-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LetsEncrypt ACME redirect issue fixes #2881 #3121
base: develop
Are you sure you want to change the base?
Conversation
Docker Image for build 1 is available on DockerHub as Note: ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes. |
i don't know why NPM isn't starting when it's trying to migrate the DBs
` |
@jc21 any chance of merging this in? 🙂 |
This fixed my installation. Please merge. |
Thanks for approving @etabarestx 🙂 Do you know if a new release is upcoming with this and other PRs included? |
Manually applied this fix via CLI and can confirm it works! If anyone else doesn't want to wait for the merge, here is how to do it manually:
|
Bumping to keep this alive. |
I found a fix for my issue: allocating more storage space. Running NPM in a Proxmox CT (no docker at all), and happened to catch that it was at 96% of its storage. I gave it some extra, and boom. Worked! |
This has been an ongoing issue since 2022. How is this not merged yet? As it stands, NPM will block renewals. I don't want to compromise security (-> disable "Force SSL") to enable renewals. |
/bump please merge this! |
Applied this manually, but couldn't validate if it worked, since |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This fixed my installation after manually applying this fix.
@jc21 could you please merge this when you have time? Thank you.
Until this is committed, why not just create a force-ssl.conf (in the same directory as docker-compose.yml)
docker-compose.yml services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
# These ports are in format <host-port>:<container-port>
- '80:80' # Public HTTP Port
- '443:443' # Public HTTPS Port
- '81:81' # Admin Web Port
# Add any other Stream port you want to expose
# - '21:21' # FTP
# Uncomment the next line if you uncomment anything in the section
environment:
# Uncomment this if you want to change the location of
# the SQLite DB file within the container
# DB_SQLITE_FILE: "/data/database.sqlite"
# Uncomment this if IPv6 is not enabled on your host
DISABLE_IPV6: 'true'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
- ./force-ssl.conf:/etc/nginx/conf.d/include/force-ssl.conf # <~~~~~~~~~~~~~~~ This way if you update your container's base image, the |
} | ||
if ($request_uri !~ "^\/.well-known\/acme-challenge\/(.*)") { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The dot (.
) should probably be escaped in the regex:
^\/\.well-known\/acme-challenge\/(.*)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK I've pushed that update although I see the main develop branch has changed from FORCE
to TEST
-
set $test "";
if ($scheme = "http") {
set $test "H";
}
if ($request_uri = /.well-known/acme-challenge/test-challenge) {
set $test "${test}T";
}
if ($test = H) {
return 301 https://$host$request_uri;
}
docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
It is therefore blocking this merge and won't autogenerate a container. Not sure if the underlying fix they have made resolved the issue or not?
Evolution of #2038 to escape regex sequence (as per #2038 (comment)) and rebased against latest develop branch.