Everything posted by GilbN
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
cant do wildcard with http validation iirc. Read the FAQ on github
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
No need for command line. Just do everything in the unraid GUI. Or do you mean the reverse proxy part?
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
https://blog.linuxserver.io/2017/05/10/installing-nextcloud-on-unraid-with-letsencrypt-reverse-proxy/
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
1. You are proxy_passing http not https. AND you are proxy_passing the letsencrypt container?! you need to proxy_pass the NEXTCLOUD container! proxy_pass https://192.168.1.113:8443; 2: you config.php is wrong it needs to be 'overwrite.cli.url' => 'https://YOURsubdomain.duckdns.org', NOT you localip to nextcloud
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
I have some guides on https://technicalramblings.com https://technicalramblings.com/blog/how-to-setup-organizr-with-letsencrypt-on-unraid/ It's for Organizr but has lots of sub directory examples. If you want live support I recommend checking out the Organizr discord. https://organizr.us/discord We help people from scratch getting all set up with a domain and reverse proxy everything everyday.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Unraid uses port 443 on 6.4.0 so you will need to change that.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Try location /admin/ instead You can also try with this rewrite (I haven't tried it) if ($http_referer ~* /pihole/) { rewrite ^/admin/(.*) /pihole/admin/$1? redirect; }
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
No.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
The container will create the default file if its missing. So just comment every line in default and add nextcloud.mydomain.com This is how my site-conf folder looks like https://github.com/gilbN/Nostromo/tree/master/Server/nginx/site-confs
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Here are my configs for A+ everthing on sslabs and A+ on securityheaders.io https://github.com/gilbN/Nostromo/tree/master/Server/nginx
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
you have auth_request /auth-admin; in the location blocks. Remove those. That is for server auth using Organizr. And I dont use qbittorrent. So I didnt really test it. If you dont figure it out you could try sub domain. This worked better. server { listen 80; listen 443 ssl http2; server_name qbit.domain.com; location / { proxy_pass http://192.168.1.34:8080; proxy_set_header X-Forwarded-Host $host:$server_port; proxy_hide_header Referer; proxy_hide_header Origin; proxy_set_header Referer ''; proxy_set_header Origin ''; add_header X-Frame-Options "SAMEORIGIN"; } }
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Did you add your sub domain in all the places in the /location block? And remove the include line if you don't use organizr.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
https://github.com/gilbN/Nostromo/blob/master/Server/nginx/subdirs/qbittorrent.conf
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Yeah, restarting after every edit
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
@noties I've added what you've posted and the it works but it doesn't seem to actually ban the IP. It logs that the IP is banned but I can still access the site (using LTE on mobile). If I remove the mta/action/iptables-multiport lines it bans like normal. Did you test that access is blocked?
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Thanks, will try this!
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
To fix these errors, please make sure that your domain name wasentered correctly and the DNS A record(s) for that domaincontain(s) the right IP address.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
This works for me. # LIDARR CONTAINER location ^~ /lidarr { #auth_request /auth-admin; proxy_pass http://192.168.1.34:8686/lidarr; include /config/nginx/proxy.conf; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } Try and remove your trailing / on the proxy_pass line
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Copy ..action.d/sendmail-whois.conf to sendmail-whois.local and then edit the last line of the action, changing the sendmail command line part; Hm, when looking at what I posted I just see the same? [nginx-http-auth] enabled = true filter = nginx-http-auth port = http,https logpath = /config/log/nginx/error.log mta = sendmail action = sendmail-whois[name=letsencrypt, dest=<[email protected]>] Fail2Ban" | /usr/sbin/sendmail -t -v -H 'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465' -au<username> -ap<password> <dest>
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
You were missing some parts location /web { proxy_pass http://127.0.0.1:32400; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /plex { proxy_pass http://127.0.0.1/web; }
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Copy ..action.d/sendmail-whois.conf to sendmail-whois.local and then edit the last line of the action, changing the sendmail command line part; Thanks will try that
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
I use this for plex: # PLEX SUB DIR location /plex/ { proxy_pass http://192.168.1.34:32400/; include /config/nginx/SSO.conf; } if ($http_referer ~* /plex/) { rewrite ^/web/(.*) /plex/web/$1? redirect; } SSO.conf client_max_body_size 10m; client_body_buffer_size 128k; proxy_bind $server_addr; proxy_buffers 32 4k; #Timeout if the real server is dead proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; # Advanced Proxy Config send_timeout 5m; proxy_read_timeout 240; proxy_send_timeout 240; proxy_connect_timeout 240; proxy_hide_header X-Frame-Options; # Basic Proxy Config proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_redirect http:// $scheme://; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_no_cache $cookie_session; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_headers_hash_max_size 51200; proxy_headers_hash_bucket_size 6400;
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Unifi is much easier to do with subdomain. https://gist.github.com/vidia/fbef2ee643b23848d8b24211d5860b78 homeassistant: https://home-assistant.io/docs/ecosystem/nginx_subdomain/ https://home-assistant.io/docs/ecosystem/nginx/ qbit: https://github.com/qbittorrent/qBittorrent/wiki/NGINX-Reverse-Proxy-for-Web-UI just add proxy_pass http://ip:port Also: Do not reverse proxy the unraid gui. Use a vpn instead. https://www.youtube.com/watch?v=I58LTMKyeYw
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Thanks