nginx-proxy-manager
nginx-proxy-manager copied to clipboard
NginxProxyManager
Error after updating - map not allowed here
Checklist
- Have you pulled and found the error with
jc21/nginx-proxy-manager:latestdocker image?- Yes
- Are you sure you're not using someone else's docker image?
- Yes
- Have you searched for similar issues (both open and closed)?
- Yes
Describe the bug
After updating NPM ( docker compose pull && docker compose up -d) everything was OK until i edited a host.
After that the host started failing. After some debug i found a entry in /var/log/nginx/error.log stating
"map not allowed here"
I managed to find the map entry in the middle of the conf and it's this:
map $scheme $hsts_header {
https "max-age=63072000; preload";
}
This is suffixed on each of my custom locations for that host.
I edited the _hsts_map.conf to comment them and the error was solved, but this won't survive a docker restart.
Nginx Proxy Manager Version
v2.11.0 © 2024 jc21.com.
To Reproduce Steps to reproduce the behavior:
- Update to latest
- Edit any host
- Save
- See error
I just did a fresh install of npm and the custom locations also dont work for me. edit: downgrading to 2.10.4 fixed the issue for now.
Have same issue, the error is actually visible as well in the UI
Question:
How did you get that error popup ? I had to go miles to figure out what the error was :)
Have same issue, the error is actually visible as well in the UI
Question:
How did you get that error popup ? I had to go miles to figure out what the error was :)
Hover your mouse over the red ball before the Offline text. i also found it by accident.
Workaround:
create empty file named _hsts_map.conf on the same dir as docker-compose.yaml.
Add this line to the volumes of docker-compose.yaml :
- ./_hsts_map.conf:/app/templates/_hsts_map.conf
Same issue here. And since I'm using unraid I can't figure out the workaround.
Same issue here. And since I'm using unraid I can't figure out the workaround.
All we are doing is mounting a empty file from the host into tha container dir that has the problematic file, thereby making it empty as well and bypassing the issue.
Can you replicate it?
Also experiencing the same issue here. Just tried to add a new proxy host with custom locations. Appearing Offline.
When running as part of TrueNAS Scale Apps (in k8s), the included configuration UI doesn't allow for adding a custom volume so the suggested workaround can not be applied.
- ./_hsts_map.conf:/app/templates/_hsts_map.conf
Changing the tag from latest is also not possible, so one can not roll-back to a previous version or test the custom resource location.
This breaks custom locations on TrueNAS without fix for now.
Tried with the following
- ./_hsts_map.conf:/app/templates/_hsts_map.conf Domain works again, but custom locations still not working
jc21/nginx-proxy-manager:github-pr-3478
This worked for me but I had to delete the custom location and re-create it before the site showed as online again.
Here's what worked for me: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3512#issuecomment-1940868886
Still having the same problem.
The workaround with an empty _hsts-map.conf file works but is not ideal.
Workaround:
create empty file named
_hsts_map.confon the same dir asdocker-compose.yaml.Add this line to the volumes of
docker-compose.yaml:
- ./_hsts_map.conf:/app/templates/_hsts_map.conf
This workaround works for me as well. But you do have to re-add the custom location, or so it appears to me currently, which might be somewhat of a pita if you have a lot of locations/hosts. Ideally this gets addressed in an update soon. :)
I'm on 2.11.1.
I don't know if someone of you are using "custom locations" to provide different web services from different docker containers, but I think this is very useful thing.
If someone has already done this, can help me to understand how to do it, please?
Docker Container | PORT | Location
site | 8080 | https://my-website.example.org/
phpmyadmin | 8081 | https://my-website.example.org/phpmyadmin
mailserver | 8082 | https://my-website.example.org/mailer
I don't know if someone of you are using "custom locations" to provide different web services from different docker containers, but I think this is very useful thing.
If someone has already done this, can help me to understand how to do it, please?
Docker Container | PORT | Location site | 8080 | https://my-website.example.org/ phpmyadmin | 8081 | https://my-website.example.org/phpmyadmin mailserver | 8082 | https://my-website.example.org/mailer
Avoid this.
Not all services will be happy to be served under a subdir ( https://example.oeg/subdir/ ).
You should use subdomains when possible, so www.example.org , phpmyadmin.example.org, mail.example.org.
You create a individual entry in NPM for each service. Also, this is offtopic for this issue.
Workaround:
create empty file named
_hsts_map.confon the same dir asdocker-compose.yaml.Add this line to the volumes of
docker-compose.yaml:
- ./_hsts_map.conf:/app/templates/_hsts_map.conf
Solved the problem for me. Thanks.
Weird one. The workaround of mapping a blank _hsts_map.conf file didn't work for me, nor did downgrading to 2.10.4.
Evidently, some of my confs in /data/nginx/proxy_host/ were already tainted with extraneous map directives, so nginx was failing to start properly.
I'm still downgraded and have not tried going back to 2.11.1, but:
I resolved this by checking the container logs with docker logs <nginx-proxy-manager container name> and seeing what line called out in the error. For instance:
❯ Starting nginx ...
nginx: [emerg] "map" directive is not allowed here in /data/nginx/proxy_host/2.conf:383
[4/21/2024] [9:57:02 AM] [SSL ] › ✖ error Error: Command failed: /usr/sbin/nginx -t -g "error_log off;"
nginx: [emerg] "map" directive is not allowed here in /data/nginx/proxy_host/2.conf:383
nginx: configuration file /etc/nginx/nginx.conf test failed
at ChildProcess.exithandler (node:child_process:402:12)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1100:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5
In this case, it's for a particularly long proxy host I set up (lots of locations), at line 383.
I took to editing the file (./data/nginx/proxy_host/2.conf) and commenting out the offending lines:
# map $scheme $hsts_header {
# https "max-age=63072000; preload";
#}
I then saved the file and restarted the container, observing the logs for potential errors. Because Nginx exits on the first fatal error in the configs, you won't see all of them at once, and have to repeat this process a few times, until you've corrected all the entries and conf files (if multiple are affected). But after 7-8 or so of these (and confirming I'm not seeing the same approximate line numbers re-appear), I eventually cleared the bad entries out.
It took a few minutes and I did not have to recreate my locations. I was able to update some proxy hosts afterwards, without issues. I haven't bothered to upgrade again, and will watch this issue until it's definitely fixed.
@kachunkachunk The config is saved in the database. Once you override that _hsts_map.conf the variable that is used in the vhosts is no longer set.
Upgrading to 2.11.2 solved the problem for me. No more "offline" when using "custom locations":
https://github.com/NginxProxyManager/nginx-proxy-manager/releases/tag/v2.11.2
the mentionen in this link is for "OAuth2/OpenID Provider" only, this entrys dont need a "Custom Nginx Configuration" ... an app with websocket like audiobookshelf and authentik proxy provider will not work cause of this "map not allowed here" in the "Custom Nginx Configuration" ... and its not fixed in 2.11.2 ... i use unraid with latest nginx proxy manager version ...
Just updated to ver 2.11.2 but the problem persist with Authentik proxy provider. There are news about the fix?
fwiw, I wound up just switching to the jlesage/nginx-proxy-manager container in unraid
