aptalca
-
Posts
3,064 -
Joined
-
Last visited
-
Days Won
3
Content Type
Profiles
Forums
Downloads
Store
Gallery
Bug Reports
Documentation
Landing
Posts posted by aptalca
-
-
On 3/13/2020 at 12:08 PM, scubieman said:
having issues getting nextcloud to work, I only care about nextcloud no other dockers, Any help would be amazing!
So I half found the issue. Not sure how to resolve though.
This gets the error saying it needs to be setup yet.
However if I alter the URL, Then it works fine. How can I have it where the URL is actually correct?
https://mydomainname.duckdns.org/index.php/login
Nextcloud should be available at a subdomain like https://nextcloud.yoursubdomain.duckdns.org
How did you try to set it up?
-
2 hours ago, luizmont said:
I already followed this steps, as you can see from the screenshot when I told that I made a nginx container, with the same results....
Okay, some new information:
I installed and configured pfsense and made the rules to forward doors 180 and 1443.
I installed sonarr and created a cname for it (sonarr.luizmont.com).
As before, it works on LAN, however outside the LAN it doesn't connect, giving a timed out error....
If I use wireguard, for example, I can use it as lan access to my LAN and tunnel access...
What might be wrong in my setup?
Thanks!
If you read the article I linked, you'll see that there is a recommended resource with a plethora of information on just port forwarding (portforward.com). Until you can reach the nginx default page on your domain via cell connection, reverse proxy won't work for you outside of the home. And if you're using http validation, letsencrypt container won't even start nginx as it won't be able to validate the cert.
-
20 hours ago, luizmont said:
And can you help me figure how to proper forward my ports?
-
5 hours ago, luizmont said:
Hello everyone!
I believe this is going to be a long post, so let's get going!
I'm having issues configuring letsencrypt on my unraid server.
I followed the excellent video made by Spaceinvader One on the topic, and did everything he showed on the video.
Here's my network config:
Internet => Router (Asus RT AC66U) => LAN (Unraid, Desktop, Phones, etc)
I watched the video and when I checked the log, the server wasn't coming online, the error message was the one about possible firewall blocking.
After some researching, it seems that my ISP block port 80.
Because of this, I purchased a domain to be able to use the DNS method.
I watched the other video on the subject (I'm not pasting the links to keep this post as clean as possible, but I can provide the link if someone want it) and configured everything, using duckdns and cloudflare, now the letsencrypt server shows that it is ready.
However, I still can't access my server from the internet... Tried with ubooquity and rutorrent.
It shows the error 522.
After doing some research, I tried to disable the proxy on cloudflare (the orange cloud thing), and still can't access anything...
Here is the port forwarding from my router:
This is my docker setup
This is my letsencrypt configuration
And here is the log
I can ping luizmont.duckdns.org and it shows my external IP.
I can ping ubooquity.luizmont.com and it also shows my external IP.
If I make a DNS lookup for my domain, it correctly shows the duckdns domain
Error 522 (cloudflare proxy on)
Cloudflare proxy off
I spent a good number of hours on this matter but couldn't figured out on my own how to solve this problem...
I'm not an expert linux user (a newbie actually), but can follow instructions or guides!
Thanks in advance for the help of this great community!
Edit:
If I set a nginx docker, I can reach the "Welcome to our server message" (both on luizmont.duckdns.org and ubooquity.luizmont.com) from my LAN.
However, I can't reach the same page from the internet (phone with 4G)...
Then the problem is your port forwarding
-
1 hour ago, sneak2k said:
Hi, unfortunately the licence did not, they use a few reference points to authenticate the server, including mac addresses etc...
I was able to force the previous hostname successfully, which is what i asked for in the thread, but since the other information has changed across the containers, they replced the key.
One of the key point is the Mac address of the main network adapter.
What i suggest is if you need to reinstall the container, backup your container config files to try and keep the new version as close to the original as possible.
I had uninstalled, choosing to clear the appdata with it, which is most likely why i could not activate as the new container was created from scratch and the hostname, mac address, etc... all changed because of it.
Would you happen to have the parameter to pass a MAC address to the container config?
Yeah, if you nuke the appdata, the license won't be valid anymore. What we need tested is, recreating the container with the same appdata.
Openvpn-as won't tell us what parameters they use to check. I'm not sure if mac address is one of them. But you can indeed set a custom one for your docker container: https://stackoverflow.com/questions/42946453/how-does-the-docker-assign-mac-addresses-to-containers
-
1 hour ago, d2dyno said:
Same exact issue with SFP+ aggregated (802.3ad) NiC, MTU 9000. Also using Unifi gear.
See the post above yours
-
1 hour ago, sneak2k said:
Perfect worked for me thanks.
Can you confirm that the license remains valid through container recreation? We had a couple people ask in the past but they never confirmed. No one on the team has a paid license so we can't test.
Thanks
-
2 hours ago, cbc02009 said:
I'm looking for a docker container to connect to my PIA VPN and then route traffic from other docker containers through it using the new functionality in Unraid 6.8.3. Can I do that with this docker? Is there any guide to setting it up? If not, is there a different docker I should be using? Thanks!
No, this is a server. What you need is a client
-
19 minutes ago, Menthalo said:
Since this morning, I have a similar issue, I can't access my locally hosted websites from within my local network, but I can access them via my cell phone (in 4g).
My certs were correctly renewed although -> I followed @aptalca 's guide (setting STAGING to false then true).
Anyone else in my case ?
I can post logs if wanted (but they all seems fine)
EDIT : for the setup of everything, I followed @SpaceInvaderOne many guides
If you can access via cell phone, then there is nothing wrong with letsencrypt or ports. Issue is your router. Google hairpin nat or nat loopback
-
1
-
-
15 hours ago, sneak2k said:
HI i am having issues with a 10 user licence. I activated it before the latest update of the docker and i noticed that the hostname changed for the docker machine and the license is locked attached to a previous hostname.
How can i change the hostname back?
In container settings, additional arguments, enter "--hostname blah"
-
8 hours ago, jdndm said:
Where would I set the server name directive?
You'll have to create a new server block for the subdomain. See the default proxy conf for examples. Server name is defined in there. And then, inside that new server block, you'll create a location block for whatever subfolder you want.
-
3 hours ago, kurt698939 said:
I am admittedly new to unraid and using all of the plugins/dockers (upgraded from FreeNAS). My main goal for my unraid server is to manage media (radarr/sonarr/NZBGetVPN). I added the openvpn as in an attempt to be able to manage my movie ques remotely. I have been able to work my way to successfully connecting to the openvpn as client via port forwarding and DDNS server (thanks to SpaceInvader one). My issue is that now that i am connected to my home network remotely, i have not been able to open any web clients through the web interface.
Maybe this is something simple that i am just completely ignorant of, but what do i have to use to actually look at my unraid server? Example DDNS.DDNSprovider.com/Tower:6789 or am i going about this all wrong?
Once you connect to the vpn, just browse to your server ip address and put in the port for the relevant gui.
If you want to do it with reverse proxy (properly), then you can use our letsencrypt image.
Here's a guide for that: https://blog.linuxserver.io/2019/04/25/letsencrypt-nginx-starter-guide/
-
1
-
-
6 hours ago, nxtiak said:
Hi, I'm a noob, how do you do this? I use Letsencrypt with TheLounge docker only.
Thanks.
edit the container settings, STAGING should be there, if not, add it and set it to true
-
1 minute ago, zerolim1t said:
Will this plugin let me use my gpu to convert the files and still use it for plex hardware transcoding?
thanks in advance
Docker containers can use it simultaneously
-
1
-
-
3 hours ago, jdndm said:
Hi,
Hopefully someone can help me. I've got letsencrypt setup and working with various subdomains point at docker containers i.e. sonarr.mydomain.com but I want to do something a little different for some things that I only want to be accessible when I'm on my internal network i.e. internal.mydomain.com/nzbget or internal.mydomain.com/motioneyeos etc.
I'm not sure how I should setup the proxy confs to point at the right location. I'm thinking something like this...
location internal.mydomain.com/nzbget {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;# enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
#auth_request /auth;
#error_page 401 =200 /login;include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app nzbget;
set $upstream_port 6789;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;}
Use allow/deny statements to block outside access and only allow internal access
Location does not refer to the domain. Server name directive is for the domain name
-
1 hour ago, illsnryhybrid said:
Thanks for the heads up. Headed over here to this thread to figure out what I needed to do to fix my mess. After I received the notification for Let'sencrypt revoking certs, I tried to use certbot to revoke and then renew my certs and things got all jumbled. Been dealing with notifications from my various apps about connection issues for three days. Can't wait to try this out when I get home tonight! Thanks again for the tip.
Sent from my ONEPLUS A6013 using Tapatalk
Yeah, don't run manual commands in the container unless we tell you to. Things are sure to break
-
6 hours ago, turt1e said:
Haven't seen it posted here yet but Letsencrypt will be revoking certain certs starting today due to a CAA rechecking bug. This affects about 2.6% of issued certs. More info in the link below including a way to check if your cert is affected.
https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864
If anybody's affected, set the staging var to true, hit save. Then edit again and set it back to false. That action will force a renewal of the cert.
-
2
-
-
10 hours ago, sdamaged said:
Exact same issue happening to me. Server locks up completely when copying to BTRFS cache drive (single drive)
Seeing IOWAIT up to 50% plus
Samsung 850 Pro 2TB SSD using motherboard SATA
Raised in bug section as a problem.
Frankly surprised this doesn't appear to be getting looked into by LT, given how Samsung make arguably the most popular SSDs in the world?
LT dropped by once and asked for a summary, then crickets. Try emailing them and linking to this thread
-
4 hours ago, RichardRob said:
I'm having the same issue ("Sorry, a session error has occurred").
I noticed this in the image log:
Automatic configuration failed, see /usr/local/openvpn_as/init.log You can configure manually using the /usr/local/openvpn_as/bin/ovpn-init tool. /var/lib/dpkg/info/openvpn-as.postinst: line 72: systemctl: command not found Stopping openvpn-as now; will start again later after configuringI this is the last line of init.log:
Enabling service Error: Could not execute 'systemctl enable openvpnas' to enable startup/shutdown scriptsI switched the shell to bash and tried running the command manually in the console, but it won't tab complete systemctl. It seems the command is just missing. Is this normal and I'm barking up the wrong tree? Or is an image possibly missing?
Edit:
My run command is :root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='openvpn-as' --net='br0' --ip='192.168.1.31' --privileged=true -e TZ="America/Denver" -e HOST_OS="Unraid" -e 'TCP_PORT_943'='943' -e 'TCP_PORT_9443'='9443' -e 'UDP_PORT_1194'='1194' -e 'PGID'='100' -e 'PUID'='99' -v '/mnt/user/appdata/openvpn-as':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/openvpn-as'
Post a full log. Those are harmless errors
-
6 hours ago, Alphacosmos said:
Thanks for the troubleshooting guide. I gave it a go but it seems my ports are configured correctly. when i ran the Nginx docker with worked fine. It must be something to do with the the file it cant locate. I have tried removing lets encrypt and retrying a few times. Same error
When I try to connect to your domain, I get a blank yellow/green page with "webcam" as the page title.
Are you sure you did the test correctly as described?
-
5 hours ago, Chad Kunsman said:
Hopefully an easy question but wanted to ensure I was doing things correctly, but can I utilize a single Nvidia card (p400) for my containers like Tdarr to utilize as well as have an edited syslinux.cfg file that passes the video card through for VM use? I assume it's 'no' but I wanted to make sure.
You can't do containers and vm at the same time. But you can have multiple containers accessing it at the same time.
That's because vm passthrough is exclusive, but container access is not.
You can split their time, though, by alternating.
-
1
-
-
8 hours ago, Alphacosmos said:
Hey All,
Having an Issue....not sure why im getting this fail. Pretty sure my ports are right. what is :/mnt/mtd/WebSites/.well and where and how do i fix this :s
-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/
Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------
User uid: 99
User gid: 100
-------------------------------------
[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=Australia/Sydney
URL=duckdns.org
SUBDOMAINS=aquillacomputingsystems,aquillacomputingsystemsbitwarden,aquillacomputingsystemsnextcloud,aquillacomputingsystemsombi
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=https
DNSPLUGIN=
[email protected]
STAGING=
2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d aquillacomputingsystems.duckdns.org -d aquillacomputingsystemsbitwarden.duckdns.org -d aquillacomputingsystemsnextcloud.duckdns.org -d aquillacomputingsystemsombi.duckdns.org
E-mail address entered: [email protected]
http validation is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for aquillacomputingsystems.duckdns.org
http-01 challenge for aquillacomputingsystemsbitwarden.duckdns.org
http-01 challenge for aquillacomputingsystemsnextcloud.duckdns.org
http-01 challenge for aquillacomputingsystemsombi.duckdns.org
Waiting for verification...
Challenge failed for domain aquillacomputingsystems.duckdns.org
Challenge failed for domain aquillacomputingsystemsbitwarden.duckdns.org
Challenge failed for domain aquillacomputingsystemsnextcloud.duckdns.org
Challenge failed for domain aquillacomputingsystemsombi.duckdns.org
http-01 challenge for aquillacomputingsystems.duckdns.org
http-01 challenge for aquillacomputingsystemsbitwarden.duckdns.org
http-01 challenge for aquillacomputingsystemsnextcloud.duckdns.org
http-01 challenge for aquillacomputingsystemsombi.duckdns.org
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: aquillacomputingsystems.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://aquillacomputingsystems.duckdns.org/.well-known/acme-challenge/sGXwHiagrWpxp7w8HM2WDg4O-8-JOFxtfAWo5XItEHc
[110.175.43.148]: "<html>\r\n<head><title>Cross
Error</title></head>\r\n<body>\r\n404:Not found\r\n<p>Cross
couldn't find this file:/mnt/mtd/WebSites/.well"
Domain: aquillacomputingsystemsbitwarden.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://aquillacomputingsystemsbitwarden.duckdns.org/.well-known/acme-challenge/H5BbKDF70r7Rk6tOZmwqzDfs4eAaISCwyoFsVr7mh4Q
[110.175.43.148]: "<html>\r\n<head><title>Cross
Error</title></head>\r\n<body>\r\n404:Not found\r\n<p>Cross
couldn't find this file:/mnt/mtd/WebSites/.well"
Domain: aquillacomputingsystemsnextcloud.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://aquillacomputingsystemsnextcloud.duckdns.org/.well-known/acme-challenge/XOHa60mCm3ZoerrniI1iMAu4t1NC8YeIO-0urQcddOA
[110.175.43.148]: "<html>\r\n<head><title>Cross
Error</title></head>\r\n<body>\r\n404:Not found\r\n<p>Cross
couldn't find this file:/mnt/mtd/WebSites/.well"
Domain: aquillacomputingsystemsombi.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://aquillacomputingsystemsombi.duckdns.org/.well-known/acme-challenge/Qw8MqOfucfdgyfBkW_XF6F8UK2RXtx7ztz3ta8C4NSo
[110.175.43.148]: "<html>\r\n<head><title>Cross
Error</title></head>\r\n<body>\r\n404:Not found\r\n<p>Cross
couldn't find this file:/mnt/mtd/WebSites/.well"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
Either your IP is incorrect, or you have port forwarding issues.
Also, you really don't need to create multiple domains on duckdns. Create one, use that as the url here, and everything else will be a sub-subdomain. For example, you register mycustom as your duckdns subdomain, so you'll put "mycustom.duckdns.org" into url, and put "nextcloud,sonarr,sabnzbd" into subdomains and your services will be accessible at "nextcloud.mycustom.duckdns.org".
See here to troubleshoot the port/IP issue: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/
-
19 hours ago, BeeKay said:
Hi there,
Hoping you guys can help me out. In short, my letsencrypt docker is giving me the 'likely firewall issue' message but I have tested port forwarding with nginx and nginxproxymanager dockers, which show their default pages via the opened ports.
I followed spaceinvaderone's guide (with methodical pausing while i applied the steps), so forwarding 443 from router to 1443 on unraid host, and 80 to 180 in the same way.
I've got a domain registered. I've added a CNAME to my domain, pointing to a duckdns subdomain. I've setup the duckdns docker to update IP for this.
My ISP did have default ports blocked, which I've turned off (otherwise the tests above wouldn't have worked anyway).
I've also followed the linuxserver troubleshooting guide for the port forwarding issue already.
Can anyone shed some light? Would be much appreciated
If my letsencrypt log is useful, it's pasted below (xxxx'd out the domain and email specifics:
-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/
Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------User uid: 99
User gid: 100
-------------------------------------[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=Australia/Sydney
URL=xxxxxxxx.net
SUBDOMAINS=nextcloud
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
[email protected]
STAGING=2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d nextcloud.xxxxxxxx.net
E-mail address entered: [email protected]
http validation is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nextcloud.xxxxxxxx.net
Waiting for verification...
Challenge failed for domain nextcloud.xxxxxxxx.nethttp-01 challenge for nextcloud.xxxxxxxx.net
Cleaning up challenges
Some challenges have failed.IMPORTANT NOTES:
- The following errors were reported by the server:Domain: nextcloud.xxxxxxxx.net
Type: connection
Detail: Fetching
http://nextcloud.xxxxxxxx.net/.well-known/acme-challenge/dTkFfXItBI3Q886xxxxxxxxxxxxXeCA8Dz6mEyanU:
Timeout during connect (likely firewall problem)To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
You said you followed the linuxserver troubleshooting guide. So what happened? Did you do the test?
-
4 hours ago, TechMed said:
Hi @aptalca,
Since you appear to have a deep understanding of Let's Encrypt, I am wondering if when you have time, you would take a look at this post from earlier? Either I am missing something obvious or I am not using the correct search parameters to find the answer because I have looked for a while now. Thanks!
Roxedus already answered you there. It's a macvlan issue. You have some containers on macvlan, and they can't access the host or any service running on the host. That's a docker security feature.
-
1
-
[Support] Linuxserver.io - OpenVPN AS
in Docker Containers
Posted
Recommending a completely different protocol is not very productive in a thread dedicated to openvpn-as. Plus, wireguard is more of an alternative to vanilla openvpn, not openvpn-as as it requires manual config via cli.
Also, I happen to use wireguard and openvpn side by side as one acts as a backup to the other.