Everything posted by aptalca
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
You can put multiple names in a single server name directive, don't use multiple directives
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
To clarify, you CAN edit the default site conf to modify or add server blocks. Alternatively you can add more site conf files like you did. Either works
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Main conf is /config/nginx/nginx.conf, which includes (imports) /config/nginx/site-confs/default, which contains the main server block and it also includes (imports) all the proxy confs Check out the examples in the default site conf
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
If you're doing dns validation, you can get wildcard for b by setting extra domains to "b.com,*.b.com" Then to serve wordpress at b.com, set the server name for the wordpress server block to b.com
-
[Support] Linuxserver.io - Code-server
Then you'll have to create a custom script that does those steps for you during container start: https://blog.linuxserver.io/2019/09/14/customizing-our-containers/
-
[Support] Linuxserver.io - Code-server
How did you update it? The bionic repo has 2.17
-
[Support] Linuxserver.io - OpenVPN AS
Yes
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
That's a question for unraid and/or CA
-
[Support] Linuxserver.io - Code-server
Perhaps live server needs to bind 0.0.0.0 so it's accessible from outside the container as opposed to bonding 127.0.0.1 which would only be accessible from inside the container
-
[Support] Linuxserver.io - OpenVPN AS
That's correct. You need to enter your network subnet in the gui settings for it to nat
-
[Support] Linuxserver.io - OpenVPN AS
And it's udp (by default)
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
No
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
No, nginx would have to be compiled with it
-
[Support] Linuxserver.io - OpenVPN AS
passwd username won't work because it's not using pam See the readme instructions about disabling the "admin" user, reverse that to re-enable admin user, restart container, log in with "admin/password", make your changes to your main user, and then disable admin user again.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Create a cname in cloudflare with just an asterisk as the name "*", pointing to the A record for your domain and that's it. Then in swag docker settings, set the subdomains variable to "wildcard" without the quotes.
-
[Support] Linuxserver.io - DuckDNS
Use dnschecker.org to check
-
[Support] Linuxserver.io - Code-server
It's code server functionality and it's explained in their docs. Our image supports the domain name setup via env var and swag's built-in proxy conf allows it by default. You just need to add "*.code-server.yourdomain.com" to extra domains in swag so your cert covers the sub-subdomains of code server. (Or XXXX.code-server.yourdomain.com of your doing http validation and can't do wildcard)
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
There is only ever one cert generated with this image and it contains all the names as SANs
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
I use authelia and it works great. There is no webui for user management yet (I hear it's in the works), but you can set up the users in a number of ways including ldap (I use a simple yaml file). See here: https://blog.linuxserver.io/2020/08/26/setting-up-authelia/ For accessing the domain on lan, you need either a hairpin nat or nat loopback (if your router supports it), or you can set up a split dns (where you tell your local dns to resolve the domain to the unraid lan ip). The main caveat is that swag has to use port 443 on the host, which means you'll have to change unraid's https port to a different one first. Afterwards all requests for https://yourdomain.com will resolve to unraid and the client will connect to swag directly on lan (for http to https redirect, you'd need to change unraid's port 80 as well, so swag can use it, but I don't do that and instead only use the https endpoint so only port 443 goes to swag). Google the three terms I mentioned above and you'll find plenty of info for your router/setup.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
I don't know, you tell me. Check all the confs in the /config/nginx folder
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
You probably had cloudflare cache/proxy turned on, which we recommend against. It's explained in the docs article linked in the first post
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Yes, you can get wildcard certs. It's explained in the readme
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Looks like you modified your confs and referenced a custom cert. Our image does not use such a cert out of the box.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
You shouldn't need that. The latest updates to nginx.conf and proxy.conf auto enable websockets when needed.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Also, url should be a domain name, not ip address