nginx-proxy-manager icon indicating copy to clipboard operation
nginx-proxy-manager copied to clipboard
Published 2 weeks ago verified publisher icon NginxProxyManager

localhost certificate is used when loading the nginx server through it's ip causing problem...

Open magnuszetterberg opened this issue 3 years ago • 5 comments

Hello!

I have successfully and very easily used your solution to setup 2 subdomains which when requested upon, uses the 'proxy host' to end up on the correct server. This is super useful and I'm very grateful for not having to dig and manually modify conf files to get this working... So, when loading domain http://x.foo.bar, and https://y.foo.bar, the requests are correctly proxied to the docker instance behind your nginx proxy manager.

However, when I load the IP(instead of the subdomains) address of your server with http, I come to a landing page which is fine and dandy.. then problem occurs when loading the same IP with https, because then the server tries to serve the landing page with a 'localhost' certificate which the browser strongly objects to.

TL;DR I would like to disable the possibility to serve the landing page completely through https(and also through http ofc), so that the server wont reply on https://<1.2.3.4> while still allowing users to load https://<my.domain.com>

Is this possible through the gui, or do I need to manually alter some config files in the docker container to get this behaviour?

br Magnus Z

magnuszetterberg avatar Apr 13 '22 12:04 magnuszetterberg

I have partly(and sorts of dirty) addressed the problem. I simply copied the default.conf from within the docker container when it was running. Save that to a local file on the servers running the container, and then updated my docker-compose.yml to mount it into the container when started.

That enabled me to have control over the file from the server it self.. Then I simply removed the 443 server block from the file, and restarted the NPM docker.

Now I still get a incorrect certificate from the other proxy hosts which I have on the server, but im not getting the localhost certificate error.

my docker-compose.yml file

version: '3'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    volumes:
      - ./data:/data
      - /etc/letsencrypt:/etc/letsencrypt
      - ./default.conf:/etc/nginx/conf.d/default.conf

my modified default.conf file

# "You are not configured" page, which is the default if another default doesn't exist
server {
        listen 80;
        listen [::]:80;

        set $forward_scheme "http";
        set $server "127.0.0.1";
        set $port "80";

        server_name localhost-nginx-proxy-manager;
        access_log /data/logs/fallback_access.log standard;
        error_log /data/logs/fallback_error.log warn;
        include conf.d/include/assets.conf;
        include conf.d/include/block-exploits.conf;
        include conf.d/include/letsencrypt-acme-challenge.conf;

        location / {
                index index.html;
                root /var/www/html;
        }
}

# First 443 Host, which is the default if another default doesn't exist
#server {
#        listen 443 ssl;
#        listen [::]:443 ssl;

#        set $forward_scheme "https";
#        set $server "127.0.0.1";
#        set $port "443";

#        server_name localhost;
#        access_log /data/logs/fallback_access.log standard;
#        error_log /dev/null crit;
#        ssl_certificate /data/nginx/dummycert.pem;
#        ssl_certificate_key /data/nginx/dummykey.pem;
#        include conf.d/include/ssl-ciphers.conf;

#        return 444;
#}

magnuszetterberg avatar Apr 13 '22 14:04 magnuszetterberg

I have partly(and sorts of dirty) addressed the problem. I simply copied the default.conf from within the docker container when it was running. Save that to a local file on the servers running the container, and then updated my docker-compose.yml to mount it into the container when started.

That enabled me to have control over the file from the server it self.. Then I simply removed the 443 server block from the file, and restarted the NPM docker.

Now I still get a incorrect certificate from the other proxy hosts which I have on the server, but im not getting the localhost certificate error.

my docker-compose.yml file

version: '3'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    volumes:
      - ./data:/data
      - /etc/letsencrypt:/etc/letsencrypt
      - ./default.conf:/etc/nginx/conf.d/default.conf

my modified default.conf file

# "You are not configured" page, which is the default if another default doesn't exist
server {
        listen 80;
        listen [::]:80;

        set $forward_scheme "http";
        set $server "127.0.0.1";
        set $port "80";

        server_name localhost-nginx-proxy-manager;
        access_log /data/logs/fallback_access.log standard;
        error_log /data/logs/fallback_error.log warn;
        include conf.d/include/assets.conf;
        include conf.d/include/block-exploits.conf;
        include conf.d/include/letsencrypt-acme-challenge.conf;

        location / {
                index index.html;
                root /var/www/html;
        }
}

# First 443 Host, which is the default if another default doesn't exist
#server {
#        listen 443 ssl;
#        listen [::]:443 ssl;

#        set $forward_scheme "https";
#        set $server "127.0.0.1";
#        set $port "443";

#        server_name localhost;
#        access_log /data/logs/fallback_access.log standard;
#        error_log /dev/null crit;
#        ssl_certificate /data/nginx/dummycert.pem;
#        ssl_certificate_key /data/nginx/dummykey.pem;
#        include conf.d/include/ssl-ciphers.conf;

#        return 444;
#}

Hi. I'm trying to setup nginx proxy manager to generate a certificate for my localhost web app. How did you manage to do it? You did this with the gui? Or by terminal?

g3434343 avatar May 04 '22 17:05 g3434343

Since NPM uses let encrypt as the certificate provider, you have to the server you want a certificate for connected to a sub-domain or domain. This requires you to expose your server to the internet, and register a domain and point the domain to your app... Then you can use lets encrypt to get a certificate for you server.

If you are locally developing the app on your own computer, then you need to create your own localhost certificate, and connect that certificate to your app... then connnect to localhost:3000 or whatever you need.

So, NPM wont be of use for you when developing it locally so to speak(from what I can tell atleast), then you are better of just using nginx and following a guide online of creating your own self-signed certificate in you environment.

magnuszetterberg avatar May 20 '22 09:05 magnuszetterberg

In the /data/nginx folder (which should be a mounted volume), I replaced the dummy certificates, and it works now. Only downside is that this workaround supports one cert only.

Smart123s avatar Dec 25 '22 14:12 Smart123s

Issue is now considered stale. If you want to keep it open, please comment :+1:

github-actions[bot] avatar Feb 19 '24 01:02 github-actions[bot]