Fresh install, cannot access https default site

ReenigneArcher commented 5 days ago

Checklist

Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
- Yes
Are you sure you're not using someone else's docker image?
- Yes
Have you searched for similar issues (both open and closed)?
- Yes

Describe the bug

I am attempting to migrate from the HomeAssistant plugin version (it's broken and there's no way to upgrade without losing all info) of this over to this standalone version. After following the basic example in the readme, I can access the config UI, the site at http://<ip>:80, but I cannot access the site at https://<ip>:443.

reenignearcher@docker:~$ curl http://localhost:80
<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8">
        <meta http-equiv="X-UA-Compatible" content="IE=edge">
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <title>Default Site</title>
        <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstra     p.min.css" rel="stylesheet">
        <style>
            .jumbotron { margin-top: 50px; }
        </style>
    </head>
    <body>
        <div class="container">
            <div class="jumbotron">
                <h1>Congratulations!</h1>
                <p>You've successfully started the Nginx Proxy Manager.</p>
                <p>If you're seeing this site then you're trying to access a hos     t that isn't set up yet.</p>
                <p>Log in to the Admin panel to get started.</p>
            </div>
            <p class="text-center"><small>Powered by <a href="https://github.com     /jc21/nginx-proxy-manager" target="_blank">Nginx Proxy Manager</a></small></p>
        </div>
    </body>
</html>

reenignearcher@docker:~$ curl https://localhost:443
curl: (35) OpenSSL/3.0.13: error:0A000458:SSL routines::tlsv1 unrecognized name
reenignearcher@docker:~$

I am using portainer, and Ubuntu server 24.04, with bridge networking. I can't use host networking because the container tries to use port 3000, but that's already in use on the host (probably by portainer itself). Port 443 is not used by the host at all, and the issue persists if I remap the container's 443 to another port, such as 4443.

As far as I understand the 443 port should serve the default site? Since it cannot be accessed I believe this is causing other issues, such as obtaining ssl certs from letsencrypt, and in the off chance the ssl certificate generation does succeed, I get 400 errors when trying to access the host.

There is probably something simple that needs to change on my host, but I have no idea what that could be and have been searching the documentation, discussions, and issues for hours without success.

If it's helpful, here are the full logs.

❯ Dynamic resolvers ...

❯ IPv6 ...

Enabling IPV6 in hosts in: /etc/nginx/conf.d

- /etc/nginx/conf.d/default.conf

- /etc/nginx/conf.d/production.conf

- /etc/nginx/conf.d/include/assets.conf

- /etc/nginx/conf.d/include/ip_ranges.conf

- /etc/nginx/conf.d/include/force-ssl.conf

- /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf

- /etc/nginx/conf.d/include/proxy.conf

- /etc/nginx/conf.d/include/block-exploits.conf

- /etc/nginx/conf.d/include/log.conf

- /etc/nginx/conf.d/include/ssl-ciphers.conf

- /etc/nginx/conf.d/include/resolvers.conf

Enabling IPV6 in hosts in: /data/nginx

❯ Docker secrets ...

-------------------------------------

 _   _ ____  __  __

| \ | |  _ \|  \/  |

|  \| | |_) | |\/| |

| |\  |  __/| |  | |

|_| \_|_|   |_|  |_|

-------------------------------------

User:  npm PUID:0 ID:0 GROUP:0

Group: npm PGID:0 ID:0

-------------------------------------

❯ Starting nginx ...

❯ Starting backend ...

[11/10/2024] [11:06:56 PM] [Global   ] › ℹ  info      Using Sqlite: /data/database.sqlite

[11/10/2024] [11:06:56 PM] [Global   ] › ℹ  info      Creating a new JWT key pair...

[11/10/2024] [11:07:02 PM] [Global   ] › ℹ  info      Wrote JWT key pair to config file: /data/keys.json

[11/10/2024] [11:07:03 PM] [Migrate  ] › ℹ  info      Current database version: none

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [initial-schema] Migrating Up...

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [initial-schema] auth Table created

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [initial-schema] user Table created

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [initial-schema] user_permission Table created

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [initial-schema] proxy_host Table created

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [initial-schema] redirection_host Table created

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [initial-schema] dead_host Table created

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [initial-schema] stream Table created

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [initial-schema] access_list Table created

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [initial-schema] certificate Table created

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [initial-schema] access_list_auth Table created

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [initial-schema] audit_log Table created

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [websockets] Migrating Up...

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [websockets] proxy_host Table altered

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [forward_host] Migrating Up...

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [forward_host] proxy_host Table altered

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [http2_support] Migrating Up...

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [http2_support] proxy_host Table altered

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [http2_support] redirection_host Table altered

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [http2_support] dead_host Table altered

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [forward_scheme] Migrating Up...

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [forward_scheme] proxy_host Table altered

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [disabled] Migrating Up...

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [disabled] proxy_host Table altered

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [disabled] redirection_host Table altered

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [disabled] dead_host Table altered

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [disabled] stream Table altered

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [custom_locations] Migrating Up...

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [custom_locations] proxy_host Table altered

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [hsts] Migrating Up...

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [hsts] proxy_host Table altered

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [hsts] redirection_host Table altered

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [hsts] dead_host Table altered

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [settings] Migrating Up...

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [settings] setting Table created

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [access_list_client] Migrating Up...

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [access_list_client] access_list_client Table created

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [access_list_client] access_list Table altered

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [access_list_client_fix] Migrating Up...

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [access_list_client_fix] access_list Table altered

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [pass_auth] Migrating Up...

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [pass_auth] access_list Table altered

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [redirection_scheme] Migrating Up...

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [redirection_scheme] redirection_host Table altered

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [redirection_status_code] Migrating Up...

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [redirection_status_code] redirection_host Table altered

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [stream_domain] Migrating Up...

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [stream_domain] stream Table altered

[11/10/2024] [11:07:04 PM] [Migrate  ] › ℹ  info      [stream_domain] Migrating Up...

[11/10/2024] [11:07:04 PM] [Setup    ] › ℹ  info      Creating a new user: admin@example.com with password: changeme

[11/10/2024] [11:07:04 PM] [Setup    ] › ℹ  info      Initial admin setup completed

[11/10/2024] [11:07:04 PM] [Setup    ] › ℹ  info      Default settings added

[11/10/2024] [11:07:04 PM] [Setup    ] › ℹ  info      Logrotate Timer initialized

[11/10/2024] [11:07:04 PM] [Global   ] › ⬤  debug     CMD: logrotate /etc/logrotate.d/nginx-proxy-manager

[11/10/2024] [11:07:04 PM] [Setup    ] › ℹ  info      Logrotate completed.

[11/10/2024] [11:07:05 PM] [IP Ranges] › ℹ  info      Fetching IP Ranges from online services...

[11/10/2024] [11:07:05 PM] [IP Ranges] › ℹ  info      Fetching https://ip-ranges.amazonaws.com/ip-ranges.json

[11/10/2024] [11:07:05 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v4

[11/10/2024] [11:07:05 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v6

[11/10/2024] [11:07:05 PM] [SSL      ] › ℹ  info      Let's Encrypt Renewal Timer initialized

[11/10/2024] [11:07:05 PM] [SSL      ] › ℹ  info      Renewing SSL certs expiring within 30 days ...

[11/10/2024] [11:07:05 PM] [IP Ranges] › ℹ  info      IP Ranges Renewal Timer initialized

[11/10/2024] [11:07:05 PM] [Global   ] › ℹ  info      Backend PID 162 listening on port 3000 ...

[11/10/2024] [11:07:05 PM] [SSL      ] › ℹ  info      Completed SSL cert renew process

[11/10/2024] [11:07:22 PM] [Express  ] › ⚠  warning   invalid signature

[11/10/2024] [11:29:40 PM] [Express  ] › ⚠  warning   invalid signature

Nginx Proxy Manager Version

v2.12.1

To Reproduce Steps to reproduce the behavior:

Create and run nginx container
Use curl to try accessing https page

Expected behavior

https works

Screenshots

Operating System

Ubuntu server 24.04 with portainer v2.21.4 community edition

Additional context

kerstenremco commented 16 hours ago

As far as I understand the 443 port should serve the default site? Since it cannot be accessed I believe this is causing other issues, such as obtaining ssl certs from letsencrypt, and in the off chance the ssl certificate generation does succeed, I get 400 errors when trying to access the host.

That's correct. But the "default site" doesn't provide a SSL certificate, that's why curl throws this error. So you'll need to setup a proxy host to HA, and bind a SSL certificate to that hostproxy.

ReenigneArcher commented 13 hours ago

@kerstenremco Thank you for the response.

So you'll need to setup a proxy host to HA

What do you mean by "HA"? If you mean HomeAssistant, I think you might be misunderstanding. I am currently using the nginx-proxy-manager plugin for HomeAssistant, but am trying to migrate away from using the plugin to this standalone version. In the HomeAssistant version, everything works perfectly fine, but the standalone version doesn't work at all.

Currently I cannot even get the SSL certificates to pass validation, which I have to assume is because of this error on port 443.

kerstenremco commented 8 hours ago

Yes I understand. I try to explain that it's correct behaviour you can't just make a curl to "localhost" because that indeed would show the default page that doesn't provide a ssl cert.

Anyway, can you share how you setup your proxy host to homeassistent? Which hostname did you use?

NginxProxyManager / nginx-proxy-manager

Fresh install, cannot access https default site #4150