Nginx Proxy Manager 2.12.4 – Multiple Issues and Unresolved DNS Failure (Rollback Required)

jackdinn · July 3, 2025, 5:12pm

ElectricEel-24.10.2.2
NPM 2.12.4

I’ve been running Nginx Proxy Manager on TrueNAS SCALE successfully for a while, but updating to NPM 2.12.4 through the TrueNAS Apps system has caused several critical issues. Here’s a breakdown of what I experienced and what steps I took to fix or work around them:

Problem 1: Cloudflare plugin fails to work because plugin definition is broken
Cause: The file /app/global/certbot-dns-plugins.json gets rewritten at startup and the cloudflare plugin entry is stripped or malformed
Fix: Run this command after container start to repair the JSON entry:
sudo docker exec -it ix-nginx-proxy-manager-npm-1 sh -c “sed -i ‘s/cloudflare==4.0.*/cloudflare/’ /app/global/certbot-dns-plugins.json”

Problem 2: Nginx fails to start due to permission denied on nginx.pid
Cause: Running the container with non-root PUID and PGID (such as 568) prevents it from writing to /run/nginx/nginx.pid
Fix: Set User ID and Group ID in the app configuration to 0 so the container runs as root

Problem 3: Cloudflare plugin support breaks due to stripped ownership script
Cause: The startup script /etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh gets fully stripped of content, removing necessary lines for certbot plugins
Fix: Set the following environment variable in the app config:
S6_STAGE2_HOOK = sed -i 2,$d /etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
This keeps the shebang line and prevents plugin wipe

Problem 4: Container marked unhealthy due to DNS failures
Cause: DNS servers like 217.169.20.21 and 217.169.20.20 are unreachable from inside the container, even though they work fine in older NPM versions
Fix: Not resolved yet. Rolling back to NPM version 2.11.1 avoids the issue. Possibly caused by new container network behavior in 2.12.4

Current Status:
After applying all known fixes and verifying container networking and resolver behavior, this issue remains unresolved in 2.12.4.

Can anyone suggest how i might best proceed?

ATM i’m hoping that it will be fixed but it seems that most people are saying that just the first problem’s resolution is fixing the entire thing for them, but it is not the case for me, i have at least 4 different problems (as described)?

Anyhow i have posted Cannot Log into Admin After Upgrade to 2.12.4 · Issue #4606 · NginxProxyManager/nginx-proxy-manager · GitHub but not getting any answers.

SmallBarky · July 3, 2025, 5:18pm

Roll back your version to 2.12.3

Another thread with a github bug link in it

jackdinn · July 3, 2025, 5:28pm

Yea cheers, i did read that thread already, i just links to the thread that i posted in, it does not really say much else.

Im still in the dark as to what is supposed to be happening.

It seems that most people are saying the all they need to do is used the

docker exec -it nginx sh -c "sed -i 's/cloudflare==4.0.\*/cloudflare/' /app/global/certbot-dns-plugins.json" && docker restart nginx

which gives:-

[root@docker-b1844808fadd:/app]# cat /app/global/certbot-dns-plugins.json | grep -i cloudflare
        "cloudflare": {
                "name": "Cloudflare",
                "package_name": "certbot-dns-cloudflare",
                "dependencies": "cloudflare acme=={{certbot-version}}",
                "credentials": "# Cloudflare API credentials used by Certbot\ndns_cloudflare_email = cloudflare@example.com\ndns_cloudflare_api_key = ",
                "full_plugin_name": "dns-cloudflare"
[root@docker-b1844808fadd:/app]#

and it works for them, maybe they are not under docker & truenas i don’t know

im having many other issues and im concerned that these might be over-looked.

Should i just wait until the next update instead of keep banging away at this and not getting anywhere?

SmallBarky · July 3, 2025, 5:37pm

Sorry, I didn’t notice you had posted about it there.

Not sure what is going on.

jackdinn · July 4, 2025, 9:16pm

Truenas is now showing that the TN version has been updated but that NPM itself is still the same version.

The update is now showing as:-
2.12.4_1.2.5

2.12.4 same NPM version
1.2.5 but now with chart version 1.2.5

Does this mean that Truenas have attempted to fix this without changing NPM itself? I’m concerned if i should even test it.

What people think?

neofusion · July 4, 2025, 10:55pm

No, the 1.2.5 update only altered the description somewhat and addresses this issue. If you still have an issue you should probably report it in the issue tracker on github.

mick7451 · July 5, 2025, 9:02am

How to go back to version 2.12.3 from Truenas I am new

jackdinn · July 5, 2025, 9:37am

assuming your using Scale and would be easiest on the UI then select NPM then click the following and find version 2.12.3

mick7451 · July 5, 2025, 9:42am

I only have that

jackdinn · July 5, 2025, 9:47am

Oh, you really are on a new setup then. It looks like you have never had version 2.12.3 (1.2.3) installed at all.

I can not help you with installing an older version of NPM that is not offered in the App’s store. You may have to do it manually with SSH & Docker etc. Im not sure.

Someone else might though, sorry.

mick7451 · July 5, 2025, 10:01am

ok thanks, but I was using 2.12.3

dthree · July 5, 2025, 4:33pm

Also had the failure to deploy problem after the update. The log was showing an error that the UID needed to be between 1000 snd 60000, and I was using the default 568. Made a user above 1000 but still wouldn’t deploy as there was a second error in the log about the 30-ownership.sh file being incomplete. (note this was showing up before i changed the user)
Searching on this error found that the S6_STAGE2_HOOK environment variable was supposedly fixed in the latest release, so I removed that, however, I’m not using the Cloudflare plugin. The app deploys now but takes 30 minutes to get past the setting ownership part of startup. Hope I don’t have to restart it often.

jackdinn · July 5, 2025, 7:12pm

Na its not fixed, It was specifically to address the 30 minute deploy that this environment var was added.

S6_STAGE2_HOOK
sed -i $d /etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh

It could be fixed in this latest version, i just cant run the latest version to even see ^^

dthree · July 5, 2025, 7:32pm

Before I removed the S6_STAGE2_HOOK environment variable, deploying failed and the log shows:

/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh: line 41: syntax error: unexpected end of file

afrosheen · July 7, 2025, 2:06am

I tried again since I assumed 1.2.3. to 1.2.4 was bad and 1.2.5 fixed it all but nope. The latest is still broken for me, looping some junk about Cloudflare in the logs. Maybe 1.2.6 lol.

jackdinn · July 7, 2025, 9:16am

1.2.5 does not work

tested leaving the
sed -i $d /etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh

got console output

2025-07-07 09:04:10.632922+00:00e[1;34m❯ e[1;36mConfiguring npm user ...e[0m
2025-07-07 09:04:11.542509+00:00useradd warning: npm's uid 568 outside of the UID_MIN 1000 and UID_MAX 60000 range.
2025-07-07 09:04:12.447397+00:00e[1;34m❯ e[1;36mConfiguring npm group ...e[0m
2025-07-07 09:04:12.662400+00:00e[1;34m❯ e[1;36mChecking paths ...e[0m
2025-07-07 09:04:12.892216+00:00e[1;34m❯ e[1;36mSetting ownership ...e[0m
2025-07-07 09:04:15.826341+00:00/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh: line 41: syntax error: unexpected end of file
2025-07-07 09:04:15.826813+00:00s6-rc: warning: unable to start service prepare: command exited 2
2025-07-07 09:04:15.828907+00:00/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.

Tried with the new sed line

sed -i 2,$d /etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh

jack@TruenasScale ~ $ sudo docker ps | grep nginx
92b4689f6c20   jc21/nginx-proxy-manager:2.12.4                                                        "/init"                  3 minutes ago   Up 3 minutes (unhealthy)   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 0.0.0.0:30020->81/tcp, :::30020->81/tcp                                                                                                                                               ix-nginx-proxy-manager-npm-1
jack@TruenasScale ~ $

got no output logs at all

No logs yet

I also tried with no environment variable at all. It still does not start and gives no logs at all.

Im back on 1.2.3 again as that works just fine.

Rocketplanner83 · July 7, 2025, 2:47pm

I am also having this issue, I tried installing via docker and might manually patch the docker image to get it to work for now.

Rocketplanner83 · July 7, 2025, 8:40pm

Or heck, maybe a Traefik compose

afrosheen · July 8, 2025, 1:05am

I love it because it works and I know where stuff is, but two subversions in a row failing…maybe time to shop around since other containers can do this job (caddy, traefik, etc.).

neofusion · July 8, 2025, 8:38am

It’s an upstream issue, is it not? Monitor the official github issue threads.
As I said in my earlier post, 1.2.5 was never about fixing this issue.