How to Setup Nginx Proxy Manager on a Synology NAS!
Vložit
- čas přidán 20. 08. 2024
- ✅ Written Instructions: www.wundertech...
🔔 Subscribe for more tech related tutorials and overviews: link.wundertec...
🚀 Product Recommendations: link.wundertec...
❤️ Check out our website: link.wundertec...
Learn how to set up Nginx Proxy Manager on a Synology NAS using Docker! Full written instructions that guide you through the whole process! DISCLAIMER: The information in this video has been self-taught through years of technical tinkering. While we do our best to provide accurate, useful information, we make no guarantee that our viewers will achieve the same level of success. WunderTech does not assume liability nor responsibility to any person or entity with respect to damage caused directly or indirectly from its content or associated media. Use at your own risk.
WunderTech is a trade name of WunderTech, LLC.
** PLEASE READ IF YOU GET THE BAD GATEWAY ERROR **
After some digging, it appears like Synology uses Port 3306 by default for something which is why certain people get a "bad gateway" error. There are really two ways to fix this:
1. If your NAS has multiple NIC's and you have multiple IP addresses assigned to it, in the "config.json" file, enter the other IP address of your NAS. This should avoid the port conflict.
2. Rather than using port 3306 when we configure MariaDB/config.json, use a totally different port (8725 for example). This should avoid the port conflict.
tried the 2nd option, not working :(
thanks the 1st option worked!, BUT i have the same problem again that i had before, which is 'internal error' whenever i try to request certificate
@@sufianabdullah9463 Have you opened ports 80/443 to the macvlan network interface? Also, is the DNS configuration setup for your domain?
One more thing - by any chance, are you using Cloudflare? If you are, set the DNS record as "DNS Only" while trying to get the certificate as the proxy doesn't appear to work.
Let me know and we can continue troubleshooting!
@@WunderTechTutorials opening ports for the macvlan differ than open it for the ip of the nas?
@@sufianabdullah9463 Yes, you will have to open it directly to the macvlan network interface IP address (192.168.1.198 in the tutorial).
This tutorial was a massive help even though I ended up with the bad gateway error too at first. I fixed it based off of what you said but I want to explain it for others because I had trouble with it for a while. MariaDB (being connected to the bridge network) gets a unique IP for internal bridge use. in the JSON file I had to change the NAS IP to the MariaDB IP. It still didn't work because before I had tried the trick of changing the 3306 port. So for anyone who may be struggling! In the JSON file I had to change the port back to the original 3306 AND change the IP to the MariaDB IP assigned through the bridge network. I was legit about to give up on this. Thanks a bunch WunderTech!
Thanks for sharing the solution!
I did exactly this and nothing. I set the config to the 172.17.0.X that I got from the "bash ip address show" on the MarinaDB container. Even deleted and re-installed the NGNIX container. Still just bad gateway. When you installed MarinaDB container, what network(s) did you attach the container to? @WunderTech's tutorial is on an older version of DSM and doesn't have instructions for this step.
Thank you for the solution, you saved me time troubleshooting :)
You need to update this vidoe, the config.json is a outdated way to setup nginx proxy manager on the synology NAS, it is no longer needed
anyone else getting no available ipv4 addresses when trying to run Mariadb and NGINX together? I can only run one or the other! So NGINX proxy manager is on both NPM-network and npm-bridge. however, Mariadb is on NPM-Network. I cannot have both running at same time as it says not enough ipv4 address. both network and bridge have /24 subnets and /32 ip range. Any idea what I did wrong?
Hi... stuck at the network creation. After the sudo docker network command I get "Error response from daemon: plugin not found". What to do?
Maybe just another thought scenario... 🙂 Only in case of ALL of your targeted services are to be found in docker containers on your NAS.
Assuming that MariaDB in this case only needs to talk to the Nginx-Proxy-Manager and does not need a connection to the internet or other services:
I can suggest that instead of attaching the MariaDB container and the Nginx-Proxy-Manager Container to a bridge network called "npn-bridge", one could just add both of the to the docker null network which is not connected to the host NAS.
Of course as said before, all your services that you want to be proxied by you reverse proxy must be in docker containers attached to the docker null network as well...
This option will not work for when you want to reverse proxy to services running natively on your NAS or elsewher on the network (let alone other VLANS or whatever)
i tried this, but via containermansger instead of docker, bit puzzeling because of difrence in version.
it goes well until i have to select a network for the proxy manager, it give me only one option i cannot select multiple. what do i do wrong?
The latest video I just put out shows how to install it on Container Manager.
Thanks for another great writeup/video. The only surprising thing that I encountered when running through the configuration was that I couldn't access NPM at port 81 like you did -- but I worked when I hit port 8081. (I did confirm that my local (8081) and container (81) ports matched your screen shot and video. Minor, though!)
Thank you for sharing your experience!
A lot of people have had issues with this tutorial and I haven't been able to figure out why. Hopefully your feedback will help someone who's running into issues. Thanks again for sharing!
Thank you. Had the same issue but with port 8081 I am able to see the web gui. Some mistakes are made because of the tutorial not saying what to do with the network settings on the MariaDB. Use Bridge or host.
The way you explained and described in the written instruction was really good; but unfortunately "Bad getaway" error has occurred at my end. I do have a question, my nas already have MariaDB 10 installed from the package center, can we use that?
That could be the issue. When you get a chance, can you check the pinned comment I added? It appears like some people have had success with those changes, but please let me know if they don't work and we can continue troubleshooting!
Hi, I've got the same problem as most of the others. I really like your guide! I've checked the ENV-Variables and the config-file multiple times but didn't manage to solve the issue. I did everything step by step...
Thank you and I'm sorry to hear that it's not working. Someone pointed out that their NIC was causing issues and my only assumption is that this is why it's happening for some and not for others. What NAS are you trying to set this up on? I will do some research to see if that could be the issue.
Thank you again for watching!
@@WunderTechTutorials I try to setup a DS720+. I think the Problem is with the different networks.
I tried to set it up without Macvlan and Bridge Docker Network Interface. Than i can connect to the database. May I missed the Information but why is it important to do that with the subnet and macvlan. If you said it, you could just link the timestamp.
Thanks for your help! I really appreciate it!
Greetings,
Jonas
"failed to create the macvlan port: device or resource busy :("
Thank you very much
So I ran into a issue where mariaDB is giving me "unauthenticated" for user in the logs, repeatedly. I've double and triple checked my config.json for user and password, as well as mariaDB enviromentals. For whatever reason, even with these 2 settings properly setup, and the config.json properly loaded into nginx, it is continuously saying the host is unreachable in nginx logs. Then in mariaDB's logs I see that an attempt to connect was made, and unauthenticated, this keeps happening until i stop the containers.
I think that mariaDB doesnt like having the user and password set in enviroment variables......
I haven't personally seen that, but are you running MariaDB anywhere else? Is there a chance it's trying to authenticate there?
Doesn't work for me 😞
I am getting an error:
Error response from daemon: network dm-872749d8fcae is already using parent interface ovs_eth0
I don't quite understand why I am getting that error but I already have a macvlan created because I followed your pihole tutorial. Could that be using it?
Yes, that's exactly it. Do you have a Synology NAS with two network ports? If so, you should be able to use the other one.
Thanks for another great tut. How is this nginx proxy manager different from the one that comes with Synology NAS? And would you recommend running your own nginx manager as oppose to using Synology's. Personally, I find that I learn more this way, not everything is abstracted away by the Synology's interface.
Thank you for watching! Ultimately, they both do the same thing if you're looking for a reverse proxy only. Meaning that if you're fully configured using Synology's, I'm not sure I'd switch over to this.
However, if you're interested in further customizing your setup, you have a lot more options with this. Personally, I prefer NPM, but I understand why people use Synology's.
If you have specific questions about what you can or cannot do, please let me know!
I am following your video - with DSM 7.2 - in the GUI it will only let me add 1 Network - either npm_bridge or the npm_macvlan but not both. How do I get both networks in?
If you select the Network tab, then check the containers that the network interfaces are used on, you should be able to add it. DSM 7.2 changed that drastically unfortunately.
@@WunderTechTutorials As you probably know, tabs don't exists anymore...only sections that expand and collapse. It only has a dropdown box, so only one can be chosen. Mariushosting's tuts shows how to install NPM as a task (for simplicity, I kept your port numbers). I was able to get the NPM login screen, so it seems everything meshed together fine.
For the people trying to use the other network port on their NAS, is it a matter of just unplugging it from one port and plugging it into the other port? Or should I run a second ethernet cable into the second port? Do I need to shut down the NAS first? Will anything need to be reconfigured? I have a static map in my router for the current interface, so I know if I disconnect the cable from it and plug it into the other port, my NAS IP address will change, and that's probably going to break some other things.
No, you shouldn't have to turn off the NAS, but you will have to run a second network cable. Don't remove the first one - the second port will get a new IP.
I'm getting BAD GATEWAY when trying to login to the admin console for Nginx - ideas?
What kind of NAS do you have? A lot of people have been running into issues because of the NIC that their NAS has. I've been trying to narrow down which work and which don't.
Is there any errors in the Docker log?
@@WunderTechTutorials I got the same error trying to access the NPM web page, it doesn't matter which port I use in the json file that also match with the docker ports (see the log below), and I added both networks (npm_bridge & npm_network) to both containers (mariadb & npm) just i case but with only the npm_bridge I got the same results: "Bad Gateway". If you can see anything else I will appreciated. Thanks for your tutorial.
date stream content
===============================================================================================================================
2020-12-26 02:55:23 stdout [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
2020-12-26 02:55:23 stdout [s6-init] ensuring user provided files have correct perms...exited 0.
2020-12-26 02:55:23 stdout [fix-attrs.d] applying ownership & permissions fixes...
2020-12-26 02:55:23 stdout [fix-attrs.d] done.
2020-12-26 02:55:23 stdout [cont-init.d] executing container initialization scripts...
2020-12-26 02:55:23 stdout [cont-init.d] done.
2020-12-26 02:55:23 stdout [services.d] starting services
2020-12-26 02:55:23 stdout [services.d] done.
2020-12-26 02:55:23 stdout > Enabling IPV6 in hosts: /etc/nginx/conf.d
2020-12-26 02:55:23 stdout > /etc/nginx/conf.d/include/assets.conf
2020-12-26 02:55:23 stdout > /etc/nginx/conf.d/include/block-exploits.conf
2020-12-26 02:55:23 stdout > /etc/nginx/conf.d/include/force-ssl.conf
2020-12-26 02:55:23 stdout > /etc/nginx/conf.d/include/ip_ranges.conf
2020-12-26 02:55:23 stdout > /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
2020-12-26 02:55:23 stdout > /etc/nginx/conf.d/include/proxy.conf
2020-12-26 02:55:23 stdout > /etc/nginx/conf.d/include/ssl-ciphers.conf
2020-12-26 02:55:23 stdout > /etc/nginx/conf.d/include/resolvers.conf
2020-12-26 02:55:23 stdout > /etc/nginx/conf.d/default.conf
2020-12-26 02:55:23 stdout > /etc/nginx/conf.d/production.conf
2020-12-26 02:55:23 stdout > Enabling IPV6 in hosts: /data/nginx
2020-12-26 02:55:28 stdout [12/26/2020] [2:55:28 AM] [Global ] › ✖ error connect EHOSTUNREACH 172.19.250.101:9555
2020-12-26 02:55:31 stdout [12/26/2020] [2:55:31 AM] [Global ] › ✖ error connect EHOSTUNREACH 172.19.250.101:9555
2020-12-26 02:55:34 stdout [12/26/2020] [2:55:34 AM] [Global ] › ✖ error connect EHOSTUNREACH 172.19.250.101:9555
2020-12-26 02:55:37 stdout [12/26/2020] [2:55:37 AM] [Global ] › ✖ error connect EHOSTUNREACH 172.19.250.101:9555
2020-12-26 02:55:40 stdout [12/26/2020] [2:55:40 AM] [Global ] › ✖ error connect EHOSTUNREACH 172.19.250.101:9555
2020-12-26 02:55:43 stdout [12/26/2020] [2:55:43 AM] [Global ] › ✖ error connect EHOSTUNREACH 172.19.250.101:9555
2020-12-26 02:55:46 stdout [12/26/2020] [2:55:46 AM] [Global ] › ✖ error connect EHOSTUNREACH 172.19.250.101:9555
2020-12-26 02:55:49 stdout [12/26/2020] [2:55:49 AM] [Global ] › ✖ error connect EHOSTUNREACH 172.19.250.101:9555
2020-12-26 02:55:52 stdout [12/26/2020] [2:55:52 AM] [Global ] › ✖ error connect EHOSTUNREACH 172.19.250.101:9555
2020-12-26 02:55:55 stdout [12/26/2020] [2:55:55 AM] [Global ] › ✖ error connect EHOSTUNREACH 172.19.250.101:9555
2020-12-26 02:55:58 stdout [12/26/2020] [2:55:58 AM] [Global ] › ✖ error connect EHOSTUNREACH 172.19.250.101:9555
2020-12-26 02:56:01 stdout [12/26/2020] [2:56:01 AM] [Global ] › ✖ error connect EHOSTUNREACH 172.19.250.101:9555
2020-12-26 02:56:04 stdout [12/26/2020] [2:56:04 AM] [Global ] › ✖ error connect EHOSTUNREACH 172.19.250.101:9555
2020-12-26 02:56:07 stdout [12/26/2020] [2:56:07 AM] [Global ] › ✖ error connect EHOSTUNREACH 172.19.250.101:9555
2020-12-26 02:56:10 stdout [12/26/2020] [2:56:10 AM] [Global ] › ✖ error connect EHOSTUNREACH 172.19.250.101:9555
2020-12-26 02:56:13 stdout [12/26/2020] [2:56:13 AM] [Global ] › ✖ error connect EHOSTUNREACH 172.19.250.101:9555
2020-12-26 02:56:16 stdout [12/26/2020] [2:56:16 AM] [Global ] › ✖ error connect EHOSTUNREACH 172.19.250.101:9555
@@WunderTechTutorials same probleme here have you already a solution the log shows the same error.
@@danielschmidt7925 Does your NAS have a second ethernet port? The best solution that I've found is to use the other IP address assigned to your NAS in the config.json file.
Let me know if you don't and we can continue troubleshooting.
@@WunderTechTutorials thanks for your replay.
yes i tried it in my case lan1 192.168.178.200 and lan2 192.168.178.202 both are static ip from the synology
192.168.178.210 is the ip from the nginx proxy manager.
I can now log in but i can't connect to the domains. Which of the IP Addresses must set in the Fritzbox(modem) to the Proxy-manager?
Hello Wundertech, my congratulations for this series of excelents videos. I have a question: why set up a container configuration when DSM does have already a reverse proxy configuration under DSM 7.2 control panel / login portal / advanced / reverse proxy menu?
Thanks! Just personal preference. If you're happy with the Synology reverse proxy server, go for it!
Great Tutorial! I reached the nginx-proxy-GUI but after trying to sign in first time, I get a "bad gateway".failure... Whats wrong? I have no idea :-((
Unfortunately, that's a pretty common error that I can't really replicate. Here are a few suggestions that have helped other users: www.wundertech.net/nginx-proxy-manager-synology-nas-setup-instructions/#2_Nginx_Proxy_Manager_Setup_Synology_NAS
Thanks for another great video.
I have question, I have one container which use macvlan for pihole.
Do you know how to configure second container on the same macvlan as pihole ?
Unfortunately, it gets a little complicated because you'll need both to have static IP's (that don't change) in order to utilize the services. Does your NAS have two network ports where you can create a macvlan on each?
Container Manager 20.10.20-1437 doesn't seem to have the ability to add multiple networks for a container to connect to. It's a single drop down menu now. Do you have a working solution/workaround for this? Thanks!
Unfortunately, you have to create the container, then go to networks and assign the network to the container...I don't love how they did it.
@@WunderTechTutorials Ahh, i see thanks for the quick reply!
did all the steps. when starting the NPM container I get logs in the terminal stating "connect EHOSTUNREACH" no clue where to go from here.
Are you receiving the "bad gateway" error on the webpage?
Hi, very interesting tutorial, i'll try soon.
As far you know, if i would use my own certficate instead of let'sencrypt how to do that?
Or, if you know some doc to read or tutorial to watch, it will be great!
I have my own internal CA and i would like use my own certficate on my lab
Thanks
I haven't played around with using my own certificates (as NPM is for external access, so I've always used LE), but I am sure that there is some information online. Sorry for not being much of a help!
Morning,
I did adguard home install as your tutorial using ag_network and brigde, after that I'm following this tutorial to create new network for NPM but return an error "Error response from daemon: network dm-xxxxxxxxxx is already using parent interface eth0"
How can I fix this when I want to use Adguard_home and Nginx on the same device (nas)
Thank you!
Do you have two NICs? If so, you'll have to use the second, though there have been tons of issues that people have run into with this tutorial so I admit that you might run into another issue.
Have managed to remove the bad gateway error when logging in but when all setup I get back gateway 502 error when connecting to a subdomain that is proxied. I have it all setup correctly (in my mind), so not really sure where to go from here :(
Where exactly are you getting that error? When you try and access the proxy host?
Sorry new at this, so confused by written instructions, "Our network is now created. We can now exit our SSH session and disable it in DSM (if you won’t be using it). If you are disabling it and created a firewall rule for it, you should inactivate the firewall rule as well."
Disable what...what I just made in SSH? Why create it then? Where do I disable it. I don't see it in DSM...
Certain people like to keep SSH disabled unless they're actively using it. It's just basically for security purposes and it ensures you're only using SSH when you absolutely need to.
So if you enable SSH and create a firewall rule for port 22, you can disable SSH and disable the firewall rule when you're done. You don't HAVE to do this, certain people just suggest that you do.
If you have any other questions, please let me know!
What's the point of changing the local ports? Isn't that what you claimed the macvlan network solved? The way I see it, you shouldn't even need the macvlan network at all if you're not even going to be binding to local ports 80 and 443.
Used port 8275 as you suggested, but still bad gateway, error is the same as for others:
error connect EHOSTUNREACH NASIP:8725
In this LOG file (Nginx-Proxy\data\logs\error.log ) I find this:
connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: nginxproxymanager, request: "GET /api/ HTTP/1.1", upstream: "127.0.0.1:3000/", host: "127.0.0.1:81"
What is upstream server and what does it do at port 3000? It might be a conflict with a random container but I have no idea where to change it.
For the record when I use this command: netstat -tulpn
It shows that something uses port 3000
tcp6 0 0 :::3000 :::* LISTEN -
@@Merwenus Do you have multiple IP addresses for your NAS? Meaning you have multiple ethernet cables plugged in? If so, can you use the other IP address in the config.json file?
@@WunderTechTutorials only 1 Ethernet port. But changed to a different nginx container suggested I comments and that is working fine. Thank you.
Im using the same MacVlan subnet for AdGuard so I have a docker API alert when I try to run NPM
You can unfortunately only use this macvlan network interface for one container since there's only a single IP address assigned to it.
there is a way with macvlans, by using a /28 for instance instead of the /32, if these IPs are available on your LAN, yu can assign them individually. I'm using portainer though, not sure it can be done via docker app in DSM
@@JuLien-iy7em You can, but /32 ensures that the IP address will stay static which is important for services like this.
Dear Team of Wundertech I just installed mariadb and Nginx Proxy Manager: I received the following message from docker:
Start container Nginx-Proxy-Manager failed: {"message":"failed to create the macvlan port: device or resource busy"}. What can I do, to solve the problem?
Are you running a macvlan network interface on another container?
NO I have only the Maria db and the nginx-proxy-manager container. Ds1812+ and the latest DSM 6
Are you able to get to the web UI?
Thanks for a detailed Tutorial.
With regards to the "BAD GATEWAY ERROR", you had mentioned on one of your responses that possible fix could be change port 3306 to 8725.
Question: Are you speaking of Local Port or Container Port or possibly both? Thanks much for everything.
That would be the local port. Some users have said that it works, while some have said that it doesn't, but it's at least one thing to try.
Another suggestion is if you have a NAS with two ethernet ports, plug both in and use the second ethernet port's (LAN2) IP address in the config file. This has resolved the problem for almost everyone who has tried it (as far as I know).
Let me know if I can do anything else!
@@WunderTechTutorials I tried both the ports IP in the config file and the correspondent eth0/eth1 in the comand line, but still "Bad gateway"
@@huaqiangkong5931 Unfortunately, these are the only two solutions that I'm aware of (under "Bad Gateway Error"):
www.wundertech.net/nginx-proxy-manager-synology-nas-setup-instructions/#2_Nginx_Proxy_Manager_Setup_Synology_NAS
This (and the page you linked) helped me IMMENSELY. I haven't had to hack DNS much, so figuring out how to get this working was mysterious. I'm like 90% of the way to where I want to be! I've got npm up and running on a macvlan network, I've got it creating Let's Encrypt certs... the only problem I have now is that I originally set this up to use a wildcard cert that pointed at my Synology NAS.
Since that's only a single ip address, and my macvlan network only has one IP address, I can't add other containers. am I going about this the wrong way by trying to use a wildcard cert in conjunction with npm on a macvlan network?
Glad you were able to get it working because this has caused a lot of problems for other people. What exactly are you trying to do with the wildcard cert? Generally, if you got the cert successfully, the rest is just different configurations.
Weird-- I thought I'd replied to this! Anyway, in my case, I'm trying to use the wildcard cert to cover npm plus some other services that are running on my Synology NAS. The way I understand it, the macvlan network has a single IP (used for npm); if I point my wildcard cert at this IP, I can't use it on other containers (since they can't join the macvlan network and use that IP). I might be misunderstanding this, though!
@@iresprite So generally, certs are used for services. If you have a web service, you'll create a CNAME/A record on your DNS provider, then create a reverse proxy rule for it, and that's where you'd use the wildcard cert.
If you're talking about using a wildcard cert for internal services, then your internal DNS record would point to the macvlan network interface IP, and the reverse proxy rule would use the wildcard cert and point to the internal services IP.
Aha! Thank you. That clears things up for me, and I now have a working npm. Thank you so much!
@@WunderTechTutorials so it looks like there's still a little problem; I've got npm on the macvlan network, and it can communicate with other containers on the npm_bridge, but it can't communicate with the Synology NAS host. The only thing I can think of that's different is that I didn't create a config.json file because I'm using the built-in db backend.
@wundertech Is this the same process for DSM 7? I get a "bad Gateway" message. I check the Docker logs: error ehostunreach 'Synology NAS IP':Port of MariaDB. Also, I don't see the IP address of Nginx in my router (Google Nest) to port forward. I get to the Nginx webpage. Thanks for your insight
It should be the same, but if I'm being honest, this tutorial has caused so many people to run into different issues that I can't even be certain exactly what can be causing it. I'm not sure if you saw the "bad gateway error" on this page (at the bottom), but these are the only "fixes" I can confirm have worked for other people.
www.wundertech.net/nginx-proxy-manager-synology-nas-setup-instructions/#2_Nginx_Proxy_Manager_Setup_-_Synology_NAS
I use two synology. The first one is ok but on the second ơn, I can't use Reverse Proxy as well as Nginx Proxy Manager. I heard somewhere that I can't have more than one Reverse Proxy. Is that true?
You can have multiple, but you can only expose one to the internet. With that said, there's no real reason to have more than one as the first will do everything the second can do.
@@WunderTechTutorials could you please help me for making tutorial about this problem? Setting up 2 Reverse Proxy, each for each NAS, on the same network.
@@trieto8154 There's a technical limitation to doing that unfortunately. You can only open ports 80/443 to one device, so you'll never be able to have two functional reverse proxies on the same network unless you have multiple ISP's.
@@WunderTechTutorials Oh! That's so unconvinient. I have one nas and my brother have one nas. Of course they are in the same network.
When I installed Mariadb there was no port setting
and because of this, when logging in, it issues Bad Gateway
DSM7
Unfortunately, the only bad gateway fixes that I know of are listed in this article: www.wundertech.net/nginx-proxy-manager-synology-nas-setup-instructions/#2_Nginx_Proxy_Manager_Setup_Synology_NAS
@@WunderTechTutorials change to 8725 on config and in mariadb, anyway bad gateway
Hey Frank. If i may, I've done it all. it's all configured using my own personal domain. I do have a question though - I now have 2 different networks on the docker gui - npm_network and npm_bridge. My question now is - should my other containers also be configured to be on that macvlan or should they stay in the regular "bridge" network?
Nope! Those networks are strictly for the NPM container. Overall, the bridge just allows for communication between the NAS and NPM. So if you wanted to host something on your NAS through NPM, you wouldn't use the NAS's IP address, you'd use the bridge IP address. This is the ONLY circumstance where that network is needed.
@@WunderTechTutorials Thanks Frank, couldn't find the answer to that anywhere. I was hoping that would fix my problem because after following your instructions on your "How to Setup an SSL Certificate for Plex using Nginx Proxy Manager" I keep getting the 502 bad gateway error. I previously was port forwarding 32400 for plex on my router but I'm assuming now that I'm using nginx i should remove that right? I did and I get bad gateway error, was hoping I'd find another viewer of yours with the same error but it seems as though I'm alone here. I have an ER-X if that helps!
What's really weird and conflicting amongst different tutorials is that some people put their external IP address on their nginx proxy manager and others put their home server IP where the docker lives.
@@FromSergio When you say that you're getting the bad gateway error, where are you getting that?
As for the forward hostname/IP, that should definitely be the internal IP address. I'm not sure why they would use something else, but you should have 80/443 open to your macvlan network interface and can close all other ports. At that point, NPM will take your domain name and forward it to that internal IP address. Just make sure you use the correct scheme (HTTP for Plex), forward IP (internal Plex IP), then port (32400). If your Plex instance is on your Synology NAS, the forward hostname/IP should be the bridge network IP address.
Let me know how it goes!
good day
thank you for the videos, they were very helpful. i want to run in my docker synology adguardhome and nginx proxy manager. i keep getting errors. i can only create a MACVLAN with gateway 192.168.1.1. could you please make a video on how to run two containers. thanks in advance
I will add this to my list of future tutorials!
@@WunderTechTutorials Thanks for your great work. I have the same problem, I can't create a new macvlan, mine is working with adguard. What can we do?
@@aurelioaparicio5595 Do you have a second NIC? That's the only way you'll be able to create a second.
Okay, I gave it a go and ran into two issues. 1) Nginx not able to fine the maria database. My fix was to create a default docker bridge network and add both containers to the network and in my config.json I just reference the container name in place of my NAS ip address. Ngnix was able to find the database and everything ran smoothly. However, leading into my second problem, I was not able to use my ip address (192.168.1.198) associated with mcvlan bridge network to connect to the container (however, I am able to connect to nginx container using my nas ip and custom port). So basically, the host computer unable to see the nginx container and vice-versa (I verify that by ping from host to container and vice-versa). Which, from my readings, is to be expected given the nginx is on a mcvlan network and the host and container is isolated from each other (avoiding potential port conflicts). I also check to make sure that the ip address was not in use. Yep...I am stuck at this point. I don't know if I miss something but i did follow the written directions. It could be my setup. I read somewhere that my nic or switch must support promiscuous mode for mcvlan to work??
A lot of people seem to be running into the MariaDB issue and I honestly don't have an answer why. I have tested this so many times and just cannot come up with a reason why others are running into issues. As long as I enter in the passwords in the MariaDB environment variables before starting the container (and it matches in the config file), everything works as expected. My only other guess is that it's port related and 3306 is causing an issue for some people. An option would be to switch that to something totally different and not in use (9555 or something like that).
With the macvlan network interface, the host will NOT be able to see the container as you said. However, the container SHOULD be able to see the host. If the host needs to talk to the container, it's done using the npm_bridge network that we created (192.168.10.2). Are you using Synology's firewall? If you are, can you disable it and see if the container can then see the host?
Also, are you able to get to the webpage using NPM's IP address (192.168.1.198:81)? If you are, is it just that you're unable to sign in and you receive the "bad gateway" error?
Sorry for all the issues and questions. I have tested this 100 times because various people have received this error and I cannot replicate it. Hopefully it's something minor and we can find it.
@@WunderTechTutorials No worries. I will give it another go later today. I did not have my firewall enabled and I was not able to access NM's ip address (192.168.1.198:81) I was only able to access it through my host ip
Okay, I got it to work! It was my NIC. Switching over to another interface on the back of my synology did the trick. I had bought a new 10gig card (and switch) a months or so back and started using that to connect to my nas. That was the only thing that was different in my setup when I did your pi-hole on synology tut, which worked perfectly. So, it had to be the card or my network setup that caused the problem. I think it was the card. Thanks again for the great tut.
@@curtney That's awesome!! I'm glad to hear that it worked and that's some great input. I haven't been able to find out why this is working for some and not others but the NIC makes a ton of sense. Different NAS devices have different NIC's, so that could be the issue.
Thanks a lot for letting me know!
i can't route from proxy container to host, i ssh to proxy container and can't ping host as well, anyone help?
Can you try using the bridge network IP address? That's how the host/container can communicate.
Hey there, here I am lurking one of your many tutorials. Looks like I set this all up nicely but I'm sort of stuck on the last step. When I open nginx it tells me Welcome to nginx!
If you see this page, the nginx web server is successfully installed and working. Further configuration is required. I'm not really sure what to do after this? If you can spare a few seconds to help out that would be amazing. Thanks man :)
solved my own problem. Turns out I was installing the nginx offical docker, not the proxy manager, which doesn't have a gui. It was my fault and nothing to do with your instructions. i redid it using your instructons and although everything works I can see on the container logs for nginx that "Manual db configuration already exists, skipping config creating from environmental variables." It's going on in a loop. Is this normal?
Once again solved it by fixing the bad getaway. I need to hold my questions until i've tried everything. Apologies for the monologue!
@@FromSergio Sorry for not getting back to you in time but I'm glad that you got it working!
Awesome
Hey I tried but unfortunately it didn't work. Is there a way to delete the network interface we created at 3:45?
You should see the network interface in the Docker list and can delete it from there.
Hey, I want to check with u, as I'm trying to set it up as a reverse proxy. For example, my external Ip is 180.222.55.213.
And my internal IP address for Bitwarden and Nginx is 192.168.21.232:82 and 192.168.21.232:81 respectively, somehow I can't get the reverse proxy to work here.. after configuring, I cant get it to work.. please advice, this is my docker-compose file.
I'm able to access bitwarden with 192.168.21.232:82 but when I access it through my subdomain.fqdn I'm facing 504 gateway time out.
version: "3"
services:
bitwarden:
container_name: bitwarden
image: bitwardenrs/server:raspberry
restart: always
volumes:
- /opt/containers/bitwarden/bw-data:/data
- /opt/containers/bitwarden/logs/bitwarden:/log
env_file:
- ./.env
ports:
- 82:80
My apologies for asking a question on a two year old post, but I have followed all of the instructions and seem to be stuck. I have tried finding information searching these comments as well as on reddit and google.
My issue, both of these containers work for me, but not at the same time. Regardless of Mariadb or nginx container, the second one to start returns a docker api error of no IPv4 addresses are available. I have been trying different things for a few days but networking is not a strong area for me.
Any direction from anyone would be greatly appreciated.
It seems that I had both networks setup in one of the containers. :(
Now I can't get the ingix web portal to open. My brain hurts! :)
Which container is giving that error? That would imply that an IP address is the issue, which could be the macvlan network interface or the bridge. Overall, they should be different IPs and you will have to modify the macvlan to use the settings you have on your local network.
@@WunderTechTutorials Thank you for responding. I believe I know what the problem may be. During the SSH step, it seems that I skipped over the instruction about substituting the correct subnet and and to pick an ip address that's not in use. Instead I copied what you had listed out. I hopped back into the SSH and ran the ifconfig command but wasn't able to see anything near the defaults you listed. I will give it another go tomorrow on fresh eyes and rested brain.
@WunderTech I deleted my previous attempts and started all over. This time everything worked like a charm. Thank you again for all of your knowledge and effort. I truly enjoy the way you teach as well as how gracious you are in responding to peoples questions. You are wonderful.
Great video and just what I was looking for as well :)
I'm glad to hear that, thank you for watching!
I encountered "connect EHOSTUNREACH" although I open the port in firewall for mariadb, it seems that if i add nginx to npm_network, it would not be connected, but weird thing is that if i connect only npm_bridge, it can find the mariadb. Is there any suggestion?
You aren't using the firewall, right? There are many people that have the "bad gateway" error, but you're receiving an entirely different error.
@@WunderTechTutorials I’m using firewall, btw I read articles about macvlan would prevent the containers to access host due to security reason, may be this is the root cause
@@hamster7521 Macvlan just stops the host and container from speaking with each other. You should be able to access it on a web browser (off the NAS). If you disable the firewall, any luck?
if vlan cannot communicate with host network (nas), why is nas being put in the config? is that why i'm getting bad gateway error? how does one go around this? tried all the suggestions below, im lost!
I need to look a little further into what you said because it makes a lot of sense and might be the reason so many people have problems...with that said, I don't, so this has been hard for me to troubleshoot.
To get yours working, can you try the bad gateway section on this page? www.wundertech.net/nginx-proxy-manager-synology-nas-setup-instructions/
@@WunderTechTutorials hey sorry about the double post, it said my previous one did not go through and yet it did. to answer your question from the other comment, i've tried the bad gateway suggestions on both your website and gone through the comments too for other fixes.
i'm no where as good with computers as you are, but I really do believe it cannot communicate with the host if you are on macvlan (this is made clear in docker docs). Because of this, putting the host IP in config would not work.
im thinking there needs to be a way to have an overlay network on the macvlan (not just the bridge) to let it talk to host? Happy to troubleshoot this with you on this further. This is an interesting one.
@@raet2217 If you're willing to test something, would you mind adding the default "bridge" network to both containers and then setting the config file as that bridge IP? I have received a few comments from people stating that this fixes the issue, but since it works for me, I can't really try the fix.
my nginx proxy is not starting. I am getting this error
Start container Nginx-proxy-manager failed: {"message":"no available IPv4 addresses on this network's address pools: npm_bridge (XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)"}.
Are you using a different IP subnet than the local subnet?
@@WunderTechTutorials yes
@@ashoktvm I would confirm the subnet and all values match exactly as that's what the error points to.
@@WunderTechTutorials Hey sir! Are we sure both NPM-network and NPM-Bridge should be /32 for IP Range? It seems only one or the other can run, not at the same time. So NGIX-manger should be running on both and MariaDB on NPM-network. Is that correct? On the latest DSM
@@sejn2587 They are set to /32 so they are individual IP address, however, if I am being honest, I'd probably suggest using a different device for NPM. There have been a ton of problems that users have faced with it - at least following this tutorial.
No, I cannot connect via web UI - the container did not start
Can you try and check the docker logs to see what the error is?
Love your tutorials very much appreciated. I have one question. I have a Minecraft server running in a docker for my son and when I get the step to create the bridge, it gives the error that, "Pool overlaps with other one on this address space" How do I get around this error?
Also, I have an existing Mariadb running a Wordpress site. Does that conflict with this set up?
Thanks in advance,
Will
Thanks! What exactly are you trying to do with the Minecrafter server - have it accessible from the outside using Nginx Proxy Manager? As for that error, are you getting it when you try and set up the macvlan network interface?
I don't think you'll have problems if you're using the regular MariaDB package.
@@WunderTechTutorials I am using the Minecraft server for multiplayer on my local network, so would not use that with nginx. As for the error, I actually got the macvlan set up without any errors, the error comes in when I try to set up the bridge connection.
Thanks
@@yesimwilliam For the bridge, are you trying to use an IP range currently in-use? You need to make sure it's not something you're currently using. For example, if your home network is 192.168.1.X, you want to use 192.168.10.X.
@@WunderTechTutorials Ah I see. I thought because my current network was 192.168.0.x I had to use 192.168.0.x. So I can use whatever I want like you said 192.168.10.x?
@@yesimwilliam That is correct!
How do I get the subnet & what IP address do I use
The subnet will be the first three numbers that you use to access your router (example 192.168.1.1 router IP = 192.168.1 subnet).
The IP address can be whatever you want, up to 254.
Hi Frank, I hope you can help me clear fix this. When I reached the last step in the Nginx Proxy Manager Container Setup in the written instructions, I got the msg "Start container Nginx-Proxy-Manager failed: {"message":"failed to create the macvlan port: device or resource busy"}." I watched the video and realized in the SSH script you used “ovs_eth0” in the video and not the “eth0” like in the written instructions. I went back to SSH and seen I have “ovs_eth0” and “ovs_eth1” I tried to do the sudo docker network create line in SSH again using “ovs_eth0” and get the message "Error response from daemon: network with name npm_network already exist" What are the steps I need to take to fix this, if I need to remove or delete it first in SSH could you please provide the exact steps so I do not do something wrong? I have had great luck with your help videos and written instructions and not had an issue until I messed this up! Please help if you can and Thank You! Paul W. (My Experience level is Newbie Learning)
Hello! That error normally means that you have a macvlan network interface already set up on that interface. Are you using a different container that has a macvlan set up? If you are, can you try the other ethernet port to see if that works?
@@WunderTechTutorials Thank you for the prompt reply, as far as I know I have not knowingly setup another macvlan, (Other than the one I created using the written instructions with the “eth0”). If I have another working macvlan setup that is working how would I check for it and how would I set it up to work with the reverse proxy NPM that I was wanting to setup? (My Goal is to get Cloudflare + Nginix Proxy Manager working together to use with my self hosting on my Synology NAS Home Server for better security it offers) Thank You again, Paul W.
In my Docker the containers I show are MariaDB, portainer-ce, synology_docviewer_1 and synology_docviewer_2 (Hope this helps)
@@paulweatherford5256 If you go to the network tab in Docker, what do you have listed there?
@@WunderTechTutorials
bridge - 4 connected container(s),
npm_bridge - 1 connected container(s),
host - no connected container(s),
npm_network - 1 connected container(s)
(All show as blue for connections except for host it is greyed out with no connections.
Hi, love your videos ..... slightly confused at something here tho. You mention that the macvlan is required to free up 80 and 443 as the synology steals these for itself. However, when you configure the ports on the nginx container @8:14, you don't specify either 443 or 80 as the local ports. So how does it then work over port 80 and 443? By mapping different local ports to the container ports, surely this would work without the macvlan?
Thanks! Sorry, I responded and then realized that I was thinking of a different container. This is because we are using the bridge network interface as well. However, when you access the container using the macvlan network interface IP address (which we do), it will use the container ports (80/443/81).
@@WunderTechTutorials Hey, just done this for my local network, was having the exact same issues until I realised I was using a non standard container, there are two in the search results, one only binds to 8081/8080/4443 (jlesage) and one binds to 80, 481, 443 (jc21's image) grab jc21's and combine with a macvlan and it works great :-)
It may also be worth noting that tha reason that it works fine, is because the macvlan forwards the container traffic from that IP, it doesn't matter what the docker port mapping is, it only cares about what's listening on the container itself :-) because when you visit your IP you set for that container, it isn't going through dockers port mapping process
@@Daniel-hz6pt Glad that you got it working and thank you for the input!
@@Daniel-hz6pt Exactly, one could also understand it by realizing that the container listens on port 80 and maps it internally in the container to the application inside it to port 8181.
So to understand that actually you have 2 listeners: the application itself in the container and the container in the outside on it's network it is attached to.
When no mapping is declared the listening port from the application and the holding container are the same.
Hi, here comes the docker log file:
Stufe Uhrzeit Benutzer Ereignis
Information 2022/03/10 10:03:47 Freddie Add image from docker.io/nginx:latest
Information 2022/03/10 10:06:22 Freddie Create container nginx1.
Information 2022/03/10 10:06:22 Freddie nginx1 connect to network bridge.
Information 2022/03/10 10:06:25 Freddie Start container nginx1.
Information 2022/03/10 14:52:09 admin Start container nginx1.
Information 2022/03/10 15:00:45 admin Start container nginx1.
Information 2022/03/14 14:41:47 Freddie Stop container nginx1.
Information 2022/03/14 14:42:02 Freddie Start container nginx1.
Information 2022/03/14 16:27:34 Freddie Create network npm_bridge:bridge.
Information 2022/03/14 16:28:33 Freddie Add image from docker.io/mariadb:latest
Information 2022/03/14 16:36:42 Freddie Create container MariaDB.
Information 2022/03/14 16:36:42 Freddie MariaDB connect to network bridge.
Information 2022/03/14 16:36:46 Freddie Start container MariaDB.
Information 2022/03/14 16:39:27 Freddie Add image from docker.io/jc21/nginx-proxy-manager:latest
Information 2022/03/14 16:43:57 Freddie Create container Nginx-Proxy-Manager.
Information 2022/03/14 16:43:58 Freddie Nginx-Proxy-Manager connect to network bridge.
Information 2022/03/14 16:44:01 Freddie Start container Nginx-Proxy-Manager.
Information 2022/03/14 16:48:23 Freddie Create container jc21-nginx-proxy-manager1.
Information 2022/03/14 16:48:23 Freddie jc21-nginx-proxy-manager1 connect to network npm_network.
Information 2022/03/14 16:48:23 Freddie jc21-nginx-proxy-manager1 connect to network npm_bridge.
Error 2022/03/14 16:48:28 Freddie Start container jc21-nginx-proxy-manager1 failed: {"message":"failed to create the macvlan port: device or resource busy"}.
Information 2022/03/14 16:52:58 Freddie Delete container jc21-nginx-proxy-manager1.
Information 2022/03/14 16:53:22 Freddie Stop container nginx1.
Information 2022/03/14 16:53:35 Freddie Delete container nginx1.
Information 2022/03/14 17:02:16 Freddie Stop container Nginx-Proxy-Manager.
Information 2022/03/14 17:09:34 Freddie Start container Nginx-Proxy-Manager.
Information 2022/03/14 17:13:02 Freddie Stop container MariaDB.
Information 2022/03/14 17:13:30 Freddie Start container MariaDB.
Information 2022/03/14 17:13:49 Freddie Stop container Nginx-Proxy-Manager.
Information 2022/03/14 17:15:56 Freddie Start container Nginx-Proxy-Manager.
Information 2022/03/14 17:36:33 Freddie Stop container Nginx-Proxy-Manager.
Information 2022/03/15 16:23:11 Freddie Start container Nginx-Proxy-Manager.
Information 2022/03/15 16:24:49 Freddie Stop container Nginx-Proxy-Manager.
Information 2022/03/15 16:25:14 Freddie Delete container Nginx-Proxy-Manager.
Information 2022/03/15 16:37:10 Freddie Add image from docker.io/jc21/nginx-proxy-manager:latest
Information 2022/03/15 16:39:26 Freddie Add image from docker.io/jc21/nginx-proxy-manager:latest
Information 2022/03/15 16:43:14 Freddie Create container Nginx-Proxy-Manager.
Information 2022/03/15 16:43:14 Freddie Nginx-Proxy-Manager connect to network npm_network.
Information 2022/03/15 16:43:14 Freddie Nginx-Proxy-Manager connect to network npm_bridge.
Error 2022/03/15 16:43:16 Freddie Start container Nginx-Proxy-Manager failed: {"message":"failed to create the macvlan port: device or resource busy"}.
Error 2022/03/15 16:44:13 Freddie Start container Nginx-Proxy-Manager failed: {"message":"failed to create the macvlan port: device or resource busy"}.
Error 2022/03/15 16:53:52 Freddie Start container Nginx-Proxy-Manager failed: {"message":"failed to create the macvlan port: device or resource busy"}.
Error 2022/03/15 18:01:09 Freddie Start container Nginx-Proxy-Manager failed: {"message":"failed to create the macvlan port: device or resource busy"}.
Error 2022/03/15 18:04:31 Freddie Start container Nginx-Proxy-Manager failed: {"message":"failed to create the macvlan port: device or resource busy"}.
Error 2022/03/15 18:22:18 Freddie Start container Nginx-Proxy-Manager failed: {"message":"failed to create the macvlan port: device or resource busy"}.
Error 2022/03/15 18:32:36 Freddie Start container Nginx-Proxy-Manager failed: {"message":"failed to create the macvlan port: device or resource busy"}.
Are you using the macvlan network interface anywhere else? That's what the error is saying.
Alright, I'm at a loss. Keep getting the badgateway error. A look at logs say
HOSTUNREACH 192.168.1.125:8725 (static ip of NAS unit:port)
I don't know what i'm missing here, if someone can help? The login page will open on 192.168.1.198:81, but that's about as much success I've had.
1. I've tried switching from port 3306 to 8725, same error.
2. mariadb container has network 'bridge', while nginxproxy container has 'bridge', 'npm_bridge' and 'npm_network'.
3.i've port forwarded 80 and 443 to 192.168.1.198 on the router.
4. double checked all typos for passwords, config has correct nas ip (192.168.1.125)
5. firewall on synology allows 8725 in
only thing i couldnt check is whether the NAS has multiple NICs because I have no idea what NICs (i assume network interface card) is or where to find that info.
Any help appreciated thanks!
This is one of the tougher tutorials and one that a lot of people have problems with. Have you checked the written instructions? I have two solutions there that I suggest trying, unless you've already tried those?
The issue is that the macvlan can't talk to the mariaDB container, you need to add a route/network that lets the npm container talk to mariaDB
i did everything right and i could not login bad gateways
If you open the container and look at the "logs" section and scroll to the end, what error are you receiving? That will help us troubleshoot - let me know!
@Peter Visser This error states that Nginx Proxy Manager cannot access the database. A few things to check:
1. Is the database container running and did you properly specify the username/password when you set it up (you can check the written instructions for screenshots of how it should look)?
2. If you are using Synology's firewall, did you create an "allow" rule for 3306 on your NAS?
Let me know!
@@WunderTechTutorials hi, great tutorials! but i have the same issues with "bad gateway" and issues connecting to mariadb. also tried using the natively installed version on synology. NPM does not get a connection to the database. how to check reachability of NPM to DB?
@@mg1405 It sounds like a few people are running into this issue. Have you installed the MariaDB package from Synology's Package Center by any chance? If you did, this could be a problem.
There are really only a few things to check:
1. Are you using the right database username and password?
2. If you're using Synology's Firewall, did you create an allow rule for port 3306?
3. Does the log file for the NPM or MariaDB container have any info?
Let me know and we can continue troubleshooting!
@Peter Visser You can check the containers log files. If you don't receive any errors there, everything should be working properly! Just make sure the username and password you're using in the config file for NPM is the same as configured for the database.The written instructions definitely help with this tutorial.
Let me know if you need anything else.
Hey WunderTech, i've kinda got this working but I suspect improperly. The only way i can get NPM to start is by placing them into the default network. If i follow your instructions to create npm_network and then npm_bridge, i get an error saying "no available IPv4 addresses on this network's address pools: npm_bridge".
It also shows a 64-Char value, which i suspect ties in with the 64-Char code after running the SSH command? however if its meant to match, it doesnt.
I've copied the SSH code from your written instructions (big help, thx), and only modified it in three places, simply because im on 192.168.0.whatever, and npm_bridge config is unchanged.
I've not seen the initial network step mentioned in anyone elses instructions, but i suspect theres a good reason for doing it, and by ignoring it and using the default setting its possibly risky?
Any thoughts would be appreciated. (You replied to someone with the same issue on your sites comment section a year ago, but they never responded).
Are you using an IP address already in use for the bridge network? Any other errors (like bad gateway) that you're receiving?
@@WunderTechTutorials Thanks. Yeah, that could have been an issue. I left a lot of of it alone and simply moved myself from 192.168.1.xxx to 192.168.0.xxx, and assumed the rest had some sort of important relevance. If the gateway isnt supposed to be an occupied IP (my router) then thats a clash.
Fixing that and rebuilding it on a free IP, MariaDB launched fine from the NPM network, but Nginx doesnt, it still gives the same error:
Start container Nginx-Proxy-Manager failed: {"message":"no available IPv4 addresses on this network's address pools: npm_network (90b207f7ed255443b2f48cb2b5ff6436ad179ccc5b0bcf4c72546f666f5551ce)"}.
Thats the only error message in the log in 36hrs or so (since switching to default network & posting). Presumably i need to get to the bottom of this issue, and cant/shouldnt just leave it running on host/bridge simply 'cos it works?
@@PaulC3K At the end of the day, "working" is the important part. So if you're able to get it working and retrieve Let's Encrypt certificates (big one, as the macvlan is used to avoid the port 80/443 conflict), then I would leave it as-is!
Hey, thanks for the great video. hoping to get a bit of help with a Mariadb permissions error I'm receiving.
Using all the same details for the config.json (name, user, password all "nginxproxymanager"), but the mariadb container gives this error in the docker log:
mariadb can’t create/write to file ‘.ddl_recovery.log’ (errcode: 13 “permission denied”)
just before that, the log also gives
Switching to dedicated user ‘mysql’
The issue is user permissions on the /docker/mariadb/ folder (which I mapped to /var/lib/mysql as in the guide)
when I manually change the permissions to allow "Everyone" to read/write to the /docker/mariadb/ folder and then run the mariadb container, it works, but it seems like somewhat of a security risk to leave it like this.