Open franciscopaniskaseker opened 1 year ago
I got the same issue when set the proxy_host's Domain Name as an IP address. It seems that the SNI does not support literal IP address.
check following links: https://serverfault.com/questions/1047374/nginx-and-https-specifying-an-ip-address-as-a-server-name-gives-the-correct-we https://nginx.org/en/docs/http/configuring_https_servers.html https://github.com/openssl/openssl/issues/8083 https://github.com/haproxy/haproxy/issues/332#issuecomment-544969151 https://www.rfc-editor.org/rfc/rfc6066#section-3 https://www.ietf.org/archive/id/draft-nygren-tls-ip-in-sni-00.html
And please let me know if u solved this. Thanks.
I'm having the same issue here. Unfortunately not sure how to fix it. As per the suggestion in #3627 I created a self-signed cert and uploaded it as a custom cert and restarted the nginx proxy but still the https is not working.
I poked around the configuration a bit. The Ngixs 443 SSL configuration does not appear to have any location.
Exec into the container:
docker-compose exec app bash
and view the ngxis default.conf
file
[root@docker-f4926e3b49c5:/etc/nginx/conf.d]# cat default.conf
# "You are not configured" page, which is the default if another default doesn't exist
server {
listen 80;
listen [::]:80;
set $forward_scheme "http";
set $server "127.0.0.1";
set $port "80";
server_name localhost-nginx-proxy-manager;
access_log /data/logs/fallback_access.log standard;
error_log /data/logs/fallback_error.log warn;
include conf.d/include/assets.conf;
include conf.d/include/block-exploits.conf;
include conf.d/include/letsencrypt-acme-challenge.conf;
location / {
index index.html;
root /var/www/html;
}
}
# First 443 Host, which is the default if another default doesn't exist
server {
listen 443 ssl;
listen [::]:443 ssl;
set $forward_scheme "https";
set $server "127.0.0.1";
set $port "443";
server_name localhost;
access_log /data/logs/fallback_access.log standard;
error_log /dev/null crit;
include conf.d/include/ssl-ciphers.conf;
ssl_reject_handshake on;
return 444;
}
There is some documentation on how to override the nginx config but no idea how to update the server 443 session. https://nginxproxymanager.com/advanced-config/#custom-nginx-configurations
Hope someone who has a better knowledge ngix Proxy manager can help to figure out how to fix this. 🙏🙏
Hello !
Just faced with same issue and seems it caused by ssl_reject_handshake on;
instruction set on NPM virtual hosts configurations.
To avoid it you have to use modified cURL command, for example:
curl -k -I -X GET --resolve doman.name:80:192.168.0.228 https://domain.name
Additionally, on advanced configurations, when you have extra proxy server in front of NPM, then you have to add next lines on this extra proxy configuration (not to NPM):
proxy_ssl_server_name on;
proxy_ssl_name $http_host;
Just faced the same problem and the reason was I forgot to add
proxy_ssl_server_name on;
to my configuration
Hello,
I'm currently facing this issue and attempted the suggested solution mentioned here, but unfortunately, it didn’t work for me. Has anyone managed to resolve this successfully? I would appreciate any advice or alternative solutions.
root@kk:~# curl https://192.168.2.17/
curl: (35) error:0A000458:SSL routines::t
Thank you in advance!
I managed to resolve the issue. The problem is that curl in its basic form (without additional options) doesn't send an SNI when an IP address is provided in the URL. In configuration, there's an option ssl_reject_handshake in the default.conf, which rejects connections without an SNI.
To solve this, you can create a file in data/custom/ called http_top.conf and include your configuration without this option. After that, the connection to the IP address should work.
Checklist
jc21/nginx-proxy-manager:latest
docker image?Describe the bug When I execute this curl
I got tlsv1 error. Intried to enable tlsv1 and setup a cert, but did not work. Is this an openresty problem or npm config?
Nginx Proxy Manager Version latest, installed yesterday.
To Reproduce just execute the curl under https://ip:443
Expected behavior passthrough ssl handshake without problems.
Operating System ubuntu 20.05