s6-rc: warning: unable to start service prepare

[techsolo12]

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes
• Are you sure you're not using someone else's docker image?
  • Yes
• Have you searched for similar issues (both open and closed)?
  • Yes

Describe the bug After update to 2.10.1 i got a error, if i use a custom ssl-ciphers file.

Log: [+] Running 1/1 ✔ Container nginx-proxy-manager Recreated 0.2s Attaching to nginx-proxy-manager nginx-proxy-manager | s6-rc: info: service s6rc-oneshot-runner: starting nginx-proxy-manager | s6-rc: info: service s6rc-oneshot-runner successfully started nginx-proxy-manager | s6-rc: info: service fix-attrs: starting nginx-proxy-manager | s6-rc: info: service fix-attrs successfully started nginx-proxy-manager | s6-rc: info: service legacy-cont-init: starting nginx-proxy-manager | s6-rc: info: service legacy-cont-init successfully started nginx-proxy-manager | s6-rc: info: service prepare: starting nginx-proxy-manager | ❯ Configuring npmuser ... nginx-proxy-manager | id: 'npmuser': no such user nginx-proxy-manager | ❯ Checking paths ... nginx-proxy-manager | ❯ Setting ownership ... nginx-proxy-manager | ❯ Dynamic resolvers ... nginx-proxy-manager | ❯ IPv6 ... nginx-proxy-manager | Enabling IPV6 in hosts in: /etc/nginx/conf.d nginx-proxy-manager | - /etc/nginx/conf.d/production.conf nginx-proxy-manager | - /etc/nginx/conf.d/include/ssl-ciphers.conf nginx-proxy-manager | sed: cannot rename /etc/nginx/conf.d/include/sedXg1RRw: Device or resource busy nginx-proxy-manager | s6-rc: warning: unable to start service prepare: command exited 4 nginx-proxy-manager | /run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.

Nginx Proxy Manager Version 2.10.1

To Reproduce Steps to reproduce the behavior:

1. Add ssl-ciphers.conf to docker-compose.yaml
2. Start Container
3. See error

Expected behavior A clean start without an error.

Operating System Debian 11.x

[ConTraXX]

I had this issue and fixed it by downgrading the docker image to v2.9.22. May or may not be the same as you, but for me I need to stop using watchtower. I believe it causes more problems than it could solve...and start pinning versions so that I can review changes and plan for them.

[hugalafutro]

@ConTraXX I wholeheartedly recommend https://github.com/crazy-max/diun/ I have it setup so that every few days I get list of updated images on telegram, can then review changes or just backup / snapshot and take the plunge with new image. Watchtower looks nice I know; set it and forget it; but having used it on a machine running ~50 containers it was no bueno.

[k3d3]

I was having the same issue, because I had also overridden ssl-ciphers.conf.

This occurs because sed in a startup script tries to modify (via copying+replacing) every file in /etc/nginx and /data/nginx. The script causing this issue is https://github.com/NginxProxyManager/nginx-proxy-manager/blob/67208e43cc41f659ae2e68baa58a181a4d5f465b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh

So what I did was, in my docker-compose file, I added the following line under volumes:

- /dev/null:/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh

It's not the greatest solution, but it's a workaround at least.

[zthxxx]

same problem here, and the workaround in @k3d3's comment work for me

[elsternet]

same problem here, same workaround worked.

[b3ni]

Same problem, but not resolved. Version: 2.9.22

version: "3.5"

services:
  proxy-manager:
    image: jc21/nginx-proxy-manager:${PROXY_MANAGER_VERSION}
    container_name: proxy-manager
    restart: always
    tty: true
    volumes:
      - ./volumes/proxy-manager/data:/data
      - ./volumes/proxy-manager/letsencrypt:/etc/letsencrypt
      - ./config/ip-forward.conf:/etc/nginx/conf.d/include/ip-forward.conf
    logging:
      driver: "json-file"
      options:
          max-file: "5"
          max-size: "20m"

Error at start:

proxy-manager  | Changing ownership of /data/logs to 0:0
proxy-manager  | ❯ Enabling IPV6 in hosts: /etc/nginx/conf.d
proxy-manager  |   ❯ /etc/nginx/conf.d/default.conf
proxy-manager  |   ❯ /etc/nginx/conf.d/production.conf
proxy-manager  |   ❯ /etc/nginx/conf.d/include/force-ssl.conf
proxy-manager  |   ❯ /etc/nginx/conf.d/include/ssl-ciphers.conf
proxy-manager  |   ❯ /etc/nginx/conf.d/include/proxy.conf
proxy-manager  |   ❯ /etc/nginx/conf.d/include/block-exploits.conf
proxy-manager  |   ❯ /etc/nginx/conf.d/include/ip_ranges.conf
proxy-manager  |   ❯ /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
proxy-manager  |   ❯ /etc/nginx/conf.d/include/assets.conf
proxy-manager  |   ❯ /etc/nginx/conf.d/include/resolvers.conf
proxy-manager  |   ❯ /etc/nginx/conf.d/include/ip-forward.conf
proxy-manager  | sed: cannot rename /etc/nginx/conf.d/include/sedkt3Mbt: Device or resource busy
proxy-manager  | s6-rc: warning: unable to start service prepare: command exited 4
proxy-manager  | /run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.

When comment volume line: ip-forward.conf start ok.

[alexunderboots]

downgrade to Version: 2.9.22 - not helpfull for me (((

[alexunderboots]

• /dev/null:/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh It's work, thanks

[jar87]

in my docker-compose file

Where did You do that? I can`t find file...:(

[kodamaChameleon]

Errors

npm    | ❯ Configuring npm user ...
npm    | 0
npm    | usermod: no changes
npm    | ❯ Configuring npm group ...
npm    | ❯ Checking paths ...
npm    | --------------------------------------
npm    | ERROR: /etc/letsencrypt is not mounted! Check your docker configuration.
npm    | --------------------------------------
npm    | s6-rc: warning: unable to start service prepare: command exited 1
npm    | /run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.
compose.cli.verbose_proxy.proxy_callable: docker wait <- ('145322e9f9140800abd1ac5fe113c3286126c01e27a1b77cf6500c3bbfc0e6ba')
compose.cli.verbose_proxy.proxy_callable: docker wait -> {'StatusCode': 0}
npm exited with code 0
compose.cli.verbose_proxy.proxy_callable: docker inspect_container <- ('145322e9f9140800abd1ac5fe113c3286126c01e27a1b77cf6500c3bbfc0e6ba')
compose.cli.verbose_proxy.proxy_callable: docker inspect_container -> {'AppArmorProfile': 'docker-default',
 'Args': [],
 'Config': {'AttachStderr': False,
            'AttachStdin': False,
            'AttachStdout': False,
            'Cmd': None,
            'Domainname': '',
            'Entrypoint': ['/init'],
            'Env': ['PATH=/opt/certbot/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
                    'SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt',
...
compose.cli.verbose_proxy.proxy_callable: docker inspect_container <- ('145322e9f9140800abd1ac5fe113c3286126c01e27a1b77cf6500c3bbfc0e6ba')
compose.cli.verbose_proxy.proxy_callable: docker inspect_container -> {'AppArmorProfile': 'docker-default',
 'Args': [],
 'Config': {'AttachStderr': False,
            'AttachStdin': False,
            'AttachStdout': False,
            'Cmd': None,
            'Domainname': '',
            'Entrypoint': ['/init'],
            'Env': ['PATH=/opt/certbot/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
                    'SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt',
...
compose.cli.verbose_proxy.proxy_callable: docker attach <- ('145322e9f9140800abd1ac5fe113c3286126c01e27a1b77cf6500c3bbfc0e6ba', stdout=True, stderr=True, stream=True)

"Successful" Workaround

Having this same issue. Downgrading to version v2.10.4 solved the problem for me.

My docker-compose file:

version: '3.8'
services:
  app:
    image: jc21/nginx-proxy-manager:2.10.4
    hostname: npm.doroco.org
    container_name: npm
    networks:
      - docker-net
    restart: always
    ports:
      - '80:80'    # Public HTTP Port
      - '443:443'  # Public HTTPS Port
      - '81:81'    # Admin Web Port
    volumes:
      - npm_data:/app/data
      - npm_letsencrypt:/app/letsencrypt

volumes:
  npm_data:
  npm_letsencrypt:

networks:
  docker-net:
    driver: bridge

Failed Attempts

• Tried installing as 2.10.4 and then upgrading to latest
• Tried adding @k3d3's suggested - /dev/null:/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh to volumes

[bobbywaz]

thanks k3d3, fixed for me too!

[kmanwar89]

I'm running into this issue on the v3 branch. Recognizing v3 isn't "released" yet, it's just interesting to note here because I (previously) was actually able to get v3 running, so this error seems to be "new" (I guess?). The /dev/null workaround did not work, unfortunately; logs below:

[+] Running 2/2
 ✔ Network npm_v3_default  Created                                                                                         0.1s
 ✔ Container npm_v3-app-1  Started                                                                                         0.6s
❯ logs
app-1  | 2024-05-13T00:14:48.376863917Z ❯ Configuring npm user ...
app-1  | 2024-05-13T00:14:48.394427393Z ❯ Configuring npm group ...
app-1  | 2024-05-13T00:14:48.419141375Z ❯ Checking paths ...
app-1  | 2024-05-13T00:14:48.424998615Z ❯ Setting ownership ...
app-1  | 2024-05-13T00:14:48.441409642Z ❯ Dynamic resolvers ...
app-1  | 2024-05-13T00:14:48.449219039Z s6-rc: warning: unable to start service prepare: command exited 127
app-1  | 2024-05-13T00:14:48.451035478Z /run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.

This is the compose file I'm using as a test:

---
services:
  app:
    image: 'jc21/nginx-proxy-manager:v3'
    restart: unless-stopped
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    volumes:
      - ./data:/data
      - /dev/null:/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh

networks:
  npm_cf:
    name: npm_cf
    external: true
  npm_service:
    name: npm_service
    external: true

This may have to do with the fact the last release on Dockerhub for v3 was 9 months ago, so not raising a stink over it, just adding it as a data point in case it helps anyone else later down the line.

Edit: I haven't done anything with ssl-ciphers.conf, so my error appears to be a bit more "native" in nature. I also don't have a 50-ipv6.sh file in the error directory based on poking around inside the containers' terminal:

My "working" instance of NPM is currently v2.11.2, and I haven't faced this issue in that version.

[fuqiangleon]

@kmanwar89 did you fix the error above?

[kmanwar89]

@kmanwar89 did you fix the error above?

Nope - I'm instead switching back to v2, and have been writing a Python program for programmatically adding in proxy hosts using Python instead. I was hoping someone with more knowledge of the error would chime in.