[GH-ISSUE #3283] strange behaviour configuring proxy #2213

New issue

Closed

opened 2026-02-26 07:34:32 +03:00 by kerem · 5 comments

kerem commented 2026-02-26 07:34:32 +03:00

Owner

Copy link

Originally created by @dogeMcdogeface on GitHub (Oct 25, 2023).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3283

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes
• Are you sure you're not using someone else's docker image?
  • Yes
• Have you searched for similar issues (both open and closed)?
  • Yes

Describe the bug
On a fresh install, i added host.docker.internal pointing to the host, since i need to reverse proxy an app which i do not have permission to dockerize running on port3000 of the host.
I verified inside the container that the app is reachable using curl and indeed it is.
I used the webgui to configure a proxy to host.docker.internal:3000 on a certain subomain. This results in a 502 bad gateway when visiting the domain.
I manually edited the 1.conf file and added proxy_pass http://host.docker.internal:3000 while commenting the other proxy.
Visiting the domain now shows the application correctly.

Trying to figure out if i'd made a configuration error, i created an identical entry from the webgui with a different subdomain (without manually editing the config) and this time it worked with no issue.
Deleting the first proxy however, the second one stops working as well.

Nginx Proxy Manager Version
v2.10.4

To Reproduce
Steps to reproduce the behavior:

1. Configure dummy server on host machine on port :x
2. Use webgui to add a proxy configuration to dummy server
3. Check if it works?

Expected behavior

Expected npm to serve host.docker.internal:x without manual configuration

Screenshots

(this did not work)

(This worked)

Operating System
Docker on Ubuntu 22.04.1 LTS

Additional context
added to docker-compose.yml

    extra_hosts:
      - "host.docker.internal:host-gateway"

Originally created by @dogeMcdogeface on GitHub (Oct 25, 2023). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3283 **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - Yes - Are you sure you're not using someone else's docker image? - Yes - Have you searched for similar issues (both open and closed)? - Yes **Describe the bug** On a fresh install, i added `host.docker.internal` pointing to the host, since i need to reverse proxy an app which i do not have permission to dockerize running on port3000 of the host. I verified inside the container that the app is reachable using curl and indeed it is. I used the webgui to configure a proxy to `host.docker.internal:3000` on a certain subomain. This results in a 502 bad gateway when visiting the domain. I manually edited the 1.conf file and added `proxy_pass http://host.docker.internal:3000` while commenting the other proxy. Visiting the domain now shows the application correctly. Trying to figure out if i'd made a configuration error, i created an identical entry from the webgui with a different subdomain (without manually editing the config) and this time it worked with no issue. Deleting the first proxy however, the second one stops working as well. **Nginx Proxy Manager Version** v2.10.4 **To Reproduce** Steps to reproduce the behavior: 1. Configure dummy server on host machine on port :x 2. Use webgui to add a proxy configuration to dummy server 3. Check if it works? **Expected behavior** <!-- A clear and concise description of what you expected to happen. --> Expected npm to serve `host.docker.internal:x` without manual configuration **Screenshots** (this did not work)  (This worked)  **Operating System** Docker on Ubuntu 22.04.1 LTS **Additional context** added to docker-compose.yml ``` extra_hosts: - "host.docker.internal:host-gateway" ```

kerem 2026-02-26 07:34:32 +03:00

• closed this issue
• added the
  stale
  bug
  labels

kerem commented 2026-02-26 07:34:32 +03:00

Author

Owner

Copy link

@bremme commented on GitHub (Jan 29, 2024):

Just came here to say I experience the same issue. I've added:

extra_hosts:
  - "host.docker.internal:host-gateway"

To my docker-compose.yaml file, curl http://host.docker.internal:<my-port> does work, just not the proxy. As a workaround I changed host.docker.internal to 172.17.0.1 and this works as well. But I rather just use host.docker.internal to be 100% this points to the docker host.

Let me know if you need more information to help solve this issue.

<!-- gh-comment-id:1915468531 --> @bremme commented on GitHub (Jan 29, 2024): Just came here to say I experience the same issue. I've added: ```yaml extra_hosts: - "host.docker.internal:host-gateway" ``` To my docker-compose.yaml file, curl `http://host.docker.internal:<my-port>` does work, just not the proxy. As a workaround I changed host.docker.internal to 172.17.0.1 and this works as well. But I rather just use host.docker.internal to be 100% this points to the docker host. Let me know if you need more information to help solve this issue.

kerem commented 2026-02-26 07:34:32 +03:00

Author

Owner

Copy link

@MrLoading commented on GitHub (Jun 2, 2024):

same problem! (with Rocky OS 9.4 + docker 26.1.2 + nginx-proxy-manager:latest)
Below are the steps I've taken and the behaviors observed:

1. Direct Access Within the Container

Executing curl http://host.docker.internal:3000 from inside the container successfully returns a 200 status, indicating that the site is reachable and functions correctly.

2. Proxy Configuration Issue

When configuring a proxy at site.xxx.xxx using the Nginx Proxy Manager GUI, attempting to curl site.xxx.xxx from the host results in a "502 ERROR". The log from within the container shows the following error:

2024/06/02 07:55:58 [error] 287#287: *836 host.docker.internal could not be resolved (3: Host not found), client: xxx.xxx.xxx.xxx, server: site.xxx.xxx, request: "GET / HTTP/2.0", host: "site.xxx.xxx"

3. Custom Nginx Configuration Solution

After configuring the "Custom Nginx Configuration" in the Nginx Proxy Manager GUI with the following setup, the issue resolves:

location / {
proxy_pass http://host.docker.internal:3000/;
}

Configuration Comparisons (inside the container)

• Without Custom Nginx Configuration:

map $scheme $hsts_header {
    https   "max-age=63072000; preload";
}

server {
  set $forward_scheme http;
  set $server         "host.docker.internal";
  set $port           3000;

  listen 80;
  listen [::]:80;

  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name site.xxx.xxx;

  # SSL and Logs
  # ... Omit

 location / {
    add_header       X-Served-By $host;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Scheme $scheme;
    proxy_set_header X-Forwarded-Proto  $scheme;
    proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP          $remote_addr;
    proxy_pass       $forward_scheme://$server:$port$request_uri;
  }

  # Custom
  include /data/nginx/custom/server_proxy[.]conf;
}

With Custom Nginx Configuration:

map $scheme $hsts_header {
    https   "max-age=63072000; preload";
}

server {
  set $forward_scheme http;
  set $server         "host.docker.internal";
  set $port           3000;

  listen 80;
  listen [::]:80;

  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name site.xxx.xxx;

  # SSL and Logs
  # ... Omit

 location / {
  proxy_pass http://host.docker.internal:3000;
}

  # Custom
  include /data/nginx/custom/server_proxy[.]conf;
}

I'm seeking insights on why the default configuration results in a 502 error and how the custom configuration resolves this issue. Any guidance or suggestions would be greatly appreciated.

<!-- gh-comment-id:2143763646 --> @MrLoading commented on GitHub (Jun 2, 2024): same problem! (with Rocky OS 9.4 + docker 26.1.2 + nginx-proxy-manager:latest) Below are the steps I've taken and the behaviors observed: ### 1. **Direct Access Within the Container** Executing `curl http://host.docker.internal:3000` from inside the container successfully returns a 200 status, indicating that the site is reachable and functions correctly. ### 2. **Proxy Configuration Issue** When configuring a proxy at `site.xxx.xxx` using the Nginx Proxy Manager GUI, attempting to curl `site.xxx.xxx` from the host results in a "502 ERROR". The log from within the container shows the following error: ``` 2024/06/02 07:55:58 [error] 287#287: *836 host.docker.internal could not be resolved (3: Host not found), client: xxx.xxx.xxx.xxx, server: site.xxx.xxx, request: "GET / HTTP/2.0", host: "site.xxx.xxx" ``` ### 3. **Custom Nginx Configuration Solution** After configuring the "Custom Nginx Configuration" in the Nginx Proxy Manager GUI with the following setup, the issue resolves: ``` location / { proxy_pass http://host.docker.internal:3000/; } ``` ### Configuration Comparisons (inside the container) - **Without Custom Nginx Configuration**: ``` map $scheme $hsts_header { https "max-age=63072000; preload"; } server { set $forward_scheme http; set $server "host.docker.internal"; set $port 3000; listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; server_name site.xxx.xxx; # SSL and Logs # ... Omit location / { add_header X-Served-By $host; proxy_set_header Host $host; proxy_set_header X-Forwarded-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_pass $forward_scheme://$server:$port$request_uri; } # Custom include /data/nginx/custom/server_proxy[.]conf; } ``` ### **With Custom Nginx Configuration**: ``` map $scheme $hsts_header { https "max-age=63072000; preload"; } server { set $forward_scheme http; set $server "host.docker.internal"; set $port 3000; listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; server_name site.xxx.xxx; # SSL and Logs # ... Omit location / { proxy_pass http://host.docker.internal:3000; } # Custom include /data/nginx/custom/server_proxy[.]conf; } ``` I'm seeking insights on why the default configuration results in a 502 error and how the custom configuration resolves this issue. Any guidance or suggestions would be greatly appreciated.

kerem commented 2026-02-26 07:34:32 +03:00

Author

Owner

Copy link

@MrLoading commented on GitHub (Jun 2, 2024):

After investigating, I believe the issue I encountered can be described as follows:

1. In Linux, when using --add-host=host.docker.internal:host-gateway or specifying extra_hosts: "host.docker.internal:host-gateway" in the compose.yaml, Docker writes the special hostname "host.docker.internal" into the container's /etc/hosts.

2. The DNS resolver within the NPM Docker container is set to 127.0.0.11, which can resolve container names normally, but does not resolve the special hostname "host.docker.internal".

3. The DNS resolver configuration in the NPM's nginx config file is as follows:

    resolver 127.0.0.11 valid=10s;
   

4. Nginx attempts to resolve all static addresses needed at startup or when refreshing its configuration (such as proxy_pass http://host.docker.internal:3000). Unfortunately, Nginx queries the resolver at runtime for addresses that use variables (such as proxy_pass $forward_scheme://$server:$port) and does not consider the contents of /etc/hosts.

Therefore, either Docker should provide a more robust implementation for "host.docker.internal," or the Docker version of NPM should specially treat this hostname to automatically convert it to a static address (like "172.17.0.1", which varies and requires checking with ip addr show).

For me, replacing "host.docker.internal" with "172.17.0.1" in the GUI configuration for the reverse proxy worked very well.
I am not a professional, so if any errors in my explanation or if anyone knows a better solution, please let me know.

<!-- gh-comment-id:2143911062 --> @MrLoading commented on GitHub (Jun 2, 2024): After investigating, I believe the issue I encountered can be described as follows: 1. In Linux, when using --add-host=host.docker.internal:host-gateway or specifying extra_hosts: "host.docker.internal:host-gateway" in the compose.yaml, Docker writes the special hostname "host.docker.internal" into the container's /etc/hosts. 2. The DNS resolver within the NPM Docker container is set to 127.0.0.11, which can resolve container names normally, but does not resolve the special hostname "host.docker.internal". 3. The DNS resolver configuration in the NPM's nginx config file is as follows: ``` resolver 127.0.0.11 valid=10s; ``` 4. Nginx attempts to resolve all static addresses needed at startup or when refreshing its configuration (such as proxy_pass http://host.docker.internal:3000). Unfortunately, Nginx queries the resolver at runtime for addresses that use variables (such as proxy_pass $forward_scheme://$server:$port) and does not consider the contents of /etc/hosts. Therefore, either Docker should provide a more robust implementation for "host.docker.internal," or the Docker version of NPM should specially treat this hostname to automatically convert it to a static address (like "172.17.0.1", which varies and requires checking with ip addr show). **For me, replacing "host.docker.internal" with "172.17.0.1" in the GUI configuration for the reverse proxy worked very well.** I am not a professional, so if any errors in my explanation or if anyone knows a better solution, please let me know.

kerem commented 2026-02-26 07:34:32 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Jan 4, 2025):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:2570002801 --> @github-actions[bot] commented on GitHub (Jan 4, 2025): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented 2026-02-26 07:34:32 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Jan 22, 2026):

Issue was closed due to inactivity.

<!-- gh-comment-id:3782127856 --> @github-actions[bot] commented on GitHub (Jan 22, 2026): Issue was closed due to inactivity.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#2213

No description provided.