aptalca

I only got it when I accidentally enabled pgs subs (forced transcode) on a high bitrate h265 file on my low power server. If the transcode rate is less than 1x, you'll get that message. Could there be an issue with the write speeds on the drive that causes a bottleneck and a low transcode rate?

Do you have any authentication options set up in grafana by any chance? Dual auth could cause problems. I haven't used grafana but your proxy conf seems fine. Also what is "frequently"? Do you always leave a browser window open with grafana? Just curious

What is the validation error above that? Are you sure unraid is not using port 80?

There hasn't really been a significant change to the image. Our images do get refreshed for package and os updates weekly, that's why you see the update notification. The changelog on github or docker hub tells you the changes to the image other than package updates. In your case, make sure that the ip on duckdns matches your home ip. And also make sure that nothing changed with regards to the port mapping on unraid and port forwarding on your router. You can remove the only subdomains or set it to true but keep in mind that when you do so, it will try to validate the cert again and if there is a port related issue, it will fail. So you should perhaps wait until you figure out the connection issue before changing it. Another issue can be that your client ip may be blocked by fail2ban if you had isuues with authentication (not sure if you use htpasswd). Try connecting from a different ip, on a mobile phone through the cell connection, etc.

Wagging the finger was not the intention, apologies if it came across that way. Ironically, most of our support requests are from users who don't read the docs or the logs but in your case, you just read too much 😉 I have a love hate relationship with certbot because although they act like they make everything easy for the users, I feel that their efforts are misguided. Like that message for instance, they do go out of their way to spam their "just do certbot renew" every chance they get but in reality nobody wants to have to run a manual command every two months on each production server. Certbot should instead focus on their automation and non-interactive operations so we don't have to try so hard to hack it. Anyway, that's my rant for the day. Perhaps that's why I was more touchy than usual. It's a fragile system due to the hacks.

Did your ip change? Also not sure why you have only subdomains set to true. It prevents you from using yoursubdomain.duckdns.org with the cert but with no advantage

That is a certbot message, directed to our image, not you. So it is telling our image, not you, to run it "again". If you didn't manually use certbot to get the cert, don't manually use it to renew. Also a rule of thumb, don't exec into the container to run things unless you're specifically told to by the lsio team

I have a feeling you poked around a bit too much inside the image. You're really not supposed to be going in and running "certbot renew" manually. We certainly don't support that. Next time, just check the logs in the log folder. Certbot already attempts to renew every night "properly". If that fails, logs will tell you why. For starters, you need to stop nginx before you can renew the certs via http, which the image does during the auto renews.

That would have to be supported by the baseimage which was by a different author. If I recall correctly, there was already a way to define that. But honestly I haven't looked into this image in a while. I'll give it another look.

Glad it worked

Make sure the other container is named onlyofficedocumentserver with all lowercase and if it's listening on port 80, use http, not https in the proxy pass directive

It means it's stopping the services to restart the container. Nothing wrong. I don't understand what you mean about nextcloud and its ports. If you follow the directions in the readme, you shouldn't need to worry about ports. Post exactly what you did to get it to work, post copies of any file you modified. Otherwise we're shooting in the dark.

Renewals or validation don't get affected by nginx settings as letsencrypt/certbot puts up its own webserver during validation. Something changed in your system since the original validation that letsencrypt server is no longer able to access the container on port 80

You shouldn't need to force a renewal. Auto renewals are attempted daily. Check the log/letsencrypt folder to see what's going on

Start here:

Map a new folder in the container settings, say /mnt/user/www on the unraid side and /www on the container side. Then in your nginx site config, set the root directive to /www

I have 2 openvpn servers set up on mine. One on the router (pfsense), which is my main connection, and another on unraid as a docker container, which is my backup. I also have chrome remote desktop enabled on a windows vm on unraid as a backup to the backup

For the logrotate, you can map it as a path so container side it will be /etc/logrotate.d/fail2ban and host side would be wherever your custom file is at on your unraid. For the actions and filters, just put your new configs into the respective folders under /config as they are already made available for user customization. I used recidive in the past where regular bans were short lived (5mins) but if an ip got banned 3 times in a 10 hr period, they would be banned for a whole week. Never did anything longer than that.

I personally think it's a bad idea to expose the openvpn-as gui. If someone brute forces it, they can create their own vpn user and get on to your lan

Why are you trying to modify the logrotate config file?

Also, forward the port 443 and then go to https://www.yourcustomsubdomain.duckdns.org and if you see the placeholder page, letsencrypt is working fine. Then you can set up nextcloud reverse proxy

Sounds like somebody didn't read the readme. Read the readme under the folder /config/nginx/proxy-confs and it will tell you how to enable the preset proxy confs (hint: you just rename the file) Each proxy conf also tells you what you need to change (if any) in the external app.

No naxsi package module in alpine 3.8 repo

I believe you can just enable in the ssl.conf

Not sure about security but the main benefit of ldap is you can have different authentication levels for users and groups easily