d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
01e126a8687279bd32df68e06d6cb52b60dd68ff
explorer-monorepo/NPMPLUS_CONNECTION_REFUSED_FIX.md

4.7 KiB
Raw Blame History

NPMplus Connection Refused - Diagnosis & Fix

Date: 2026-01-21
Issue: 192.168.11.166 refused to connect (ERR_CONNECTION_REFUSED)

Current Status

What's Working

  • NPMplus container (VMID 10233) is running
  • Docker container npmplus is running and healthy
  • Nginx is running inside Docker container
  • NPMplus is listening on 0.0.0.0:80 and 0.0.0.0:443 (inside container)
  • Container can access localhost:80 (HTTP 200)
  • Container has correct IP: 192.168.11.166/24
  • Ping works to 192.168.11.166

What's Not Working

  • Connection refused from external hosts to 192.168.11.166:80/443
  • Connection refused even from Proxmox host (r630-01)
  • No connection attempts reaching NPMplus logs

Root Cause Analysis

Key Findings

  1. Docker Network Mode: host (container uses host network directly)
  2. Container Network: Two interfaces configured:
    • eth0: 192.168.11.166/24 (net0)
    • eth1: 192.168.11.167/24 (net1)
  3. NPMplus Listening: 0.0.0.0:80/443 (should accept all interfaces)
  4. Connection Refused: Even from same host

Possible Causes

  1. Docker host network mode in LXC container

    • Docker host network mode may not work correctly in LXC containers
    • LXC container network namespace may conflict with Docker host network

  2. NPMplus binding to wrong interface

    • May be binding to localhost only despite showing 0.0.0.0
    • May need to explicitly bind to container IP

  3. Firewall rules blocking

    • Container firewall may be blocking
    • Proxmox host firewall may be blocking
    • UDM Pro firewall may be blocking

  4. Network namespace issue

    • Docker host network in LXC may create namespace conflicts
    • Ports may not be properly exposed to container network

Diagnostic Commands

Check Container Network

ssh root@r630-01
pct exec 10233 -- ip addr show
pct exec 10233 -- ss -tlnp | grep -E ":80 |:443 "

Test from Container

pct exec 10233 -- curl -I http://localhost:80
pct exec 10233 -- curl -I http://192.168.11.166:80

Test from Host

curl -v http://192.168.11.166:80
curl -v http://192.168.11.167:80

Check Docker Network

pct exec 10233 -- docker inspect npmplus --format "{{.HostConfig.NetworkMode}}"
pct exec 10233 -- docker network inspect host

Recommended Fixes

Fix 1: Change Docker Network Mode (Recommended)

Problem: Docker host network mode may not work correctly in LXC containers.

Solution: Change to bridge network mode and publish ports:

ssh root@r630-01

# Stop NPMplus container
pct exec 10233 -- docker stop npmplus

# Remove old container (keep data volume)
pct exec 10233 -- docker rm npmplus

# Recreate with bridge network and port mapping
pct exec 10233 -- docker run -d \
  --name npmplus \
  --restart unless-stopped \
  -p 80:80 \
  -p 443:443 \
  -p 81:81 \
  -v /data/npmplus:/data \
  -v /data/letsencrypt:/etc/letsencrypt \
  zoeyvid/npmplus:latest

# Verify
pct exec 10233 -- docker ps | grep npmplus
pct exec 10233 -- ss -tlnp | grep -E ":80 |:443 "

Test:

curl -I http://192.168.11.166:80

Fix 2: Check and Fix Firewall Rules

Check container firewall:

pct exec 10233 -- iptables -L -n -v

If blocking, add allow rules:

pct exec 10233 -- iptables -I INPUT -p tcp --dport 80 -j ACCEPT
pct exec 10233 -- iptables -I INPUT -p tcp --dport 443 -j ACCEPT

Fix 3: Verify NPMplus Nginx Configuration

Check NPMplus nginx config:

pct exec 10233 -- docker exec npmplus cat /etc/nginx/nginx.conf | grep listen

If binding to localhost, fix:

# Access NPMplus dashboard
# https://192.168.11.166:81
# Check nginx configuration
# Ensure it's binding to 0.0.0.0, not 127.0.0.1

Fix 4: Check Proxmox Host Firewall

Check host firewall:

ssh root@r630-01
iptables -L -n -v | grep 192.168.11.166

If blocking, add allow rules:

iptables -I FORWARD -d 192.168.11.166 -p tcp --dport 80 -j ACCEPT
iptables -I FORWARD -d 192.168.11.166 -p tcp --dport 443 -j ACCEPT

Quick Test After Fix

# From any host on network
curl -I http://192.168.11.166:80
curl -I https://192.168.11.166:443 -k

# Should return HTTP 200 or 301/302

Most Likely Solution

Docker host network mode in LXC containers is problematic.

Recommended: Change NPMplus Docker container to use bridge network mode with port mapping (-p 80:80 -p 443:443).

This will properly expose ports to the LXC container's network interface, making them accessible from outside the container.

Status

Current: Connection refused - NPMplus not accessible
Action: Change Docker network mode from host to bridge with port mapping
Priority: HIGH - Blocks all external access to explorer

Reference in New Issue View Git Blame Copy Permalink