Everything posted by aptalca
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
See here: https://blog.linuxserver.io/2019/04/25/letsencrypt-nginx-starter-guide/ And here: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/
-
[Support] Linuxserver.io - OpenVPN AS
It looks like your config folder is borked. Restore from a backup or start fresh
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
This container does not update your ip on your dns provider. That's your responsibility. This container only does the domain validation through various methods (through cloudflare in your case).
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
It can't connect to your app at http://192.168.1.252:8282/ but you don't even show a proxy conf for that proxy address in the site conf you posted. What happens when you try to access https://yourdomain from a cell phone with wifi turned off? And what happens when you go to https://externalip from a cell?
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Thanks for the kind words. 1) proxy_pass should use the host_ip:port for bridged containers and IP:port for any other service that may also be on a remote machine, but I have a feeling you're using macvlan (docker container has its own IP) and if that's the case, macvlan blocks connections between the container and the host (and any other container or service that is using the host's IP) as a security feature so it won't work. 2) If you're referring to incoming connections, then they all should go through letsencrypt reverse proxy. If you're referring to outgoing, then I'm currently putting them on macvlan so they have their own IP and set a LAN rule on pfsense to route their IP (source) through the WAN gateway. But I only have a couple of those (duplicati and rclone) and I don't/can't reverse proxy them due to the macvlan restriction I mentioned above.
-
[Support] Linuxserver.io - Code-server
Code server is hosting their own marketplace because the licenses prevent them from accessing the official Microsoft marketplace. There may be some issues with some of the extensions. You should report them to code server on github. Especially on v2, the development tag of this image, many extensions are not yet working.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
If your unraid gui is using ports 80 and 443, then http and https connections to your domain will go there. Change those ports and map letsencrypt to those ports
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
On the duckdns website, set the IP to the local IP of your unraid server
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Just delete the proxy confs you don't need. The samples get auto generated on container start
-
[Support] Linuxserver.io - Code-server
Base is not ignored, everything gets copied over. That's why it's from scratch and it only copies the necessary files into the image so you don't overwrite critical things in the code server image
-
[Support] Linuxserver.io - Code-server
No, you don't create a new image based on ours. See the dockerfile here: https://github.com/linuxserver/docker-mods?files=1 Dockerfile basically imports the root folder, which contains the necessary init and service files. You're essentially using docker hub to host your files in a single tar archive. Then with our image, you specify the mod repo so the container retrieves and extracts the custom init and service files to be executed. Init files install stuff and make changes to the data, service files manage apps and executables. Hop on our discord if you want to discuss that further.
-
[Support] Linuxserver.io - Code-server
This is the best approach: https://blog.linuxserver.io/2019/09/14/customizing-our-containers/ If you think others may be interested, you can publish your mod for it, which can be pulled into the main image by any user
-
[Support] Linuxserver.io - Code-server
development tag is already live. Going forward, latest will be stable releases from their github and development will be pre-releases from their github, whatever version they may be
-
[Support] Linuxserver.io - OpenVPN AS
Github and docker hub pages linked in the first post have the most up to date info You can also check out this blog article for some examples: https://blog.linuxserver.io/2019/04/25/letsencrypt-nginx-starter-guide/
-
[Support] Linuxserver.io - OpenVPN AS
Yes, you can do that. Just use different ports. I have 2 openvpn instances on my network, one's a backup for the other
-
[Support] Linuxserver.io - OpenVPN AS
Not if you do dns or duckdns validation
-
[Support] Linuxserver.io - DuckDNS
For duckdns, "update" means IP changed. If your ip doesn't change, it will tell you that it wasn't updated. When you try a manual update on their website, it says it is not updated because your ip is still the same as the record.
-
[Support] Linuxserver.io - OpenVPN AS
Reverse proxy for pretty addresses for containers. You don't have to expose your reverse proxy url outside of your lan. You can vpn in like you do, then enter sonarr.domain.com in the browser and you get sonarr
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Dhparams file is created during container start if it doesn't already exist. It can take a very long time. I guess if the process is somehow disturbed during that time, you may end up with an empty or a corrupted file. Nginx fails to start because it can't read the file.
-
[Support] Linuxserver.io - OpenVPN AS
I don't understand why you'd need a local dns server. With bridge networking, everything is going to be on your server ip. You just reach them at different ports. Just set up our letsencrypt image and reverse proxy them at subdomains. Then set up heimdall as your homepage with pretty buttons for them all, voila
-
[Support] Linuxserver.io - OpenVPN AS
If all you want are those two things, why don't you just run everything with bridge networking? No need to overcomplicate your setup. I only have two containers on macvlan, and the only reason for that is, my whole internet connection goes through a vpn and I wanted to be able to bypass the vpn gateway for those two containers. I do it via an IP based routing rule in pfsense. Everything else is on bridge.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Not off base, it's a valid argument, but not a simple one. I personally think the benefit of fail2ban far outweighs the potential risk. I mean, I heavily rely on fail2ban for ddos and brute force protection by using http auth with most of my proxied apps. Fail2ban reduces the likelihood of my server getting pawned. As long as I'm not pawned, I don't have to worry about net admin. Also keep in mind that most web servers run nginx directly on the host OS, and it already has net admin capability plus a whole lot more. Nginx service runs as root (the workers run as unrpivilieged users). Here at least nginx is somewhat sandboxed inside a container.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Not sure why it's taking 3-5 minutes for you but it essentially downloads the new geoip database if it's a newly created container. I'll change it so the database resides in the config folder so it would only download once. Until then, you can map an empty file here and it won't download: https://github.com/linuxserver/docker-letsencrypt/blob/master/root/etc/cont-init.d/50-config#L253
-
[Support] Linuxserver.io - Ombi
Can you report it to ombi on GitHub? It sounds like an ombi bug.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Don't change the proxy conf. In the browser go to address https://jellyfin.xxxxx.duckdns.org