Error after updating - map not allowed here

[daedric7]

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes
• Are you sure you're not using someone else's docker image?
  • Yes
• Have you searched for similar issues (both open and closed)?
  • Yes

Describe the bug

After updating NPM ( docker compose pull && docker compose up -d) everything was OK until i edited a host.

After that the host started failing. After some debug i found a entry in /var/log/nginx/error.log stating

"map not allowed here"

I managed to find the map entry in the middle of the conf and it's this:

  map $scheme $hsts_header {
    https   "max-age=63072000; preload";
}

This is suffixed on each of my custom locations for that host.

I edited the _hsts_map.conf to comment them and the error was solved, but this won't survive a docker restart.

Nginx Proxy Manager Version

v2.11.0 © 2024 jc21.com.

To Reproduce Steps to reproduce the behavior:

1. Update to latest
2. Edit any host
3. Save
4. See error

[Kingi-s]

I just did a fresh install of npm and the custom locations also dont work for me. edit: downgrading to 2.10.4 fixed the issue for now.

[exenza]

Have same issue, the error is actually visible as well in the UI

[daedric7]

Have same issue, the error is actually visible as well in the UI

Question:

How did you get that error popup ? I had to go miles to figure out what the error was :)

[Kingi-s]

Have same issue, the error is actually visible as well in the UI

Question:

How did you get that error popup ? I had to go miles to figure out what the error was :)

Hover your mouse over the red ball before the Offline text. i also found it by accident.

[daedric7]

Workaround:

create empty file named _hsts_map.conf on the same dir as docker-compose.yaml.

Add this line to the volumes of docker-compose.yaml :

- ./_hsts_map.conf:/app/templates/_hsts_map.conf

[573dave]

Same issue here. And since I'm using unraid I can't figure out the workaround.

[UlfR]

Same for me "map directive is not allowed here" if add custom location

[daedric7]

Same issue here. And since I'm using unraid I can't figure out the workaround.

All we are doing is mounting a empty file from the host into tha container dir that has the problematic file, thereby making it empty as well and bypassing the issue.

Can you replicate it?

[ghTravis]

Also experiencing the same issue here. Just tried to add a new proxy host with custom locations. Appearing Offline.

[rasturic]

jc21/nginx-proxy-manager:github-pr-3478 fixes it for me.

[aphex3k]

When running as part of TrueNAS Scale Apps (in k8s), the included configuration UI doesn't allow for adding a custom volume so the suggested workaround can not be applied.

- ./_hsts_map.conf:/app/templates/_hsts_map.conf

Changing the tag from latest is also not possible, so one can not roll-back to a previous version or test the custom resource location.

This breaks custom locations on TrueNAS without fix for now.

[liukonen]

Tried with the following

• ./_hsts_map.conf:/app/templates/_hsts_map.conf Domain works again, but custom locations still not working

[alarifgit]

jc21/nginx-proxy-manager:github-pr-3478

This worked for me but I had to delete the custom location and re-create it before the site showed as online again.

[AkshayRao27]

Here's what worked for me: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3512#issuecomment-1940868886

[AxxiD]

Still having the same problem. The workaround with an empty _hsts-map.conf file works but is not ideal.

[asher-lab]

This is also what I'm currently experiencing as of February 23, 2024

[malavolti]

Same problem here and I have tried all workarounds.

[Kevinsky86]

Workaround:

create empty file named _hsts_map.conf on the same dir as docker-compose.yaml.

Add this line to the volumes of docker-compose.yaml :

- ./_hsts_map.conf:/app/templates/_hsts_map.conf

This workaround works for me as well. But you do have to re-add the custom location, or so it appears to me currently, which might be somewhat of a pita if you have a lot of locations/hosts. Ideally this gets addressed in an update soon. :)

I'm on 2.11.1.

[malavolti]

I don't know if someone of you are using "custom locations" to provide different web services from different docker containers, but I think this is very useful thing.

If someone has already done this, can help me to understand how to do it, please?

Docker Container | PORT | Location
site             | 8080 | https://my-website.example.org/
phpmyadmin       | 8081 | https://my-website.example.org/phpmyadmin
mailserver       | 8082 | https://my-website.example.org/mailer

[daedric7]

I don't know if someone of you are using "custom locations" to provide different web services from different docker containers, but I think this is very useful thing.

If someone has already done this, can help me to understand how to do it, please?

Docker Container | PORT | Location
site             | 8080 | https://my-website.example.org/
phpmyadmin       | 8081 | https://my-website.example.org/phpmyadmin
mailserver       | 8082 | https://my-website.example.org/mailer

Avoid this.

Not all services will be happy to be served under a subdir ( https://example.oeg/subdir/ ).

You should use subdomains when possible, so www.example.org , phpmyadmin.example.org, mail.example.org.

You create a individual entry in NPM for each service. Also, this is offtopic for this issue.

[malavolti]

Thank you so much @daedric7 !

I'll follow your suggestion! 😊

[TheUntouchable]

Still this problem is happening with a fresh installation..

[dudefoxlive]

Well this is annoying. At least there is a workaround for now.

[nomad-geek]

Workaround:

create empty file named _hsts_map.conf on the same dir as docker-compose.yaml.

Add this line to the volumes of docker-compose.yaml :

- ./_hsts_map.conf:/app/templates/_hsts_map.conf

Solved the problem for me. Thanks.

[kachunkachunk]

Weird one. The workaround of mapping a blank _hsts_map.conf file didn't work for me, nor did downgrading to 2.10.4.

Evidently, some of my confs in /data/nginx/proxy_host/ were already tainted with extraneous map directives, so nginx was failing to start properly.

I'm still downgraded and have not tried going back to 2.11.1, but:

I resolved this by checking the container logs with docker logs <nginx-proxy-manager container name> and seeing what line called out in the error. For instance:

❯ Starting nginx ...
nginx: [emerg] "map" directive is not allowed here in /data/nginx/proxy_host/2.conf:383
[4/21/2024] [9:57:02 AM] [SSL      ] › ✖  error     Error: Command failed: /usr/sbin/nginx -t -g "error_log off;"
nginx: [emerg] "map" directive is not allowed here in /data/nginx/proxy_host/2.conf:383
nginx: configuration file /etc/nginx/nginx.conf test failed

    at ChildProcess.exithandler (node:child_process:402:12)
    at ChildProcess.emit (node:events:513:28)
    at maybeClose (node:internal/child_process:1100:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5

In this case, it's for a particularly long proxy host I set up (lots of locations), at line 383.

I took to editing the file (./data/nginx/proxy_host/2.conf) and commenting out the offending lines:

#  map $scheme $hsts_header {
#    https   "max-age=63072000; preload";
#}

I then saved the file and restarted the container, observing the logs for potential errors. Because Nginx exits on the first fatal error in the configs, you won't see all of them at once, and have to repeat this process a few times, until you've corrected all the entries and conf files (if multiple are affected). But after 7-8 or so of these (and confirming I'm not seeing the same approximate line numbers re-appear), I eventually cleared the bad entries out.

It took a few minutes and I did not have to recreate my locations. I was able to update some proxy hosts afterwards, without issues. I haven't bothered to upgrade again, and will watch this issue until it's definitely fixed.

[JBlond]

@kachunkachunk The config is saved in the database. Once you override that _hsts_map.conf the variable that is used in the vhosts is no longer set.

[manelrodero]

Upgrading to 2.11.2 solved the problem for me. No more "offline" when using "custom locations":

https://github.com/NginxProxyManager/nginx-proxy-manager/releases/tag/v2.11.2

[skyzuma]

the mentionen in this link is for "OAuth2/OpenID Provider" only, this entrys dont need a "Custom Nginx Configuration" ... an app with websocket like audiobookshelf and authentik proxy provider will not work cause of this "map not allowed here" in the "Custom Nginx Configuration" ... and its not fixed in 2.11.2 ... i use unraid with latest nginx proxy manager version ...

[icvdok]

Just updated to ver 2.11.2 but the problem persist with Authentik proxy provider. There are news about the fix?

[brentonmallen1]

fwiw, I wound up just switching to the jlesage/nginx-proxy-manager container in unraid

[tobymills]

I had this issue with Nginx & Authetix because authentik template for Nginx is trying to map a header in the wrong place. I did the following to fix this for those that also get this issue.

Create http_top.conf in data/nginx/custom (create custom folder in data/nginx/ if it doesn't exist)

Add following code to the file:

map $http_upgrade $connection_upgrade {
        default upgrade;
          ''      close;
}

restart nginx

remove the lines from top of authentik Nginx template that have this code

# Upgrade WebSocket if requested, otherwise use keepalive
map $http_upgrade $connection_upgrade_keepalive {
    default upgrade;
    ''      '';
}

Update the line: proxy_set_header Connection $connection_upgrade_keepalive;

To proxy_set_header Connection $connection_upgrade; _remember to set proxypass to local IP address of Authentix server, not Nginx DNS as this caused me issues....

[ramphex]

Still having this issue. Is it Authentik or is it NPM to blame?

[motoridersd]

I'm on 2.11.3 and I was still having issues with the map error listed in this issue.

I followed the instructions provided here https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3474#issuecomment-2145962081 and that resolved my issue with Authentik. It now works properly.