://github.com/NginxProxyManager/nginx-proxy-manager/commit/c3f210e84f594db8d91a4ad0eb12341d947c4f48

Not merge, not tested.