NginxProxyManager / nginx-proxy-manager

Docker container for managing Nginx proxy hosts with a simple, powerful interface
https://nginxproxymanager.com
MIT License
23.44k stars 2.72k forks source link

Proxy host the NPM itself and the login page only reloads when enter email and password #963

Open ReasonMan77 opened 3 years ago

ReasonMan77 commented 3 years ago

**Describe the bug

I am running NPM in Portainer on a RPi. I have made a proxy host of the proxy itself. When I enter the DNS name of the proxy or clicking on the proxy host link the login page appears but when I enter the email address and password the login page just reloads like nothing happened. No problems to login to NPM when enter the ip address instead of the DNS name. I have tried both http and https and still same result. In the Portainer logs of nginx_app_1 I can see that there is problem - don't know how to solve it though. This warning appears every time I try to login when using the DNS name.

[3/20/2021] [6:57:56 PM] [Express ] › ⚠ warning Existing token contained invalid user data, [3/20/2021] [6:53:09 PM] [Express ] › ⚠ warning Existing token contained invalid user data, [3/20/2021] [6:52:53 PM] [Express ] › ⚠ warning Existing token contained invalid user data, [3/20/2021] [6:19:20 PM] [Express ] › ⚠ warning Existing token contained invalid user data, [3/20/2021] [6:18:44 PM] [Express ] › ⚠ warning Existing token contained invalid user data

I have other proxy hosts that is working w/o any issues. It is just the proxy itself that has this problem.

No difference when testing several web browsers.

- What version of Nginx Proxy Manager is reported on the login page? 2.81 2.80

Operating System Using RPi Raspberry OS

Additional context I have tested using Firefox, Safari, Brave on several Macbook Pro's. Changed the admin password. Portainer version 2.1.1.

l4rm4nd commented 3 years ago

Guess this is a looping error, where JWT authentication breaks. I don't think you can proxy the proxy manager by itself.

maxdd commented 3 years ago

happens the same to me as well

ReasonMan77 commented 3 years ago

18:22 in this video this guy make it work to proxy the proxy itself. Have tried this but it is not working for me. https://youtu.be/UfCkwlPIozw?t=1102

l4rm4nd commented 3 years ago

Just tried it by myself. I am running the newest NPM docker image on my RPi 4.

Just added a new proxy host as usual. Instantly worked, cannot reproduce an issue. Can successfully login by having valid SSL certificates.

Btw, my NPM container uses a macvlan network interface and not the default docker bridge or host network. Idk, maybe this info is relevant.

corvock commented 2 years ago

So I have been fighting with something similar. As background I had always done this on machines that were fully internal and never had a need to put an access list on the proxy. I was banging my head because the recent instance was a mixed use proxy, and while i am using a .pvt domain to hit the proxy, i figured I'd be safe putting an access list on that only allowed internal subnets. When i had that set up i would get the login screen and it would just reload. My logs showed my machine making requests for /api/tokens and just /api/, but would only end up reloading the login page. When i took off the access list I was able to log in. Since port 80 isn't exposed to the internet I am not overly concerned, but it was a bother as to why it didn't work.

eitch commented 2 years ago

I've had the same issue. And it seems to be an issue if access lists with a password is active. If i just allow local IP and deny the rest, then external access is denied, i can access the panel from LAN and the login itself works as well.

flavietto commented 2 years ago

I have the same issue. If use an access list with a password system get into loop. Someone have found a solution?

Jamyz commented 2 years ago

I have the same problems

l4rm4nd commented 2 years ago

Cannot reproduce any looping bugs. Just specify the docker container name of your NPM instance and it should work.

image

rkbest13 commented 2 years ago

same problem. I am using latest image as well. my npm runs on docker behind pfsense with Pure NAT.

Jamyz commented 2 years ago

Cannot reproduce any looping bugs. Just specify the docker container name of your NPM instance and it should work.

image

Doesnt work for me

bartekj commented 2 years ago

I was also facing exactly the same issue. My NPM is running as a VM behind mikrotik router with a default NAT (masquerade). Ports forwarded with simple dst-nat to the npm internal ip.

For me adding a custom location / to the proxy host with this config solved the problem.

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

Zrzut ekranu 2022-10-21 o 12 37 03

Funny thing, when I wanted to test this again by removing the custom location I've stopped getting warnings.

[10/21/2022] [12:12:11 AM] [Express  ] › ⚠  warning   Existing token contained invalid user data

Still willing to keep the custom location in my config.

derekoharrow commented 2 years ago

I've solved this by turning off any access lists - i.e. making it publicly accessible. Of course, this means you need to rely on the NPM login & security itself.

Dexogen commented 1 year ago

I've run into this problem several times and each time I had to completely reinstall NPM with all hosts reconfigured. Surprisingly, this caused only partial problems, such as the inability to log in to Portainer or NPM (which tried to proxy itself), but the rest of the functionality of the sites was available.

As @derekoharrow pointed out above - disabling access lists solved the problem in an amazing way.

I began to dig deeper and discovered an absolutely stupid reason, after which everything worked for me again with access lists. These are the fields:

image

My browser was using autocomplete when I clicked the tabs and turned on authorization. And for some reason, even clearing the fields and resaving the list did not always disable authorization. I also needed to manually delete an entry from the mysql database (access_list_auth table) and replace 1 with 0 in the access_list table for that list.

github-actions[bot] commented 8 months ago

Issue is now considered stale. If you want to keep it open, please comment :+1: