Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error after updating - map not allowed here #3474

Open
daedric7 opened this issue Jan 19, 2024 · 35 comments
Open

Error after updating - map not allowed here #3474

daedric7 opened this issue Jan 19, 2024 · 35 comments
Labels

Comments

@daedric7
Copy link

Checklist

  • Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
    • Yes
  • Are you sure you're not using someone else's docker image?
    • Yes
  • Have you searched for similar issues (both open and closed)?
    • Yes

Describe the bug

After updating NPM ( docker compose pull && docker compose up -d) everything was OK until i edited a host.

After that the host started failing. After some debug i found a entry in /var/log/nginx/error.log stating

"map not allowed here"

I managed to find the map entry in the middle of the conf and it's this:

  map $scheme $hsts_header {
    https   "max-age=63072000; preload";
}

This is suffixed on each of my custom locations for that host.

I edited the _hsts_map.conf to comment them and the error was solved, but this won't survive a docker restart.

Nginx Proxy Manager Version

v2.11.0 © 2024 jc21.com.

To Reproduce
Steps to reproduce the behavior:

  1. Update to latest
  2. Edit any host
  3. Save
  4. See error
@daedric7 daedric7 added the bug label Jan 19, 2024
@Kingi-s
Copy link

Kingi-s commented Jan 20, 2024

I just did a fresh install of npm and the custom locations also dont work for me.
edit:
downgrading to 2.10.4 fixed the issue for now.

@exenza
Copy link

exenza commented Jan 20, 2024

Have same issue, the error is actually visible as well in the UI

issue

@daedric7
Copy link
Author

Have same issue, the error is actually visible as well in the UI

issue

Question:

How did you get that error popup ? I had to go miles to figure out what the error was :)

@Kingi-s
Copy link

Kingi-s commented Jan 20, 2024

Have same issue, the error is actually visible as well in the UI
issue

Question:

How did you get that error popup ? I had to go miles to figure out what the error was :)

Hover your mouse over the red ball before the Offline text. i also found it by accident.

@daedric7
Copy link
Author

Workaround:

create empty file named _hsts_map.conf on the same dir as docker-compose.yaml.

Add this line to the volumes of docker-compose.yaml :

- ./_hsts_map.conf:/app/templates/_hsts_map.conf

@573dave
Copy link

573dave commented Jan 23, 2024

Same issue here. And since I'm using unraid I can't figure out the workaround.

@UlfR
Copy link

UlfR commented Jan 24, 2024

Same for me "map directive is not allowed here" if add custom location

@daedric7
Copy link
Author

Same issue here. And since I'm using unraid I can't figure out the workaround.

All we are doing is mounting a empty file from the host into tha container dir that has the problematic file, thereby making it empty as well and bypassing the issue.

Can you replicate it?

@ghTravis
Copy link

Also experiencing the same issue here. Just tried to add a new proxy host with custom locations. Appearing Offline.

@rasturic
Copy link

jc21/nginx-proxy-manager:github-pr-3478 fixes it for me.

@aphex3k
Copy link

aphex3k commented Jan 31, 2024

When running as part of TrueNAS Scale Apps (in k8s), the included configuration UI doesn't allow for adding a custom volume so the suggested workaround can not be applied.

- ./_hsts_map.conf:/app/templates/_hsts_map.conf

Changing the tag from latest is also not possible, so one can not roll-back to a previous version or test the custom resource location.

This breaks custom locations on TrueNAS without fix for now.

@liukonen
Copy link

liukonen commented Feb 2, 2024

Tried with the following

  • ./_hsts_map.conf:/app/templates/_hsts_map.conf
    Domain works again, but custom locations still not working

@alarifgit
Copy link

jc21/nginx-proxy-manager:github-pr-3478

This worked for me but I had to delete the custom location and re-create it before the site showed as online again.

@AkshayRao27
Copy link

Here's what worked for me: #3512 (comment)

@AxxiD
Copy link

AxxiD commented Feb 15, 2024

Still having the same problem.
The workaround with an empty _hsts-map.conf file works but is not ideal.

@asher-lab
Copy link

This is also what I'm currently experiencing as of February 23, 2024

@malavolti
Copy link

Same problem here and I have tried all workarounds.

@Kevinsky86
Copy link

Kevinsky86 commented Feb 27, 2024

Workaround:

create empty file named _hsts_map.conf on the same dir as docker-compose.yaml.

Add this line to the volumes of docker-compose.yaml :

- ./_hsts_map.conf:/app/templates/_hsts_map.conf

This workaround works for me as well.
But you do have to re-add the custom location, or so it appears to me currently, which might be somewhat of a pita if you have a lot of locations/hosts.
Ideally this gets addressed in an update soon. :)

I'm on 2.11.1.

@malavolti
Copy link

I don't know if someone of you are using "custom locations" to provide different web services from different docker containers, but I think this is very useful thing.

If someone has already done this, can help me to understand how to do it, please?

Docker Container | PORT | Location
site             | 8080 | https://my-website.example.org/
phpmyadmin       | 8081 | https://my-website.example.org/phpmyadmin
mailserver       | 8082 | https://my-website.example.org/mailer

@daedric7
Copy link
Author

I don't know if someone of you are using "custom locations" to provide different web services from different docker containers, but I think this is very useful thing.

If someone has already done this, can help me to understand how to do it, please?

Docker Container | PORT | Location
site             | 8080 | https://my-website.example.org/
phpmyadmin       | 8081 | https://my-website.example.org/phpmyadmin
mailserver       | 8082 | https://my-website.example.org/mailer

Avoid this.

Not all services will be happy to be served under a subdir ( https://example.oeg/subdir/ ).

You should use subdomains when possible, so www.example.org , phpmyadmin.example.org, mail.example.org.

You create a individual entry in NPM for each service. Also, this is offtopic for this issue.

@malavolti
Copy link

Thank you so much @daedric7 !

I'll follow your suggestion! 😊

@TheUntouchable
Copy link

Still this problem is happening with a fresh installation..

@dudefoxlive
Copy link

Well this is annoying. At least there is a workaround for now.

@nomad-geek
Copy link

Workaround:

create empty file named _hsts_map.conf on the same dir as docker-compose.yaml.

Add this line to the volumes of docker-compose.yaml :

- ./_hsts_map.conf:/app/templates/_hsts_map.conf

Solved the problem for me. Thanks.

@kachunkachunk
Copy link

kachunkachunk commented Apr 21, 2024

Weird one. The workaround of mapping a blank _hsts_map.conf file didn't work for me, nor did downgrading to 2.10.4.

Evidently, some of my confs in /data/nginx/proxy_host/ were already tainted with extraneous map directives, so nginx was failing to start properly.

I'm still downgraded and have not tried going back to 2.11.1, but:

I resolved this by checking the container logs with docker logs <nginx-proxy-manager container name> and seeing what line called out in the error. For instance:

❯ Starting nginx ...
nginx: [emerg] "map" directive is not allowed here in /data/nginx/proxy_host/2.conf:383
[4/21/2024] [9:57:02 AM] [SSL      ] › ✖  error     Error: Command failed: /usr/sbin/nginx -t -g "error_log off;"
nginx: [emerg] "map" directive is not allowed here in /data/nginx/proxy_host/2.conf:383
nginx: configuration file /etc/nginx/nginx.conf test failed

    at ChildProcess.exithandler (node:child_process:402:12)
    at ChildProcess.emit (node:events:513:28)
    at maybeClose (node:internal/child_process:1100:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5

In this case, it's for a particularly long proxy host I set up (lots of locations), at line 383.

I took to editing the file (./data/nginx/proxy_host/2.conf) and commenting out the offending lines:

#  map $scheme $hsts_header {
#    https   "max-age=63072000; preload";
#}

I then saved the file and restarted the container, observing the logs for potential errors. Because Nginx exits on the first fatal error in the configs, you won't see all of them at once, and have to repeat this process a few times, until you've corrected all the entries and conf files (if multiple are affected). But after 7-8 or so of these (and confirming I'm not seeing the same approximate line numbers re-appear), I eventually cleared the bad entries out.

It took a few minutes and I did not have to recreate my locations. I was able to update some proxy hosts afterwards, without issues. I haven't bothered to upgrade again, and will watch this issue until it's definitely fixed.

@JBlond
Copy link

JBlond commented Apr 22, 2024

@kachunkachunk The config is saved in the database. Once you override that _hsts_map.conf the variable that is used in the vhosts is no longer set.

@manelrodero
Copy link

Upgrading to 2.11.2 solved the problem for me. No more "offline" when using "custom locations":

https://github.com/NginxProxyManager/nginx-proxy-manager/releases/tag/v2.11.2

@skyzuma
Copy link

skyzuma commented May 5, 2024

the mentionen in this link is for "OAuth2/OpenID Provider" only, this entrys dont need a "Custom Nginx Configuration" ... an app with websocket like audiobookshelf and authentik proxy provider will not work cause of this "map not allowed here" in the "Custom Nginx Configuration" ... and its not fixed in 2.11.2 ... i use unraid with latest nginx proxy manager version ...

image

@icvdok
Copy link

icvdok commented May 10, 2024

Just updated to ver 2.11.2 but the problem persist with Authentik proxy provider. There are news about the fix?

@brentonmallen1
Copy link

fwiw, I wound up just switching to the jlesage/nginx-proxy-manager container in unraid

@tobymills
Copy link

I had this issue with Nginx & Authetix because authentik template for Nginx is trying to map a header in the wrong place.
I did the following to fix this for those that also get this issue.

Create http_top.conf in data/nginx/custom (create custom folder in data/nginx/ if it doesn't exist)

Add following code to the file:

map $http_upgrade $connection_upgrade {
		default upgrade;
		  ''      close;
}

restart nginx

remove the lines from top of authentik Nginx template that have this code

# Upgrade WebSocket if requested, otherwise use keepalive
map $http_upgrade $connection_upgrade_keepalive {
    default upgrade;
    ''      '';
}

Update the line:
proxy_set_header Connection $connection_upgrade_keepalive;

To
proxy_set_header Connection $connection_upgrade;
remember to set proxy_pass to local IP address of Authentix server, not Nginx DNS as this caused me issues....

@ramphex
Copy link

ramphex commented Jul 2, 2024

Still having this issue. Is it Authentik or is it NPM to blame?

@motoridersd
Copy link

motoridersd commented Aug 27, 2024

I'm on 2.11.3 and I was still having issues with the map error listed in this issue.

I followed the instructions provided here #3474 (comment) and that resolved my issue with Authentik. It now works properly.

@heavymp
Copy link

heavymp commented Sep 19, 2024

I had this issue with Nginx & Authetix because authentik template for Nginx is trying to map a header in the wrong place. I did the following to fix this for those that also get this issue.

Create http_top.conf in data/nginx/custom (create custom folder in data/nginx/ if it doesn't exist)

Add following code to the file:

map $http_upgrade $connection_upgrade {
		default upgrade;
		  ''      close;
}

restart nginx

remove the lines from top of authentik Nginx template that have this code

# Upgrade WebSocket if requested, otherwise use keepalive
map $http_upgrade $connection_upgrade_keepalive {
    default upgrade;
    ''      '';
}

Update the line: proxy_set_header Connection $connection_upgrade_keepalive;

To proxy_set_header Connection $connection_upgrade; remember to set proxy_pass to local IP address of Authentix server, not Nginx DNS as this caused me issues....

This has worked for me too. Thanks. Hope fix will be implemented in next NPM

@kolby-macdonald
Copy link

kolby-macdonald commented Nov 20, 2024

I've faced this exact same issue, having tried some of the solutions above to no avail.. I found the following to work well:

SOLUTION:
Make sure to mount the following volumes:

      - './nginx-data:/data'
      - './nginx-certs:/etc/letsencrypt/'
      - './_hsts_map.conf:/app/templates/_hsts_map.conf'

After adding the reverse proxy, open it's respective config file sudo nano nginx-volumes/nginx-data/nginx/proxy_host/<config-number>.conf.

  • TIP: You can get the config number from clicking on the vertical ellipses (or three dot menu) where you would edit the entity in the WebUI.
  1. In that file, you will see something similar to the following:
server {
  set $forward_scheme http;
  set $server         "<ip>";
  set $port           <port>;

After the port you can add your desired path as shown below:

server {
  set $forward_scheme http;
  set $server         "<ip>";
  set $port           <port/your-desired-path/>;

:) Hope this helps someone.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests