Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

/etc/nginx/conf.d/include/ip_ranges.conf contains HTML code of Cloudflare instead of IP addresses #1405

Open
mgutt opened this issue Sep 13, 2021 · 5 comments
Open

/etc/nginx/conf.d/include/ip_ranges.conf contains HTML code of Cloudflare instead of IP addresses #1405

mgutt opened this issue Sep 13, 2021 · 5 comments
Labels
bug stale

Comments

@mgutt
Copy link

mgutt commented Sep 13, 2021
edited

Error messages:

SSL error Error: Command failed: /usr/sbin/nginx -t -g "error_log off;"
nginx: [emerg] invalid number of arguments in "set_real_ip_from" directive in /etc/nginx/conf.d/include/ip_ranges.conf:274
nginx: configuration file /etc/nginx/nginx.conf test failed

Reason (NPM does not filter/check the API response):
cat /etc/nginx/conf.d/include/ip_ranges.conf
error1 png eee5ccabbc696f9061ef0723cf007f4f

Temporary solution:

  • Start Docker container with "--cap-add LINUX_IMMUTABLE"
  • open containers console and execute:
su
sed -i '/DOCTYPE/Q' /etc/nginx/conf.d/include/ip_ranges.conf
chattr +i /etc/nginx/conf.d/include/ip_ranges.conf

By that the HTML code is removed and the file is locked for further updates.
@mgutt mgutt added the bug label Sep 13, 2021
@jc21
Copy link
Member

jc21 commented Sep 13, 2021

Interesting. This is probably a temporary issue with Cloudflare judging by the content of the html. This ip range fetch happens on every start of the docker container, so the easy fix is to restart NPM assuming that Cloudflare has also resolved their issue. I tested myself just now and it's not happening for me.

Still, this highlights a need for better ip range management with the ability to handle this kind of outage.

@mgutt
Copy link
Author

mgutt commented Sep 14, 2021
edited

This is probably a temporary issue with Cloudflare judging by the content of the html.

Not for this user. I suggested him to open the URLs manually to solve the captcha for his public IP, but he - instead of the container - never faces the captcha:
https://forums.unraid.net/topic/110245-support-nginx-proxy-manager-npm-official/page/4/?tab=comments#comment-1034255

I think filtering the API response for valid IP addresses should be done in any case. Better safe than sorry ;)

@jc21
Copy link
Member

jc21 commented Sep 14, 2021

Ah right. I didn't know this was behind throttling.

@Taubin
Copy link

Taubin commented Nov 30, 2021

Is there a way to manually edit this file to add the IP addresses? I am running the proxy manager on a remote server headless so opening the links in a browser to solve the captcha will not work for me.

@chaptergy chaptergy mentioned this issue Dec 3, 2021
Closed
@luoweihua7 luoweihua7 mentioned this issue Dec 30, 2021
Closed
jc21 added a commit that referenced this issue Jan 2, 2022
@jc21
Merge pull request #1703 from luoweihua7/develop
29ee485 
fetch cloudflare ipv4/ipv6 fail #1405
Kurnihil pushed a commit to Kurnihil/nginx-proxy-manager that referenced this issue Jan 11, 2023
fetch cloudflare ipv4/ipv6 fail NginxProxyManager#1405
ffa500e
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 4, 2024

Issue is now considered stale. If you want to keep it open, please comment 👍

@github-actions github-actions bot added the stale label Mar 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fetch cloudflare ipv4/ipv6 fail #1405
3 participants
@jc21 @Taubin @mgutt