Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Adding an IP address to the access list removes SSL configuration

See original GitHub issue

Checklist

Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
- Yes
Are you sure you’re not using someone else’s docker image?
- Yes
Have you searched for similar issues (both open and closed)?
- Yes

Describe the bug Adding IP addresses in access lists causes a dummy certificate from localhost to be delivered. The vHosts that use this access lists have no SSL configuration - they listen only on port 80.

Nginx Proxy Manager Version v2.9.13

To Reproduce Steps to reproduce the behavior:

Add a “Private” Access List with an Allow address, e.g. 192.168.0.0/16.
Use this access list in different vHosts (Force SSL and HTTP/2 enabled).
Visit your site via SSL - everything should work.
Now add another IP address to the access list.
Then visit a vHost that uses this access list. Now a localhost certificate should be served, because the SSL configuration in the vHost is missing.

Workaround: Take a vHost and save it again - the SSL configuration should be regenerated.

Expected behavior The new IP address is added to the access list and my pages are still accessible via SSL.

Further information

app_1  | 2021-12-30T14:01:18.688684912Z [12/30/2021] [2:01:18 PM] [Nginx    ] › ℹ  info      Reloading Nginx
app_1  | 2021-12-30T14:01:19.564689136Z [12/30/2021] [2:01:19 PM] [Access   ] › ℹ  info      Building Access file #2 for: Private

Broken vHost: https://pastebin.com/HVj1sPKw Functional vHost: https://pastebin.com/tPNYEA2i

Operating System Banana Pi M1 with Armbian and latest Docker

Issue Analytics

State:
Created 2 years ago
Reactions:11
Comments:6

Top GitHub Comments

2reactions

othyncommented, Mar 10, 2022

Yep, still an issue. Annoying and time consuming to solve, but you have to edit each proxy host and then immediately hit save on the edit dialogue. This must re-apply the updated access list rule set to the proxy host.

Not sure of a permanent solve on this one, perhaps loop through each proxy host on save of the access list to re-apply the rules to it?

2reactions

RafaelSchridicommented, Feb 10, 2022

You don’t have to make a temp access list, simply pressing edit then save fixes it for me.

Top Results From Across the Web

Configure and Filter IP Access Lists - Cisco

This document describes how IP access control lists (ACLs) can filter network traffic. It also contains brief descriptions of the IP ACL types, ......

Configure IP Access List Entries — MongoDB Atlas

Configure IP Access List Entries · View IP Access List Entries · Add IP Access List Entries · Modify IP Access List Entries...

Restricting access to the Configuration utility by source IP ...

You want to remove an IP address or range of IP addresses from the current list of allowed IP addresses. Note: To restrict...

Configure the Firewall to Access an External Dynamic List

If you are creating a list of type Predefined IP, select a Palo Alto Networks malicious IP address feed to use as a...

Control Management Access on Juniper Networking Devices

Configure a firewall filter limit-mgmt-access that rejects all source addresses except the specific set of addresses defined in the manager-ip prefix list.