by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Jul 03 06:35
    f0rky closed #488
  • Jul 03 06:35
    f0rky labeled #488
  • Jul 03 06:35
    f0rky opened #488
  • Jul 02 21:03
    Connor2397 opened #487
  • Jul 02 21:03
    Connor2397 labeled #487
  • Jul 02 04:53
    rexx0520 closed #486
  • Jul 02 04:41
    rexx0520 opened #486
  • Jul 02 04:24
    DJFraz opened #485
  • Jul 02 02:54
    ansred labeled #484
  • Jun 30 17:28
    whisperdancer labeled #483
  • Jun 30 17:28
    whisperdancer opened #483
  • Jun 30 03:45
    whisperdancer closed #482
  • Jun 30 03:15
    whisperdancer labeled #482
  • Jun 30 03:15
    whisperdancer opened #482
  • Jun 28 00:22
    hartwork edited #481
  • Jun 27 23:45
    hartwork edited #481
  • Jun 27 23:44
    hartwork opened #481
  • Jun 27 23:44
    hartwork labeled #481
  • Jun 26 20:20
    razausman closed #480
  • Jun 26 15:26
    razausman edited #480
revilo951
@revilo951
i see, i'll try that and report back
that did it!
jc21
@jc21
Sweet
revilo951
@revilo951
is there a way to make it regenerate configs on container start?
or is that a bad idea for some other reason
jc21
@jc21
Not currently. It’s not specifically bad - though some users do change their nginx configurations on disk and regenerating would overwrite those changes. This is just a select few though.
revilo951
@revilo951
i see
thanks for your help, and a great bit of software!
jc21
@jc21
I’ll definitely consider adding a NPM config file version in future to combat stuff like this
Marcelo Sanchez M
@El_Marce_S_gitlab
hey Everyone!!
sorry to bother, I'm having this problem... every time I deploy npm on Docker I get a unhealthy status..
and seems that MariaDB keeps restarting
jc21
@jc21
Which image are you using for mariadb and what do you see in the logs?
CAHTA1
@CAHTA1
Hi guys,l sorry for such a question but still: where I can read how access lists should be configured? I mean what is the format of lines
Sebastian Valle
@Subv
@CAHTA1 hi, what do you mean? are you talking about the Access List feature of NPM, or do you mean to manually configure access lists on the 'Advanced' tab of a proxy host? if the former, the format for the IP tab of the access lists is the same as the one for nginx, you can use 'all' or you can use a specific subnet, like this: https://imgur.com/OrzCIQl
dialanothernumb
@dialanothernumb
Hi, is there any chance of being able to set up SSO via NPM. It is an awesome way for me to get into the power of NGINX but I haven't been able to replicate the Google authentication I had with my nightmarish Traefik setup. I looked at Authelia but couldn't figure out how to set it up with NPM.
Sebastian Valle
@Subv
@dialanothernumb do you want to log into the NPM admin page using SSO, or do you want to protect your proxy hosts with SSO?
dialanothernumb
@dialanothernumb
@Subv i want to protect proxy hosts
Sebastian Valle
@Subv
there is currently a branch that implements that here https://github.com/jc21/nginx-proxy-manager/commits/openidc , it's still experimental and could use a little more testing
dialanothernumb
@dialanothernumb
@Subv @jc21 Thank you!
dialanothernumb
@dialanothernumb
@jc21 are there any release notes or setup guidance for the openidc branch? thanks
jc21
@jc21
I knew you’d ask ;) @Subv has created some documenation here: https://github.com/jc21/nginx-proxy-manager/tree/openidc/docs/advanced-config
Interested to hear how you go with those instructions and what can be improved
dialanothernumb
@dialanothernumb
I suspected I would ask, but I thought I'd give it a bash first. That went well...
dialanothernumb
@dialanothernumb
Hey, I am way out of my depth here. The instructions mean little since I am a user not a developer of an app designed to simplify. Not the best tester. I'll wait, but appreciate your work!
Sebastian Valle
@Subv
mm, ideally any user should be able to understand the docs, so it seems i failed there
@dialanothernumb where did you get stuck?
jc21
@jc21
I took a screenshot of my configuration for Auth0 in case it comes in handy to explain an example.
Since the well known discovery is different for each oidc service it could trip people up. I had to do some digging to find out what Auth0’s was, they didn’t make it obvious.
Sebastian Valle
@Subv
maybe we should add a list of the most common ones
jc21
@jc21
And the “Token endpoint auth method” wasn’t obvious, Auth0 didn’t even mention it so I left it as the first option hoping it would work. Anyway yeah it’s an advanced feature so that’s that :)
dialanothernumb
@dialanothernumb
I am a little embarrassed to admit, I had forgotten to delete the browser cache of the main branch container. Thus the OpenID Connect toggle didn't show. Thats why the instructions confused me... Now it makes sense. I have set up one of my proxy hosts using the Google API. However I don't know how to set up the right authorized redirect. The settings on both the NPM dialog box and on the Google API site are clear, but I am not sure what to set up as a link. I have tried "https://myproxyhost.mydomain.com/_oauth" . I am not clear how redirecting works...
jc21
@jc21
it’s something that is intercepted by NPM so it could be /what-ever/you/want/it/to/be-ajsdhkajshdakjsdhaskdh and it will still work. The only thing to be aware of that if it is the same as a real path on the upstream host you will probably have problems.
dialanothernumb
@dialanothernumb
I thought so, but when I do that, I go thru authentication and am asked if I want to download a file by the name of the url I chose for redirection. I am going to mull it over myself but if you think there is something obvious Im missing let me know
revilo951
@revilo951
@jc21 what does your container do when you enable the "Websockets Support" toggle?
have you done anything special with nginx? I have esxi working well as a reverse proxy with your container, with the websockets support turned on
I'm trying to replicate this in a normal nginx install (can't use your container :( unfortunately)
revilo951
@revilo951
ahh, perfect.
many thanks
dialanothernumb
@dialanothernumb
@jc21 I got authentication using Google API working with the openidc branch but there were a number of issues. One was that through every page of my proxy host site I had to re-authenticate. Another issue was that the first authentication would lead to downloading the redirection link as a file. I'll keep an eye and let other more competent people provide you with more useful feedback.
Sebastian Valle
@Subv
that's...weird
are you by chance using HTTP instead of HTTPS for your site? now that i think about it the openidc cookies only work in a secure context unless you're in localhost (iirc)
jc21
@jc21
Interesting. If you could write up some replication steps that would be good. Also useful for documenting examples
dialanothernumb
@dialanothernumb
Happy to help. Is there a way to walk you through my experience live? If not i will try document. Im on US East Coast time
dialanothernumb
@dialanothernumb
@Subv I'm using https throughout. Here are my settings for a proxy host for a Sonarr container. My redirect url is https://sonarr.mydomain.com/_openidc Prior to setting up openidc the proxy server works without a problem. I use the Google well known
discovery endpoint you listed above. I have my client ID and secret from my Google API console. I have restricted access to one main email address. When I enter my proxy address https://sonarr.mydomain.com I get a dialog box asking if I want to save the url as a file. very odd.
Sebastian Valle
@Subv
@dialanothernumb that's definitely weird, can you check the 'Network' tab on your browser to see which redirection exactly is prompting you the download? (sorry for the late reply)