196 lines
4.7 KiB
Markdown
196 lines
4.7 KiB
Markdown
# NPMplus Connection Refused - Diagnosis & Fix
|
|
|
|
**Date**: 2026-01-21
|
|
**Issue**: 192.168.11.166 refused to connect (ERR_CONNECTION_REFUSED)
|
|
|
|
---
|
|
|
|
## Current Status
|
|
|
|
### ✅ What's Working
|
|
- NPMplus container (VMID 10233) is running
|
|
- Docker container `npmplus` is running and healthy
|
|
- Nginx is running inside Docker container
|
|
- NPMplus is listening on 0.0.0.0:80 and 0.0.0.0:443 (inside container)
|
|
- Container can access localhost:80 (HTTP 200)
|
|
- Container has correct IP: 192.168.11.166/24
|
|
- Ping works to 192.168.11.166
|
|
|
|
### ❌ What's Not Working
|
|
- **Connection refused** from external hosts to 192.168.11.166:80/443
|
|
- Connection refused even from Proxmox host (r630-01)
|
|
- No connection attempts reaching NPMplus logs
|
|
|
|
---
|
|
|
|
## Root Cause Analysis
|
|
|
|
### Key Findings
|
|
|
|
1. **Docker Network Mode**: `host` (container uses host network directly)
|
|
2. **Container Network**: Two interfaces configured:
|
|
- `eth0`: 192.168.11.166/24 (net0)
|
|
- `eth1`: 192.168.11.167/24 (net1)
|
|
3. **NPMplus Listening**: 0.0.0.0:80/443 (should accept all interfaces)
|
|
4. **Connection Refused**: Even from same host
|
|
|
|
### Possible Causes
|
|
|
|
1. **Docker host network mode in LXC container**
|
|
- Docker `host` network mode may not work correctly in LXC containers
|
|
- LXC container network namespace may conflict with Docker host network
|
|
|
|
2. **NPMplus binding to wrong interface**
|
|
- May be binding to localhost only despite showing 0.0.0.0
|
|
- May need to explicitly bind to container IP
|
|
|
|
3. **Firewall rules blocking**
|
|
- Container firewall may be blocking
|
|
- Proxmox host firewall may be blocking
|
|
- UDM Pro firewall may be blocking
|
|
|
|
4. **Network namespace issue**
|
|
- Docker host network in LXC may create namespace conflicts
|
|
- Ports may not be properly exposed to container network
|
|
|
|
---
|
|
|
|
## Diagnostic Commands
|
|
|
|
### Check Container Network
|
|
```bash
|
|
ssh root@r630-01
|
|
pct exec 10233 -- ip addr show
|
|
pct exec 10233 -- ss -tlnp | grep -E ":80 |:443 "
|
|
```
|
|
|
|
### Test from Container
|
|
```bash
|
|
pct exec 10233 -- curl -I http://localhost:80
|
|
pct exec 10233 -- curl -I http://192.168.11.166:80
|
|
```
|
|
|
|
### Test from Host
|
|
```bash
|
|
curl -v http://192.168.11.166:80
|
|
curl -v http://192.168.11.167:80
|
|
```
|
|
|
|
### Check Docker Network
|
|
```bash
|
|
pct exec 10233 -- docker inspect npmplus --format "{{.HostConfig.NetworkMode}}"
|
|
pct exec 10233 -- docker network inspect host
|
|
```
|
|
|
|
---
|
|
|
|
## Recommended Fixes
|
|
|
|
### Fix 1: Change Docker Network Mode (Recommended)
|
|
|
|
**Problem**: Docker `host` network mode may not work correctly in LXC containers.
|
|
|
|
**Solution**: Change to bridge network mode and publish ports:
|
|
|
|
```bash
|
|
ssh root@r630-01
|
|
|
|
# Stop NPMplus container
|
|
pct exec 10233 -- docker stop npmplus
|
|
|
|
# Remove old container (keep data volume)
|
|
pct exec 10233 -- docker rm npmplus
|
|
|
|
# Recreate with bridge network and port mapping
|
|
pct exec 10233 -- docker run -d \
|
|
--name npmplus \
|
|
--restart unless-stopped \
|
|
-p 80:80 \
|
|
-p 443:443 \
|
|
-p 81:81 \
|
|
-v /data/npmplus:/data \
|
|
-v /data/letsencrypt:/etc/letsencrypt \
|
|
zoeyvid/npmplus:latest
|
|
|
|
# Verify
|
|
pct exec 10233 -- docker ps | grep npmplus
|
|
pct exec 10233 -- ss -tlnp | grep -E ":80 |:443 "
|
|
```
|
|
|
|
**Test**:
|
|
```bash
|
|
curl -I http://192.168.11.166:80
|
|
```
|
|
|
|
### Fix 2: Check and Fix Firewall Rules
|
|
|
|
**Check container firewall**:
|
|
```bash
|
|
pct exec 10233 -- iptables -L -n -v
|
|
```
|
|
|
|
**If blocking, add allow rules**:
|
|
```bash
|
|
pct exec 10233 -- iptables -I INPUT -p tcp --dport 80 -j ACCEPT
|
|
pct exec 10233 -- iptables -I INPUT -p tcp --dport 443 -j ACCEPT
|
|
```
|
|
|
|
### Fix 3: Verify NPMplus Nginx Configuration
|
|
|
|
**Check NPMplus nginx config**:
|
|
```bash
|
|
pct exec 10233 -- docker exec npmplus cat /etc/nginx/nginx.conf | grep listen
|
|
```
|
|
|
|
**If binding to localhost, fix**:
|
|
```bash
|
|
# Access NPMplus dashboard
|
|
# https://192.168.11.166:81
|
|
# Check nginx configuration
|
|
# Ensure it's binding to 0.0.0.0, not 127.0.0.1
|
|
```
|
|
|
|
### Fix 4: Check Proxmox Host Firewall
|
|
|
|
**Check host firewall**:
|
|
```bash
|
|
ssh root@r630-01
|
|
iptables -L -n -v | grep 192.168.11.166
|
|
```
|
|
|
|
**If blocking, add allow rules**:
|
|
```bash
|
|
iptables -I FORWARD -d 192.168.11.166 -p tcp --dport 80 -j ACCEPT
|
|
iptables -I FORWARD -d 192.168.11.166 -p tcp --dport 443 -j ACCEPT
|
|
```
|
|
|
|
---
|
|
|
|
## Quick Test After Fix
|
|
|
|
```bash
|
|
# From any host on network
|
|
curl -I http://192.168.11.166:80
|
|
curl -I https://192.168.11.166:443 -k
|
|
|
|
# Should return HTTP 200 or 301/302
|
|
```
|
|
|
|
---
|
|
|
|
## Most Likely Solution
|
|
|
|
**Docker host network mode in LXC containers is problematic.**
|
|
|
|
**Recommended**: Change NPMplus Docker container to use bridge network mode with port mapping (`-p 80:80 -p 443:443`).
|
|
|
|
This will properly expose ports to the LXC container's network interface, making them accessible from outside the container.
|
|
|
|
---
|
|
|
|
## Status
|
|
|
|
**Current**: Connection refused - NPMplus not accessible
|
|
**Action**: Change Docker network mode from `host` to `bridge` with port mapping
|
|
**Priority**: **HIGH** - Blocks all external access to explorer
|