Nginx Proxy Manager – lock administration on IP or password

Nginx Proxy Manager is a great tool for managing proxy vhosts. Specially useful when dealing with Docker containers. By default, you can access administration from everywhere through default port 81. Here is how you can simply lock it with password or limit it so that is accessible from specified IPs.

First login into admin panel and create Access List which will contain access rules:

You can limit to be accessible from IPS:

or with password:

Then, create a new Proxy Host that will have backend set to nginx proxy manager administration. In my case, “proxy-manager” is the host of my nginx proxy manager container. Don’t forget to set Access List to the one that we created in the previous step.

Then change value  in your docker-compose file so that port 81 will be on localhost only:

version: '4.3'
services:
proxy-manager:
image: 'jc21/nginx-proxy-manager:latest'
container_name: proxy-manager
restart: always
ports:
- "80:80" # Public HTTP Port
- "443:443" # Public HTTPS Port
- "127.0.0.1:81:81" # Admin Web Port 

Administration is now reachable through subdomain https://admin.domain.com/ and only from IPs that we set in above step – or with password. It is advisable that you make some random URL like https://siudhfoisdiishjw0ion094ioejvn.domain.com when creating administration access.

Letsencrypt/certbot fails when proxying with Apache ProxyPass

I had an issue on Directadmin server where client had nodejs application for which apache had to proxy on port 3001. Becouse of this, letsencrypt was not able to reach .well-known/acme-challenge/ and certificate registration/renewal failed. Solution is simple, you have to exclude proxy when requesting .well-known/acme-challenge/.

This was error whent trying to check .well-known/acme-challenge:

$ curl http://mydomain.com/.well-known/acme-challenge/test.txt 
{"errors":[{"message":"Route /.well-known/test.txt doesn't exist.","extensions":{"code":"ROUTE_NOT_FOUND"}}]}%

So I added “ProxyPass !” directive just before where I create proxy directive to port 3001. Like so:

. . .
<Location /.well-known/acme-challenge>
   ProxyPass !
</Location>

<Location />
Require all granted
   ProxyPass http://127.0.0.1:3000/
   ProxyPassReverse http://127.0.0.1:3000/
</Location>
. . . 

Then I was able tu make request to .well-known/acme-challenge sucsessfully:

> $ curl http://mydomain.com/.well-known/acme-challenge/test.txt 
It works!

I hope this helps! 🙂

Directadmin – Proxy Error: DNS lookup failure for php-fpm56 …

If you changed php handler for your Directadmin installation to php-fpm, rewrite all configs and then get error like this:

Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /index.php.
Reason: DNS lookup failure for: php-fpm56.domainname

It is almost certainly that apache templates that are used for generating user http configuration files are wrong. Probably you have custom templates.

Go to /usr/local/directadmin/data/templates/custom and check if there are files like files virtual_host2.conf … . If they are, just rename custom directory to something new:

[root@lol ~]# cd /usr/local/directadmin/data/templates/
[root@lol templates]# mv custom custom-bak

Directadmin will then use default templates when creating new Apache configs. Rewrite your apache config files:

[root@lol ~]#  cd /usr/local/directadmin/custombuild
[root@lol custombuild]# ./build rewrite_confs

It should solve the problem. Also, make sure that php-fpm for all php versions are working.

© 2024 geegkytuts.net
Hosted by SIEL


About author