-
Notifications
You must be signed in to change notification settings - Fork 518
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
502 Bad Gateway after update from v0.6.0 to v0.7.0 #1400
Comments
hi send marzban logs |
Same problem. After installation the panel does not work |
People are you reading logs sometimes? Since 0.7 release you need HTTPS (SSL) connection to panel to open it. It won't work anymore without secure connection. With https everything works great, including nginx. |
so, how can i downgrade my panel |
nginx-1 | 2024/10/27 11:18:28 [error] 29#29: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 172.19.0.3, server: , request: "GET /dashboard HTTP/1.1", upstream: "http://172.19.0.2:8000/dashboard", host: "marzban.vpn.my-domain.ru" |
Provide nginx & marzban .env |
You can install specific release if you want |
nginx:
.env: The rest of the variables are default (not changed)
docker compose:
I added Nginx as an experiment, but you can directly direct traffic to the marzban container |
First of all, port 80 is for plain http, NOT HTTPS! |
And you don't need this |
http://marzban - This is the name of the container that needs to be proxy the request. |
SSL is set by traefik, not nginx |
As I can see you proxies port 443 to traefik, which must provide SSL connection from user to marzban host. If you have troubles with traefik - you must config it to redirect from port 80 to port 443 and proxy from port 443 to localhost:8000. |
Это ты немного не понимаешь! Разберись в своей каше конфигов, настрой нормально nginx с использованием https и ssl и все спокойно заработает. |
И разберись как работает проксирование на контейнеры... указание на http://marzban - с таким же успехом можешь по-русски написать - ничего как не работало так и не заработает! |
Мне нужна комбинация traefik + marzban, без всяких nginx и прочего |
add this to your marzban docker file ports:
- "127.0.0.1:3333:3333" change port to your dashboard port |
and use 127.0.0.1 instead on 172.* |
Значит нужно настроить верно проксификацию 443 порта в траефике. 80 порт тут не нужен вообще |
I tried this solution, but it didn’t work for me. Thank you. |
map this file to your docker volumes:
- /var/lib/marzban:/var/lib/marzban
- /opt/marzban/main.py:/code/main.py import click
import logging
import os
import ssl
import ipaddress
import uvicorn
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from app import app, logger
from config import (DEBUG, UVICORN_HOST, UVICORN_PORT, UVICORN_SSL_CERTFILE,
UVICORN_SSL_KEYFILE, UVICORN_UDS)
def check_and_modify_ip(ip_address: str) -> str:
"""
Check if an IP address is private. If not, return localhost.
IPv4 Private range = [
"192.168.0.0",
"192.168.255.255",
"10.0.0.0",
"10.255.255.255",
"172.16.0.0",
"172.31.255.255"
]
Args:
ip_address (str): IP address to check
Returns:
str: Original IP if private, otherwise localhost
Raises:
ValueError: If the provided IP address is invalid, return localhost.
"""
try:
# Convert string to IP address object
ip = ipaddress.ip_address(ip_address)
if ip.is_private:
return ip_address
else:
return "localhost"
except ValueError as e:
return "localhost"
def validate_cert_and_key(cert_file_path, key_file_path):
if not os.path.isfile(cert_file_path):
raise ValueError(
f"SSL certificate file '{cert_file_path}' does not exist.")
if not os.path.isfile(key_file_path):
raise ValueError(f"SSL key file '{key_file_path}' does not exist.")
try:
context = ssl.create_default_context()
context.load_cert_chain(certfile=cert_file_path, keyfile=key_file_path)
except ssl.SSLError as e:
raise ValueError(f"SSL Error: {e}")
try:
with open(cert_file_path, 'rb') as cert_file:
cert_data = cert_file.read()
cert = x509.load_pem_x509_certificate(cert_data, default_backend())
if cert.issuer == cert.subject:
raise ValueError(
"The certificate is self-signed and not issued by a trusted CA.")
except Exception as e:
raise ValueError(f"Certificate verification failed: {e}")
if __name__ == "__main__":
# Do NOT change workers count for now
# multi-workers support isn't implemented yet for APScheduler and XRay module
bind_args = {}
if UVICORN_SSL_CERTFILE and UVICORN_SSL_KEYFILE:
validate_cert_and_key(UVICORN_SSL_CERTFILE, UVICORN_SSL_KEYFILE)
bind_args['ssl_certfile'] = UVICORN_SSL_CERTFILE
bind_args['ssl_keyfile'] = UVICORN_SSL_KEYFILE
if UVICORN_UDS:
bind_args['uds'] = UVICORN_UDS
else:
bind_args['host'] = UVICORN_HOST
bind_args['port'] = UVICORN_PORT
else:
if UVICORN_UDS:
bind_args['uds'] = UVICORN_UDS
else:
ip = check_and_modify_ip(UVICORN_HOST)
logger.warning(f"""
{click.style('IMPORTANT!', blink=True, bold=True, fg="yellow")}
You're running Marzban without specifying {click.style('UVICORN_SSL_CERTFILE', italic=True, fg="magenta")} and {click.style('UVICORN_SSL_KEYFILE', italic=True, fg="magenta")}.
The application will only be accessible through localhost. This means that {click.style('Marzban and subscription URLs will not be accessible externally', bold=True)}.
If you need external access, please provide the SSL files to allow the server to bind to 0.0.0.0. Alternatively, you can run the server on localhost or a Unix socket and use a reverse proxy, such as Nginx or Caddy, to handle SSL termination and provide external access.
If you wish to continue without SSL, you can use SSH port forwarding to access the application from your machine. note that in this case, subscription functionality will not work.
Use the following command:
{click.style(f'ssh -L {UVICORN_PORT}:localhost:{UVICORN_PORT} user@server', italic=True, fg="cyan")}
Then, navigate to {click.style(f'http://{ip}:{UVICORN_PORT}', bold=True)} on your computer.
""")
bind_args['host'] = ip
bind_args['port'] = UVICORN_PORT
if DEBUG:
bind_args['uds'] = None
bind_args['host'] = '0.0.0.0'
try:
uvicorn.run(
"main:app",
**bind_args,
workers=1,
reload=DEBUG,
log_level=logging.DEBUG if DEBUG else logging.INFO
)
except FileNotFoundError: # to prevent error on removing unix sock
pass |
if nobody want to test this i can close issue |
I'll test it and let you know within the next hour. |
I used methods 1 and 3, and the issue has been resolved. Thank you! 1. Using Reverse Proxy in Nginx (with HTTPS)To access the application via HTTPS in Nginx, add the following configuration to your Nginx configuration file: server {
listen 80;
server_name test.domain.com;
# Redirect HTTP to HTTPS
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name test.domain.com;
ssl_certificate /path/to/fullchain.pem;
ssl_certificate_key /path/to/privkey.pem;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Now, HTTP requests will be redirected to 2. Using an SSH TunnelThis method doesn’t require any changes to support HTTPS, and you can temporarily access port ssh -L 8000:localhost:8000 user@server_ip 3. Configuration in Nginx Proxy Manager (with HTTPS)To add HTTPS in Nginx Proxy Manager:
|
im happy your problem solved |
I'm having the same problem and method 3 does not work for me. Running NPM and Marzban with Dockge. Marzban compose file: services:
marzban:
image: gozargah/marzban:latest
restart: always
env_file: .env
network_mode: host
volumes:
- ./lib/marzban:/var/lib/marzban
- /var/run/docker.sock:/var/run/docker.sock
- /opt/stacks/nginx_proxy_manager/letsencrypt/archive:/var/lib/marzban/certs
networks: {} .env file
Tried switching between HTTP and HTTPS but didn't make a difference |
I use docker and set up docker compose config with Marzban and Traefik Proxy. On Marzban version 0.6.0 everything works, but after upgrading to version 0.7.0 I get an error
I also used Nginx, which also returns an error
When trying to open the image URL directly (http://172.18.0.4:8000/), I got HTTP ERROR 502
Machine details (please complete the following information):
The text was updated successfully, but these errors were encountered: