[GH-ISSUE #4641] Insane amount of DNS requests to pypi.org and files.pythonhosted.org since update v2.12.4

kerem commented

2026-02-26 07:37:23 +03:00

Owner

Originally created by @aZRGaOmjIw on GitHub (Jul 7, 2025).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/4641

Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
- Yes
Are you sure you're not using someone else's docker image?
- Yes
Have you searched for similar issues (both open and closed)?
- Yes

Describe the bug
As of the 1st of july (updated to v2.12.4) the docker container is doing a insanely amount of dns requests to the following domains:

pypi.org
files.pythonhosted.org

To Reproduce
Steps to reproduce the behavior:
Go to your dns provider logs and see (i asked a friend of mine and he has the same issue)
When i stop the docker and check the live dns log the dns request stop. When i start it again the flood continues

Expected behavior
Normal behavior dont flood DNS

Operating System
Debian (docker latest versions)

Originally created by @aZRGaOmjIw on GitHub (Jul 7, 2025). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/4641 - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - Yes - Are you sure you're not using someone else's docker image? - Yes - Have you searched for similar issues (both open and closed)? - Yes **Describe the bug** As of the 1st of july (updated to v2.12.4) the docker container is doing a insanely amount of dns requests to the following domains: pypi.org files.pythonhosted.org **To Reproduce** Steps to reproduce the behavior: Go to your dns provider logs and see (i asked a friend of mine and he has the same issue) When i stop the docker and check the live dns log the dns request stop. When i start it again the flood continues **Expected behavior** Normal behavior dont flood DNS **Operating System** Debian (docker latest versions)

kerem added the

stale

bug

labels

2026-02-26 07:37:23 +03:00

kerem commented

2026-02-26 07:37:23 +03:00

Author

Owner

@jc21 commented on GitHub (Jul 8, 2025):

From my googling, this should only happen on startup or when creating a dns cert for a dns plugin that isn't installed at startup. For it to keep going afterwards is troubling.

How did you check this is happening exactly?

@jc21 commented on GitHub (Jul 8, 2025): From my googling, this should only happen on startup or when creating a dns cert for a dns plugin that isn't installed at startup. For it to keep going afterwards is troubling. How did you check this is happening exactly?

kerem commented

2026-02-26 07:37:24 +03:00

Author

Owner

@Autowaffle commented on GitHub (Jul 8, 2025):

I too am currently facing this issue on the latest turenas scale.

@Autowaffle commented on GitHub (Jul 8, 2025): I too am currently facing this issue on the latest turenas scale. <img width="2060" height="536" alt="Image" src="https://github.com/user-attachments/assets/e5e5e1bf-f3ed-43a3-8209-09b3a6c2b439" />

kerem commented

2026-02-26 07:37:24 +03:00

Author

Owner

@crluehmann commented on GitHub (Jul 8, 2025):

I am also experiencing the certbot dependency errors shown resulting in a 'Bad Gateway' error when attempting to login.

ERROR: Cannot install certbot-dns-cloudflare==4.0.0 and cloudflare==4.0.* because these package versions have conflicting dependencies.
ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/topics/dependency-resolution/#dealing-with-dependency-conflicts

[7/8/2025] [5:13:50 AM] [Certbot  ] › ▶  start     Installing cloudflare...
[7/8/2025] [5:13:50 AM] [Global   ] › ⬤  debug     CMD: . /opt/certbot/bin/activate && pip install --no-cache-dir cloudflare==4.0.* acme==$(certbot --version | grep -Eo '[0-9](\.[0-9]+)+') certbot-dns-cloudflare==$(certbot --version | grep -Eo '[0-9](\.[0-9]+)+')  && deactivate
[7/8/2025] [5:13:51 AM] [Certbot  ] › ✖  error     **ERROR: Cannot install certbot-dns-cloudflare==4.0.0 and cloudflare==4.0.* because these package versions have conflicting dependencies.
ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/topics/dependency-resolution/#dealing-with-dependency-conflicts**
[7/8/2025] [5:13:51 AM] [Global   ] › ✖  error     Some plugins failed to install. Please check the logs above CommandError: Some plugins failed to install. Please check the logs above
    at /app/lib/certbot.js:39:14
    at Immediate.<anonymous> (/app/node_modules/batchflow/lib/batchflow.js:80:9)
    at process.processImmediate (node:internal/timers:483:21) {
  previous: undefined,
  code: 1,
  public: false
}

@crluehmann commented on GitHub (Jul 8, 2025): I am also experiencing the certbot dependency errors shown resulting in a 'Bad Gateway' error when attempting to login. ERROR: Cannot install certbot-dns-cloudflare==4.0.0 and cloudflare==4.0.* because these package versions have conflicting dependencies. ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/topics/dependency-resolution/#dealing-with-dependency-conflicts ``` [7/8/2025] [5:13:50 AM] [Certbot ] › ▶ start Installing cloudflare... [7/8/2025] [5:13:50 AM] [Global ] › ⬤ debug CMD: . /opt/certbot/bin/activate && pip install --no-cache-dir cloudflare==4.0.* acme==$(certbot --version | grep -Eo '[0-9](\.[0-9]+)+') certbot-dns-cloudflare==$(certbot --version | grep -Eo '[0-9](\.[0-9]+)+') && deactivate [7/8/2025] [5:13:51 AM] [Certbot ] › ✖ error **ERROR: Cannot install certbot-dns-cloudflare==4.0.0 and cloudflare==4.0.* because these package versions have conflicting dependencies. ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/topics/dependency-resolution/#dealing-with-dependency-conflicts** [7/8/2025] [5:13:51 AM] [Global ] › ✖ error Some plugins failed to install. Please check the logs above CommandError: Some plugins failed to install. Please check the logs above at /app/lib/certbot.js:39:14 at Immediate.<anonymous> (/app/node_modules/batchflow/lib/batchflow.js:80:9) at process.processImmediate (node:internal/timers:483:21) { previous: undefined, code: 1, public: false } ```

kerem commented

2026-02-26 07:37:24 +03:00

Author

Owner

@crluehmann commented on GitHub (Jul 8, 2025):

@Autowaffle, may want to rotate your Cloudflare API Token from your last screenshot

@crluehmann commented on GitHub (Jul 8, 2025): @Autowaffle, may want to rotate your Cloudflare API Token from your last screenshot

kerem commented

2026-02-26 07:37:24 +03:00

Author

Owner

@aZRGaOmjIw commented on GitHub (Jul 8, 2025):

From my googling, this should only happen on startup or when creating a dns cert for a dns plugin that isn't installed at startup. For it to keep going afterwards is troubling.

How did you check this is happening exactly?

Could be. When i try to login onto the webinterface it doesnt accept my credentials. Nothing happens... I reverted back to the previous version and everything is back to normal. No DNS floods, and i can login.

Everything i configered in the proxymanager seems to work though

@aZRGaOmjIw commented on GitHub (Jul 8, 2025): > From my googling, this should only happen on startup or when creating a dns cert for a dns plugin that isn't installed at startup. For it to keep going afterwards is troubling. > > How did you check this is happening exactly? Could be. When i try to login onto the webinterface it doesnt accept my credentials. Nothing happens... I reverted back to the previous version and everything is back to normal. No DNS floods, and i can login. Everything i configered in the proxymanager seems to work though

kerem commented

2026-02-26 07:37:24 +03:00

Author

Owner

@Autowaffle commented on GitHub (Jul 8, 2025):

@crluehmann WOW I'm bad at this, I even looked thanks.

@Autowaffle commented on GitHub (Jul 8, 2025): @crluehmann WOW I'm bad at this, I even looked thanks.

kerem commented

2026-02-26 07:37:24 +03:00

Author

Owner

@crluehmann commented on GitHub (Jul 8, 2025):

Also, as this restarts and attempts to reinstall Cloudflare, it is calling out on each retry. My DNS is also 'flooded'

@crluehmann commented on GitHub (Jul 8, 2025): Also, as this restarts and attempts to reinstall Cloudflare, it is calling out on each retry. My DNS is also 'flooded' ![Screenshot_20250708-080406.png](https://github.com/user-attachments/assets/4409186e-7b89-4582-9fce-df3b2e4841f8)

kerem commented

2026-02-26 07:37:24 +03:00

Author

Owner

@rightsaidfred99 commented on GitHub (Jul 9, 2025):

Yep, 28k requests here too in a few days

@rightsaidfred99 commented on GitHub (Jul 9, 2025): Yep, 28k requests here too in a few days

kerem commented

2026-02-26 07:37:24 +03:00

Author

Owner

@tommyguuuun commented on GitHub (Jul 12, 2025):

Same here. Downgrading solved it for now.

@tommyguuuun commented on GitHub (Jul 12, 2025): Same here. Downgrading solved it for now.

kerem commented

2026-02-26 07:37:24 +03:00

Author

Owner

@emmatyping commented on GitHub (Jul 27, 2025):

This should be fixed in 2.12.5+ with https://github.com/NginxProxyManager/nginx-proxy-manager/pull/4651/commits/70894e55b8f84a3728bf785d4a7460b0d99923a5. It would be good to prevent a failure in installing a certbot plugin causing repeated attempts to re-install. I expect the logic that led to this repeated install attempt was that the install would fail, the container would exit, then restart due to the compose file's restart policy. This would repeat indefinitely. Since installing plugins is one of the first things done after running migrations, this lead to very frequent attempts to install the package.

I believe this issue led to 250 million installs a day of certbot-dns-cloudflare from pypi.org for about a week, which is only now trailing off again. That's about 1/6th of all the traffic pypi.org gets.

One solution would be to change the recommended docker restart behavior to use on-failure and set a maximum number of retries:

services:
  app:
    image: 'docker.io/jc21/nginx-proxy-manager:latest'
    # WAS
    # restart: unless-stopped
    restart: on-failure:3
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt

I'd also recommend deleting the 2.12.4 image from DockerHub to prevent anyone from pulling it.

@emmatyping commented on GitHub (Jul 27, 2025): This should be fixed in 2.12.5+ with https://github.com/NginxProxyManager/nginx-proxy-manager/pull/4651/commits/70894e55b8f84a3728bf785d4a7460b0d99923a5. It would be good to prevent a failure in installing a certbot plugin causing repeated attempts to re-install. I expect the logic that led to this repeated install attempt was that the install would fail, the container would exit, then restart due to the compose file's `restart` policy. This would repeat indefinitely. Since installing plugins is one of the first things done after running migrations, this lead to very frequent attempts to install the package. I believe this issue led to [250 *million* installs a day of certbot-dns-cloudflare from pypi.org for about a week](https://pypistats.org/packages/certbot-dns-cloudflare), which is only now trailing off again. That's about 1/6th of all the traffic pypi.org gets. One solution would be to change the recommended docker restart behavior to use `on-failure` and set a maximum number of retries: ```yaml services: app: image: 'docker.io/jc21/nginx-proxy-manager:latest' # WAS # restart: unless-stopped restart: on-failure:3 ports: - '80:80' - '81:81' - '443:443' volumes: - ./data:/data - ./letsencrypt:/etc/letsencrypt ``` I'd also recommend deleting the 2.12.4 image from DockerHub to prevent anyone from pulling it.

kerem commented

2026-02-26 07:37:24 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Feb 1, 2026):

Issue is now considered stale. If you want to keep it open, please comment 👍

@github-actions[bot] commented on GitHub (Feb 1, 2026): Issue is now considered stale. If you want to keep it open, please comment :+1:

Rows
Columns

[GH-ISSUE #4641] Insane amount of DNS requests to pypi.org and files.pythonhosted.org since update v2.12.4 #2955