i think u must use different ports and subdomains and forward port 80 to pass letsencrypt check
Today I wanted to add an aditional site to the Nginx proxy manager.
I logged myself in in the Addon but I was surprised I needed to use the default password.
After logging in (and changing the password) I noticed everything was empty.
However, the proxy is still running and disabling it makes my HA go offline when using my public url.
There is a config file, that is clearly being loaded, but not visible on the admin UI
Any suggestions?
I have the same issue. From what I’ve noticed, it happens after restoring a backup, at least in my case.
It worked for vscode, thank you
1 Like
I followed this guide previously and was able to access homeassistant securely on my local network with the domain xyz.duckdns.org
what should I do to correct this issue?
. A screenshot from my previous setup
I had an issue with HA and had to restore from a backup but somehow my settings weren’t preserved.
I followed the guide again but cannot access the homeassistant using Duckdns on the local network.
configuration.yaml
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.0.0/16
status of NPM
NPM logs
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun manager (no readiness notification)
services-up: info: copying legacy longrun nginx (no readiness notification)
s6-rc: info: service legacy-services successfully started
[11/29/2023] [10:29:55 AM] [Global ] › ℹ info Manual db configuration already exists, skipping config creation from environment variables
[11/29/2023] [10:30:01 AM] [Migrate ] › ℹ info Current database version: 20211108145214
[11/29/2023] [10:30:28 AM] [Setup ] › ℹ info Added Certbot plugins certbot-dns-duckdns~=0.9
[11/29/2023] [10:30:28 AM] [Setup ] › ℹ info Logrotate Timer initialized
[11/29/2023] [10:30:28 AM] [Setup ] › ℹ info Logrotate completed.
[11/29/2023] [10:30:28 AM] [IP Ranges] › ℹ info Fetching IP Ranges from online services...
[11/29/2023] [10:30:28 AM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
2023/11/29 10:30:28 [error] 296#296: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.18.126, server: nginxproxymanager, request: "POST /api/tokens HTTP/1.1", upstream: "http://127.0.0.1:3000/tokens", host: "homeassistant.local:81", referrer: "http://homeassistant.local:81/login"
[11/29/2023] [10:30:29 AM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4
[11/29/2023] [10:30:29 AM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6
[11/29/2023] [10:30:29 AM] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized
[11/29/2023] [10:30:29 AM] [SSL ] › ℹ info Renewing SSL certs close to expiry...
[11/29/2023] [10:30:29 AM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized
[11/29/2023] [10:30:29 AM] [Global ] › ℹ info Backend PID 276 listening on port 3000 ...
`QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0
`QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0
QueryBuilder#omit is deprecated. This method will be removed in version 3.0
Model#$omit is deprected and will be removed in 3.0.
[11/29/2023] [10:31:41 AM] [SSL ] › ✖ error Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation
Failed to renew certificate npm-2 with error: File not found: /etc/letsencrypt/credentials/credentials-2
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/npm-2/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
at ChildProcess.exithandler (node:child_process:400:12)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1093:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5)
Duplicate relation "access_list" in a relation expression. You should use "a.[b, c]" instead of "[a.b, a.c]". This will cause an error in objection 2.0
[11/29/2023] [10:45:17 AM] [Nginx ] › ℹ info Reloading Nginx
I migrated my HA database from MariaDB back 2 SQL lite… All working fine now for some time. Now I want to remote the old MariaDB database cause of its size…wich no longer is being used… How does that work with Nginx Proxy Manager also uses MariaDB… If someone can send me in the right direction. … Can i just reinstall MariaDB so the database is clean? and will Nginx Proxy Manager contieu to work? what is the best aproach?
Thanx in advanced
Status of nginx proxy manager HA addon?
Dear all,
in the previous days I migrated my HA from the DuckDNS addon to nginx proxy manager addon for two reasons:
- I’ve added a separate Pi running OMV and Nextcloud, thus I needed a reverse proxy
- I am not very happy with the reliability of DuckDNS (propagation issues when my IP address changes).
I am still running on DuckDNS, the reverse proxy functionality is working fine, let’s encrypt certificates are generated in nginx proxy manager and dynamic IP address updates are still handled by the DuckDNS addon (with the certification part disabled by setting accept_terms: false
When I tried to switch to deSEC for the dyn DNS functionality, I run into issues - requesting let’s encrypt certificates fails. After some digging, I came to the impression, that the nginx proxy manager is not in a well maintained state and the experienced issues are well known:
- missing dependencies in the upstream docker image and stalled maintenance for the v2 branch https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2997#issuecomment-1663130773
- HA addon release is 0.12.3 from 2022, there are current commits including the current nginx proxy manager branch 2.10.4 https://github.com/hassio-addons/addon-nginx-proxy-manager/commits/main/
Is there a current best practice for a reverse proxy setup?
to Hello,
Can u tell me how i find the ip adress what proxymanager uses?
I myself and having a bit of a struggle setting this u[. I currently use Dynu DNS addon and everything works well. The reason I was looking into this addon was to additionally access other servers within my homelab.
However, whenever I setup any proxy host, it just resolves to the home assistance interface and will not route to the appropriate server.
I have the following http configuration in configuration,yaml
http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
ip_ban_enabled: true
login_attempts_threshold: 5
use_x_forwarded_for: true
trusted_proxies:
- 192.168.0.9
- 172.30.32.0/24
I found I needed the final two lines from additional research, the 192.168.0.9 is my internal IP for home assistant.
I have my working domain fqdn setup for both Internet and local network for home assistance network external access
And I have used the default configuration for NPM
And I am trying to forward simply, for testing purposes, to the nginx proxy manager admin page… a sub-domain which I have configured in Dynu DNS and I am trying to route it to another IP on my internal network using NPM.
However, as mentioned, whenever I go to this sub-domain it just goes to my ha login page… which I feel is all from the Dynu DNS addon and not related to NPM - what am I doing wrong?
I have played with commenting out the SSL location information along with a plethora of other ideas, but I have had no joy. Any advice would be appreciated, I have tried several things… I feel I have exhausted my options.
Thanks in advance for any assistance you can provide.
FWIW, my setup
Add-on: Nginx Proxy Manager
Manage Nginx proxy hosts with a simple, powerful interface
Add-on version: 1.0.1
You are running the latest version of this add-on.
System: Home Assistant OS 11.4 (amd64 / qemux86-64)
Home Assistant Core: 2024.1.3
Home Assistant Supervisor: 2023.12.1
I’d be also interested in understanding this.
I have to admit that I am not sure if there is anything else that uses MariaDB, as I had installed this years ago and since then it is just there. Any way to find out if it can just be deleted?
Generally: After the update it is like a fresh install, but frontend has not changed, so you jus creae the same connections again? Does it also recreate the SSL certificates or use the existing ones? Somewhere else I read about error messages that the certificate would already be there.
You can check MariaDB log, you should see if there are still writes or if it stopped. If it stopped it can be deleted.
Just a heads up for anyone having problems with Mariadb after the last update of nginx proxy manager. The update, which is pretty awesome, had some weird effect on mariadb which caused all kinds of database connection errors. Those errors in turn caused a memory leak. My VM usually uses around 3.5gb and now it filled up to the initially allocated 6gb, and later 9gb, in the run of a day, after which HAOS became very sluggish. Rebooting the VM resolved the issue for a day or so.
I ended up reverting my database back to the standard MySQL database and disabled mariadb. Problem solved. Pretty easy to do, there’s a good thread lingering around the forum somewhere. Tip: don’t covert the database on the HA machine but use a beefier machine. My 1gb database was converted within 5 minutes on a 13thgen i5 32gb machine. If you do this on your pi, n100 or a minimally configured vm, bring lots of coffee and something to read 
Hi,
I’ve been using NPM for 1,5 years to my satisfaction. Now, before I dared to update to the new version, I wanted to backup my settings.
However, NPM tells me ‘No relevant user found’. As read in this thread, I restarted my MariaDB add on and then NPM, but this did not work.
In the MariaDB, I discovered that some recent timestamps date back 4 month ago. In the NPM log I see this request:
{"result": "ok", "data": {"host": "core-mariadb", "port": 3306, "username": "service", "password": "...", "addon": "core_mariadb"}}
but later
[1/30/2024] [11:46:39 AM] [Global ] › ℹ info No valid environment variables for database provided, using default SQLite file '/data/database.sqlite'
Obviously, NPM lost access to the SQL DB.
How can I regain access to NPM and/or my configuration? Can I somehow get a grip on the sqlite DB?
I do not know if this is the same issue as you have. but is is the procedure to go into the sqlite database.
I also tried the procedure I found on the nginx pm site.
You need to install sqlite in the NPM container
For apline the procedure is al little bit different as described in the above URL.
Login to the NPM commandline via putty.
docker ps | grep nginx (find the container-name)
docker exec -it <container-name> sh
apk update
apk add --no-cache sqlite
sqlite3 /config/database.sqlite
You have now entered the SQL mode, where you set the status of all users to deleted:
UPDATE user SET is_deleted=1;
.exit
exit
When you have doe this you have to restart the container or in other words the add-on.
The first login will be with the default credentials again:
login: [email protected]
pass: changeme
1 Like
Thanks for this detailed answer!
I went half way, which was enough.
I entered the container with docer exec -it <container-name> bash, searched for the actual config (somewhat like /data/proxies/nginx/x.conf and copied these files with docker cp <container-name>:/srcpath /dstpath to the HA instance, where I can access them. I used the Advanced SSH Terminal Addon with protection mode disabled for running the docker commands.
Then, I performed the upgrade of NPM and reconfigured it as I could reconstruct from the nginx conf files. Went well, all good now.
1 Like
Is there an option to direct access logs to the home assistant logs?
Hi!
I tried the update and I cannot resolve my duckdns URL anymore. The odd thing is that I have nothing “configured” in the web UI not before nor after. I only have a config section in configuration.yaml. So I have no proxies defined now via the web ui pre-upgrade but it is working
Could it be that I have some old lingering NPM config that the current ngix is using (but it is not visible via the webgui)?