is there a way to make npm redirect ALL http port 80 requests to https port 443?
In nginx you could do something like this, but I don't know how to apply it to npm.
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
Hi everyone,
I’m running Nginx Proxy Manager in Docker and I just checked my setup.
The NGINX version inside the container shows: 1.27.X.
I recently updated the container, but I’m trying to understand if my setup is still affected by CVE-2026-42945 (the nginx rewrite module vulnerability affecting versions ≤ 1.30.0).
Since NPM uses OpenResty instead of vanilla nginx, I’m not fully sure how to map the OpenResty version to the affected nginx versions.
Is NPM already patched for this CVE in recent Docker images?
I'm probably missing something obvious here, but how do I access values which have been transmitted by a client to NGINX Reverse Proxy?
In my setup, if I use NGINX as a simple HTTP server, my PHP scripts inherit any arguments in the $_POST global variable and I can issue responses just fine.
However, for business reasons I need to run my PHP script as a service, using "socket_create" to accept connections.
This works fine (mostly). The remote client communicates with the NGINX Reverse Proxy, which talks my PHP script (running as a service) and I can return data to the Proxy Server, which then transmits back to the client. All tested and working.
What I can't seem to do (no doubt due to my ignorance) is access the data being sent from the remote client to the proxy server.
The data I receive looks like this...
>GET / HTTP/1.0
Host: 192.168.56.xxx
X-Real-IP: 192.168.56.xxx
X-Forwarded-For: 192.168.56.xxx
X-Forwarded-Proto: http
Connection: close
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:147.0) Gecko/20100101 Firefox/147.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.9
Accept-Encoding: gzip, deflate
Cookie: MY_SESSION=8c1b0n9nb82o68fuiiknkui64e; PHPSESSID=a5e0dug6437a7ijv13rq33racp
Upgrade-Insecure-Requests: 1
Priority: u=0, i
...but no data from the client!
I'm sure it's obvious, but what am I missing?
EDIT: PROXY STUFF FROM sites-available
>location / {
# PROXY STUFF, FROM THE INTERWEBS
proxy_pass http://127.0.0.1:5010;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
SOLVED
Thanks to the respondents below. Food for thought.
What was happening was that I was running my "script as a service" in my editor and just using the "run" option. It's never caused problems before.
However, I've now tried calling from the CLI and the args have miraculously appeared!
I've tested this a few times and the behaviour appears consistent. The header that I previously posted was a result of using the "run" command. The real thing is the same but with the data I want appended (can't show it).
I blame the developers at Geany. This had absolutely nothing to do with my lack of lateral thinking.
A week or more ago every single one of my domains stopped working on my unraid server. They had all been working fine for years at this point. And the containers themselves are also fine when I access the through the local IP. Since then I have been losing my mind trying to get NPM working again to no avail and am hoping someone smarter than me sees this can can help point me in the right direction.
So some context of what I've double checked and tried.
Port 80/443 are open and reachable verified through canyouseeme
NPM is setup to use 18443 and 1880 for https and http
My router has 443/80 forwarded to 18443/1880
I have a cloudflare a record with my domain pointed to my public IP address (I used to use cloudflare-ddns with a dynamic record but removed that to simplify troubleshooting)
I have a cname record with my seerr container
I create a proxy host for seerr and go to get a letsencrpt cert which is where it falls apart. I check the logs and see
The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
From what I have looked up this is mainly when letsencrpt cant reach the server so the cert fails but from everything I can see or check it should absolutely be able to reach the NPM container.
I also tried setting up a cloudflare dns challenge which looks like it works but the sites are still inaccessible.
I have torn down and rebuilt the NPM and my cloudflare setup over 10 times hoping to catch some misconfiguration but every time I hit the same wall.
I'm really at my wits end and any help would be incredibly appreciated
What I'm doing is I'm having PiHole direct all internal domain requests to Nginx Proxy Manager, so that Nginx Proxy Manager figures out where to send the requests.
I have NPM installed as a Docker container on my Pi 4 at 192.168.0.12, and PiHole on my Pi 3 at 192.168.0.11. I also have Immich, ForgeJo, Mealie, and OwnCloud also on 192.168.0.12.
How do I set up PiHole with NPM so that typing for example pihole.cloud.lan lands me at the PiHole admin page? I'm thinking I would want a single local domain cloud.lan and five CNAME subdomains (pihole, immich, forgejo, mealie, and owncloud) that point to cloud.lan. Cloud.lan would then send the request to NPM, which would bounce it to the appropriate container.
Hello all, I wanted to see if people would be interested in what I've worked on.
In a previous in this subreddit I asked: https://www.reddit.com/r/nginxproxymanager/comments/1t3rgxu/what_is_the_releasedevelopment_cycle_of_the/
And following that I either had a choice to move off of NPM or go to NPMPlus, which was too broad of an application for my liking.
So what I did is I made a bumped and automated fork of the nginxproxymanager images.
A couple things I did:
Debian 12 -> 13
OpenResty 1.27.x -> 1.29
Certbot-dns-eurodns python package 0.0.2 -> 1.8.2 (i needed this for my work)
And other packages have been bumped as well. So feel free to check it out.
I just noticed the upstream received an update. So that's applied as well