starred/nginx-proxy-manager-NginxProxyManager

Fork 0

mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-26 01:45:54 +03:00

[GH-ISSUE #4680] Websocket Dies when Proxy Host behind Wireguard VPN. #2976

New issue

Open

opened 2026-02-26 07:37:27 +03:00 by kerem · 1 comment

kerem commented

2026-02-26 07:37:27 +03:00

Owner

Originally created by @CV8R on GitHub (Jul 26, 2025).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/4680

Checklist

Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
- Yes
Are you sure you're not using someone else's docker image?
- Yes
Have you searched for similar issues (both open and closed)?
- Yes

Describe the bug
NPM running in an LXC on Proxmox. Proxy Host, in this case Home Assistant, is behind NPM over a Wireguard VPN. The wireguard VPN ping across the VPN ranges from 45 to 100ms. The issue is that the Websocket connection dies after a period, circa 30s. The HTTP connection never drops and there is no network disruption between client, NPM, Wireguard and Home Assistant.

Topology is like this: HomeAssistant -> Wireguard VPN -> NPM (Proxmox Debian LXC) -> Browser (Mainly Firefox but tried Edge).

If I connect directly via IP:PORT to Home Assistant the websocket stays connected.

Interesting point - if I try the NPN community script (which I believe does not use docker) the connection remains up and tested for 14 hours. I have compared all the Nginx conf that I can find between a fresh NPM installation with only the one Proxy Host and the community version and there are no differences. I do not wish to use the community version, this is just a test.

It appears the only difference is one runs in docker and one does not (from what i can see). Looks like something about the docker setup does not like the latency.

Latest fresh docker from apt.

I have tried the following

Running NPM in fresh Ubuntu LXC with only the Home Assistant Host configured.
Running NPM in fresh Ubuntu VM with only the Home Assistant Host configured.
Tried all manner of adding proxy_read_timeout, proxy_send_timeout, proxy_connect_timeout, keepalive_timeout, etc
MTU is 1280 but tried down to 1200 on Proxmox Host, LXC, Docker, Wireguard. At both ends where applicable.
Running docker as Privileged
Compared LXC settings between community install and host running docker version - same.
LXC TCP Keepalives
Adding Healthcheck
Adding IP_RANGES_FETCH_ENABLED: 'false'
Adding X_FRAME_OPTIONS: "sameorigin"
I have looked at the npm logs for the host and could not see any odd (but honestly not sure where to look)

TCP Keepalives i tried

sysctl -w net.ipv4.tcp_keepalive_time=120
sysctl -w net.ipv4.tcp_keepalive_intvl=30
sysctl -w net.ipv4.tcp_keepalive_probes=5

Docker config:

services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      # These ports are in format <host-port>:<container-port>
      - '80:80' # Public HTTP Port
      - '443:443' # Public HTTPS Port
      - '81:81' # Admin Web Port
      # Add any other Stream port you want to expose
      # - '21:21' # FTP
      - 3478:3478
      - 3478:3478/udp
      - 8080:8080
      - 8554:8554
      - 222:222

    environment:
      # Uncomment this if you want to change the location of
      # the SQLite DB file within the container
      # DB_SQLITE_FILE: "/data/database.sqlite"

      # Uncomment this if IPv6 is not enabled on your host
      DISABLE_IPV6: 'true'

    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt

Nginx Proxy Manager Version
v2.12.6

Expected behavior

Screenshots

Operating System
Proxmox Debian LXC, Proxmox Ubuntu LXC, Proxmox Ubuntu VM.

Additional context
I have 42 Proxy Hosts and any of those that use websocket do not suffer this, the only one that does is the host over the VPN.

One of those is a different Home Assistant instance but residing on the local lan being proxied by NPM. The websocket never dies in this case. The only host that suffers is the websocket proxied to an IP over the VPN. And if i use the Proxmox LXC community script version of NPM the websocket never dies.

As an additional note, the NPM install is to proxy hosts on my local network. For internet connections into my network I run native Nginx on an Ubuntu VPS tunneled over Wireguard to my network. A connection from the Internet to the Home Assistant via this route never drops the Websocket. Similar ping times.

I have exhausted everything I can think of! Any idea or request for logging most welcome!

Originally created by @CV8R on GitHub (Jul 26, 2025). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/4680  **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - Yes - Are you sure you're not using someone else's docker image? - Yes - Have you searched for similar issues (both open and closed)? - Yes **Describe the bug** NPM running in an LXC on Proxmox. Proxy Host, in this case Home Assistant, is behind NPM over a Wireguard VPN. The wireguard VPN ping across the VPN ranges from 45 to 100ms. The issue is that the Websocket connection dies after a period, circa 30s. The HTTP connection never drops and there is no network disruption between client, NPM, Wireguard and Home Assistant. Topology is like this: HomeAssistant -> Wireguard VPN -> NPM (Proxmox Debian LXC) -> Browser (Mainly Firefox but tried Edge). If I connect directly via IP:PORT to Home Assistant the websocket stays connected. Interesting point - if I try the NPN community script (which I believe does not use docker) the connection remains up and tested for 14 hours. I have compared all the Nginx conf that I can find between a fresh NPM installation with only the one Proxy Host and the community version and there are no differences. I do not wish to use the community version, this is just a test. It appears the only difference is one runs in docker and one does not (from what i can see). Looks like something about the docker setup does not like the latency. Latest fresh docker from apt. I have tried the following - Running NPM in fresh Ubuntu LXC with only the Home Assistant Host configured. - Running NPM in fresh Ubuntu VM with only the Home Assistant Host configured. - Tried all manner of adding proxy_read_timeout, proxy_send_timeout, proxy_connect_timeout, keepalive_timeout, etc - MTU is 1280 but tried down to 1200 on Proxmox Host, LXC, Docker, Wireguard. At both ends where applicable. - Running docker as Privileged - Compared LXC settings between community install and host running docker version - same. - LXC TCP Keepalives - Adding Healthcheck - Adding IP_RANGES_FETCH_ENABLED: 'false' - Adding X_FRAME_OPTIONS: "sameorigin" - I have looked at the npm logs for the host and could not see any odd (but honestly not sure where to look) TCP Keepalives i tried ``` sysctl -w net.ipv4.tcp_keepalive_time=120 sysctl -w net.ipv4.tcp_keepalive_intvl=30 sysctl -w net.ipv4.tcp_keepalive_probes=5 ``` Docker config: ``` services: app: image: 'jc21/nginx-proxy-manager:latest' restart: unless-stopped ports: # These ports are in format <host-port>:<container-port> - '80:80' # Public HTTP Port - '443:443' # Public HTTPS Port - '81:81' # Admin Web Port # Add any other Stream port you want to expose # - '21:21' # FTP - 3478:3478 - 3478:3478/udp - 8080:8080 - 8554:8554 - 222:222 environment: # Uncomment this if you want to change the location of # the SQLite DB file within the container # DB_SQLITE_FILE: "/data/database.sqlite" # Uncomment this if IPv6 is not enabled on your host DISABLE_IPV6: 'true' volumes: - ./data:/data - ./letsencrypt:/etc/letsencrypt ``` **Nginx Proxy Manager Version** v2.12.6 **Expected behavior**  **Screenshots**  **Operating System** Proxmox Debian LXC, Proxmox Ubuntu LXC, Proxmox Ubuntu VM. **Additional context** I have 42 Proxy Hosts and any of those that use websocket do not suffer this, the only one that does is the host over the VPN. One of those is a different Home Assistant instance but residing on the local lan being proxied by NPM. The websocket never dies in this case. The only host that suffers is the websocket proxied to an IP over the VPN. And if i use the Proxmox LXC community script version of NPM the websocket never dies. As an additional note, the NPM install is to proxy hosts on my local network. For internet connections into my network I run native Nginx on an Ubuntu VPS tunneled over Wireguard to my network. A connection from the Internet to the Home Assistant via this route never drops the Websocket. Similar ping times. I have exhausted everything I can think of! Any idea or request for logging most welcome!

kerem added the

bug

label

2026-02-26 07:37:27 +03:00

kerem commented

2026-02-26 07:37:28 +03:00

Author

Owner

@MemQu commented on GitHub (Oct 5, 2025):

+1
I have a similar problem.

Server -> NPM(Docker) -> Zerotier Network -> Browser
|_______________________|<--->|_________________|
-----mtu = 1500@@@<--->----mtu = 1280@

I can either access over Zerotier (https://www.zerotier.com/) or on my local ethernet, but not both at the same time.
I have not tried the non-docker versions.

@MemQu commented on GitHub (Oct 5, 2025): +1 I have a similar problem. Server -> NPM(Docker) -> Zerotier Network -> Browser |_______________________|<--->\|\_________________| -----mtu = 1500@@@<--->----mtu = 1280@ I can either access over Zerotier (https://www.zerotier.com/) or on my local ethernet, but not both at the same time. I have not tried the non-docker versions.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#2976

No description provided.

Rows
Columns