starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-28 19:05:51 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #3050] Can not proxy to Docker Host network ports #2076

New issue
Closed
opened 2026-02-26 07:33:56 +03:00 by kerem · 6 comments
kerem commented 2026-02-26 07:33:56 +03:00
Owner
Copy link

Originally created by @afzl-wtu on GitHub (Jul 9, 2023).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3050

I am runnign nginxproxymanger with following docker-compose.yaml file:
version: '3.8'
services:
app:
container_name: nginx
network_mode: npm-nw
ports:
- '80:80'
- '443:443'
extra_hosts:
- 'ss.ss:host-gateway'
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt

I added two extra settings here. network_mode: npm-nw for proxying to other dockers on this bridge network. And extra_hosts: - 'ss.ss:host-gateway', So that I can access and proxy to wireguard-ui web interface at port 5000 and adguard web interface at port 5001. I can proxy to all dockers on npm-nw network but I get "502 Bad Gateway" when proxying to ss.ss:5000 or ss.ss:5001 in npm.
I also added ports 5000 and 5001 in firewall setting. I also confirm I can send messages tcp and udp through netcat on host from inside the npm container (nc ss.ss 5000 ).
I also confirm, from inside npm container I successfully get webpage of wireguard-ui with wget ss.ss:5000 with no error.
So it confirms There is no firewall issue and also webpage of wireguard-ui or adguard can be accessed inside npm container with wget. Only NPM gives error of 502 bad gateway.
image
image

My Config

I also used https mode but always 502 gate way
image

All other webserver inside dockers on npm-nw are working fine.

Originally created by @afzl-wtu on GitHub (Jul 9, 2023). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3050 I am runnign nginxproxymanger with following docker-compose.yaml file: version: '3.8' services: app: container_name: nginx network_mode: npm-nw ports: - '80:80' - '443:443' extra_hosts: - 'ss.ss:host-gateway' image: 'jc21/nginx-proxy-manager:latest' restart: unless-stopped volumes: - ./data:/data - ./letsencrypt:/etc/letsencrypt I added two extra settings here. network_mode: npm-nw for proxying to other dockers on this bridge network. And extra_hosts: - 'ss.ss:host-gateway', So that I can access and proxy to wireguard-ui web interface at port 5000 and adguard web interface at port 5001. I can proxy to all dockers on npm-nw network but I get "502 Bad Gateway" when proxying to ss.ss:5000 or ss.ss:5001 in npm. I also added ports 5000 and 5001 in firewall setting. I also confirm I can send messages tcp and udp through netcat on host from inside the npm container (nc ss.ss 5000 ). I also confirm, from inside npm container I successfully get webpage of wireguard-ui with wget ss.ss:5000 with no error. So it confirms There is no firewall issue and also webpage of wireguard-ui or adguard can be accessed inside npm container with wget. Only NPM gives error of 502 bad gateway. ![image](https://github.com/NginxProxyManager/nginx-proxy-manager/assets/64379149/9e03110b-5e9a-4bd8-b989-ceb3d56b3808) ![image](https://github.com/NginxProxyManager/nginx-proxy-manager/assets/64379149/e0f79116-8e83-4eac-9fe4-fb6ad7b08750) My Config I also used https mode but always 502 gate way ![image](https://github.com/NginxProxyManager/nginx-proxy-manager/assets/64379149/b6d28fe9-12cf-420d-ad8d-297cdd5bc42a) All other webserver inside dockers on npm-nw are working fine.
kerem 2026-02-26 07:33:56 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-02-26 07:33:56 +03:00
Author
Owner
Copy link

@duchu commented on GitHub (Jul 9, 2023):

I have same problem

<!-- gh-comment-id:1627704908 --> @duchu commented on GitHub (Jul 9, 2023): I have same problem
kerem commented 2026-02-26 07:33:56 +03:00
Author
Owner
Copy link

@afzl-wtu commented on GitHub (Jul 10, 2023):

I have same problem

Update:
Strange, I just put docker gateway ip or my local ip of main host interface (10.0.0.x) and it connected successfully. I even removed extra_hosts parameter and also do not use any network: host in docker-compose and it still works. It means docker container can access my host network without any parameter. That is security Flaw.

version: '3.8'
services:
  app:
    container_name: nginx
    ports:
      - '80:80'
      - '443:443'
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    network_mode: npm-nw
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
<!-- gh-comment-id:1628378338 --> @afzl-wtu commented on GitHub (Jul 10, 2023): > I have same problem Update: Strange, I just put docker gateway ip or my local ip of main host interface (10.0.0.x) and it connected successfully. I even removed extra_hosts parameter and also do not use any network: host in docker-compose and it still works. It means docker container can access my host network without any parameter. That is security Flaw. ``` version: '3.8' services: app: container_name: nginx ports: - '80:80' - '443:443' image: 'jc21/nginx-proxy-manager:latest' restart: unless-stopped network_mode: npm-nw volumes: - ./data:/data - ./letsencrypt:/etc/letsencrypt ```
kerem commented 2026-02-26 07:33:56 +03:00
Author
Owner
Copy link

@the1ts commented on GitHub (Jul 10, 2023):

I think perhaps some more understanding of docker networking would be useful, I liked this video discussion of all the types of networking, when to use them and what functionality is different between them all.
Saying a bridged network is insecure since it has access to both networks is not a security issue its the definition of a bridge in networking.

<!-- gh-comment-id:1628916873 --> @the1ts commented on GitHub (Jul 10, 2023): I think perhaps some more understanding of docker networking would be useful, I liked [this](https://www.youtube.com/watch?v=bKFMS5C4CG0) video discussion of all the types of networking, when to use them and what functionality is different between them all. Saying a bridged network is insecure since it has access to both networks is not a security issue its the definition of a bridge in networking.
kerem commented 2026-02-26 07:33:56 +03:00
Author
Owner
Copy link

@afzl-wtu commented on GitHub (Jul 10, 2023):

I think perhaps some more understanding of docker networking would be useful, I liked this video discussion of all the types of networking, when to use them and what functionality is different between them all. Saying a bridged network is insecure since it has access to both networks is not a security issue its the definition of a bridge in networking.

I create npm-nw network with command:
docker network create npm-nw
Is it still a bridge network? If so, how I can make it not bridged but only dockers only network.
Also what is the solution of ss.ss not resolved to host ip address but 10.7.0.1xx works fine.

<!-- gh-comment-id:1629390688 --> @afzl-wtu commented on GitHub (Jul 10, 2023): > I think perhaps some more understanding of docker networking would be useful, I liked [this](https://www.youtube.com/watch?v=bKFMS5C4CG0) video discussion of all the types of networking, when to use them and what functionality is different between them all. Saying a bridged network is insecure since it has access to both networks is not a security issue its the definition of a bridge in networking. I create npm-nw network with command: `docker network create npm-nw` Is it still a bridge network? If so, how I can make it not bridged but only dockers only network. Also what is the solution of ss.ss not resolved to host ip address but 10.7.0.1xx works fine.
kerem commented 2026-02-26 07:33:56 +03:00
Author
Owner
Copy link

@the1ts commented on GitHub (Jul 10, 2023):

You are creating a bridge network see docker network create --help.

<!-- gh-comment-id:1629648207 --> @the1ts commented on GitHub (Jul 10, 2023): You are creating a bridge network see `docker network create --help`.
kerem commented 2026-02-26 07:33:56 +03:00
Author
Owner
Copy link

@afzl-wtu commented on GitHub (Jul 11, 2023):

You are creating a bridge network see docker network create --help.

Thanks for your time. I watched the whole video now. It is informative but I do not like the speaking person. Its way of speaking is not- much clear. But Thank u.

<!-- gh-comment-id:1629953883 --> @afzl-wtu commented on GitHub (Jul 11, 2023): > You are creating a bridge network see `docker network create --help`. Thanks for your time. I watched the whole video now. It is informative but I do not like the speaking person. Its way of speaking is not- much clear. But Thank u.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/prod-minor-updates-5edfafad3a
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#2076
No description provided.