Everything posted by ebnerjoh
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Hi, In the past I was using seperate virtual ips for my dockers but due to the limitation that the dockers are not able to talk with the UnRaid Main Interface I wanted to go back with a single IP but mapped ports. With the dedicated IPs I had no issues with certs. I have the following dockers: 1) OpenVPN port 443 with manual generated Certificate 2) Nextcloud on port 449 3) Letsencrypt on port 448 with vhost for nextcloud to redirect to 449 On the Public Network I have 2 static IPs. On the DNS I have: 1) openvpn.domain.com --> IP1 2) nextcloud.domain.com --IP2 On the ROuter I have the following NAT Rules 1) IP1-443 --> Unraid-443 2) IP2-443 --> Unraid-448 If I now access nextcloud.domain.com from public, the certificate is green. But If I acess the same domain internally, it shows me an error "NET::ERR_CERT_COMMON_NAME_INVALID" - The subject is not "nextcloud.domain.com" but "openvpn.domain.com"... Br, Johannes Edit: Somehow it is now working... MAybe a DNS Timer...
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Hi, I have another Question regarding "LetsEncrypt"-Docker togehter with NextCloud-Docker My physical Setup: DLS --> Router --> Switch On the Switch I have my PC and UnRaid I have a public DNS with "cloud.domain.com" pointing to the public IP of the router. The public IP has a 1:1 NAT to the LetsEncrypt-Docker with NAT-Loopback. The Nexcloud Client on my Notebook is pointing to the public domain and this works within my network as well as outside. Drawback: Within my network the traffic is alsways going via the ROuter and not directly from one Switch-Port to the other Switchport due to the fact that I am using the public domain. My router has CPU troubles when big files are transmitted. But I think there is nothing I can do? Br, Johannes
-
[Support] Linuxserver.io - MariaDB
Hi, I have troubles with a php script accessing a mariadb-database. I do not know if there is a connection problem or a problem with authentication. Are there any logfiles available where I can see the conntection attempts? Br, Johannes
-
[6.3.0+] How to setup Dockers without sharing unRAID IP address
Hi, I have here two question: If I go with this virtual LAN topic, then the virtual ip adresses cannot access the Unriad IP and vice versa But can I install two different dockers to one virtual IP? E.g. MariaDB and Apache? Are this two dockers then able to communicate with each other? Second question which is not directly related to this topic but similar: Currenlty i am using this virtuall IP Adresses, because I have only one NIC in my Server but need different dockers with the same port availabe (and port mapping is not possible for my scenario). I will get soon a Quad Gigabit Card. Can I install then 1 Docker to one of the additional NICs and is the Docker then able to talk also with the Unraid NIC? I guess this is possible then? Br, Johannes
-
[Support] Linuxserver.io - Nginx
Ok, was just an idea. Nevertheless, the Docker is great :-) I have now two of them running in parallel to have two domains covered. Br, Johannes
-
[Support] Linuxserver.io - Nextcloud
Thanks, this solved my issues with logon performance. Br, Johannes
-
New Emby Docker
Thanks for the answer. Br, Johannes
-
[Support] Linuxserver.io - Nginx
Hi, I have a Feature Request: Would it be possible to add the support of multiple domains to the letsencrypt-docker in future? Br, Johannes
-
New Emby Docker
Hi, Is the Hardware-Transcoding via VAAPI working? I tried to activate it and got the error message: [AVHWDeviceContext @ 0x3b8d3e0] No VA display found for device: /dev/dri/card0. [vaapi @ 0x312f1e0] Failed to create a VAAPI device Br, Johannes
-
[SUPPORT] pihole for unRaid - Spants repo
I have installed it that way and it works nice.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Hi, Yes, this are PHP Settings. I found them already in the docker and changed them manually wth the disadvantage that I have to do this again after an update of the docker. Br, Johannes
-
[6.3.0+] How to setup Dockers without sharing unRAID IP address
Hi, I was reading again this Thread and then I found this statement: This is why it is not working - I will keep my MySQL Docker now also on a dedicated IP. This is working. Br, Johannes
-
[6.3.0+] How to setup Dockers without sharing unRAID IP address
Hi, I followed this guide an have setup several sites in a seperate docker with dedicated ip. Eg.: .254 = UnRaid .253 = Nextcloud .252 = MySql This works fine. I can setup Nextcloud with the MySQL DB. Then I thought: Why using a dedicated IP for MySQL as MySQL is not sharing any ports with UnRaid. So I removed MySQL again and installed with default settings. Within UnRaid I can access MySQL but when trying to setup Nextcloud, Nextcloud tells me that it cannot reach the DB (Host Unreachable). So I logged on to the nextcloud docker and tried to ping unraid and see, it was not resonding... Is this a know behaviour or I am doing something wrong? Br, Johannes
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
In addition to my "upload_max_filesize" question I have now another question: I want to run on my nginx-instance also phpmyadmin to configure my MySQL-DB. This website shouldnt be exposed to the public network. If I store phpmyadmin to /config/www/phpmyadmin can I access it then via "https://internal-ip/phpmyadmin"? As it is internal I do not care about the certificate. I guess this is working with "location" but to be honest, I still do not understand the concept of nginx. I tried to add the following to my default site-conf: location /phpmyadmin { root /config/www/phpmyadmin; try_files $uri $uri/ /index.html /index.php?$args =404; } but then I get the default page. Br, Johannes
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Many, many thanks again! One last question: I tried to do a Media-Upload in Wordpress. It tells me that there is a 2MB Upload Limit. I guess this is set somewhere in nginx? Br, Johannes
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Hi, Ok, one step ahead. I can access the website now but it is not correctly formated. It seems when using without SSL everything is correctly formated, but when using SSL then not... I will send you the real link per PM. Maybe you have an idea? Br, Johannes
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Hi, This is my default "default" file: # listening on port 80 disabled by default, remove the "#" signs to enable # redirect all traffic to https #server { # listen 80; # server_name _; # return 301 https://$host$request_uri; #} # main server block server { listen 443 ssl default_server; root /config/www; index index.html index.htm index.php; server_name _; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; client_max_body_size 0; location / { try_files $uri $uri/ /index.html /index.php?$args =404; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; # With php7-cgi alone: fastcgi_pass 127.0.0.1:9000; # With php7-fpm: #fastcgi_pass unix:/var/run/php7-fpm.sock; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } # sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp" # notice this is within the same server block as the base # don't forget to generate the .htpasswd file as described on docker hub # location ^~ /cp { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; # include /config/nginx/proxy.conf; # proxy_pass http://192.168.1.50:5050/cp; # } } # sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above # notice this is a new server block, you need a new server block for each subdomain #server { # listen 443 ssl; # # root /config/www; # index index.html index.htm index.php; # # server_name cp.*; # # ssl_certificate /config/keys/letsencrypt/fullchain.pem; # ssl_certificate_key /config/keys/letsencrypt/privkey.pem; # ssl_dhparam /config/nginx/dhparams.pem; # ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; # ssl_prefer_server_ciphers on; # # client_max_body_size 0; # # location / { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; # include /config/nginx/proxy.conf; # proxy_pass http://192.168.1.50:5050; # } #} Here is now my updated "wordpress" file: server { ## Your website name goes here. server_name wordpress.my-domain.at; ## Your only path reference. root /var/www/wordpress; ## This should be in your http block and if it is, it's not needed here. index index.php; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } location /wordpress { # This is cool because no php is touched for static content. # include the "?$args" part so non-default permalinks doesn't break when using query string try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini #include fastcgi.conf; #fastcgi_intercept_errors on; #fastcgi_pass php; #fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_split_path_info ^(/wordpress)(/.*)$; # With php7-cgi alone: fastcgi_pass 127.0.0.1:9000; # With php7-fpm: #fastcgi_pass unix:/var/run/php7-fpm.sock; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; } } Still getting connected to the default index.html.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
I have done this... # Upstream to abstract backend connection(s) for php upstream php { server unix:/tmp/php-cgi.socket; server 127.0.0.1:9000; } server { ## Your website name goes here. server_name wordpress.my-domain.at; ## Your only path reference. root /var/www/wordpress; ## This should be in your http block and if it is, it's not needed here. index index.php; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } location / { # This is cool because no php is touched for static content. # include the "?$args" part so non-default permalinks doesn't break when using query string try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini #include fastcgi.conf; #fastcgi_intercept_errors on; #fastcgi_pass php; #fastcgi_split_path_info ^(.+\.php)(/.+)$; # With php7-cgi alone: fastcgi_pass 127.0.0.1:9000; # With php7-fpm: #fastcgi_pass unix:/var/run/php7-fpm.sock; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; } }
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
No success at all. I made now the following tests: 1) Copied default to wordpress and changed servername and directory --> letsencrypt didnt start and got errormessage "duplicate default server" 2) removed default and moved wordpress to default --> got at least somehow the wordpress page but completley unformated 3) recovered original default and took the receipt and saved as wordpress. changed servername and directory and CGI part (as this is different to the letsencrypt-Docker). After accessing the site I am always getting the index.html from the /config/www, instead of /config/www/wordpress... This is driving me crazy...
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Yes, this is clear. First I wanted to get wordpress working before going ahead with joomla. The question is: How would the site-conf look like for Wordpress if the wordpress is in the "wordpress"-subdirectory of the www directory. Br, johannes
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
haha, sometimes it is too simple... root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="none" --privileged="true" -e TZ="Europe/Berlin" -e HOST_OS="unRAID" -e "EMAIL"="[email protected]" -e "URL"="my-domain.at" -e "SUBDOMAINS"="nextcloud,wordpress," -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "PUID"="99" -e "PGID"="100" -v "/mnt/user/appdata/letsencrypt":"/config":rw --network homenet --ip 192.168.1.250 linuxserver/letsencrypt 7febf75fc4495e72d6ab452387cd1c6fda9ebffb2f4bf23afdc89f1b1e8df271
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
I am new with Unraid and Docker (since one week). I guess you mean the docker exec section which is displayed when installing or changing a docker within unraid and not the web-config-section? If yes, where can I find how the docker was started without modifying the docker? I know stupid questions... but I am learning.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
nextcloud.server.com --> letsencrypt-docker --> nextcloud-docker (already working) wordpress.server.com --> letsencrypt-docker joomla.server.com --> letsencrypt-docker or alternativaly nextcloud.server.com --> letsencrypt-docker --> nextcloud-docker (already working) wordpress.server.com --> letsencrypt-docker --> apache-docker joomla.server.com --> letsencrypt-docker --> apache-docker Br, Johannes
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Hi, Maybe I am thinking to complicated... So I try to explain again what I want to achieve with my public domain: 1) One Nextcloud installation 2) A Webserver Installation to host multiple other sites (e.g. wordpress, joomla,...) I have installed the nextcloud and the letsencrypt docker like described here in the thread. This is working like a charme. But now I am struggeling with the additional websites. So now questions: 1) As I have already running LetsEncrypt do I then need another apache docker or could I use the letsencrpyt docker for presenting wordpress and joomla? 2) If yes, how does a simple config looks like to catch subdomain.domain.com and point to the webspace /www/subdomain ? Br, Johannes
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Ok, I solved it by "TRial and Error". I setup a second LetsEncrypt Docker on a seperate internal IP with a seperate static public IP and forwarding the requests to the Nextcloud-Docker. The Nextcloud-Docker I am using for both domains. Just added both domains as "trusted domains" and it is working now. But I still have issues with an Apache Docker together with LetsEncrypt. I have already posted my configs on the apache thread: Linuxserver.io Apache Br, Johannes