Nginx Proxy Manager Raspberry Pi Install Instructions!

Today we are going to look at how to how to install Nginx Proxy Manager on a Raspberry Pi!

https://www.youtube.com/watch?v=jp7zqjNhTAs

How to Install Nginx Proxy Manager on a Raspberry Pi! (https://www.youtube.com/watch?v=jp7zqjNhTAs)

If you’re exposing any services on your network, using a reverse proxy is a great way to increase security and performance. A reverse proxy is a server that sits in front of your web servers and forwards client requests to the web servers. In layman’s terms, you only have to expose one server (using ports 80/443) and will be able to expose as many web services as you want.

This is an example of the network flow of a reverse proxy (simplified):

This tutorial will utilize a Raspberry Pi, which is great for home use, but if you’re hosting anything with a lot of traffic, you’re probably better off using a more capable server. We will check the status of the application after it’s finished installing by using Portainer, but this isn’t required.

Instructions - Nginx Proxy Manager Raspberry Pi

Ensure that Docker is installed. If it’s not installed, you can learn how to install it here.

1. We need to use docker compose to create the Nginx Proxy Manager container. This requires us to install a few dependencies – run the install commands below in order.

sudo apt-get install -y libffi-dev libssl-dev
sudo apt-get install -y python3 python3-pip
sudo pip3 -v install docker-compose

2. After the commands finish installing, we need to create a folder where our config and docker-compose files will exist. We will then navigate to that folder and create a file named config.json.

mkdir nginx
cd nginx
nano config.json

3. Paste these contents into the config file.

{
  "database": {
    "engine": "mysql",
    "host": "db",
    "name": "npm",
    "user": "npm",
    "password": "npm",
    "port": 3306
  }
}

4. Save the file and exit it. Create a new file named docker-compose.yml

nano docker-compose.yml

5. Paste the contents below into the docker-compose file.

version: '3'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    volumes:
      - ./config.json:/app/config/production.json
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
  db:
    image: 'yobasystems/alpine-mariadb:latest'
    environment:
      MYSQL_ROOT_PASSWORD: 'npm'
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'npm'
      MYSQL_PASSWORD: 'npm'
    volumes:
      - ./data/mysql:/var/lib/mysql

6. Save the file and exit. You should have two files that exist in the nginx folder. Run the command below to start the docker container.

sudo docker-compose up -d

7. The container will download and install all the necessary files.

8. We will now adjust both of the containers that Nginx Proxy Manager uses to automatically start when your Raspberry Pi is rebooted.

sudo docker update --restart always nginx_app_1
sudo docker update --restart always nginx_db_1

9. Restart your Raspberry Pi – very important!

sudo reboot now

10. After the reboot is complete, the container will take a few minutes to fully install. You can run the command below to check on the status of the container. When it reports “healthy”, you will be able to navigate to the Nginx Proxy Manager website. Alternatively, if you setup Portainer, you can open Portainer and check on the status of the container there.

sudo docker ps

11. Wait for the status to change to healthy.

12. Navigate to the IP address of your Raspberry Pi and port 81.

http://[RASPBERRY_PI_IP]:81

13. The default email address is [email protected] and the password is changeme. When you log in, you will be asked to change this information.

14. At this point, Nginx Proxy Manager is fully installed. You will need to open ports 80/443 on your router to point to your Raspberry Pi. From there, you will have to configure Nginx Proxy Manager. The majority of people will use Nginx Proxy Manager as nothing more than a proxy manager. I’m not going to go through the process of configuring a service as this will be different for everyone, but check out the video if you’re interested in seeing how it can be used as I went through an example there!

Conclusion

If you’re exposing services on your network, using a reverse proxy is a great idea. A lot of people don’t have a need for a full server running Nginx Proxy Manager, so a Raspberry Pi is a great option in that case. It runs well and is somewhat simple to setup.

Thanks for reading the tutorial. If you have any questions, leave them in the comments!

Tags: Docker, Nginx, Raspberry Pi

This Post Has 109 Comments

Domenick
23 Sep 2020 Reply
So I’m having an issue installing this on my Pi. My assumption here is that since I’m using this Pi as my Pi-hole, it’s also using port 80. Can these two programs exist with each other?
I’m getting an error when it’s trying to create nginx_app_1 and the error states:
———————
d225b9f0a): Error starting userland proxy: listen tcp 0.0.0.0:80: bind: address already in use
ERROR: for app Cannot start service app: driver failed programming external connectivity on endpoint nginx_app_1 (1fe0035bcd8b1c50f442a975033e2c33830da44098745b6390d8f69d225b9f0a): Error starting userland proxy: listen tcp 0.0.0.0:80: bind: address already in use
ERROR: Encountered errors while bringing up the project.
———————
1. WunderTech
  23 Sep 2020 Reply
  You are correct – this is kind of a band-aid solution, but you can change Pi-hole’s admin port using the instructions below:
  Edit the lighttpd file (change the server.port to something other than 80) and restart the service. This will break after updates to Pi-hole, but it’s a good short-term fix to get to the admin portal.
  sudo nano /etc/lighttpd/lighttpd.conf
  sudo service lighttpd restart
  Then, you can navigate to the address http://[RASPBERRYPI_IP]:[PORT]/admin
  Let me know if you have any questions! Thanks for checking out the tutorial!
Keith
24 Sep 2020 Reply
So I got everything working until I tried logging into the Nginx Reversee Proxy. The initial login and password is showing “No User auth available”. This was a clean install while I testing out the tutorial. Now really what the issue is as everything is showing healthy and working correctly. Also curious to know what the config.json is showing port 3306 but nothing is mentioned in the yml.
1. WunderTech
  26 Sep 2020 Reply
  I haven’t run into that error myself. You are using the default credentials from the tutorial, right?
  As for 3306, that’s the port that is used for the database. You shouldn’t ever need to reference that port, but you will need to access the web admin portal of Nginx Proxy Manager using port 81.
  Let me know and we can continue troubleshooting!
trambo
17 Oct 2020 Reply
Very nice tutorials. I’m very thankful 🙂 I have set up my pi 4 with docker and followed all you steps. Everything seems fine until I try to add proxy host in nginx. Status says offline with a red dot. Can’t get it to go online.
Command failed: /usr/sbin/nginx -t -g “error_log off;”
nginx: [emerg] BIO_new_file(“/etc/letsencrypt/live/npm-2/fullchain.pem”) failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(‘/etc/letsencrypt/live/npm-2/fullchain.pem’,’r’) error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
Do you have any ideas why this is? Thanks!
1. WunderTech
  17 Oct 2020 Reply
  Thanks for checking out the tutorial!
  When you say it’s offline, do you mean in the proxy hosts list? If so, it would appear like Nginx Proxy Manager cannot find the server that you specified. Are you using the IP address or hostname? If you are using the hostname, please try with the IP address.
  Let me know how it goes and we can continue troubleshooting!
  1. trambo
    19 Oct 2020 Reply
    Thanks for the reply. I actually wiped my pi and did fresh docker install so can’t say what the problem was anymore. This time everything runs great. nginx works and all proxy hosts are online and green. However It’s impossible to connect to any container over https. I got the certificate working but browser says host down. It’s the same with both IP and hostname. http works great. Guessing this is a docker problem now? I followed your docker install guide and installed three containers. portainer, nginx and airsonics but I can’t connect to any of them over https. Only http
    1. WunderTech
      19 Oct 2020 Reply
      Glad to hear you were able to get it (mostly) working!
      So the containers are on the same Raspberry Pi? Can you check what type of network you’re using for them? Generally, the only way that containers can communicate with each other is if you’re using a bridge network. You might already be using that, so let me know if you are and we can continue troubleshooting!
      1. trambo
        20 Oct 2020
        Yes. All containers are on the same Pi and containers are using bridge network. I don’t understand this. I’ve tried adding a bunch of new containers and I can’t connect to https on any of them. Not even on my local network.
      2. WunderTech
        20 Oct 2020
        It’s certainly a strange issue. When you say that it’s not working, can you use HTTPS to access them in a web browser? To clarify, certain web applications don’t have HTTPS out of the box, or they might even use a different port for HTTPS. If you can access them via HTTPS in a web browser, I’d need to do a little more research on why it’s not working with NPM. If they don’t work in a web browser, then the first step would be to get them to work with a web browser and then try NPM.
        Let me know and we can continue troubleshooting!
      3. trambo
        21 Oct 2020
        Strange indeed. So if i attempt to access portainer in my browser for example on my local network 192.168.1.x:9000 it’s fine but when i put https:// in front it can’t connect to it at all. All containers are the same.
        When I set up my reverse proxy using my domain (using cloudflare with A record to IP and CNAME for sub domain) in nginx everything is fine I get the cert but when I redirect to SSL cloudflare tells me host is down. I do get the green lock with a valid cert from let’s encrypt so nginx and cloudflare should be configured correctly just that my local https is just not there…
        Sorry to bother you. Your tutorial is perfect. My problem seems to be something else. Cheers!
      4. WunderTech
        21 Oct 2020
        Not a bother at all! This does make sense as not all web applications have HTTPS configurations by default. Some have both, HTTP/HTTPS but use different ports for each. I wouldn’t go crazy trying to encrypt the local traffic as the external traffic (that NPM/Cloudflare is managing for you) is using SSL which is the important part. Certainly doesn’t hurt to try and get it working internally but it’s not as important.
        Good luck and if I can answer any other questions, please let me know! Thanks for checking out the tutorial!
baggy
31 Oct 2020 Reply
Hi,
Not sure what I have done wrong, but “sudo docker-compose up -d” is not working, any ideas? Thank you in advance.
[email protected]:~/nginx $ sudo docker-compose up -d
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 600, in urlopen
chunked=chunked)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 354, in _make_request
conn.request(method, url, **httplib_request_kw)
File “/usr/lib/python3.7/http/client.py”, line 1244, in request
self._send_request(method, url, body, headers, encode_chunked)
File “/usr/lib/python3.7/http/client.py”, line 1290, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File “/usr/lib/python3.7/http/client.py”, line 1239, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File “/usr/lib/python3.7/http/client.py”, line 1026, in _send_output
self.send(msg)
File “/usr/lib/python3.7/http/client.py”, line 966, in send
self.connect()
File “/usr/local/lib/python3.7/dist-packages/docker/transport/unixconn.py”, line 43, in connect
sock.connect(self.unix_socket)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 449, in send
timeout=timeout
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 638, in urlopen
_stacktrace=sys.exc_info()[2])
File “/usr/lib/python3/dist-packages/urllib3/util/retry.py”, line 367, in increment
raise six.reraise(type(error), error, _stacktrace)
File “/usr/lib/python3/dist-packages/six.py”, line 692, in reraise
raise value.with_traceback(tb)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 600, in urlopen
chunked=chunked)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 354, in _make_request
conn.request(method, url, **httplib_request_kw)
File “/usr/lib/python3.7/http/client.py”, line 1244, in request
self._send_request(method, url, body, headers, encode_chunked)
File “/usr/lib/python3.7/http/client.py”, line 1290, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File “/usr/lib/python3.7/http/client.py”, line 1239, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File “/usr/lib/python3.7/http/client.py”, line 1026, in _send_output
self.send(msg)
File “/usr/lib/python3.7/http/client.py”, line 966, in send
self.connect()
File “/usr/local/lib/python3.7/dist-packages/docker/transport/unixconn.py”, line 43, in connect
sock.connect(self.unix_socket)
urllib3.exceptions.ProtocolError: (‘Connection aborted.’, FileNotFoundError(2, ‘No such file or directory’))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/usr/local/lib/python3.7/dist-packages/docker/api/client.py”, line 205, in _retrieve_server_version
return self.version(api_version=False)[“ApiVersion”]
File “/usr/local/lib/python3.7/dist-packages/docker/api/daemon.py”, line 181, in version
return self._result(self._get(url), json=True)
File “/usr/local/lib/python3.7/dist-packages/docker/utils/decorators.py”, line 46, in inner
return f(self, *args, **kwargs)
File “/usr/local/lib/python3.7/dist-packages/docker/api/client.py”, line 228, in _get
return self.get(url, **self._set_request_timeout(kwargs))
File “/usr/lib/python3/dist-packages/requests/sessions.py”, line 546, in get
return self.request(‘GET’, url, **kwargs)
File “/usr/lib/python3/dist-packages/requests/sessions.py”, line 533, in request
resp = self.send(prep, **send_kwargs)
File “/usr/lib/python3/dist-packages/requests/sessions.py”, line 646, in send
r = adapter.send(request, **kwargs)
File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 498, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: (‘Connection aborted.’, FileNotFoundError(2, ‘No such file or directory’))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/usr/local/bin/docker-compose”, line 10, in
sys.exit(main())
File “/usr/local/lib/python3.7/dist-packages/compose/cli/main.py”, line 67, in main
command()
File “/usr/local/lib/python3.7/dist-packages/compose/cli/main.py”, line 123, in perform_command
project = project_from_options(‘.’, options)
File “/usr/local/lib/python3.7/dist-packages/compose/cli/command.py”, line 69, in project_from_options
environment_file=environment_file
File “/usr/local/lib/python3.7/dist-packages/compose/cli/command.py”, line 132, in get_project
verbose=verbose, version=api_version, context=context, environment=environment
File “/usr/local/lib/python3.7/dist-packages/compose/cli/docker_client.py”, line 43, in get_client
environment=environment, tls_version=get_tls_version(environment)
File “/usr/local/lib/python3.7/dist-packages/compose/cli/docker_client.py”, line 170, in docker_client
client = APIClient(**kwargs)
File “/usr/local/lib/python3.7/dist-packages/docker/api/client.py”, line 188, in __init__
self._version = self._retrieve_server_version()
File “/usr/local/lib/python3.7/dist-packages/docker/api/client.py”, line 213, in _retrieve_server_version
‘Error while fetching server API version: {0}’.format(e)
docker.errors.DockerException: Error while fetching server API version: (‘Connection aborted.’, FileNotFoundError(2, ‘No such file or directory’))
1. WunderTech
  31 Oct 2020 Reply
  Are you running the command from the same folder where the docker-compose file is? If you’re not, try that out and it should work!
  Let me know and we can continue troubleshooting if necessary!
  1. baggy
    31 Oct 2020 Reply
    Thanks so much for getting back to me, Sorry for posting the second message! As soon as I did, this appeared along with your reply.
    1. WunderTech
      1 Nov 2020 Reply
      Not a problem! Glad to hear that it worked. If you need anything else, please let me know!
Baggy
31 Oct 2020 Reply
Hi,
I posted a message / error last night when I was trying to “sudo docker-compose up -d” – but the message has now vanished? Anyway, I blew away my config and started again and it seemed to work ok this time?
juan
6 Nov 2020 Reply
[11/6/2020] [9:45:42 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly –non-interactive –config “/etc/letsencrypt.ini” –cert-name “npm-2” –agree-tos –email “[email protected]” –preferred-challenges “dns,http” –domains “ha.isytec.net”
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ha.isytec.net
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification…
Challenge failed for domain ha.isytec.net
http-01 challenge for ha.isytec.net
Cleaning up challenges
Some challenges have failed.
1. WunderTech
  6 Nov 2020 Reply
  Did you port forward ports 80/443 to the Nginx Proxy Manager server? Generally, those are the reasons why the Let’s Encrypt portion doesn’t work.
  Let me know and we can continue troubleshooting!
  1. matt
    13 Nov 2020 Reply
    HI I continue to get the Interal error when trying to get the ssl certificate. Anyone have a fix for it?
Rob
26 Nov 2020 Reply
Hi, can’t get this working. Getting the same errors as @baggy when running the sudo docker-compose up -d command. Running the command from the nginx directory, and both files have been created with the correct syntax exactly as in the tutorial. Wondered if you could provide any help please, i’m baffled.
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 600, in urlopen
chunked=chunked)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 354, in _make_request
conn.request(method, url, **httplib_request_kw)
File “/usr/lib/python3.7/http/client.py”, line 1244, in request
self._send_request(method, url, body, headers, encode_chunked)
File “/usr/lib/python3.7/http/client.py”, line 1290, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File “/usr/lib/python3.7/http/client.py”, line 1239, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File “/usr/lib/python3.7/http/client.py”, line 1026, in _send_output
self.send(msg)
File “/usr/lib/python3.7/http/client.py”, line 966, in send
self.connect()
File “/usr/local/lib/python3.7/dist-packages/docker/transport/unixconn.py”, line 43, in connect
sock.connect(self.unix_socket)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 449, in send
timeout=timeout
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 638, in urlopen
_stacktrace=sys.exc_info()[2])
File “/usr/lib/python3/dist-packages/urllib3/util/retry.py”, line 367, in increment
raise six.reraise(type(error), error, _stacktrace)
File “/usr/lib/python3/dist-packages/six.py”, line 692, in reraise
raise value.with_traceback(tb)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 600, in urlopen
chunked=chunked)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 354, in _make_request
conn.request(method, url, **httplib_request_kw)
File “/usr/lib/python3.7/http/client.py”, line 1244, in request
self._send_request(method, url, body, headers, encode_chunked)
File “/usr/lib/python3.7/http/client.py”, line 1290, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File “/usr/lib/python3.7/http/client.py”, line 1239, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File “/usr/lib/python3.7/http/client.py”, line 1026, in _send_output
self.send(msg)
File “/usr/lib/python3.7/http/client.py”, line 966, in send
self.connect()
File “/usr/local/lib/python3.7/dist-packages/docker/transport/unixconn.py”, line 43, in connect
sock.connect(self.unix_socket)
urllib3.exceptions.ProtocolError: (‘Connection aborted.’, FileNotFoundError(2, ‘No such file or directory’))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/usr/local/lib/python3.7/dist-packages/docker/api/client.py”, line 205, in _retrieve_server_version
return self.version(api_version=False)[“ApiVersion”]
File “/usr/local/lib/python3.7/dist-packages/docker/api/daemon.py”, line 181, in version
return self._result(self._get(url), json=True)
File “/usr/local/lib/python3.7/dist-packages/docker/utils/decorators.py”, line 46, in inner
return f(self, *args, **kwargs)
File “/usr/local/lib/python3.7/dist-packages/docker/api/client.py”, line 228, in _get
return self.get(url, **self._set_request_timeout(kwargs))
File “/usr/lib/python3/dist-packages/requests/sessions.py”, line 546, in get
return self.request(‘GET’, url, **kwargs)
File “/usr/lib/python3/dist-packages/requests/sessions.py”, line 533, in request
resp = self.send(prep, **send_kwargs)
File “/usr/lib/python3/dist-packages/requests/sessions.py”, line 646, in send
r = adapter.send(request, **kwargs)
File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 498, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: (‘Connection aborted.’, FileNotFoundError(2, ‘No such file or directory’))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/usr/local/bin/docker-compose”, line 10, in
sys.exit(main())
File “/usr/local/lib/python3.7/dist-packages/compose/cli/main.py”, line 67, in main
command()
File “/usr/local/lib/python3.7/dist-packages/compose/cli/main.py”, line 123, in perform_command
project = project_from_options(‘.’, options)
File “/usr/local/lib/python3.7/dist-packages/compose/cli/command.py”, line 69, in project_from_options
environment_file=environment_file
File “/usr/local/lib/python3.7/dist-packages/compose/cli/command.py”, line 132, in get_project
verbose=verbose, version=api_version, context=context, environment=environment
File “/usr/local/lib/python3.7/dist-packages/compose/cli/docker_client.py”, line 43, in get_client
environment=environment, tls_version=get_tls_version(environment)
File “/usr/local/lib/python3.7/dist-packages/compose/cli/docker_client.py”, line 170, in docker_client
client = APIClient(**kwargs)
File “/usr/local/lib/python3.7/dist-packages/docker/api/client.py”, line 188, in __init__
self._version = self._retrieve_server_version()
File “/usr/local/lib/python3.7/dist-packages/docker/api/client.py”, line 213, in _retrieve_server_version
‘Error while fetching server API version: {0}’.format(e)
docker.errors.DockerException: Error while fetching server API version: (‘Connection aborted.’, FileNotFoundError(2, ‘No such file or directory’))
1. WunderTech
  27 Nov 2020 Reply
  By any chance, would you be able to set up a new instance of Raspberry Pi OS and try again? If you have other things configured on your Raspberry Pi, don’t worry about trying it, but if you’re using this for Nginx Proxy Manager exclusively, I know that reinstalling Raspberry Pi OS fixed it for other people.
  Let me know if you can’t do that and I will see if I can try and replicate the issue!
  1. Ebba
    2 Dec 2020 Reply
    Hi, I have this same problem and I’m not able to set up a new instance of Raspberry Pi OS. Any new ideas of what might be wrong?
    1. Steve
      12 Jan 2021 Reply
      I had the exact same error as you. The issue was that I hadn’t installed Docker… I thought it would be installed with docker-compose (I have never used Docker before, probably obvious to regular users that you need to install Docker itself first). I followed these instructions to install Docker https://docs.docker.com/engine/install/ and now it’s working properly.
WunderTech
2 Dec 2020 Reply
Have you tried to install a new instance of Raspberry Pi OS and go from there? It appears that the full re-installation of Docker will fix this, but since I’m not experiencing the issue, it’s hard to troubleshoot the exact command that could it fix it myself.
Let me know and we can continue troubleshooting!
DavidP
24 Dec 2020 Reply
I have a couple of questions if I may, and this is coming from a reverse proxy noob…..
1) can I setup a proxy host to a subfolder and if so how?
example, nginx has ports serverip:80,81,443 but on the same server I have apache2 running on ports serverip:18080,18443 and I want to redirect serverip:443 to serverip:18443/subfolder
2) How do I change access list for any of the hosts so they require authentication rather than publicly accessible?
1. WunderTech
  26 Dec 2020 Reply
  The reverse proxy is only used for exposing internal services to the external internet. You can limit them by using access lists (like you mentioned), but they will still be exposed outside of your network.
  You cannot create a proxy host for a sub folder unless there is some sort of a web server in front of it exposing that specific folder. Think of a reverse proxy as a way to manage connections from outside clients to internal web servers. The service that you’re trying to access has to have a website that can be accessed inside of your local network. When you create the reverse proxy, you are then exposing that internal website to the outside internet.
  Hopefully this helps, but let me know if you have any other questions!
David
26 Dec 2020 Reply
Hi, Thanks for all your tutorials so far. It has been a real good help and fun! I am pretty new at this.
I have a question. I have one raspberry pi and have installed Nginx and it works perfectly thanks to your video. Now I would like to add a Pi-Hole container next to it. I couldn’t figure this out because it shares the same port 80. I searched the internet but I couldn’t find a clear solution. Some say you need to make use of the reverse proxy, but I don’t know how that works. Do you have any idea?
1. WunderTech
  27 Dec 2020 Reply
  Thank you! You can certainly do this, but you will have to change port 80 to be something else. It is true that by default, they both use port 80, but changing port 80 and navigating to the management console using that port (8080 for example – http://IP_ADDRESS:8080) will avoid the port conflict entirely.
  Another option is to use a macvlan network interface. You can follow these instructions and everything should work properly! https://www.wundertech.net/how-to-set-up-pi-hole-on-openmediavault/
  Let me know if you have any questions!
Wayne
1 Jan 2021 Reply
Please help, Im getting this error when I run the “sudo docker-compose up -d” and I have rebuild the image twice now with “RaspberryPi OS Lite” and both times I get the same error. Im guessing its the OS?
All code was copied and pasted and nothing failed up till this point.
[email protected]:~/nginx $ sudo docker-compose up -d
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 600, in urlopen
chunked=chunked)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 354, in _make_request
conn.request(method, url, **httplib_request_kw)
File “/usr/lib/python3.7/http/client.py”, line 1244, in request
self._send_request(method, url, body, headers, encode_chunked)
File “/usr/lib/python3.7/http/client.py”, line 1290, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File “/usr/lib/python3.7/http/client.py”, line 1239, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File “/usr/lib/python3.7/http/client.py”, line 1026, in _send_output
self.send(msg)
File “/usr/lib/python3.7/http/client.py”, line 966, in send
self.connect()
File “/usr/local/lib/python3.7/dist-packages/docker/transport/unixconn.py”, line 43, in connect
sock.connect(self.unix_socket)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 449, in send
timeout=timeout
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 638, in urlopen
_stacktrace=sys.exc_info()[2])
File “/usr/lib/python3/dist-packages/urllib3/util/retry.py”, line 367, in increment
raise six.reraise(type(error), error, _stacktrace)
File “/usr/lib/python3/dist-packages/six.py”, line 692, in reraise
raise value.with_traceback(tb)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 600, in urlopen
chunked=chunked)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 354, in _make_request
conn.request(method, url, **httplib_request_kw)
File “/usr/lib/python3.7/http/client.py”, line 1244, in request
self._send_request(method, url, body, headers, encode_chunked)
File “/usr/lib/python3.7/http/client.py”, line 1290, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File “/usr/lib/python3.7/http/client.py”, line 1239, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File “/usr/lib/python3.7/http/client.py”, line 1026, in _send_output
self.send(msg)
File “/usr/lib/python3.7/http/client.py”, line 966, in send
self.connect()
File “/usr/local/lib/python3.7/dist-packages/docker/transport/unixconn.py”, line 43, in connect
sock.connect(self.unix_socket)
urllib3.exceptions.ProtocolError: (‘Connection aborted.’, FileNotFoundError(2, ‘No such file or directory’))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/usr/local/lib/python3.7/dist-packages/docker/api/client.py”, line 214, in _retrieve_server_version
return self.version(api_version=False)[“ApiVersion”]
File “/usr/local/lib/python3.7/dist-packages/docker/api/daemon.py”, line 181, in version
return self._result(self._get(url), json=True)
File “/usr/local/lib/python3.7/dist-packages/docker/utils/decorators.py”, line 46, in inner
return f(self, *args, **kwargs)
File “/usr/local/lib/python3.7/dist-packages/docker/api/client.py”, line 237, in _get
return self.get(url, **self._set_request_timeout(kwargs))
File “/usr/lib/python3/dist-packages/requests/sessions.py”, line 546, in get
return self.request(‘GET’, url, **kwargs)
File “/usr/lib/python3/dist-packages/requests/sessions.py”, line 533, in request
resp = self.send(prep, **send_kwargs)
File “/usr/lib/python3/dist-packages/requests/sessions.py”, line 646, in send
r = adapter.send(request, **kwargs)
File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 498, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: (‘Connection aborted.’, FileNotFoundError(2, ‘No such file or directory’))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/usr/local/bin/docker-compose”, line 10, in
sys.exit(main())
File “/usr/local/lib/python3.7/dist-packages/compose/cli/main.py”, line 67, in main
command()
File “/usr/local/lib/python3.7/dist-packages/compose/cli/main.py”, line 123, in perform_command
project = project_from_options(‘.’, options)
File “/usr/local/lib/python3.7/dist-packages/compose/cli/command.py”, line 69, in project_from_options
environment_file=environment_file
File “/usr/local/lib/python3.7/dist-packages/compose/cli/command.py”, line 132, in get_project
verbose=verbose, version=api_version, context=context, environment=environment
File “/usr/local/lib/python3.7/dist-packages/compose/cli/docker_client.py”, line 43, in get_client
environment=environment, tls_version=get_tls_version(environment)
File “/usr/local/lib/python3.7/dist-packages/compose/cli/docker_client.py”, line 170, in docker_client
client = APIClient(**kwargs)
File “/usr/local/lib/python3.7/dist-packages/docker/api/client.py”, line 197, in __init__
self._version = self._retrieve_server_version()
File “/usr/local/lib/python3.7/dist-packages/docker/api/client.py”, line 222, in _retrieve_server_version
‘Error while fetching server API version: {0}’.format(e)
docker.errors.DockerException: Error while fetching server API version: (‘Connection aborted.’, FileNotFoundError(2, ‘No such file or directory’))
1. WunderTech
  1 Jan 2021 Reply
  That’s certainly a bunch of strange errors. Did the initial libraries and Docker Compose install properly? Any weird errors when you installed them? Is the config.json and docker-compose.yml file in the ~/nginx folder?
  1. Wayne
    2 Jan 2021 Reply
    I dont see any issue with it,
    [email protected]:~/nginx $ sudo apt-get install -y libffi-dev libssl-dev
    Reading package lists… Done
    Building dependency tree
    Reading state information… Done
    libffi-dev is already the newest version (3.2.1-9).
    libssl-dev is already the newest version (1.1.1d-0+deb10u4+rpt1).
    0 upgraded, 0 newly installed, 0 to remove and 27 not upgraded.
    [email protected]:~/nginx $ sudo apt-get install -y python3 python3-pip
    Reading package lists… Done
    Building dependency tree
    Reading state information… Done
    python3 is already the newest version (3.7.3-1).
    python3-pip is already the newest version (18.1-5+rpt1).
    0 upgraded, 0 newly installed, 0 to remove and 27 not upgraded.
    [email protected]:~/nginx $ sudo pip3 -v install docker-compose
    Created temporary directory: /tmp/pip-ephem-wheel-cache-2jbvu0fw
    Created temporary directory: /tmp/pip-req-tracker-5gpcpx_2
    Created requirements tracker ‘/tmp/pip-req-tracker-5gpcpx_2’
    Created temporary directory: /tmp/pip-install-sfbgkbok
    Looking in indexes: https://pypi.org/simple, https://www.piwheels.org/simple
    Requirement already satisfied: docker-compose in /usr/local/lib/python3.7/dist-packages (1.27.4)
    Requirement already satisfied: docopt=0.6.1 in /usr/local/lib/python3.7/dist-packages (from docker-compose) (0.6.2)
    Requirement already satisfied: dockerpty=0.4.1 in /usr/local/lib/python3.7/dist-packages (from docker-compose) (0.4.1)
    Requirement already satisfied: docker[ssh]=4.3.1 in /usr/local/lib/python3.7/dist-packages (from docker-compose) (4.4.1)
    Installing extra requirements: ‘ssh’
    Requirement already satisfied: cached-property=1.2.0 in /usr/local/lib/python3.7/dist-packages (from docker-compose) (1.5.2)
    Requirement already satisfied: python-dotenv=0.13.0 in /usr/local/lib/python3.7/dist-packages (from docker-compose) (0.15.0)
    Requirement already satisfied: requests=2.20.0 in /usr/lib/python3/dist-packages (from docker-compose) (2.21.0)
    Requirement already satisfied: websocket-client=0.32.0 in /usr/local/lib/python3.7/dist-packages (from docker-compose) (0.57.0)
    Requirement already satisfied: PyYAML=3.10 in /usr/local/lib/python3.7/dist-packages (from docker-compose) (5.3.1)
    Requirement already satisfied: texttable=0.9.0 in /usr/local/lib/python3.7/dist-packages (from docker-compose) (1.6.3)
    Requirement already satisfied: distro=1.5.0 in /usr/local/lib/python3.7/dist-packages (from docker-compose) (1.5.0)
    Requirement already satisfied: jsonschema=2.5.1 in /usr/local/lib/python3.7/dist-packages (from docker-compose) (3.2.0)
    Requirement already satisfied: six>=1.3.0 in /usr/lib/python3/dist-packages (from dockerpty=0.4.1->docker-compose) (1.12.0)
    Requirement already satisfied: paramiko>=2.4.2; extra == “ssh” in /usr/local/lib/python3.7/dist-packages (from docker[ssh]=4.3.1->docker-compose) (2.7.2)
    Requirement already satisfied: setuptools in /usr/lib/python3/dist-packages (from jsonschema=2.5.1->docker-compose) (40.8.0)
    Requirement already satisfied: pyrsistent>=0.14.0 in /usr/local/lib/python3.7/dist-packages (from jsonschema=2.5.1->docker-compose) (0.17.3)
    Requirement already satisfied: importlib-metadata; python_version < "3.8" in /usr/local/lib/python3.7/dist-packages (from jsonschema=2.5.1->docker-compose) (3.3.0)
    Requirement already satisfied: attrs>=17.4.0 in /usr/local/lib/python3.7/dist-packages (from jsonschema=2.5.1->docker-compose) (20.3.0)
    Requirement already satisfied: pynacl>=1.0.1 in /usr/local/lib/python3.7/dist-packages (from paramiko>=2.4.2; extra == “ssh”->docker[ssh]=4.3.1->docker-compose) (1.4.0)
    Requirement already satisfied: bcrypt>=3.1.3 in /usr/local/lib/python3.7/dist-packages (from paramiko>=2.4.2; extra == “ssh”->docker[ssh]=4.3.1->docker-compose) (3.2.0)
    Requirement already satisfied: cryptography>=2.5 in /usr/lib/python3/dist-packages (from paramiko>=2.4.2; extra == “ssh”->docker[ssh]=4.3.1->docker-compose) (2.6.1)
    Requirement already satisfied: typing-extensions>=3.6.4; python_version < "3.8" in /usr/local/lib/python3.7/dist-packages (from importlib-metadata; python_version jsonschema=2.5.1->docker-compose) (3.7.4.3)
    Requirement already satisfied: zipp>=0.5 in /usr/local/lib/python3.7/dist-packages (from importlib-metadata; python_version jsonschema=2.5.1->docker-compose) (3.4.0)
    Requirement already satisfied: cffi>=1.4.1 in /usr/local/lib/python3.7/dist-packages (from pynacl>=1.0.1->paramiko>=2.4.2; extra == “ssh”->docker[ssh]=4.3.1->docker-compose) (1.14.4)
    Requirement already satisfied: pycparser in /usr/local/lib/python3.7/dist-packages (from cffi>=1.4.1->pynacl>=1.0.1->paramiko>=2.4.2; extra == “ssh”->docker[ssh]=4.3.1->docker-compose) (2.20)
    Cleaning up…
    Removed build tracker ‘/tmp/pip-req-tracker-5gpcpx_2’
    1. WunderTech
      2 Jan 2021 Reply
      Can you try a different docker-compose file to see if it works? It’s hard for me to troubleshoot this specific issue as you’re getting generic errors that don’t have much information. As long as the docker-compose file and the database file are in the same folder, docker-compose should work. The error you’re getting is specifically stating that it can’t find the docker compose file or the config.json file.
      Let me know any other information that you can provide!
Wayne
2 Jan 2021 Reply
what OS my I use, i get the impression it maybe related. tried 5 times now…
1. WunderTech
  2 Jan 2021 Reply
  I use the Raspberry Pi OS Lite operating system normally (previously Raspbian Lite). What OS are you using?
  1. Wayne
    2 Jan 2021 Reply
    same, I dont know what to do. I do notice alot of API errors,
    Error while fetching server API version: (‘Connection aborted.’, FileNotFoundError(2, ‘No such file or directory’))
    1. WunderTech
      3 Jan 2021 Reply
      Have you tried with a fresh install of Raspberry Pi OS?
      1. Wayne
        11 Jan 2021
        Still no joy, same as above. Im using Raspberry Pi Lite (installing with Raspberry Pi Image) and it still gives me the same error. I kind of feel like the OS is missing componnents. What OS and what services should be installed other than the suggested,
        libffi-dev libssl-dev
        python3 python3-pip
        docker-compose
      2. WunderTech
        11 Jan 2021
        From what I’m finding online, it’s a docker issue. If you type both commands below, what are the outputs? You might have to either upgrade or downgrade docker.
        which docker
        docker version
      3. Wayne
        12 Jan 2021
        Python 3.7.3 (default, Jul 25 2020, 13:03:44)
        docker-compose version 1.27.4, build unknown
        docker-py version: 4.4.1
        CPython version: 3.7.3
        OpenSSL version: OpenSSL 1.1.1d 10 Sep 2019
Manfred
10 Jan 2021 Reply
Hi great tutorial, thnx
I ran in some issues with latest docker version (5:20) not working on pi 4, but finally managed to install docker 5:19.03.14
– I have pointed my dns to my IP-address. eg. demo.mydomain.com
– my router is unifi mgt software running on the same pi (not in docker yet) and I created an forward rule to the ipaddress of the pi
where nginx is running in docker
– in nginx manager I created an host for demo.mydomain.com and set up this settings:
* Scheme: http
* ipaddress: the local 192.16.xxx.xxx address of the server
* port: the correct port the server is listening
* In the SSL tab force SSL
When I use the addres https://demo.mydomain.com I am NOT redirected to the correct server in my network, but see this message:
“Bad Request This combination of host and port requires TLS.”
I also get in the chrome url “not secure”, but when I click on this I can see it us showing the lets encrypt certificate.
Now I change the scheme in NGINX manager to HTTPS and now the site is working, but it still shows “not secure”
What did I do wrong, or what did I miss?
thanx Manfred
1. WunderTech
  11 Jan 2021 Reply
  Did you request an SSL certificate from Let’s Encrypt? If you did, is it properly applied to the proxy host?
2. Wayne
  11 Jan 2021 Reply
  The installs work fine, the issue is when I have to run “sudo docker-compose up -d”, there python errors, see above (1 Jan). I just dont get it. Your scipt at least runs, other tutorials I ahve used just fail stright up.
Johnny
11 Jan 2021 Reply
Hi Frank – thank you for the tutorial!
Sorry just a few quick questions:
1) I see on picture 11 it looks like NGINX has the ability to manage multiple proxies?
2) I have 3 dongles attached to a 4 port usb hub attached to the raspberry. If the above is correct, I just need to get them working as Port 10001, 10002, 10003 etc… correct?
Many thanks Frank, your help is greatly appreciated!!
1. WunderTech
  11 Jan 2021 Reply
  Hello!
  1. Yes, you can use NPM to manage multiple proxies. You would basically apply a different domain name (generally, by service is best, so plex.yourdomain.com, jellyfin.yourdomain.com, etc), and that will allow you to manage as many services as you’d like.
  2. When you say dongles, what exactly do you mean? Ethernet dongles? If so, your services would each be assigned a different network port and you will have to assign the proxy host to the correct port.
  Hope this helps, but if I can answer anything else, please let me know!
Wayne
11 Jan 2021 Reply
the moderation is a pain is a pain, can you do something about it please? I nerver know if the post is live
1. WunderTech
  11 Jan 2021 Reply
  Unfortunately, no. I get hit with tons and tons of spam and I’m actively trying to fix it. This is the only option I have right now. If you submitted your message, I received it, I just haven’t had a chance to look into it yet.
  I am currently researching your issue and I’m trying to find out anything that I can. Did you run the two commands from the last message? If so, what were the outputs?
manfred
12 Jan 2021 Reply
Hi
Yes I use let’s encrypt.
By accident I discovered the reason today.
On the private (windows10) laptop I used to configure the PI and the certificates I got the message ‘not secure’
This morning I rebooted my work (windows10) laptop, and there the connection for this website was directly secure. I directly opened my private laptop, which was not rebooted since I installed the certificates and even after ctrl + F5 is was still ‘not secure’
So then I stopped the chrome browser, and all the chrome processes on the private laptop. I restarted chrome and now the site was directly secure
I had no idea for certificates there is also a kind of cache in the browser.
sorry for the inconvenience, but the problem is solved.
1. WunderTech
  13 Jan 2021 Reply
  Not a problem, glad to hear it’s resolved!
Wayne
13 Jan 2021 Reply
So, it turns out Docker is not installed, the article at no point lays out in no obvious terms that this is need as a prerequisite. I would suggest making this be made more obvious or put in the two lines of script which do it. obvious, found this:
Is docker installed and how to check: https://stackoverflow.com/questions/64163450/unable-to-docker-compose-up-any-project
How to install docker on a Raspberry Pi: https://phoenixnap.com/kb/docker-on-raspberry-pi
1. WunderTech
  13 Jan 2021 Reply
  Yes, Docker is required to use Docker Compose. I apologize for not being clearer initially (I updated the post to reflect this). This was a follow up to my prior tutorial on how to install Docker/Portainer on a Raspberry Pi, which is why it’s not specifically stated here.
  Glad you were able to fix it.
revan
1 Feb 2021 Reply
Hi! wondering if its OK to leave the username, password as “npm” or do we have to change each value to be unique?
1. WunderTech
  2 Feb 2021 Reply
  I left that as default for the tutorial, but you’re free to change it to whatever you’d like!
Wyatt
1 Feb 2021 Reply
Hi, so I get to the point of running sudo docker-compose up -d and I also watched your YT video on this and my terminal did not finish like yours did. See Printscreen screenshot > http://prntscr.com/xzvmha < this is where it reboots its self and if I keep going with the next steps, it shows no such container. Code below. I checked portainer and they are not there was well.
[email protected]:~/nginx $ sudo docker update –restart always nginx_app_1
Error response from daemon: No such container: nginx_app_1
[email protected]:~/nginx $ sudo docker update –restart always nginx_db_1
Error response from daemon: No such container: nginx_db_1
[email protected]:~/nginx $
I couldn't find anything that sticks out in the syslog but also I'm not very advanced at Linux or Pi.
Thank your help!
1. Wyatt
  1 Feb 2021 Reply
  Please note I do have a WordPress running on this same Pi. Possible conflict with it and already having a MySQL set up?
  1. WunderTech
    2 Feb 2021 Reply
    That could very well be the issue, but I’m not positive since I’ve never seen that issue before. Are you using port 80/443 for WordPress? Do you have a different SD card that you can test with to see if the port conflict is the issue?
Mohamed
23 Feb 2021 Reply
Thanks for the tutorial – very helpful! I’m having a persistent problem with nginx, the nginx_app_1 is always reporting “unhealthy” even after waiting for so long and restarting the pi and the containers many times. Here’s what the log says:
[cont-finish.d] executing container finish scripts…
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc…exited 0.
[s6-init] ensuring user provided files have correct perms…exited 0.
[fix-attrs.d] applying ownership & permissions fixes…
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts…
[cont-init.d] 01_s6-secret-init.sh: executing…
[cont-init.d] 01_s6-secret-init.sh: exited 267.
!!!!!
init-stage2 failed.
!!!!!
This block keeps repeating itself again and again with the same outcome. I have forwarded the ports 443 and 80 on TCP but this didn’t change anything and it was happening before and after I did that. Any suggestions?
1. WunderTech
  24 Feb 2021 Reply
  That error appears like it’s on the setup, so unfortunately, opening ports 80/443 wouldn’t help. Are you running anything else on the Raspberry Pi that could be causing conflicts?
  1. Mohamed
    24 Feb 2021 Reply
    No. It’s a fresh install of Raspberry Pi OS (with desktop) and nothing else. I also checked if Apache2 exists since I heard it may cause that conflict but also it isn’t there. Any chance to get it working somehow or starting from scratch is the only option?
    1. WunderTech
      25 Feb 2021 Reply
      I don’t want to say it’s the only option but it’s an option. If you have nothing else running on the Pi, it might be the easiest option, but if you have other things running, it might be worth it to take the time and try and isolate the issue.
Abhilesh
23 Feb 2021 Reply
Hey WunderTech,
Thanks for the great tutorials! I am trying to setup a self-hosted Bitwarden on my RPi4 using your tutorials, however, I ran into some issues while setting up the Nginx reverse proxy server.
Additional info – I do have a nextcloud instance along a plex server running on the same RPi and I’m using apache2 as the webserver. I believe the errors I’m running into are because the port 443 is already in use by apache2 and hence the docker compose command fails for me. Below are the error messages I ran into –
ERROR: for nginx_app_1 Cannot start service app: driver failed programming external connectivity on endpoint nginx_app_1 (12497ebf7da4
Creating nginx_db_1 … done
use
ERROR: for app Cannot start service app: driver failed programming external connectivity on endpoint nginx_app_1 (12497ebf7da4af8c77cb5e4fd792eef9727e3acfcc15677ca86e1d93abfd9364): Error starting userland proxy: listen tcp4 0.0.0.0:443: bind: address already in use
ERROR: Encountered errors while bringing up the project.
[email protected]:~/nginx $ sudo netstat -ntulp | grep 443
tcp6 0 0 :::443 :::* LISTEN 11707/apache2
[email protected]:~/nginx $ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f3cc55ba4618 yobasystems/alpine-mariadb:latest “/scripts/run.sh” 7 minutes ago Up 7 minutes 3306/tcp nginx_db_1
72c3c0fc31cc bitwardenrs/server:latest “/usr/bin/dumb-init …” 19 minutes ago Up 19 minutes (healthy) 3012/tcp, 0.0.0.0:8080->80/tcp bitwarden
12b600fdcfd6 portainer/portainer-ce:linux-arm “/portainer” 26 minutes ago Up 26 minutes 8000/tcp, 0.0.0.0:9000->9000/tcp xenodochial_cori
Any help in resolving these?
1. WunderTech
  24 Feb 2021 Reply
  You are correct. Is there any way that you can map port 443 to something else, then use the reverse proxy to expose that service if you’d like?
Wesley
25 Feb 2021 Reply
Getting the following Error on the nginx app container:
Can’t take lock to run migrations: Migration table is already locked
If you are sure migrations are not running you can release the lock manually by deleting all the rows = require(migrations lock table: migrations_lock
1. Wesley
  25 Feb 2021 Reply
  Okay, so I connected to the db container and deleted the lock, but now it’s having errors migrating. with a table already existing
  1. WunderTech
    27 Feb 2021 Reply
    When you say you connected to the db container, what exactly do you mean? Can you also clarify what you mean when it says that a table already exists? Is that a database error and if so, where are you receiving it?
    1. Justin
      8 Mar 2021 Reply
      I also had this problem. In addition to deleting all rows in table migrations_lock, I had to drop the auth and user tables as well. After restarting nginx_app_1 (I stopped it before messing with the db), it eventually changed to healthy.
      1. WunderTech
        8 Mar 2021
        Thanks so much for sharing!!
Kenneth
7 Mar 2021 Reply
Thanks for the great tutorial. However I’m getting “no password auth for user” at nginx proxy manager log-in page it either doesn’t like the ‘changeme’ password or it’s not connected to database. This is another fresh installed Pi OS and everything appeared to be done correctly without errors. Only thing is that I can’t get nginx_db_1 container to become ‘healthy’ instead of ‘running’ in green color.
In fact this is the 4th writeup I’m following and after hundreds of hours of failure I am so discouraged that I can’t even get one thing to work I had great success on Windows had been asking myself why fix things ain’t broke.
1. WunderTech
  7 Mar 2021 Reply
  It’s reporting as healthy or running? It should be running when the nginx proxy manager container is running. Also, you’re able to get to the web admin console, it just doesn’t let you login?
  1. Bart
    8 Mar 2021 Reply
    Same issue here, portainer reports nginx_app_1 as healthy and nginx_db_1 as running and i can’t login to proxymanager 🙁
    1. WunderTech
      9 Mar 2021 Reply
      Someone posted a solution here a few days ago in the comments. Do you think you can try that?
Kenneth
7 Mar 2021 Reply
t’s reporting ‘running’. Yes I’m at the log in page had a spinning ring when password was submitted and returned with this message ‘No password auth for user’.
I have these errors in the log from last reboot:
2021-03-07 11:44:31 0 [Note] /usr/bin/mysqld: Shutdown complete
[i] mysqld already present, skipping creation
[i] MySQL directory already present, skipping creation
2021-03-07 11:45:00 0 [Note] /usr/bin/mysqld (mysqld 10.4.15-MariaDB) starting as process 1 …
2021-03-07 11:45:01 0 [Note] InnoDB: Using Linux native AIO
2021-03-07 11:45:01 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2021-03-07 11:45:01 0 [Note] InnoDB: Uses event mutexes
2021-03-07 11:45:01 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2021-03-07 11:45:01 0 [Note] InnoDB: Number of pools: 1
2021-03-07 11:45:01 0 [Note] InnoDB: Using generic crc32 instructions
2021-03-07 11:45:01 0 [Note] mysqld: O_TMPFILE is not supported on /var/tmp (disabling future attempts)
2021-03-07 11:45:01 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
2021-03-07 11:45:01 0 [Note] InnoDB: Completed initialization of buffer pool
2021-03-07 11:45:01 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
2021-03-07 11:45:01 0 [Note] InnoDB: 128 out of 128 rollback segments are active.
2021-03-07 11:45:01 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2021-03-07 11:45:01 0 [Note] InnoDB: Setting file ‘./ibtmp1’ size to 12 MB. Physically writing the file full; Please wait …
2021-03-07 11:45:01 0 [Note] InnoDB: File ‘./ibtmp1’ size is now 12 MB.
2021-03-07 11:45:01 0 [Note] InnoDB: Waiting for purge to start
2021-03-07 11:45:01 0 [Note] InnoDB: 10.4.15 started; log sequence number 157165; transaction id 306
2021-03-07 11:45:01 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
2021-03-07 11:45:02 0 [Note] Plugin ‘FEEDBACK’ is disabled.
2021-03-07 11:45:02 0 [Note] Server socket created on IP: ‘::’.
2021-03-07 11:45:02 0 [Warning] ‘user’ entry ‘@5198337f35a6’ ignored in –skip-name-resolve mode.
2021-03-07 11:45:02 0 [Warning] ‘proxies_priv’ entry ‘@% [email protected]’ ignored in –skip-name-resolve mode.
2021-03-07 11:45:02 0 [Note] InnoDB: Buffer pool(s) load completed at 210307 11:45:02
2021-03-07 11:45:02 0 [Note] Reading of all Master_info entries succeeded
2021-03-07 11:45:02 0 [Note] Added new Master_info ” to hash table
2021-03-07 11:45:02 0 [Note] /usr/bin/mysqld: ready for connections.
1. WunderTech
  8 Mar 2021 Reply
  These don’t appear to be errors. Are there actual errors anywhere? Have you checked the Docker container’s log files?
  1. Kenneth
    9 Mar 2021 Reply
    nginx_app_1 log:
    finish: applet not found
    [cont-finish.d] executing container finish scripts…
    [cont-finish.d] done.
    [s6-finish] waiting for services.
    s6-svscanctl: fatal: unable to control /var/run/s6/services: supervisor not listening
    [s6-finish] sending all processes the TERM signal.
    [s6-finish] sending all processes the KILL signal and exiting.
    Portainer log:
    2021/03/08 22:07:05 Starting Portainer 2.1.1 on :9000
    2021/03/08 22:07:05 [DEBUG] [chisel, monitoring] [check_interval_seconds: 10.000000] [message: starting tunnel management process]
    2021/03/08 22:47:54 http error: Invalid JWT token (err=Invalid JWT token) (code=401)
    2021/03/08 22:47:55 http error: Unauthorized (err=Unauthorized) (code=401)
    2021/03/09 06:48:45 http error: Invalid JWT token (err=Invalid JWT token) (code=401)
    1. WunderTech
      9 Mar 2021 Reply
      I’m sorry, it’s hard for me to help troubleshoot with this information. I would try and reinstall Raspberry Pi OS, start from scratch and see if everything works as expected.
      1. Kenneth
        8 Apr 2021
        I start over with a new Pi and new card from scratch and got everything running except I got ‘internal error’ when requesting SSL from Lets Encrypt.
        Found out my domain provider which is name.com doesn’t support DDNS. Is there an work around? or it simply won’t work?
        I’m using DDNS feature offered by Asus Router WebUI, which also offer SSL. I can connect to BitWarden from WAN over 8080 port but no HTTPS available. Do I just simply change it to 443? If I later need Pi-hole and other services how do I go about other SSL requirement?
      2. WunderTech
        8 Apr 2021
        Did you port forward ports 80/443 to your Raspberry Pi? Are you using a firewall that could be blocking those ports? As long as you can communicate over that port, you should be able to get an SSL certificate (assuming the domain provider is setup correctly).
Bart
8 Mar 2021 Reply
Hi i’ve found following log
~/nginx/data/logs$ cat error.log
2021/03/08 22:10:40 [error] 262#262: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: nginxproxymanager, request: “GET /api/ HTTP/1.1”, upstream: “http://127.0.0.1:3000/”, host: “127.0.0.1:81”
2021/03/08 22:10:45 [error] 262#262: *3 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: nginxproxymanager, request: “GET /api/ HTTP/1.1”, upstream: “http://127.0.0.1:3000/”, host: “127.0.0.1:81”
2021/03/08 22:10:50 [error] 262#262: *5 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: nginxproxymanager, request: “GET /api/ HTTP/1.1”, upstream: “http://127.0.0.1:3000/”, host: “127.0.0.1:81”
1. WunderTech
  9 Mar 2021 Reply
  It looks like it can’t access the database. Is the database properly running?
David
12 Mar 2021 Reply
hi great guide but I’m having a problem is it go to my modem login page if I type in my public IP address and port 80 eg 123.123.123.123:80 i have port forward both ports and tryed two diff modems but it always go to my login page what im i doing wrong.
1. WunderTech
  12 Mar 2021 Reply
  Did you properly open ports 80/443? Can you check an online port checker to confirm that they’re open?
  1. David
    13 Mar 2021 Reply
    yes checked both open checked with two sites.
    1. WunderTech
      13 Mar 2021 Reply
      What is the reverse proxy that you set up? Is it pointing to your router by any chance?
      1. David
        13 Mar 2021
        No to the pi4 itself modem/router ip 192.168.0.1 pi 192.168.0.4
        Posted about this on my isp Webb page and another person that has not got Nginx or a pi tried his public IP and port 80 and he also opens the modems login page isp are looking into this I just tried installing nextcloud and when I click on the site I made it take me to the modems login page.
      2. WunderTech
        15 Mar 2021
        Sounds like your ISP is blocking it then, unfortunately. Can you log in to the account and see if you can allow port 80 traffic?
Jerome
14 Mar 2021 Reply
Hi there, I have an observation to share but first let me tell you HOW GRATEFUL I am for your tutorials! I have zero knowledge about coding or web stuff things, but you made it simple. I followed the Raspberry, the Docker, the Guacamole tutorials and now here I am with a fully functional Nginx and able to access to my desktop over the internet :). I’ve read your “About” page, and I can assure you that your goal is fully reached!
Back to my observation (I’m a pragmatic person) : I didn’t managed to make Nginx work with your files, the “nginx_app_1” container was unhealthy with a “parse error: Invalid numeric literal at line 1, column 7 NOT OK” message.
Maybe it has to do with the fact I adapted your tutorials for my computer running on Ubuntu (wanna try before buying a raspberry), but long story short I managed to make it work with the “docker-compose.yml” from the Nginx website (https://nginxproxymanager.com/setup/). With this, no need for a conf.json and it’s perfectly working. I’ll give another try to your configuration when I’ll get a Raspberry, I’ll let you know if there’s a difference. Won’t be before a while probably, until then stay safe and keep going with your great and helpful work!
Best,
Jerome
1. WunderTech
  15 Mar 2021 Reply
  A lot of people have been getting that error, so when I get some time, I have to go back and ensure that this still works like it used to. Either way, I’m glad to hear that you got it working and thanks for the feedback!
  1. Jerome
    10 Apr 2021 Reply
    Hi there!
    Small update to inform you that your method works perfectly on a Raspberry Pi 4!
    Cheers!
    1. WunderTech
      12 Apr 2021 Reply
      Awesome, thanks so much for letting me know!
    2. Lutz
      14 Apr 2021 Reply
      Hi Jerome. I have tried to install on a PI 4 and failed. Can you tell me which OS you are using? And a question from a complete Linux newby: do I have to do the installation as root (su)?
lichti
20 Mar 2021 Reply
Hello and thanks for this tutorial!
Could you tell me, how i can put nginx to a different IP?
I wanna install PiHole on my raspberry too, but the Ports 80 and 443 are already reserved for Nginx.
PiHole should be locally installed, so a different IP for Nginx and the DB would be perfect.
Maybe you can help me!
Greets from Austria
1. WunderTech
  21 Mar 2021 Reply
  It might be smarter to change the port for Pi-hole (if you can). Since most domains use 80/443, if you use a different port for Nginx, you will have to append that port to every domain name. If you use 443, you will only have to type in the domain name.
  1. lichti
    22 Mar 2021 Reply
    Hmm.. But is it also possible to put nginx in a macvlan Network?
    1. WunderTech
      25 Mar 2021 Reply
      Yes, you can use a macvlan network for NPM.
      1. lichti
        30 Mar 2021
        Could you help me with that?
        Is there a way to let NPM only connect to the db and dont expose the Ports to public?
      2. WunderTech
        30 Mar 2021
        The commands on this page should help! https://www.raspberrypi.org/forums/viewtopic.php?t=266276
        You basically just have to create the network interface and then assign it to the container.
noaccess
23 Mar 2021 Reply
Hello,
after step 4
enter the command
sudo usermod -aG docker pi
and continue the process
Carmelo Jimenez
28 Mar 2021 Reply
HI, followed instructions. both containers for nginx are up, running and healthy. Browsing to page presents the familiar login banner.
Enter [email protected] and pass changeme. Seems to work but I get the same page back again and never reach a point to change. Any suggestions?
1. WunderTech
  29 Mar 2021 Reply
  Have you tried restarting the container? Any other error messages? Anything in the docker logs?
Lutz
31 Mar 2021 Reply
Hi, thanks for the great tutorial for an absolute newby. I follow it and the installation went all the way without problems. But no I’ve got the same problem that was reported by Mohammed a couple of weeks ago: NPM remains “unhealthy” and as such login isn’t possible: Error “Bad gateway” which is obvious.
Any idea other than a full fresh install? It’s a Raspberry PI 3+ just to run Docker / NPM with Raspberry image
1. WunderTech
  31 Mar 2021 Reply
  I know this is a stupid question but have you tried to reboot? This error can be so many different things that a reinstall is normally the easiest, but not necessarily only way to fix it.
2. Mohammed
  8 Apr 2021 Reply
  Hey Lutz! Just a hint since I just made that mistake today on a Pi4. The other day my problem was that I used a Pi Zero W which has an unsupported arv6 CPU, so it kept doing that. Today I faced the same “unhealthy” issue along with the bad gateway (which I didn’t have before) because I accidentally changed the ‘db’ as a database name while I was changing the username/password in the config.json.
  Hope that helps!
  1. Lutz
    13 Apr 2021 Reply
    Hey Mohammed. Thanks for the tip but that does not appear to be the case here. I did a complete, fresh install right from the beginning exactly following all steps without changing anything. Problem still exists.
    It appears to be a problem when generating the dummy SSL certificate:
    >>>
    nginx: [emerg] cannot load certificate “/data/nginx/dummycert.pem”: BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(‘/data/nginx/dummycert.pem’,’r’) error:2006D080:BIO routines:BIO_new_file:no such file)
    <<>>
    Generating dummy SSL certificate…
    Generating a RSA private key
    ……………………
    #
    # Fatal error in , line 0
    # unreachable code
    #
    #
    #
    #FailureMessage Object: 0xbed0d1bc
    …/run: line 18: 28168 Illegal instruction (core dumped) node –abort_on_uncaught_exception –max_old_space_size=250 index.js
    .+++++
    ………………………..+++++
    writing new private key to ‘/data/nginx/dummykey.pem’
    —–
    3069420432:error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time:crypto/asn1/a_time.c:330:
    Complete
    <<<
    Not knowing enough about Linux but is this an issue with the system clock???
    Thanks for any other help on this.
    Lutz
    1. WunderTech
      13 Apr 2021 Reply
      When are you receiving the error? When you say dummy SSL certificate, what exactly do you mean?
      1. Lutz
        13 Apr 2021
        The error that can be seen above comes up as soon as the two nginx container start running. While the db is running fine the npm container is remains “unhealthy” with the above error message is written in the nginx container log file.
        As you can see in the above text blog it seems to me that the nginx container tries to generate an SSL certificate locally (as at this moment the host can’t be reached by LetsEncrypt from the outside through port 80.
        So he (nginx) seems to generate a local “dummy” key until nginx is able to generate a “true” certificate via LetsEncrypt.
        Thanks, Lutz
      2. Lutz
        14 Apr 2021
        I am getting the error while the container is starting. It remains in the “unhealthy” state and loops while “trying to install dummy keys”.
        I did an install on a PI3 using a 32-bit Ubunutu 20.04. LTS server image and everything worked fine.
      3. WunderTech
        14 Apr 2021
        What OS are you getting the error on? I only use Raspberry Pi OS, so I can’t comment on how other OS’s work. It sounds like you got it working though, which is great!
Markus
5 Apr 2021 Reply
Hey there,
I installed portainer and also bitwarden with your tutorials and that worked fine.
Now I want to install nginx and I get the following erro when I start “sudo docker-compose up -d
Starting nginx_app_1 …
nginx_db_1 is up-to-date
Starting nginx_app_1 … error
ERROR: for nginx_app_1 Cannot start service app: driver failed programming external connectivity on endpoint nginx_app_1 (fd5f46de26be0be172e2b30fe4ffb0899886183b633cca03a9ab9e37a50fdfc1): Error starting userland proxy: listen tcp4 0.0.0.0:80: bind: address already in use
In portainer I have the “nginx_db_1” running, “nginx_app_1” is only created.
How can I fix that?
1. WunderTech
  7 Apr 2021 Reply
  It looks like you’re using port 80 for something on your Raspberry Pi. If you are, you will be better off changing that port on that container so you can use 80/443 for NPM.