[GH-ISSUE #334] Proxying NPM itself won't work when enabling ACL #292

New issue

Closed

opened 2026-02-26 06:32:05 +03:00 by kerem · 7 comments

kerem commented 2026-02-26 06:32:05 +03:00

Owner

Copy link

Originally created by @eladent on GitHub (Mar 21, 2020).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/334

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  Yes
• Are you sure you're not using someone else's docker image?
  Yes
• If having problems with Lets Encrypt, have you made absolutely sure your site is accessible from outside of your network?
  Yes

Describe the bug
I use npm with portainer as a generic reverse proxy. It works perfectly, except... for NPM itself.
If i try to redirect "npm.mydomain.tld" to ":81" in order to get it accessible from network where only HTTP(S) port is reachable. I'll will land to the login page, but i get an unauthorized error when giving the credentials.

To Reproduce
In npm, create a new proxy host that redirect a domain to the npm internal IP:port.
Exemple : "npm.exemple.com" redirect to http://:81

Expected behavior
NPM should be able to redirect himself.

Screenshots

Operating System

• Debian 10 : up to date.

Additional context
NPM running from a portainer, working fine with every over host on the server.

Thanks in advance!

Originally created by @eladent on GitHub (Mar 21, 2020). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/334 **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? Yes - Are you sure you're not using someone else's docker image? Yes - If having problems with Lets Encrypt, have you made absolutely sure your site is accessible from outside of your network? Yes **Describe the bug** I use npm with portainer as a generic reverse proxy. It works perfectly, except... for NPM itself. If i try to redirect "npm.mydomain.tld" to "<internalIP>:81" in order to get it accessible from network where only HTTP(S) port is reachable. I'll will land to the login page, but i get an unauthorized error when giving the credentials. **To Reproduce** In npm, create a new proxy host that redirect a domain to the npm internal IP:port. Exemple : "npm.exemple.com" redirect to http://<npm-docker-ip>:81 **Expected behavior** NPM should be able to redirect himself. **Screenshots**  **Operating System** - Debian 10 : up to date. **Additional context** NPM running from a portainer, working fine with every over host on the server. Thanks in advance!

kerem 2026-02-26 06:32:05 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-02-26 06:32:05 +03:00

Author

Owner

Copy link

@kymodoke commented on GitHub (Mar 21, 2020):

It does works. Tagging this question with the label "bug" is a bit too early... as it's probably just some misunderstanding about networks.

On my installation I do redirect port 81 of the NPM admin page to a HTTPS connexion on a domain.

Things is just don't do that redirdection/proxy to a real domaine name, but instead I use the container name itself as Forward Hostname

For instance on my installation, my NPM container name is "nginx-proxy-manager_app_1"

So I set up this Proxy Host as below with the container name:

And it does work. The proxy will recognize this endpoint and find from the docker network... and everything else works.

It's also the way I do proxy other containers to HTTPS domains.

Note: you can even remove the port 81 from the publically mapped port. The proxy will be able to access it anyway, so you'll have your admin accessible only from SSL.

<!-- gh-comment-id:602066058 --> @kymodoke commented on GitHub (Mar 21, 2020): It does works. Tagging this question with the label "bug" is a bit too early... as it's probably just some misunderstanding about networks. On my installation I do redirect port 81 of the NPM admin page to a HTTPS connexion on a domain. Things is just don't do that redirdection/proxy to a real domaine name, but instead I use the container name itself as Forward Hostname For instance on my installation, my NPM container name is "nginx-proxy-manager_app_1"  So I set up this Proxy Host as below with the container name:  And it does work. The proxy will recognize this endpoint and find from the docker network... and everything else works.  It's also the way I do proxy other containers to HTTPS domains. Note: you can even remove the port 81 from the publically mapped port. The proxy will be able to access it anyway, so you'll have your admin accessible only from SSL.

kerem commented 2026-02-26 06:32:06 +03:00

Author

Owner

Copy link

@miguelwill commented on GitHub (Mar 21, 2020):

in my case I had the same problem when I wanted to use port 81 access and add an ACL with a previous username and password
after this the login shows error, I think NPM is reading the user from the http session instead of the login form

When I disabled the ACL on dashboard access, the access worked normally

<!-- gh-comment-id:602115918 --> @miguelwill commented on GitHub (Mar 21, 2020): in my case I had the same problem when I wanted to use port 81 access and add an ACL with a previous username and password after this the login shows error, I think NPM is reading the user from the http session instead of the login form When I disabled the ACL on dashboard access, the access worked normally

kerem commented 2026-02-26 06:32:06 +03:00

Author

Owner

Copy link

@eladent commented on GitHub (Mar 22, 2020):

@miguelwill, thanks that's it ! You can't "auto-proxy" NPM with an access-list.
@kymodoke it solve the problem for me, but it's a bug. As far as i'm concerned : at least, it should be documented if not supported by NPM or fixed.
Anyway Thanks for your help !

<!-- gh-comment-id:602168737 --> @eladent commented on GitHub (Mar 22, 2020): @miguelwill, thanks that's it ! You can't "auto-proxy" NPM with an access-list. @kymodoke it solve the problem for me, but it's a bug. As far as i'm concerned : at least, it should be documented if not supported by NPM or fixed. Anyway Thanks for your help !

kerem commented 2026-02-26 06:32:06 +03:00

Author

Owner

Copy link

@kymodoke commented on GitHub (Mar 22, 2020):

@eladent I do agree with you about the lack of documentation. There is a short doc about installation but quite nothing about usage.
I use NPM for less than a week, and I had to discovered several things about its usage by personal trial and errors...

<!-- gh-comment-id:602169838 --> @kymodoke commented on GitHub (Mar 22, 2020): @eladent I do agree with you about the lack of documentation. There is a short doc about installation but quite nothing about usage. I use NPM for less than a week, and I had to discovered several things about its usage by personal trial and errors...

kerem commented 2026-02-26 06:32:06 +03:00

Author

Owner

Copy link

@Raito00 commented on GitHub (Jun 3, 2021):

I have the same problem with Auth Loop only for NPM login ... V.2.9.3

<!-- gh-comment-id:853802920 --> @Raito00 commented on GitHub (Jun 3, 2021): I have the same problem with Auth Loop only for NPM login ... V.2.9.3

kerem commented 2026-02-26 06:32:06 +03:00

Author

Owner

Copy link

@shaulliv commented on GitHub (Nov 23, 2021):

For me this also happens when I try to access list Portainer (exact same behavior).

<!-- gh-comment-id:976303518 --> @shaulliv commented on GitHub (Nov 23, 2021): For me this also happens when I try to access list Portainer (exact same behavior).

kerem commented 2026-02-26 06:32:06 +03:00

Author

Owner

Copy link

@Danie10 commented on GitHub (Dec 22, 2021):

I've been going around in circles for hours until I found this bug report. If it is not meant to be that we use ACL with access to NPM itself, why not just document it (as someone else has suggested)? The same goes for the changing ACL settings and having to save the proxy hosts again for it to take. These are frustrations that would save many people hours, if they were just documented in FAQ or the documentation (at least until resolved at some later stage).

<!-- gh-comment-id:999672837 --> @Danie10 commented on GitHub (Dec 22, 2021): I've been going around in circles for hours until I found this bug report. If it is not meant to be that we use ACL with access to NPM itself, why not just document it (as someone else has suggested)? The same goes for the changing ACL settings and having to save the proxy hosts again for it to take. These are frustrations that would save many people hours, if they were just documented in FAQ or the documentation (at least until resolved at some later stage).

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#292

No description provided.