nginx-proxy-manager icon indicating copy to clipboard operation
nginx-proxy-manager copied to clipboard
Published 1 month ago verified publisher icon NginxProxyManager

Fails to honour http/https proxy environment settings when fetching IP Ranges

Open nigelm opened this issue 3 years ago • 5 comments

Checklist

  • Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
    • Yes
  • Are you sure you're not using someone else's docker image?
    • Yes
  • Have you searched for similar issues (both open and closed)?
    • Yes

Describe the bug When running on a firewalled network with internet access via a proxy, the initial startup runs a process to fetch IP ranges of external services:-

[IP Ranges] › ℹ  info      Fetching IP Ranges from online services...
[IP Ranges] › ℹ  info      Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[IP Ranges] › ✖  error     connect ETIMEDOUT 143.204.176.42:443

We have https_proxy/HTTP_PROXY/http_proxy/HTTP_PROXY and no_proxy/NO_PROXY environment variables set up - and this allows the Lets Encrypt services to work (with DNS solvers).

However this fetch from Amazon causes the management startup to pause for a good 2 minutes.

Could this fetch be changed to honour the proxy settings.

Nginx Proxy Manager Version

Version: 2.9.18

nigelm avatar Jul 08 '22 12:07 nigelm

same here We're experiencing exact the same on our firewalled company server.

vcutrona avatar Oct 24 '22 09:10 vcutrona

same here, I am running the container inside our company network which requires the use of the company proxy to connect to the internet.

pf-uvonceumer avatar Sep 22 '23 10:09 pf-uvonceumer

Issue is now considered stale. If you want to keep it open, please comment :+1:

github-actions[bot] avatar Apr 28 '24 01:04 github-actions[bot]

I've just checked our installations with the latest release. I am no longer seeing this issue, however I believe this is likely due to a change in our environment (external DNS is no longer directly available) rather than the specific issue having been fixed - and the fetch is still failing, its just failing quickly.

Can @vcutrona or @pf-uvonceumer confirm that this issue still exists?

nigelm avatar Apr 28 '24 10:04 nigelm

Issue still persist.

Proxy settings:

image

Log excerpt:

[4/29/2024] [7:38:43 AM] [IP Ranges] › ℹ  info      Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[4/29/2024] [7:40:55 AM] [IP Ranges] › ✖  error

Using latest tag: sha256:6219c2184f19e0f50a77f4bb04066de79a3de795b6a863abaa861d52ff1fe012

pf-uvonceumer avatar Apr 29 '24 07:04 pf-uvonceumer

I checked our Docker deployment and I can't find the issue within the log messages. However, we changed our server environment as well, thus I can't reproduce the issue with our previous setup.

vcutrona avatar Jul 16 '24 09:07 vcutrona

Issue still persists in v2.11.3:

❯ Configuring npm user ...
useradd warning: npm's uid 0 outside of the UID_MIN 1000 and UID_MAX 60000 range.
❯ Configuring npm group ...
❯ Checking paths ...
❯ Setting ownership ...
❯ Dynamic resolvers ...
❯ IPv6 ...
Enabling IPV6 in hosts in: /etc/nginx/conf.d
- /etc/nginx/conf.d/production.conf
- /etc/nginx/conf.d/include/assets.conf
- /etc/nginx/conf.d/include/block-exploits.conf
- /etc/nginx/conf.d/include/ip_ranges.conf
- /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
- /etc/nginx/conf.d/include/log.conf
- /etc/nginx/conf.d/include/proxy.conf
- /etc/nginx/conf.d/include/ssl-ciphers.conf
- /etc/nginx/conf.d/include/force-ssl.conf
- /etc/nginx/conf.d/include/resolvers.conf
- /etc/nginx/conf.d/default.conf
Enabling IPV6 in hosts in: /data/nginx
- /data/nginx/proxy_host/1.conf
❯ Docker secrets ...
-------------------------------------
 _   _ ____  __  __
| \ | |  _ \|  \/  |
|  \| | |_) | |\/| |
| |\  |  __/| |  | |
|_| \_|_|   |_|  |_|
-------------------------------------
User:  npm PUID:0 ID:0 GROUP:0
Group: npm PGID:0 ID:0
-------------------------------------
❯ Starting nginx ...
❯ Starting backend ...
[7/16/2024] [1:02:13 PM] [Global   ] › ℹ  info      Using Sqlite: /data/database.sqlite
[7/16/2024] [1:02:15 PM] [Migrate  ] › ℹ  info      Current database version: none
[7/16/2024] [1:02:15 PM] [Setup    ] › ℹ  info      Logrotate Timer initialized
[7/16/2024] [1:02:15 PM] [Global   ] › ⬤  debug     CMD: logrotate /etc/logrotate.d/nginx-proxy-manager
[7/16/2024] [1:02:15 PM] [Setup    ] › ℹ  info      Logrotate completed.
[7/16/2024] [1:02:15 PM] [IP Ranges] › ℹ  info      Fetching IP Ranges from online services...
[7/16/2024] [1:02:15 PM] [IP Ranges] › ℹ  info      Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[7/16/2024] [1:04:26 PM] [IP Ranges] › ✖  error     
[7/16/2024] [1:04:26 PM] [SSL      ] › ℹ  info      Let's Encrypt Renewal Timer initialized
[7/16/2024] [1:04:26 PM] [SSL      ] › ℹ  info      Renewing SSL certs expiring within 30 days ...
[7/16/2024] [1:04:26 PM] [IP Ranges] › ℹ  info      IP Ranges Renewal Timer initialized
[7/16/2024] [1:04:26 PM] [Global   ] › ℹ  info      Backend PID 161 listening on port 3000 ...
[7/16/2024] [1:04:26 PM] [SSL      ] › ℹ  info      Completed SSL cert renew process

pf-uvonceumer avatar Jul 16 '24 13:07 pf-uvonceumer

Issue is now considered stale. If you want to keep it open, please comment :+1:

github-actions[bot] avatar Jan 26 '25 02:01 github-actions[bot]