nginxproxymanager / docker-nginx-full Goto Github PK
View Code? Open in Web Editor NEWDocker image with compiled Nginx (OpenResty) and OpenSSL with all the stock Nginx plugins enabled.
Docker image with compiled Nginx (OpenResty) and OpenSSL with all the stock Nginx plugins enabled.
ModSecurity in nginx proxy manager would be really awesome and would improve security enormously. Is there already news about this?
Originally posted by @tombauer in #3 (comment)
I hope they implement it in NPM v3 but I haven't heard nor seen any news about ModSecurity implementation aswell. Hope someone has some answers.
Edit: There exists a fork with Crowdsec and Modsecurity (https://github.com/baudneo/nginx-proxy-manager). Still wondering if it will be in v3.
When running npm with a custom user:
enviroment:
- PUID=1000
- PGID=1000
Warn occur when processing the nginx.conf
file, and this warn is logged at fallback_error.log
:
2023/10/02 19:47:29 [warn] 158#158: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:4
I think it would be a better solution to not include the user
command in nginx.conf
if you have defined the PUID
environment variable.
I installed it and got an error that I can't run nginx
config nginx fix
user www-data;
full config
https://gist.github.com/vncloudsco/388a0c187c808cf0574260515a52dbe7
I keep getting a 502 bad gateway when I try to use the proxy.
Here is the code i am using for the yml file.
version: '3'
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
- '80:80'
- '81:81'
- '443:443'
environment:
DB_MYSQL_HOST: "db"
DB_MYSQL_PORT: 3306
DB_MYSQL_USER: "npm"
DB_MYSQL_PASSWORD: "npm"
DB_MYSQL_NAME: "npm"
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
db:
image: 'jc21/mariadb-aria:latest'
restart: unless-stopped
environment:
MYSQL_ROOT_PASSWORD: 'npm'
MYSQL_DATABASE: 'npm'
MYSQL_USER: 'npm'
MYSQL_PASSWORD: 'npm'
volumes:
- ./data/mysql:/var/lib/mysql
What could be going on? Ive tried every single tutorial on the internet for this and I cant get it to work on ubuntu 22.
NPM is pretty heavy, which can inflate the image store significantly when regularly updating it. An Alpine Container would probably reduce this issue significantly.
I'm using NPM and when using proxy hosts, we can define an access log, which I believe is enabled by default. However, when creating a stream
proxy - the access log directive does not work. After some reaseach, it looks like the ngx_stream_log_module allows us to do this. Is there a possibility of building nginx with this module to allow access logging of streams?
It looks like the install script is copied into the /tmp
folder, but is never ran here?: https://github.com/NginxProxyManager/docker-nginx-full/blob/78080a65481c735bdf81c9d01b49d4af4151ef6f/docker/Dockerfile#L78C1-L79C90
I was trying to add some code based on this https://github.com/dgraziotin/docker-nginx-webdav-nononsense/blob/main/Dockerfile
and the script fails on ./configure, I'm assuming https://github.com/arut/nginx-dav-ext-module is not compatible with openresty
Can Nginx Proxy Manager work with "normal" nginx?
or maybe can you look at my fork (master branch) https://github.com/skironDotNet/docker-nginx-full and debug more to see why exactly this is failing?
All I'm able to see in the console is
ERROR: failed to run command: sh ./configure --prefix=/etc/nginx/nginx ...
The command '/bin/sh -c /tmp/build-openresty' returned a non-zero code: 1
Many thanks!
This Debian release contains OpenSSL 1.1.1d, but we need 1.1.1l:
https://www.openssl.org/news/secadv/20210824.txt
EDIT: Ok, I found out that Debian fixed 1.1.1d, so we don't need to update to 1.1.1l:
https://security-tracker.debian.org/tracker/CVE-2021-3711
Verified as follows:
apt list -a openssl
Listing... Done
openssl/oldstable,now 1.1.1d-0+deb10u7 amd64 [installed]
openssl/oldstable 1.1.1d-0+deb10u6 amd64
Getting this stack trace when running certbot with a DNS challenge (dns-azure):
Traceback (most recent call last):
File "/usr/bin/certbot", line 5, in <module>
from certbot.main import main
File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 6, in <module>
from certbot._internal import main as internal_main
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 21, in <module>
import josepy as jose
File "/opt/certbot/lib/python3.7/site-packages/josepy/__init__.py", line 40, in <module>
from josepy.json_util import (
File "/opt/certbot/lib/python3.7/site-packages/josepy/json_util.py", line 14, in <module>
from OpenSSL import crypto
File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import crypto, SSL
File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1517, in <module>
class X509StoreFlags(object):
File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1537, in X509StoreFlags
CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'
Am running this from the nginx-proxy-manager, but I saw this container is the base container with certbot so figured it was the appropriate place to raise the issue.
From looking up the stack trace, it seems to be related to a dependency mismatch in pyopenssl:
https://stackoverflow.com/questions/73830524/attributeerror-module-lib-has-no-attribute-x509-v-flag-cb-issuer-check
Getting a shell in the container and activating the certbot venv then updating pip and pyopenssl immediately solves the problem (at least until next pull / redeploy). I was happy to put up a PR to include pyopenssl in the pip install for Dockerfile.certbot but I didn't want to create any potential knock on effects for things I may not be aware of, so just reporting it first.
source /opt/certbot/bin/activate
pip install pip --upgrade
pip install pyopenssl --upgrade
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.