Fixing Bad Gateway error in Nginx Proxy Manager

2022-07-20
2023-05-03
Header: Nginx Proxy Manager, in light theme

Solving the "Bad Gateway" / "Encountered error while trying to install package" / "Python.h: No such file or directory" error by using piwheels.

Nginx Proxy Manager is a great tool for organizing your services. However, there are some tricks to use on Raspberry Pi.

Nginx Proxy Manager sometimes gives "Bad Gateway" when it's not ready. Please wait a minute before searching for other possible causes.

The way leads to the "Bad Gateway" error#

This section is not the solution. DO NOT follow this section blindly! READ ON!

Nginx Proxy Manager will try to install the Certbot DNS challenge package (certbot-dns-<provider>) after you have configured SSL using DNS challenges. But the installation didn't succeed and reported some compilation errors.

I managed to install the packages by running:

docker exec -it nginxpm_app_1 bash
shell

And install many build dependencies (according to https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2070 ):

apt-get install -y build-essential libssl-dev libffi-dev python3-dev cargo
shell

Not so important here, but if it gives you the “No Installation Candidate” error, you can try referring to the source list here.

However, even though I successfully installed the package, I couldn't find the certificate to use for the domain. So I shutdown the compose and restarted it, without realizing the installed build dependencies are cleared. When I navigate to the admin board and try to log in, it keeps giving me the "Bad Gateway" error.

Solving the problem#

The "Bad Gateway" error typically means that the service is not available. And the Nginx Proxy Manager is not available since it keeps trying to install the certbot-dns-* package and failed.

The tricky part is that the error logs are not printed immediately, but after the attempt to install the certbot-dns-* package has failed. So it's not obvious at the first sight that there is some error installing the package. (I didn't realize that the packages installed in the above section had been wiped out because of the shutdown.)

Since the install-build-dependencies approach is cumbersome and not persistent, is there anything else we can do? Things will be much better if the packages are pre-compiled. Fortunately, yes! piwheels is a Python package repository providing Arm platform wheels (pre-compiled binary Python packages) specifically for the Raspberry Pi, making pip installations much faster. Thus installing from piwheels is the way to go!

The code#

The basic idea is to add piwheels to /etc/pip.conf and install. So we can create a file called ./app/Dockerfile:

FROM jc21/nginx-proxy-manager:latest

RUN echo -e "[global]\nextra-index-url=https://www.piwheels.org/simple" > /etc/pip.conf
RUN pip install certbot-dns-<your provider> --no-cache-dir

ENTRYPOINT [ "/init" ]
dockerfile

And change docker-compose.yml to:

    # image: 'jc21/nginx-proxy-manager:latest'
    build: ./app
yaml

I've proposed adding the index to the original image at https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2161

Still slow piwheels?#

piwheels is ridiculously slow in my country, so it would be better if I could use a proxy for piwheels. And it's possible using build args:

    build:
      context: ./app
      args:
        https_proxy: 'http://192.168.111.222:9876'
        http_proxy: 'http://192.168.111.222:9876'
yaml
RobotsAreCrazy
RobotsAreCrazy
2023-02-13

Hi, After getting bad gateway on a new nginx proxy manager docker install...i tried your guide

On a raspberry pi 4

Think i'm close to getting it working - followed guide from https://allanchain.github.io/blog/post/nginx-proxy-manager-502/

Screenshot_20230213_164801.jpg

RobotsAreCrazy
RobotsAreCrazy
2023-02-13

Worked it out...i needed to add in Dockerfile - my dns provider, then it built with no problem.

still getting a bad gateway, at least i achieved getting it to work, wish i knew why i was getting that error

Creating volume "proxy_mysql" with default driver
Creating volume "proxy_data" with default driver
Creating volume "proxy_letsencrypt" with default driver
Pulling proxydb (yobasystems/alpine-mariadb:latest)...
latest: Pulling from yobasystems/alpine-mariadb
261da4162673: Pulling fs layer
261da4162673: Downloading [>                                                  ]  3261da4162673: Downloading [======>                                            ]  408.9kB/3.259MBDownload complete
261da4162673: Downloading [=============>                                     ]  883.1kB/3.259MB
261da4162673: Downloading [=====================>                             ]  1.407MB/3.259MB
261da4162673: Downloading [============================>                      ]  1.833MB/3.259MB
261da4162673: Downloading [====================================>              ]  2261da4162673: Downloading [===========================================>       ]  2.849MB/3.259MB
261da4162673: Pull complete
38cd0f7b13c6: Pull complete
ef235072d4be: Pull complete
966bd00eafa2: Pull complete
Digest: sha256:aeb02a1d279aa7b935f139005491253dde7593cfd7bf3d5092ecfa4710f159af
Status: Downloaded newer image for yobasystems/alpine-mariadb:latest
Building app
 [+] Building 0.0s (0/1)
 [+] Building 0.1s (2/3)
 [+] Building 0.3s (2/3)
 [+] Building 0.5s (2/3)
 [+] Building 0.6s (2/3)
 [+] Building 0.8s (2/3)
 [+] Building 0.9s (3/3)
 [+] Building 0.9s (7/7) FINISHED
 => [internal] load .dockerignore                                            0.0s
 => [internal] load .dockerignore                                            0.0s
 => => transferring context: 2B                                              0.0s
 => [internal] load build definition from Dockerfile                         0.0s
 => => transferring dockerfile: 242B                                         0.0s
 => [internal] load metadata for docker.io/jc21/nginx-proxy-manager:latest   0.8s
 => [1/3] FROM docker.io/jc21/nginx-proxy-manager:latest@sha256:82cb962fd9e  0.0s
 => CACHED [2/3] RUN echo -e "[global]\nextra-index-url=https://www.piwheel  0.0s
 => CACHED [3/3] RUN pip install certbot-dns-duckdns --no-cache-dir          0.0s
 => exporting to image                                                       0.0s
 => => exporting layers                                                      0.0s
 => => writing image sha256:021e92a480af99201e1d177aa03afa28f9be5b1ea4ab211  0.0s
 => => naming to docker.io/jc21/nginx-proxy-manager:latest                   0.0s
WARNING: Image for service app was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.Creating proxy-manager-db ... done
Creating proxy-manager    ... done

question, on the docker-compose do the user accounts\passwords all have to match or can they all be different? thankyou

AllanChain
AllanChain
2023-02-14

still getting a bad gateway

I suggest you look into the logs (docker-compose logs) and identify the problem. And you may wait for a few minutes for the error messages to be logged, as I've mentioned in the post.

on the docker-compose do the user accounts\passwords all have to match or can they all be different?

You didn't share your docker-compose.yml but I guess you mean https://nginxproxymanager.com/setup/#using-mysql-mariadb-database. The DATABASE, USER, and PASSWORD can be different, but the same set of DATABASE, USER, and PASSWORD should be used for the database and NPM. MYSQL_ROOT_PASSWORD can be anything.

BTW, you can learn some basic markdown and use backticks when sharing your code.

👍
1
RobotsAreCrazy
RobotsAreCrazy
2023-02-14

Hi Allan, it is the same compose you shared on the blog for settingup nginxpm with docker i didn't deviate at all i followed exactly, i do think usernames, passwords has a role to play why it's not working as i was getting a lot of errors to do with user accounts getting blocked etc

and changing nginx default network to something else that makes it crap itself to a bad gateway.

I did get things working, but i had to abandon the guide, so i just used a stack with compose contents from nginx homepage, keeping account, database names the same, but changing to strong passwords.

RobotsAreCrazy
RobotsAreCrazy
2023-02-14

I think it is that yobasystems alpine mariandb image causing issues with bad gateway as on the ordinary one, jc21 mariandb-aria without separate db it works perfect

RobotsAreCrazy
RobotsAreCrazy
2023-02-15

Hi Allan, Can you answer me a question on the authentik docker-compose what needs to be changed on that file so it runs without issue? Thankyou

AllanChain
AllanChain
2023-02-15

@RobotsAreCrazy Sorry, I'm not familiar with it. Maybe you can ask in their Discord community: https://goauthentik.io/discord

Leave your comments and reactions on GitHub