Proxy host the NPM itself and the login page only reloads when enter email and password

[ReasonMan77]

**Describe the bug

• A clear and concise description of what the bug is.**

I am running NPM in Portainer on a RPi. I have made a proxy host of the proxy itself. When I enter the DNS name of the proxy or clicking on the proxy host link the login page appears but when I enter the email address and password the login page just reloads like nothing happened. No problems to login to NPM when enter the ip address instead of the DNS name. I have tried both http and https and still same result. In the Portainer logs of nginx_app_1 I can see that there is problem - don't know how to solve it though. This warning appears every time I try to login when using the DNS name.

[3/20/2021] [6:57:56 PM] [Express ] › ⚠ warning Existing token contained invalid user data, [3/20/2021] [6:53:09 PM] [Express ] › ⚠ warning Existing token contained invalid user data, [3/20/2021] [6:52:53 PM] [Express ] › ⚠ warning Existing token contained invalid user data, [3/20/2021] [6:19:20 PM] [Express ] › ⚠ warning Existing token contained invalid user data, [3/20/2021] [6:18:44 PM] [Express ] › ⚠ warning Existing token contained invalid user data

I have other proxy hosts that is working w/o any issues. It is just the proxy itself that has this problem.

No difference when testing several web browsers.

- What version of Nginx Proxy Manager is reported on the login page? 2.81 2.80

Operating System Using RPi Raspberry OS

Additional context I have tested using Firefox, Safari, Brave on several Macbook Pro's. Changed the admin password. Portainer version 2.1.1.

[l4rm4nd]

Guess this is a looping error, where JWT authentication breaks. I don't think you can proxy the proxy manager by itself.

[maxdd]

happens the same to me as well

[ReasonMan77]

18:22 in this video this guy make it work to proxy the proxy itself. Have tried this but it is not working for me. https://youtu.be/UfCkwlPIozw?t=1102

[l4rm4nd]

Just tried it by myself. I am running the newest NPM docker image on my RPi 4.

Just added a new proxy host as usual. Instantly worked, cannot reproduce an issue. Can successfully login by having valid SSL certificates.

Btw, my NPM container uses a macvlan network interface and not the default docker bridge or host network. Idk, maybe this info is relevant.

[corvock]

So I have been fighting with something similar. As background I had always done this on machines that were fully internal and never had a need to put an access list on the proxy. I was banging my head because the recent instance was a mixed use proxy, and while i am using a .pvt domain to hit the proxy, i figured I'd be safe putting an access list on that only allowed internal subnets. When i had that set up i would get the login screen and it would just reload. My logs showed my machine making requests for /api/tokens and just /api/, but would only end up reloading the login page. When i took off the access list I was able to log in. Since port 80 isn't exposed to the internet I am not overly concerned, but it was a bother as to why it didn't work.

[eitch]

I've had the same issue. And it seems to be an issue if access lists with a password is active. If i just allow local IP and deny the rest, then external access is denied, i can access the panel from LAN and the login itself works as well.

[flavietto]

I have the same issue. If use an access list with a password system get into loop. Someone have found a solution?

[Jamyz]

I have the same problems

[l4rm4nd]

Cannot reproduce any looping bugs. Just specify the docker container name of your NPM instance and it should work.

[rkbest13]

same problem. I am using latest image as well. my npm runs on docker behind pfsense with Pure NAT.

[Jamyz]

Cannot reproduce any looping bugs. Just specify the docker container name of your NPM instance and it should work.

Doesnt work for me

[bartekj]

I was also facing exactly the same issue. My NPM is running as a VM behind mikrotik router with a default NAT (masquerade). Ports forwarded with simple dst-nat to the npm internal ip.

For me adding a custom location / to the proxy host with this config solved the problem.

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

Funny thing, when I wanted to test this again by removing the custom location I've stopped getting warnings.

[10/21/2022] [12:12:11 AM] [Express  ] › ⚠  warning   Existing token contained invalid user data

Still willing to keep the custom location in my config.

[derekoharrow]

I've solved this by turning off any access lists - i.e. making it publicly accessible. Of course, this means you need to rely on the NPM login & security itself.

[Dexogen]

I've run into this problem several times and each time I had to completely reinstall NPM with all hosts reconfigured. Surprisingly, this caused only partial problems, such as the inability to log in to Portainer or NPM (which tried to proxy itself), but the rest of the functionality of the sites was available.

As @derekoharrow pointed out above - disabling access lists solved the problem in an amazing way.

I began to dig deeper and discovered an absolutely stupid reason, after which everything worked for me again with access lists. These are the fields:

My browser was using autocomplete when I clicked the tabs and turned on authorization. And for some reason, even clearing the fields and resaving the list did not always disable authorization. I also needed to manually delete an entry from the mysql database (access_list_auth table) and replace 1 with 0 in the access_list table for that list.

[github-actions[bot]]

Issue is now considered stale. If you want to keep it open, please comment :+1: