2.10.0 unable to start on clean install

troykelly commented 1 year ago

Checklist

Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
- Yes ~/ No~
Are you sure you're not using someone else's docker image?
- Yes ~/ No~
Have you searched for similar issues (both open and closed)?
- Yes ~/ No~

Describe the bug

The :latest and 2.10.0 image fails to start either with an existing configuration, or with a clean install.

Nginx Proxy Manager Version

2.10.0

To Reproduce Steps to reproduce the behavior:

Start a container
Watch it fail

Expected behavior

The container should start

Screenshots

➜  lb-pi003 docker compose up -d && docker compose logs -f app
[+] Running 3/3
 ⠿ Network lb-pi003_default  Created                                                                                                                                                        0.8s
 ⠿ Container lb-pi003-db-1   Started                                                                                                                                                       27.7s
 ⠿ Container lb-pi003-app-1  Started                                                                                                                                                       18.7s
lb-pi003-app-1  | s6-rc: info: service s6rc-oneshot-runner: starting
lb-pi003-app-1  | s6-rc: info: service s6rc-oneshot-runner successfully started
lb-pi003-app-1  | s6-rc: info: service fix-attrs: starting
lb-pi003-app-1  | s6-rc: info: service fix-attrs successfully started
lb-pi003-app-1  | s6-rc: info: service legacy-cont-init: starting
lb-pi003-app-1  | s6-rc: info: service legacy-cont-init successfully started
lb-pi003-app-1  | s6-rc: info: service prepare: starting
lb-pi003-app-1  | ❯ Configuring npmuser ...
lb-pi003-app-1  | id: 'npmuser': no such user
lb-pi003-app-1  | ❯ Checking paths ...
lb-pi003-app-1  | ❯ Setting ownership ...
lb-pi003-app-1  | s6-rc: fatal: timed out
lb-pi003-app-1  | s6-sudoc: fatal: unable to get exit status from server: Operation timed out
lb-pi003-app-1  | /run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.

Operating System

Rpi

Additional context

troykelly commented 1 year ago

I'm assuming different to https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2734 because this is the same error on a clean install or existing install (and not resolved with a restart as the original issue poster)

Pacogens commented 1 year ago

I have the same problem in a host with OpenMediaVault. On another host with Ubuntu Server I have no problem.

tristanXme commented 1 year ago

Have a similar issue on multiple Hosts:

s6-rc: info: service s6rc-oneshot-runner: starting s6-rc: info: service s6rc-oneshot-runner successfully started s6-rc: info: service fix-attrs: starting s6-rc: info: service fix-attrs successfully started s6-rc: info: service legacy-cont-init: starting s6-rc: info: service legacy-cont-init successfully started s6-rc: info: service prepare: starting ❯ Configuring npmuser ... id: 'npmuser': no such user useradd: UID 0 is not unique s6-rc: warning: unable to start service prepare: command exited 1 /run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.

nitro424 commented 1 year ago

After updating from 2.9.22 to 2.10.0 on my Synology DS it failed to start:

nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)

I did a fresh new install with minimal configuration and got the error:

id: 'npmuser': no such user
s6-rc: fatal: timed out
s6-sudoc: fatal: unable to get exit status from server: Operation timed out

Rolling back to 2.9.22 fixed the issue.

2.10.0 works on my laptop (Pop OS). Synology OS has no user with ID 1000. Maybe that's a hint.

jicho commented 1 year ago

When I do a portainter recreate including "re-pull image", I'm getting the error:

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service prepare: starting
❯ Configuring npmuser ...
id: 'npmuser': no such user
s6-rc: fatal: timed out
s6-sudoc: fatal: unable to get exit status from server: Operation timed out
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.

I'm running on jc21/nginx-proxy-manager:2

Back to 2.9.22 "solves" the problem for now :)

jk-andersen commented 1 year ago

can confirm this issue on synology for me. Rollback on 2.9.22 worked

adammau2 commented 1 year ago

Hi @jicho , I also rolled back to 2.9.22 but got this log, and the login has a Bad Gateway. did you get that log too?

proxy-manager-app-1 | [3/27/2023] [8:17:30 AM] [Global ] › ✖ error create table migrations (id int unsigned not null auto_increment primary key, name varchar(255), batch int, migration_time timestamp) - ER_CANT_CREATE_TABLE: Can't create table proxy-mgr.migrations (errno: 13 "Permission denied")

jicho commented 1 year ago

Hi @jicho , I also rolled back to 2.9.22 but got this log, and the login has a Bad Gateway. did you get that log too?

proxy-manager-app-1 | [3/27/2023] [8:17:30 AM] [Global ] › ✖ error create table migrations (id int unsigned not null auto_increment primary key, name varchar(255), batch int, migration_time timestamp) - ER_CANT_CREATE_TABLE: Can't create table proxy-mgr.migrations (errno: 13 "Permission denied")

Hi @adammau2 after going back to tag/label 2.9.22 I had no issues had all. I can login without any issues.

Some more info:

I run NPM with a SQLite db
I'm running NPM on a Synology NAS, but do stuff (most of the time) with portainer.

Adrianos712 commented 1 year ago

Hi, same issue here. Rolling back to 2.9.22 did the job for now...

Reupireup commented 1 year ago

Same for me, running on arm7

dietrichmd commented 1 year ago

Same issue here. Ubuntu 22.04 LTS (docker). Confirmed fix on rollback to 2.9.22

yurividal commented 1 year ago

Same issue on Ubuntu. Confirmed rollback works fine.

taimadoCE commented 1 year ago

Same on a Arm7 Back to 2.9.22

rwood commented 1 year ago

Ditto. 2.10.0 has the error "'npmuser': no such user" and will not start. Switch back to 2.9.22, and everything works.
Host Kernel: Linux 5.19.9-Unraid x86_64

siancu commented 1 year ago

Same for me on Synology. Switch back to 2.9.22, it works!

dglueckstadt commented 1 year ago

Same for me on Synology DSM 6.2.4 Switch back to 2.9.22 works, but i can't log in to Dashboard. User/Password invalid Last Login on Sat 2023-03-25 with no Problems Was something changed in the database tables?

wolfiiy commented 1 year ago

Same problem on Debian (Docker). 2.9.22 works and I can log into the dashboard without any issue.

Martydog commented 1 year ago

same on synology, rollback to 2.9.22 fixed for now..

ptC7H12 commented 1 year ago

same on unraid rollback to 2.9.22 fixed it

pifou25 commented 1 year ago

Hi, the same for me, with debian bullseye on RPI3. also rollback to 2.9.22 fixed the issue.

jc21 commented 1 year ago

For the s6-rc: fatal: timed out errors which is the main subject of this issue, I've put a fix up and it's available in the github-develop docker tag, can you please try that and let me know if you get further.

nitro424 commented 1 year ago

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service prepare: starting
❯ Configuring npmuser ...
id: 'npmuser': no such user
s6-rc: fatal: timed out
s6-sudoc: fatal: unable to get exit status from server: Operation timed out
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.

compose file

version: "3"
services:
  app:
    image: 'jc21/nginx-proxy-manager:github-develop'
    restart: unless-stopped
    ports:
      # These ports are in format <host-port>:<container-port>
      - '8093:80' # Public HTTP Port
      - '8094:443' # Public HTTPS Port
      - '8095:81' # Admin Web Port

on latest Synology DSM

jc21 commented 1 year ago

@nitro424 pull and try again please?

Emeriz-M commented 1 year ago

Same issue for me on Synology with latest DSM.

nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)

Rollback to 2.9.22 resolved for now as well.

codysnider commented 1 year ago

Same for debian 10 with docker, rollback to 2.9.22 fixed it.

jicho commented 1 year ago

@jc21 when I change the tag into github-develop in Portainer I get the following after updating (this is on Synology):

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service prepare: starting
❯ Configuring npmuser ...
id: 'npmuser': no such user
❯ Checking paths ...
❯ Setting ownership ...
❯ Dynamic resolvers ...
❯ IPv6 ...
Enabling IPV6 in hosts in: /etc/nginx/conf.d
s6-rc: fatal: timed out
s6-sudoc: fatal: unable to get exit status from server: Operation timed out
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.
- /etc/nginx/conf.d/default.conf
- /etc/nginx/conf.d/include/assets.conf
- /etc/nginx/conf.d/include/block-exploits.conf
- /etc/nginx/conf.d/include/force-ssl.conf

After a complete container restart I get:

- /etc/nginx/conf.d/default.conf
Enabling IPV6 in hosts in: /data/nginx
- /data/nginx/default_host/site.conf
- /data/nginx/proxy_host/4.conf
- /data/nginx/proxy_host/5.conf
- /data/nginx/proxy_host/3.conf
- /data/nginx/proxy_host/18.conf
- /data/nginx/proxy_host/6.conf
- /data/nginx/proxy_host/2.conf
- /data/nginx/proxy_host/17.conf
- /data/nginx/redirection_host/1.conf
❯ Docker secrets ...
-------------------------------------
 _   _ ____  __  __
| \ | |  _ \|  \/  |
|  \| | |_) | |\/| |
| |\  |  __/| |  | |
|_| \_|_|   |_|  |_|
-------------------------------------
User UID: 911
User GID: 911
-------------------------------------
s6-rc: info: service prepare successfully started
s6-rc: info: service nginx: starting
s6-rc: info: service frontend: starting
s6-rc: info: service backend: starting
s6-rc: info: service nginx successfully started
s6-rc: info: service backend successfully started
❯ Starting nginx ...
s6-rc: info: service frontend successfully started
❯ Starting backend ...
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
[3/28/2023] [7:59:11 AM] [Global   ] › ℹ  info      Using Sqlite: /data/database.sqlite
[3/28/2023] [7:59:11 AM] [Global   ] › ℹ  info      Creating a new JWT key pair...
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)

In both situations I can't access any of my sites, when I go back to 2.9.22 everything is back to normal again.

~It looks like User UID/GID is giving some issues when you leave this setting alone in the config/env. variables.~ This is all I could test quickly, hope it helps!

jc21 commented 1 year ago

@jicho Nothing has changed from the port number side of things, if 2.9.22 could start listening on that port previously then it should be fine for 2.10.0 to do so :/ Does port 81 work for the admin interface?

jicho commented 1 year ago

@jc21 When I change the tag back go github-develop in Portainer the first run breaks (just didn't start):

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service prepare: starting
❯ Configuring npmuser ...
id: 'npmuser': no such user
s6-rc: fatal: timed out
s6-sudoc: fatal: unable to get exit status from server: Operation timed out
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.

So after a restart I'm getting the nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied) error.

When I go to port 81 Safari is telling met that it can't connect.

It's the same when I do a stop / start in Portainer.

Logs are the same:

-------------------------------------
 _   _ ____  __  __
| \ | |  _ \|  \/  |
|  \| | |_) | |\/| |
| |\  |  __/| |  | |
|_| \_|_|   |_|  |_|
-------------------------------------
User UID: 911
User GID: 911
-------------------------------------
s6-rc: info: service prepare successfully started
s6-rc: info: service nginx: starting
s6-rc: info: service frontend: starting
s6-rc: info: service backend: starting
s6-rc: info: service frontend successfully started
s6-rc: info: service backend successfully started
s6-rc: info: service nginx successfully started
s6-rc: info: service legacy-services: starting
❯ Starting nginx ...
❯ Starting backend ...
s6-rc: info: service legacy-services successfully started
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
[3/28/2023] [9:27:40 AM] [Global   ] › ℹ  info      Using Sqlite: /data/database.sqlite
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
[3/28/2023] [9:27:44 AM] [Migrate  ] › ℹ  info      Current database version: none
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
[3/28/2023] [9:27:56 AM] [Setup    ] › ℹ  info      Added Certbot plugins certbot-dns-cloudflare==$(certbot --version | grep -Eo '[0-9](\.[0-9]+)+') cloudflare
[3/28/2023] [9:27:56 AM] [Setup    ] › ℹ  info      Logrotate Timer initialized
❯ Starting nginx ...
[3/28/2023] [9:27:56 AM] [Setup    ] › ℹ  info      Logrotate completed.
[3/28/2023] [9:27:56 AM] [IP Ranges] › ℹ  info      Fetching IP Ranges from online services...
[3/28/2023] [9:27:56 AM] [IP Ranges] › ℹ  info      Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
[3/28/2023] [9:27:57 AM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v4
[3/28/2023] [9:27:57 AM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v6
❯ Starting nginx ...
[3/28/2023] [9:27:57 AM] [SSL      ] › ℹ  info      Let's Encrypt Renewal Timer initialized
[3/28/2023] [9:27:57 AM] [SSL      ] › ℹ  info      Renewing SSL certs close to expiry...
[3/28/2023] [9:27:57 AM] [IP Ranges] › ℹ  info      IP Ranges Renewal Timer initialized
[3/28/2023] [9:27:57 AM] [Global   ] › ℹ  info      Backend PID 145 listening on port 3000 ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
[3/28/2023] [9:27:59 AM] [SSL      ] › ✖  error     Error: Command failed: /usr/sbin/nginx -t -g "error_log off;" 
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] open() "/etc/nginx/nginx/off" failed (13: Permission denied)
nginx: configuration file /etc/nginx/nginx.conf test failed
    at ChildProcess.exithandler (node:child_process:402:12)
    at ChildProcess.emit (node:events:513:28)
    at maybeClose (node:internal/child_process:1100:16)
    at Socket.<anonymous> (node:internal/child_process:458:11)
    at Socket.emit (node:events:513:28)
    at Pipe.<anonymous> (node:net:301:12)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)

Back to 2.9.22 (just a tag change) makes everything work again...

Okay... another test... I'm using the tag 2.10.0, the logs are the same. This time I removed my MacVLAN and kept the bridge connection.

I'm still getting nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)

As soon as I'm back to 2.9.22 everything is back to normal :) Even when I connect my container to macvlan and bridge

nitro424 commented 1 year ago

The timeout error is gone. Still it is not able to boot up properly.

2023-03-28T08:24:55.769750465Z nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
2023-03-28T08:24:56.532663791Z [3/28/2023] [8:24:56 AM] [SSL      ] › ✖  error     Error: Command failed: /usr/sbin/nginx -t -g "error_log off;" 
2023-03-28T08:24:56.532907348Z nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
2023-03-28T08:24:56.532960856Z nginx: [emerg] open() "/etc/nginx/nginx/off" failed (13: Permission denied)
2023-03-28T08:24:56.533005467Z nginx: configuration file /etc/nginx/nginx.conf test failed
2023-03-28T08:24:56.533048352Z 
2023-03-28T08:24:56.533080728Z     at ChildProcess.exithandler (node:child_process:402:12)
2023-03-28T08:24:56.533124390Z     at ChildProcess.emit (node:events:513:28)
2023-03-28T08:24:56.533163685Z     at maybeClose (node:internal/child_process:1100:16)
2023-03-28T08:24:56.533204859Z     at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)
2023-03-28T08:24:56.775782712Z ESC[1;34m❯ ESC[1;36mStarting nginx ...ESC[0m
2023-03-28T08:24:56.814696262Z nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)

ps, netstat in container

[root@docker-00895864daf9:/app]# ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0    208    64 ?        Ss   08:24   0:00 /package/admin/s6/command/s6-svscan -d4 -- /run/service
root        15  0.0  0.0    208    60 ?        S    08:24   0:00 s6-supervise s6-linux-init-shutdownd
root        21  0.0  0.0    196     0 ?        Ss   08:24   0:00 /package/admin/s6-linux-init/command/s6-linux-init-shutdownd -c /run/s6/basedir -g 3000 -C -B
root        24  0.0  0.0    208    56 ?        S    08:24   0:00 s6-supervise s6rc-oneshot-runner
root        25  0.0  0.0    208    48 ?        S    08:24   0:00 s6-supervise s6rc-fdholder
root        26  0.0  0.0    208    48 ?        S    08:24   0:00 s6-supervise backend
root        27  0.0  0.0    216    64 ?        D    08:24   0:00 s6-supervise frontend
root        28  0.0  0.0    216    68 ?        S    08:24   0:00 s6-supervise nginx
root        34  0.0  0.0    184     0 ?        Ss   08:24   0:00 /package/admin/s6/command/s6-ipcserverd -1 -- /package/admin/s6/command/s6-ipcserver-access -v0 -E -l0 -i data
root       131  0.0  0.0   3732  2708 ?        Ss   08:24   0:00 bash ./run backend
npmuser    138  0.0  0.0   3732  2744 ?        S    08:24   0:00 bash -c export HOME=/tmp/npmuserhome;node --abort_on_uncaught_exception --max_old_space_size=250 index.js
npmuser    139  4.6  1.4 943272 87364 ?        Sl   08:24   0:09 node --abort_on_uncaught_exception --max_old_space_size=250 index.js
root      1049  0.0  0.0   3996  3376 pts/0    Ss   08:26   0:00 bash
root      1739  0.0  0.0      0     0 ?        Zs   08:27   0:00 [bash] <defunct>
root      1741  0.0  0.0   7636  2812 pts/0    R+   08:27   0:00 ps aux
[root@docker-00895864daf9:/app]# netstat -altpn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.11:46569        0.0.0.0:*               LISTEN      -                   
tcp6       0      0 :::3000

I attached the full log file. nginxproxymanager-test-app-1-2023-03-28T08-25-43.log.gz

I am still using the minimal compose file https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2753#issuecomment-1486025390

ChrisSlashNull commented 1 year ago

More or less same error

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service prepare: starting
❯ Configuring npmuser ...
id: 'npmuser': no such user
❯ Checking paths ...
❯ Setting ownership ...
❯ Dynamic resolvers ...
❯ IPv6 ...
Enabling IPV6 in hosts in: /etc/nginx/conf.d
- /etc/nginx/conf.d/production.conf
- /etc/nginx/conf.d/default.conf
- /etc/nginx/conf.d/include/ip_ranges.conf
- /etc/nginx/conf.d/include/proxy.conf
- /etc/nginx/conf.d/include/force-ssl.conf
- /etc/nginx/conf.d/include/ssl-ciphers.conf
- /etc/nginx/conf.d/include/block-exploits.conf
- /etc/nginx/conf.d/include/assets.conf
- /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
s6-sudoc: fatal: unable to get exit status from server: Operation timed out
s6-rc: warning: unable to start service prepare: command exited 111
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.

nitro424 commented 1 year ago

I also testet on Debian 11 and Fedora 37. There it boots up. But still there is an error message in the log:

03/28/2023 10:40:22 AM
[3/28/2023] [8:40:22 AM] [SSL      ] › ✖  error     Error: Command failed: /usr/sbin/nginx -t -g "error_log off;" 
03/28/2023 10:40:22 AM
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
03/28/2023 10:40:22 AM
nginx: [emerg] open() "/etc/nginx/nginx/off" failed (13: Permission denied)
03/28/2023 10:40:22 AM
nginx: configuration file /etc/nginx/nginx.conf test failed
03/28/2023 10:40:22 AM
03/28/2023 10:40:22 AM
    at ChildProcess.exithandler (node:child_process:402:12)
03/28/2023 10:40:22 AM
    at ChildProcess.emit (node:events:513:28)
03/28/2023 10:40:22 AM
    at maybeClose (node:internal/child_process:1100:16)
03/28/2023 10:40:22 AM
    at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

ElRoberto538 commented 1 year ago

Weirdly mine still starts and nginx is working, but it seems to have deleted the tables from the DB?

nitro424 commented 1 year ago

I was able to reproduce the error (nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)) outside Synology DSM using Debian 10 in a VM which makes debugging easier (hopefully). Synology uses Kernel version 4 and so does Debian 10.

Docker install on Debian 10 (buster,oldstable)

apt install docker.io docker-compose

Follow the quick setup instructions https://nginxproxymanager.com/guide/#quick-setup Modified compose file:

version: '3.3'
services:
  app:
    image: 'jc21/nginx-proxy-manager:github-develop'
    restart: unless-stopped
    ports:
      - '80:80'
      - '81:81'
      - '443:443'

Run and analyze

docker-compose up -d
docker logs npm_app_1

Log

❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)

All HTTP Services will not be available. Portainer is not needed to reproduce the error.

jc21 commented 1 year ago

Ok some new things to try:

Add this to the compose yml beneath the service:

services:
  npm:
    cap_add:
      - NET_BIND_SERVICE

If that doesn't work, add this:


services:
  npm:
    privileged: true

Let me know if either of these has any effect

EpicLPer commented 1 year ago

The above mentioned issue also started happening for me on Ubuntu 22.04 LTS, freshly upgraded from 20.04 LTS and then upgraded NPM. Going back to 2.9.22 fixes this for now.

jicho commented 1 year ago

@jc21 do you have another idea? My container already has the NET_BIND_SERVICE capabilities:

Not using te compose file ;)

chuckmister74 commented 1 year ago

@jc21 Adding the Net_Bind_Service and making the container privileged worked for me. Tried both individually and neither work alone, but together they work. I'm on Ubuntu Server 20.04 LTS.

The only caveat is that I do get this error in the log (don't know if it matters since the service is working)

npm | 2023-03-28T15:08:28.551267368Z [3/28/2023] [3:08:28 PM] [SSL ] › ✖ error Error: Command failed: /usr/sbin/nginx -t -g "error_log off;" npm | 2023-03-28T15:08:28.551309020Z nginx: the configuration file /etc/nginx/nginx.conf syntax is ok npm | 2023-03-28T15:08:28.551318330Z nginx: [emerg] open() "/etc/nginx/nginx/off" failed (13: Permission denied) npm | 2023-03-28T15:08:28.551326980Z nginx: configuration file /etc/nginx/nginx.conf test failed npm | 2023-03-28T15:08:28.551334216Z npm | 2023-03-28T15:08:28.551342262Z at ChildProcess.exithandler (node:child_process:402:12) npm | 2023-03-28T15:08:28.551349330Z at ChildProcess.emit (node:events:513:28) npm | 2023-03-28T15:08:28.551356030Z at maybeClose (node:internal/child_process:1100:16) npm | 2023-03-28T15:08:28.551363741Z at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

Edit: formatting

jicho commented 1 year ago

Juist tested this by editing my NPM setup in Portainer (on Synology) by adding the privileged mode (NET_BIND_SERVICE was already active).

I keep ketting the nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied) error under 2.10.0 and I must admit that I don't like the idea to activate privileged mode since NPM is the first point of entry for hackers...

According to Trend Micro it is a bad idea to activate the privileged mode: https://www.trendmicro.com/en_us/research/19/l/why-running-a-privileged-container-in-docker-is-a-bad-idea.html

A little extras: I've created a new container in Portainer without any other settings.

On start I get:

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service prepare: starting
❯ Configuring npmuser ...
id: 'npmuser': no such user
s6-sudoc: fatal: unable to get exit status from server: Operation timed out
s6-rc: warning: unable to start service prepare: command exited 111
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.

On container restart the bind trouble starts again:

❯ Configuring npmuser ...
911
usermod: no changes
❯ Checking paths ...
❯ Setting ownership ...
❯ Dynamic resolvers ...
❯ IPv6 ...
Enabling IPV6 in hosts in: /etc/nginx/conf.d
- /etc/nginx/conf.d/default.conf
- /etc/nginx/conf.d/include/assets.conf
- /etc/nginx/conf.d/include/block-exploits.conf
- /etc/nginx/conf.d/include/force-ssl.conf
- /etc/nginx/conf.d/include/ip_ranges.conf
- /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
- /etc/nginx/conf.d/include/proxy.conf
- /etc/nginx/conf.d/include/ssl-ciphers.conf
- /etc/nginx/conf.d/include/resolvers.conf
- /etc/nginx/conf.d/production.conf
Enabling IPV6 in hosts in: /data/nginx
❯ Docker secrets ...
-------------------------------------
 _   _ ____  __  __
| \ | |  _ \|  \/  |
|  \| | |_) | |\/| |
| |\  |  __/| |  | |
s6-rc: info: service prepare successfully started
s6-rc: info: service nginx: starting
s6-rc: info: service frontend: starting
s6-rc: info: service backend: starting
s6-rc: info: service nginx successfully started
s6-rc: info: service frontend successfully started
s6-rc: info: service backend successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
|_| \_|_|   |_|  |_|
-------------------------------------
User UID: 911
User GID: 911
-------------------------------------
❯ Starting nginx ...
❯ Starting backend ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
[3/28/2023] [4:06:23 PM] [Global   ] › ℹ  info      Using Sqlite: /data/database.sqlite
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
[3/28/2023] [4:06:23 PM] [Global   ] › ℹ  info      Creating a new JWT key pair...
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
❯ Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)

manshurtigh commented 1 year ago

I had the same problem as discussed in this thread. However, I solved this by adding

    environment:
      PUID: 1000
      PGID: 1000

To my already running instance. I did not remove data or letsencrypt folder. Everything seems to be working as expected.

nitro424 commented 1 year ago

I was not able to get it running on Synology and Debian 10. I testet NET_BIND_SERVICE, priviliged mode and GUID, PGID (PGUID on Synology is 1026).

app_1  | s6-rc: info: service prepare successfully started
app_1  | s6-rc: info: service nginx: starting
app_1  | s6-rc: info: service frontend: starting
app_1  | s6-rc: info: service backend: starting
app_1  | s6-rc: info: service frontend successfully started
app_1  | s6-rc: info: service nginx successfully started
app_1  | s6-rc: info: service backend successfully started
app_1  | s6-rc: info: service legacy-services: starting
app_1  | ❯ Starting backend ...
app_1  | ❯ Starting nginx ...
app_1  | s6-rc: info: service legacy-services successfully started
app_1  | nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
app_1  | [3/28/2023] [6:48:23 PM] [Global   ] › ℹ  info      Using Sqlite: /data/database.sqlite
app_1  | [3/28/2023] [6:48:23 PM] [Global   ] › ℹ  info      Creating a new JWT key pair...
app_1  | ❯ Starting nginx ...
app_1  | nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
app_1  | [3/28/2023] [6:48:25 PM] [Global   ] › ℹ  info      Wrote JWT key pair to config file: /data/keys.json
app_1  | ❯ Starting nginx ...
app_1  | nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
app_1  | [3/28/2023] [6:48:25 PM] [Migrate  ] › ℹ  info      Current database version: none

docker-compose.yml

version: '3.3'
services:
  app:
    cap_add:
      - NET_BIND_SERVICE
    privileged: true
    image: 'jc21/nginx-proxy-manager:github-develop'
    restart: unless-stopped
    ports:
      - '80:80'
      - '81:81'
      - '443:443'

shayanz23 commented 1 year ago

Same error on my ubuntu 20.04 docker install.

blaine07 commented 1 year ago

For better or worse; i just want to chime in and say I HAVE 2.10.0 working; upgraded to 2.10.1 and then I had all kinds of permission issues. With 2.10.0 I had to define PGID PUID with the ENV but 2.10 works fine; upgrading to 2.10.1 it all goes bad again.

Bunch of permission issues***

oPenuiC commented 1 year ago

You cannot use docker compose configuration with a database in versions 2.10 or higher. ha ha ha ...

jicho commented 1 year ago

Just tested the upgrade from 2.9.22 to 2.10.1, same issues :(

After that I've started a new container base on 2.10.1 directly without setting anything, just starting the container. In other words a fresh "machine".

The "permission denied" message on :80 is still appearing.

seanob86 commented 1 year ago

My issues stemmed from (same as OP)

lb-pi003-app-1 | /run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information

I managed to resolve by setting puid and pgid in environment variable to match my user on host (which was 1001:1001 in my case).

Then on letsencrypt and data folders I modified permissions to chown -R 1001:1001 each of the above folders. The permissions previously were 0:0

Using latest 2.10.1 on RPi4.

jc21 commented 1 year ago

You cannot use docker compose configuration with a database in versions 2.10 or higher. ha ha ha ...

@oPenuiC what do you mean by that exactly? As it reads, it's not the case. All the documentation on nginxproxymanager.com is still applicable.

jc21 commented 1 year ago

The errors regarding nginx: [emerg] open() "/etc/nginx/nginx/off" failed (13: Permission denied) have been resolved in 2.10.1.

taimadoCE commented 1 year ago

The errors regarding nginx: [emerg] open() "/etc/nginx/nginx/off" failed (13: Permission denied) have been resolved in 2.10.1.

Hi again. I'm in arm7. I've try to launch this compose to install the latest release:

version: '3.8'
services:
  app:
    image: 'jc21/nginx-proxy-manager'
    container_name: npm
    cap_add:
      - NET_BIND_SERVICE
    restart: unless-stopped
    ports:
      - '80:80'
      - '8100:81'
      - '443:443'
    environment:
            - PUID=1000
            - PGID=1000
    volumes:
      - /storage/.config/npm/data:/data
      - /storage/.config/letsencrypt:/etc/letsencrypt

Then I get:

imagen

Back again to 2.9.22

oPenuiC commented 1 year ago

The errors regarding nginx: [emerg] open() "/etc/nginx/nginx/off" failed (13: Permission denied) have been resolved in 2.10.1.

You cannot use docker compose configuration with a database in versions 2.10 or higher. ha ha ha ...

@oPenuiC what do you mean by that exactly? As it reads, it's not the case. All the documentation on nginxproxymanager.com is still applicable.

You cannot use docker compose configuration with a database in versions 2.10 or higher. ha ha ha ...

@oPenuiC what do you mean by that exactly? As it reads, it's not the case. All the documentation on nginxproxymanager.com is still applicable.

If you use the Docker Compose configuration with MariaDB Database provided in the manual, even if it's a fresh installation, you won't be able to log in to the backend and will receive a Bad Gateway error.

ChrisSlashNull commented 1 year ago

The errors regarding nginx: [emerg] open() "/etc/nginx/nginx/off" failed (13: Permission denied) have been resolved in 2.10.1.

Just tried a clean install with :latest & recreated my productive container with :latest. Both worked! Thanks @jc21!

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service prepare: starting
❯ Configuring npmuser ...
id: 'npmuser': no such user
❯ Checking paths ...
❯ Setting ownership ...
❯ Dynamic resolvers ...
❯ IPv6 ...
Enabling IPV6 in hosts in: /etc/nginx/conf.d
- /etc/nginx/conf.d/production.conf
- /etc/nginx/conf.d/default.conf
- /etc/nginx/conf.d/include/ip_ranges.conf
- /etc/nginx/conf.d/include/proxy.conf
- /etc/nginx/conf.d/include/force-ssl.conf
- /etc/nginx/conf.d/include/ssl-ciphers.conf
- /etc/nginx/conf.d/include/block-exploits.conf
- /etc/nginx/conf.d/include/assets.conf
- /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
- /etc/nginx/conf.d/include/resolvers.conf
Enabling IPV6 in hosts in: /data/nginx
- /data/nginx/default_host/site.conf
- /data/nginx/proxy_host/10.conf
- /data/nginx/proxy_host/16.conf
- /data/nginx/proxy_host/18.conf
- /data/nginx/proxy_host/19.conf
- /data/nginx/proxy_host/12.conf
- /data/nginx/proxy_host/15.conf
- /data/nginx/proxy_host/14.conf
- /data/nginx/proxy_host/11.conf
- /data/nginx/proxy_host/13.conf
❯ Docker secrets ...

-------------------------------------
 _   _ ____  __  __
| \ | |  _ \|  \/  |
|  \| | |_) | |\/| |
| |\  |  __/| |  | |
|_| \_|_|   |_|  |_|
-------------------------------------
User UID: 911
User GID: 911
-------------------------------------

s6-rc: info: service prepare successfully started
s6-rc: info: service nginx: starting
s6-rc: info: service frontend: starting
s6-rc: info: service backend: starting
s6-rc: info: service nginx successfully started
s6-rc: info: service frontend successfully started
s6-rc: info: service backend successfully started
s6-rc: info: service legacy-services: starting
❯ Starting nginx ...
❯ Starting backend ...
s6-rc: info: service legacy-services successfully started
[3/29/2023] [4:42:48 PM] [Global   ] › ℹ  info      Using Sqlite: /data/database.sqlite
[3/29/2023] [4:42:51 PM] [Migrate  ] › ℹ  info      Current database version: none
[3/29/2023] [4:43:00 PM] [Setup    ] › ℹ  info      Added Certbot plugins certbot-dns-cloudflare==$(certbot --version | grep -Eo '[0-9](\.[0-9]+)+') cloudflare
[3/29/2023] [4:43:00 PM] [Setup    ] › ℹ  info      Logrotate Timer initialized
[3/29/2023] [4:43:00 PM] [Setup    ] › ℹ  info      Logrotate completed.
[3/29/2023] [4:43:00 PM] [IP Ranges] › ℹ  info      Fetching IP Ranges from online services...
[3/29/2023] [4:43:00 PM] [IP Ranges] › ℹ  info      Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[3/29/2023] [4:43:01 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v4
[3/29/2023] [4:43:01 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v6
[3/29/2023] [4:43:01 PM] [SSL      ] › ℹ  info      Let's Encrypt Renewal Timer initialized
[3/29/2023] [4:43:01 PM] [SSL      ] › ℹ  info      Renewing SSL certs close to expiry...
[3/29/2023] [4:43:01 PM] [IP Ranges] › ℹ  info      IP Ranges Renewal Timer initialized
[3/29/2023] [4:43:01 PM] [Global   ] › ℹ  info      Backend PID 154 listening on port 3000 ...
[3/29/2023] [4:43:03 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[3/29/2023] [4:43:03 PM] [SSL      ] › ℹ  info      Renew Complete

NginxProxyManager / nginx-proxy-manager

2.10.0 unable to start on clean install #2753