Home Assistant Community Add-on: Nginx Proxy Manager

@ozzi91 @Klagio
For those of you who are getting white pages for subfolders:
Like mydomain.duckdns.org/nginx you have to setup a base url inside your app as well. If your app doesn’t support it then you need to add additional nginx config settings for that subfolder location so that nginx does the rewriting for you instead of the app.

  • Example 1 (app supports base URL reverse proxy): if you have Sonarr / Radarr (or any rrs) on your network and you want it to be on mydomain.duckdns.org/sonarr . Then all you have to do after you add the record in the NPM is in your Sonarr app go to general settings and add “/sonarr” in the base URL setting and that will fix the white page issue. Sonarr will know how to rewrite URLs and you will be all set.

  • Example 2: Some apps don’t have a setting for Base url (like your router) so then you have to click on a little gear icon when you are setting up your subfolder in NPM and paste the specific config settings.

Here is an example for Plex below. Just update the local IP of your plex server. You can also see the bottom part of the code rewrites and adds /web to the URL since plex’s portal uses /web for everything.

location /plex/ {
    rewrite /plex(/.*) $1 break;

    proxy_http_version 1.1;
    proxy_set_header Accept-Encoding "";
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $http_host;
    proxy_cache_bypass $http_upgrade;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_redirect off;

    sub_filter '/web/' '/plex/web/';
    sub_filter_types *;
    sub_filter_once off;

You can use the above example to try to set up other apps you might have…
If you are like me and you don’t really understand how that stuff above works and your app doesn’t support base url settings rewrite (ex: NPM, your Router) then you can google for “base url rewrite config for appname” and you will sometimes find something like the snippet above. When you paste the code you find on the net though make sure you ignore server { } snippets as those are for the entire nginx server and you just need it for your subfolder.

If interested I also have configs for: deluge, nzbget, adguard and glances. PM me and ill send them to you. If anyone finds the rewrites for Synology router that would be lovely :slight_smile:

I don’t have a Synology router but probably it has a DNS Rebinding protection setting and you need to allow for the proxy address to access the router webpage. pfsense calls it “alternate hostnames”

see this one:

1 Like

Seems to be a database issue. My pre existing config still works, I just can’t login because it’s switched from using the mariadb database to sqlite.

Thank you @Petrica , the portainer config worked :slight_smile:

Hello, did you find any solution ? I am in the same boat…

The only solution I found was to reinstall the nginx proxy manager addon. Your current config should still be saved in mariadb addon.

updating to 0.12.2 didn’t fix the issue either.

I did have to muck around with the proxy host address after reinstall to get it to find my local hostname again. I had mypihostname.local set. I was getting sent to a HA loading page with a 60sec retry timer. I set my local host back to IP number and clicked the external link from proxy hosts page.
I swtiched it back mypihostname.local after that and it worked fine.
Although in hindsight, that is probably a unique issue to my system and how it handles dns.

[11:44:43] INFO: Starting NGinx...
[8/21/2022] [11:44:44 AM] [Global   ] › ℹ  info      Manual db configuration already exists, skipping config creation from environment variables

This is definitely something that just started happening.

I am using (and have been using for a long time) mariadb. I can see my user and credentials in the DB. When trying to logon I get ‘no relevant user found’. But its there. I can logon with the default user which is interesting but that isn’t in the DB. #wtf When logging in with that user, there’s no configuration. nginx is still working with the configuration though. :slight_smile: I just cant change it or see it.

I just fixed this YESTERDAY but starting from scratch and then today after a reboot it happened again.

Probably the problem is with MariaDB, not NPM.

Are you able to set a fresh Docker install of NPM+MariaDB and move the configuration there? Home Assistant Community Add-on: Nginx Proxy Manager - #548 by Petrica

I dont think so. The database is fine after the connection is re-established even in the SAME nginx container by replacing the production.json in the container itself all works. It certainly appears to be nginx. That issue above is trying to figure things out though.

Hi there!
Is anybody using it with Cloudflare certs?
I would like to setup the Cloudflare (with proxy) certs to use HTTPS on my external domain, while keeping HTTP internally (to avoid certificate issues locally and with the app).
I tried to import the Cloudflare cert into Nginx Proxy Manager, but I have certificate issue now.
If I revert to use the HA config with CF certificates, no issue are detected.
I also tried to add the local network as trusted proxies.

Yes it works fine. I’d recheck how you imported and the config. You can also proxy with letsencrypt certs. I use letsencrypt because I prefer locally to connect locally rather than going through cloudflare. If I use letsencrypt certs, I can simply put a local dns entry on my network for the private IP and connect direct locally and remotely when I am outside the network via cloudflare with the same domain name/url.

origin certs work too though without the ability to locally connect. I started with that. They are supposedly more efficient because they are smaller but like we’d notice a 1k difference. :slight_smile:

Yeah just like in @calisro case it works fine. I first had it work with Lets Encrypt and then switched to origin certificate since it lasts for 30 years and apparently better. You have to turn origin checking on under SSL in Cloudflare, then generate it and install it on NPM under SSL tab. Then enable strict checking in Cloudflare. All that works with local domains being HTTP and HTTPS as I have both.

You can also use CloudFlared HA addon which basically automates everything for you and you don’t have to forward any ports on the router… although it doesn’t support sub-locations for domains to my knowledge like example.com/plex . Subdomain like plex.example.com is fine though.

Thanks for pointing the way to portainer config. Do you by any chance know how to set up NPM as sub location? ex: domain.com/npm

Just a note. The certs don’t expire and they are smaller (tiny bit less data but we’re talking home assistant here not a million hit per second application LOL) but if you use origin certs, you can’t access that local url directly anymore which is why I moved back to letsencrypt certs. I still retain strict checking in cloudflare with the same end-to-end encryption.

btw, if you’re going to use this methodology, be sure to disable caching in cloudflare or things are going to be very slowwwwwww. You do that under ‘page rules’.

For all local stuff I just use IP and http so no issues with SSL not being verified. I actually haven’t noticed any issues with default caching turned on.

You probably will when you have lots of images trying to load, you’ll notice. It’s sluggish as hell. I use a a card that loads all my doorbell images from a sensor and it timed out constantly. Also try shift+refresh on a browser and see how long things can take especially if you have lots of custom cards and JavaScripts.

Hi all.
couls anybody here explain IPs used by NPM?
After tries and fails I have it up and running with following http config

  use_x_forwarded_for: true
  ip_ban_enabled: true
  login_attempts_threshold: 3

The last one, ie. seems to be critical one.

I SSH docker inspect addon_a0d7b954_nginxproxymanager | jq -r and it displayed

"Gateway": "",
"IPAddress": "",

This one in http config is clear, but remaing two?

Without it was working from the internal network only and from external randomly, usually after several refreshing of IP, restarting companion app, but without automatic reconnection.

I had this issue today after a server restart. I restarted MariaDB and this fixed the issue for me.

I’m getting the error “another instance of certbot is already running”. I previously had the DuckDNS add-on running alongside NPM, and I just manually pointed NPM at the certs that the DuckDNS add-on had generated. Does this error mean I can’t run the DuckDNS add-on and NPM side-by-side anymore? It doesn’t look like I can even manually add SSL certs in NPM now. Previously, I could supply the path to the certs, but I don’t see any options other than adding a new one via Let’s Encrypt. I’m also concerned that if I can’t run the DuckDNS add-on alongside NPM, then I no longer have anything syncing my external IP with DuckDNS… What’s going on here?

in DuckDNS addon, have you modified the line :

accept_terms: false
using the SSL certs paths works well