Nginx proxy Manager - Container Startup Probe Failed: NOT OK

[caitken]

Hi - I've repeatedly attempted to deploy the TrueNAS official Nginx app without sucess as the Startup Probe reports 'NOT OK'. I'm assuming this means it is expecting something its not finding in my set up? or else there is something wrong wth the container itself? I note that others have experienced this problem - but I can't locate a fix anywhere on this forum. Also noting that the info screen for this app says the following: Application requires to run as root. This is a limitation of the application." Does this mean that it is necessary to activate the root account inorder to successfully install and run this application?

I'd be grateful for any of the following:
- a link to the documentation for the offical TrueNAS Nginx app
- a pointer to the resolution to this issue (assuming there is one and I've missed it)
- any guidance from others that have successively installed the official TrueNAS Nginx app.
- any guidance on whether it is necessary activate the root account (i.e., give it a password and Local Adminnistrator permissions)

FYI I'm running the following:
TrueNAS-SCALE-23.10.0.1

And attempting to install:
nginx-proxy-manager
App Version: 2.10.4
Chart Version: 1.0.20

 

[noobNet]

I’m having this exact issue and can’t seem to find a solution. Hopefully someone can shed some light on this

 

[caitken]

I’m having this exact issue and can’t seem to find a solution. Hopefully someone can shed some light on this

PARTLY SOLVED!

This is for all the long suffering truenas scale and nginx users out there.

The solution is to move the nginx install to an SSD pool

To do this means moving the ix-applications pool to the SSD storage as well as setting the nginx data and certificate pools there too.

I've replicated the error by moving back to HDD storage - which is too slow and nginx times out and the startup probe fails (at least that is what I thnk is happening) - moving everything back SSD nginx installs way faster and works fine.

The next challenge that you will face - and one I've yet to solve - is that offical NextCloud app does not manage SSL certificates correctly. I now have Cloudflare pointing to my router which is pointing all http and https travel to a live instance of nginx which is proxying for truenas.mydomain.net forwarded to <my local network truenas ip>:344 and nextcloud.mydomain.net forwarded to <my local network truenas ip>:9001. Both Truenas and Nextcloud servers have been installed with the same Cloudflare certificate. I have also added the local truenas server ip and 'mydomain.net' to the trusted domains list in the NextCloud config.php file.

I have tested the certificate for 'mydomain.net' at https://www.ssllabs.com/ssltest/ and it receives an A+ rating.

Truenas.mydomain.net works a treat! and is accessible remotely - NextCloud.mydomain.net is still unsecured... even on my local network... using the same browser instance.

I'll post here when I have a solution.

 

[li_chang]

Truenas.mydomain.net works a treat! and is accessible remotely - NextCloud.mydomain.net is still unsecured... even on my local network... using the same browser instance.

Hi,

What's the error/warning message showed when you browse https://nextcloud.mydomain.net ? You mentioned both sites share same Cloudflare certificate, are you using wildcard (like *.mydomain.net) when creating one? Not sure if this helps but I also set TRUSTED_PROXIES and OVERWRITEPROTOCOL in my nextcloud container environment variables.

 

[caitken]

Hi,

What's the error/warning message showed when you browse https://nextcloud.mydomain.net ? You mentioned both sites share same Cloudflare certificate, are you using wildcard (like *.mydomain.net) when creating one? Not sure if this helps but I also set TRUSTED_PROXIES and OVERWRITEPROTOCOL in my nextcloud container environment variables.

Hi - the error I get is INVALID CERT AUTHORITY (even though there is a CAA record in Clareflare DNS and the cert gets full marks from SSLtest), and yes I'm wild carding :) I've added trusted domains and proxies to my NC config.php file and still get the same result. Will add the overwrightprotocol and see if that makes any difference (I'm not holding my breath TBH). My hunch is that there is something wrong wth the forwarding between the nginx instance that comes bundled with the official nextcloud app, and nextcloud itself. Any insights / suggestions most welcome.

 

[caitken]

Well another week in and still no secure NextCloud instance. I have done a complete re-install from scratch - but same result. I have eliminated all the usual causes of INVALID CERT AUTHORITY error - and no change.

I would be REALLY interested to hear from anyone that has actually managed to successfully install the Official NextCloud app 'out of the box' so that it is accessible via https. Beginnning to suspect that it simply doesn't work - esp as I have the mirror set up with Truenas (origin certificate, Nginx etc) that works no problems at all.

 

[li_chang]

Hi, I am willing to troubleshoot with the error you faced. To test it, I just setup an TrueNAS Charts nextcloud and add proxy host in niginx-proxy-manager. It works after I added my host name into "trusted_domains" in nextcloud config. Could you send me your nextcloud url and your config in nextcloud and proxy hosts privately?

 

[caitken]

Hi, I am willing to troubleshoot with the error you faced. To test it, I just setup an TrueNAS Charts nextcloud and add proxy host in niginx-proxy-manager. It works after I added my host name into "trusted_domains" in nextcloud config. Could you send me your nextcloud url and your config in nextcloud and proxy hosts privately?

Sure - will take any help on offer.

 

[caitken]

SOLVED - Only install SSL Certificates on Nginx and not on NextCloud container. Plus a few other tweaks - many thanks for the extra help.

 

[DGTM]

To do this means moving the ix-applications pool to the SSD storage as well as setting the nginx data and certificate pools there too.

And how do you do that? Does it mean you have to physically add some SSD disks and create a new pool? Or does it mean that you can somehow slice off a piece of a system SSD drive?