Cannot connect to Proxy Host dockers

[reyes136]

I am new to Nginx Proxy Manager and have bit a roadblock, I am using unarid with a docker for proxy manager and sonarr. They are both setup using "Bridged" network, I can access both from a web browser using their docker address ex: sonarr "10.0.0.108:8989" I have gone though the proxy manager setup and entered a proxy host and i get the green online status.

My issues is when i select the proxy host or try to go to the host using my domain it just goes to the default site where it says "Congratulations" but that im trying to access a host that hasent been setup yet.

[jlesage]

Do you have the same behaviour whether you access the URL from within your local network or outside it ? Did you configured your DNS name with a CNAME ?

[reyes136]

I am using google domain, i have a Dynamic DNS setup on google then my CNAME points to that Dynamic DNS. I made a little progress when not using SSL

1. If I open a browser window from my network and enter 10.0.0.108:8989 it goes directly to the sonarr main page.
2. With SSL turned off and i go to my sonarr(cname) domain from outside my network will go to the sonarr main page
3. If i enable SSL and check "Force SSL" and "Http/2 Support" and request to download a new certificate it completes with no issue, and shows online but then when i try to go to my https://sonarr.xxx.xx from an external site it fails. and if I use that same address on my internal network it goes to a page that says "Welcome to our server" and the the website is currently being setup under this address.
4. If i click on the sonarr.xxx.xxx link in the Proxy Host section with SSL on it goes to the same "Welcome to our server" page.

[jlesage]

Which browser are you using to access the sites? Looks like TLS SNI (https://en.wikipedia.org/wiki/Server_Name_Indication) is not used ?

[vdhub]

I guess I have same issue here, if I set my subdomains without the lets encrypt certificates it works perfectly, once I enable the certs the link fails to force the connection to https any idea why ? and I tried all the options.

Thanks.

[jlesage]

@vdhub, what error do you get exactly?

@reyes136, what error do you get when you access your site externally ?

[reyes136]

Ok this is getting weird, after my last post something happend and all external access stopped. So I uninstalled the docker and deleted the folder.

1. reinstalled docker
2. added my proxy host again and selected ssl and certificates were created.
3. I created 3 proxy host (plex,music(sonarr),airsonic)
4. Now when i click on plex or music(sonarr) it will take me to the page on the internal network. NOTE: plex will work with scheme* set to HTTPS, but music(sonarr) fails when set to HTTPS with a "502 Bad Gateway" both will show the ssl lock symbol before the site address.
5. Airsonic fails, when i click on it from the Proxy Host tab it sends me to the HTTP Status 404 - Not Found with scheme HTTP and with scheme set to HTTPS it goes to the "502 Bad Gateway" page.
6. Now none of the sites are accessible from an external network using http or https, i get a error "This site can't be reached plex.xx.xx took too long to respond"

[reyes136]

Just realized i didnt answer your question, I use the chrome browser but i also tried the edge browser.

[Nuke142]

I have same problems and get 502 error when try to use ssl

[jlesage]

@reyes136, looks like NPM is not reachable from the Internet ? Also, if the behaviour is not the same when you access the site from your internal network vs externally, you may need to enable a feature called "Hairpin NAT" on your router. So to reduce the numbers of simultaneous problems, I would make sure external access works fine first.

[jlesage]

@Nuke142. this error usually means that NPM is not able to reach the forward IP you configured in your proxy host. Which setting are you changing when you want to use SSL ?

[reyes136]

Heres what i dont understand, i made a cname on my domain called music.xxx.xxx which is what i put in the proxy manager, and your saying that its probably due to hairpin nat. but if i make a port forwarding rule pointing to that port then use the same cname music.xxx.xxx:8989 i can access the site from my internal network and external. If the issue was cause by hairpin nat shouldnt it fail when trying to go to the music.xxx.xxx:8989 using port forwarding?

[reyes136]

I have made a little progress. I have now setup 2 proxy host set them up for ssl, and when i click on them in the proxy manager/proxy host section the webpage opens up and it has a ssl certificate and its at the correct page. The issue was with my router software, i am using "Untangel" opensource firewall software as my router. It seems that even thought I setup portforwarding for the 443/80 the since the router used these ports for admin it was not forwarding them. I had to change the firewall admin ports to 444. Once I did this it started working. I now have 2 remaining issues.

1. it only seems to work on my internal network and only if i have the Scheme set to http, with ssl enabled. When i click on the link it goes to a ssl encrypted page but if i change this Scheme to https it fails with error 502 bad gateway error.

2. I cannot access any of these pages from an external network when using sonarr.xxx.xxx but it does work from my network.

[BobWs]

it only seems to work on my internal network and only if i have the Scheme set to http, with ssl enabled. When i click on the link it goes to a ssl encrypted page but if i change this Scheme to https it fails with error 502 bad gateway error.

I have the same problem as above, When setting scheme to http and SSL enabled I get the ssl page. When setting scheme to https and SSL enable I get error 502 bad gateway!

It is working kind of but is this the normal behavior?

[jlesage]

The SSL tab affects how the application is accessed externally, over the internet.

The scheme/Forward IP/Forward port settings indicate how Nginx Proxy Manager can access your application, locally. This is independent from the SSL configuration.

[jlesage]

@reyes136 , were you able to figure out how to properly forward port 80/443 to your server running the Docker container ?

[reyes136]

Hi, Yes thank you for your followup, I was able to get it working. I first had to find a website that had a check for port 80/443, once i could see that the ports were being blocked I found that my firewall was not passing the 443 request from my WAN to my LAN, after that was resolved I was able to then create a forward the forward from my lan to the reverse proxy. Thank you for your help and followup.