[GH-ISSUE #3731] Toggling "HSTS Enabled" leads to "Unknown hsts_header variable" error with proxy offline #2461

New issue

Open

opened 2026-02-26 07:35:39 +03:00 by kerem · 6 comments

kerem commented 2026-02-26 07:35:39 +03:00

Owner

Copy link

Originally created by @NeoMod on GitHub (May 1, 2024).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3731

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes
• Are you sure you're not using someone else's docker image?
  • Yes
• Have you searched for similar issues (both open and closed)?
  • Yes

Describe the bug

This seems, feels, and behaves like yet another error related to the plethora of issues reported with the version 2.11.0 and 2.11.1 but with another presentation.

Upon creation of a new "Proxy Host", without even accessing the "Custom Location" tab neither setting one, enabling the option "HSTS Enabled" in the "SSL" Section leads to an "Offline Status" with the following error: "unknown hsts_header variable".

I have already mounted an empty "_hsts_map.conf" at the "/app/templates/" path inside the container without any luck; disabling the "HSTS Enabled" toggle brings the host immediately on-line, working as expected.
I am using Cloudflare, both as domain registar with DNS managment and SSL Certificate Provider, with proper SSL and HSTS settings.

On a similar machine, using the previous NPM version (2.10.4) - as many other users mentioned - solved the issue.

Nginx Proxy Manager Version
V. 2.11.1 (tested and confirmed also with 2.11.0)

To Reproduce
Steps to reproduce the behavior:

1. Go to 'Proxy Hosts'
2. Click on 'Add Proxy Host'
3. Compile the "Details" tab as requested
4. Select a valid "Access List" option (in my setup, a Cloudflare ip-allow list)
5. Click on the "SSL" tab
6. Select the correct SSL Certificate
7. Enable the "Force SSL", "HTTP/2 Support" and "HSTS Enabled" options
8. Click on "Save"
9. Verify that the newly created Proxy Host is marked as "Offline" with the error reported above.

Additionally, upon deleting the above-created entry, docker logs for the container show an error about a file deletion:

[05/01/2024] [2:52:40 PM] [Global   ] › ⬤  debug     CMD: /usr/sbin/nginx -t -g "error_log off;"
[05/01/2024] [2:52:40 PM] [Nginx    ] › ⬤  debug     Deleting file: /data/nginx/proxy_host/1.conf
[05/01/2024] [2:52:40 PM] [Global   ] › ⬤  debug     CMD: /usr/sbin/nginx -t -g "error_log off;"
[05/01/2024] [2:52:40 PM] [Nginx    ] › ⬤  debug     Deleting file: /data/nginx/proxy_host/1.conf
[05/01/2024] [2:52:40 PM] [Nginx    ] › ⬤  debug     Could not delete file: {
  "errno": -2,
  "code": "ENOENT",
  "syscall": "unlink",
  "path": "/data/nginx/proxy_host/1.conf"
}

Instead, on Version 2.10.4 the Log shows something a bit different, as soon as the Proxy Host is created altough it seems to be working as expected:

Duplicate relation "access_list" in a relation expression. You should use "a.[b, c]" instead of "[a.b, a.c]". This will cause an error in objection 2.0
[5/1/2024] [2:55:01 PM] [Nginx    ] › ⬤  debug     Deleting file: /data/nginx/proxy_host/2.conf
[5/1/2024] [2:55:01 PM] [Nginx    ] › ⬤  debug     Could not delete file: {
  "errno": -2,
  "syscall": "unlink",
  "code": "ENOENT",
  "path": "/data/nginx/proxy_host/2.conf"
}
[5/1/2024] [2:55:01 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[5/1/2024] [2:55:01 PM] [Nginx    ] › ⬤  debug     Deleting file: /data/nginx/proxy_host/2.conf
[5/1/2024] [2:55:01 PM] [Nginx    ] › ℹ  info      Reloading Nginx

Expected behavior
The "Proxy Host" should be created without issues even with the "HSTS Support" enabled.

Screenshots

Operating System
Docker version 26.1.0, build 9714adc
Debian GNU/Linux 11 (bullseye)

Additional context
Somehow it seems related to the following: #3474 #3678 #3484 #3512
Users have shared many different approaches to try and fix the issue in the comments, altough the results seems to vary; the consensus verges toward downgrading to v.2.10.4 to restore functionality.

Originally created by @NeoMod on GitHub (May 1, 2024). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3731 **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - Yes - Are you sure you're not using someone else's docker image? - Yes - Have you searched for similar issues (both open and closed)? - Yes **Describe the bug** This _seems_, _feels_, and _behaves_ like yet another error related to the plethora of issues reported with the version 2.11.0 and 2.11.1 but with another presentation. Upon creation of a new "Proxy Host", without even accessing the "Custom Location" tab neither setting one, enabling the option "HSTS Enabled" in the "SSL" Section leads to an "Offline Status" with the following error: "unknown hsts_header variable". <img width="255" alt="image" src="https://github.com/NginxProxyManager/nginx-proxy-manager/assets/13747261/64536de5-14fe-462c-9949-6e2cdee6e5a6"> I have already mounted an empty "_hsts_map.conf" at the "/app/templates/" path inside the container without any luck; disabling the "HSTS Enabled" toggle brings the host immediately on-line, working as expected. I am using Cloudflare, both as domain registar with DNS managment and SSL Certificate Provider, with proper SSL and HSTS settings. On a similar machine, using the previous NPM version (2.10.4) - as many other users mentioned - solved the issue. **Nginx Proxy Manager Version** V. 2.11.1 (tested and confirmed also with 2.11.0) **To Reproduce** Steps to reproduce the behavior: 1. Go to 'Proxy Hosts' 2. Click on 'Add Proxy Host' 3. Compile the "Details" tab as requested 4. Select a valid "Access List" option (in my setup, a Cloudflare ip-allow list) 5. Click on the "SSL" tab 6. Select the correct SSL Certificate 7. Enable the "Force SSL", "HTTP/2 Support" and "HSTS Enabled" options 8. Click on "Save" 9. Verify that the newly created Proxy Host is marked as "Offline" with the error reported above. Additionally, upon deleting the above-created entry, docker logs for the container show an error about a file deletion: ``` [05/01/2024] [2:52:40 PM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -t -g "error_log off;" [05/01/2024] [2:52:40 PM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/proxy_host/1.conf [05/01/2024] [2:52:40 PM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -t -g "error_log off;" [05/01/2024] [2:52:40 PM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/proxy_host/1.conf [05/01/2024] [2:52:40 PM] [Nginx ] › ⬤ debug Could not delete file: { "errno": -2, "code": "ENOENT", "syscall": "unlink", "path": "/data/nginx/proxy_host/1.conf" } ``` Instead, on Version 2.10.4 the Log shows something a bit different, as soon as the Proxy Host is created altough it seems to be working as expected: ``` Duplicate relation "access_list" in a relation expression. You should use "a.[b, c]" instead of "[a.b, a.c]". This will cause an error in objection 2.0 [5/1/2024] [2:55:01 PM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/proxy_host/2.conf [5/1/2024] [2:55:01 PM] [Nginx ] › ⬤ debug Could not delete file: { "errno": -2, "syscall": "unlink", "code": "ENOENT", "path": "/data/nginx/proxy_host/2.conf" } [5/1/2024] [2:55:01 PM] [Nginx ] › ℹ info Reloading Nginx [5/1/2024] [2:55:01 PM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/proxy_host/2.conf [5/1/2024] [2:55:01 PM] [Nginx ] › ℹ info Reloading Nginx ``` **Expected behavior** The "Proxy Host" should be created without issues even with the "HSTS Support" enabled. **Screenshots** **Operating System** Docker version 26.1.0, build 9714adc Debian GNU/Linux 11 (bullseye) **Additional context** Somehow it seems related to the following: #3474 #3678 #3484 #3512 Users have shared many different approaches to try and fix the issue in the comments, altough the results seems to vary; the consensus verges toward downgrading to v.2.10.4 to restore functionality.

kerem added the

stale

bug

labels 2026-02-26 07:35:39 +03:00

kerem commented 2026-02-26 07:35:40 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Dec 27, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:2563234765 --> @github-actions[bot] commented on GitHub (Dec 27, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented 2026-02-26 07:35:40 +03:00

Author

Owner

Copy link

@NeoMod commented on GitHub (Dec 27, 2024):

Still an issue one month after publishing this report; moved away from NPM since then. I'm closing this, unfortunately with no solution for the next person whom shall find this post.

<!-- gh-comment-id:2563742103 --> @NeoMod commented on GitHub (Dec 27, 2024): Still an issue one month after publishing this report; moved away from NPM since then. I'm closing this, unfortunately with no solution for the next person whom shall find this post.

kerem commented 2026-02-26 07:35:40 +03:00

Author

Owner

Copy link

@Daronsong commented on GitHub (Jun 28, 2025):

Can this please be reopened, I still have this issue!

<!-- gh-comment-id:3015336552 --> @Daronsong commented on GitHub (Jun 28, 2025): Can this please be reopened, I still have this issue!

kerem commented 2026-02-26 07:35:40 +03:00

Author

Owner

Copy link

@NeoMod commented on GitHub (Jun 29, 2025):

Can this please be reopened, I still have this issue!

@Daronsong, I will reopen the issue, but I don't know how helpful it could be since I don't have any means to test it further, since I changed the software.

<!-- gh-comment-id:3016735828 --> @NeoMod commented on GitHub (Jun 29, 2025): > Can this please be reopened, I still have this issue! @Daronsong, I will reopen the issue, but I don't know how helpful it could be since I don't have any means to test it further, since I changed the software.

kerem commented 2026-02-26 07:35:40 +03:00

Author

Owner

Copy link

@Daronsong commented on GitHub (Jun 29, 2025):

I’m having a similar issue where toggling hsts causes the host to become offline and unreachable, and could continue testing.

Devon Bisaillon
@.***
(705) 618-2679

On Jun 29, 2025, at 10:12 AM, NeoMod @.***> wrote:



Reopened #3731https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3731.

—
Reply to this email directly, view it on GitHubhttps://github.com/NginxProxyManager/nginx-proxy-manager/issues/3731#event-18374401404, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ACADZGWFO4YWRAGZT5XWQVT3F7X5LAVCNFSM6AAAAABUH6EF7SVHI2DSMVQWIX3LMV45UABCJFZXG5LFIV3GK3TUJZXXI2LGNFRWC5DJN5XDWMJYGM3TINBQGE2DANA.
You are receiving this because you were mentioned.Message ID: @.***>

<!-- gh-comment-id:3016747007 --> @Daronsong commented on GitHub (Jun 29, 2025): I’m having a similar issue where toggling hsts causes the host to become offline and unreachable, and could continue testing. Devon Bisaillon ***@***.*** (705) 618-2679 On Jun 29, 2025, at 10:12 AM, NeoMod ***@***.***> wrote:  Reopened #3731<https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3731>. — Reply to this email directly, view it on GitHub<https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3731#event-18374401404>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ACADZGWFO4YWRAGZT5XWQVT3F7X5LAVCNFSM6AAAAABUH6EF7SVHI2DSMVQWIX3LMV45UABCJFZXG5LFIV3GK3TUJZXXI2LGNFRWC5DJN5XDWMJYGM3TINBQGE2DANA>. You are receiving this because you were mentioned.Message ID: ***@***.***>

kerem commented 2026-02-26 07:35:40 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Jan 18, 2026):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:3764712885 --> @github-actions[bot] commented on GitHub (Jan 18, 2026): Issue is now considered stale. If you want to keep it open, please comment :+1:

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#2461

No description provided.