aptalca
-
Posts
3064 -
Joined
-
Last visited
-
Days Won
3
Content Type
Profiles
Forums
Downloads
Store
Gallery
Bug Reports
Documentation
Landing
Posts posted by aptalca
-
-
8 hours ago, StudiesTheBlade said:
Are there any special settings I need to set to get nested subdomains working? I've got no issues with certificates for my root and first-level subdomains, but the second-level nested aren't getting added to the cert.
I'm using cloudflare and dns verification
Example A records:
A example.com <ip> <-- OK A *.example.com <ip> <-- OK A *.subdomain.example.com <ip> <-- Cert invalid when navigating to site
Set EXTRA_DOMAINS to *.subdomain.example.com
-
1
-
-
11 hours ago, xxbigfootxx said:
If it's not supported does that mean that i'll have to stick with the local adresses instead of using the subdomain?
Then you can do split dns, where your local dns server will tell clients to connect to the local ip when they request the domain.
-
6 hours ago, KoNeko said:
I turned on Privileged and it works for the website and bitwarden.
bitwarden only on the login part it still shows the site.
That's because cap-add is not an environment variable so you did not set that correctly. You need to pass it in extra parameters
-
7 hours ago, KoNeko said:
i have setup the letsencrypt docker (soon to be a other name i was reading) with the fail2ban
i got bitwarden running. i added some filters etc.
but when open a terminal session on the letsencrypt docker and type
iptables -L
i get this error
iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.and seeing there isnt a Sudo.
in the fail2ban log
2020-08-12 21:14:50,008 fail2ban.utils [388]: ERROR 147d3985c450 -- exec: iptables -w -N f2b-bitwarden
iptables -w -A f2b-bitwarden -j RETURN
iptables -w -I INPUT -p tcp -j f2b-bitwarden
2020-08-12 21:14:50,008 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: "iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)"
2020-08-12 21:14:50,008 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: 'Perhaps iptables or your kernel needs to be upgraded.'
2020-08-12 21:14:50,008 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: "iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)"
2020-08-12 21:14:50,009 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: 'Perhaps iptables or your kernel needs to be upgraded.'
2020-08-12 21:14:50,009 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: "iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)"
2020-08-12 21:14:50,009 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: 'Perhaps iptables or your kernel needs to be upgraded.'
2020-08-12 21:14:50,009 fail2ban.utils [388]: ERROR 147d3985c450 -- returned 3
2020-08-12 21:14:50,009 fail2ban.actions [388]: ERROR Failed to execute ban jail 'bitwarden' action 'iptables-allports' info 'ActionInfo({'ip': 'ip.ip.ip.ip', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x147d392323a0>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x147d39232a60>})': Error starting action Jail('bitwarden')/iptables-allports: 'Script error'Post your docker run
-
9 hours ago, Stubbs said:
[edit] I assume it's as simple as adding a new variable with the key EXTRA_PARAMETERS?
How does it work with subdomains? Does it share the same subdomains parameter above? How does the docker container tell which subdomains belong to the first URL, and which ones belong to the extra parameter URL?
Also are there any extra steps needed with cloudflare DNS?
The readme explains it in detail. It has nothing to do with subdomains. You need to define full urls (fqdn) in that variable
-
3 hours ago, Stubbs said:
If I wanted to start a new domain alongside my current one, would I have to make another Letsencrypt container? Or is there another way?
There is an extra domains variable. No need for another instance
-
3 hours ago, Virtual said:
It works but i get this in the log, whats wrong ?
That's harmless
-
13 hours ago, EgillSkallagrimsson said:
Any idea when this will be updated to version 3?
When the ppa is updated
-
8 hours ago, Energen said:
Unfortunately I don't. Not very familiar with htaccess.. only ever used it once for a basic website. Way, way long ago.
You may be able figure something else by anyone else that had the same problem. I googled ".htaccess load resources" and came up with the resource problem.
You may find some stuff here that's useful, all about the htaccess file... especially the SSI includes section.. that might be relevant.
https://www.whoishostingthis.com/resources/htaccess/
And not sure if this is useful at all, https://www.htaccessredirect.net/
.htaccess is an apache thing. What you need to look into is .htpasswd
-
8 hours ago, crazykidguy said:
Hi, I'm getting the following error trying to use Emmet expansions:
Running the contributed command: 'emmet.expandAbbreviation' failed.
Here are my setting configs:
I thought it was because I messed up some config but I removed the docker + wiped appdata folder but the issue persists. I get the expansion error trying to expand ! or anything like ul>li*3 for example.
Is this a code-server issue?
That's really a question for code-server
-
8 hours ago, Eyeheartpie said:
So, I'm dumb and just realized the container I was using for calibre has been deprecated for like a year now. Is there a way to reuse the config from the previous one, or will I have to manually recreate the configurations, like auto-import and convert on import and such?
I was using the aptalca/docker-rdp-calibre container, support thread here:
Iirc there were some minor changes to where things are stored under config. So I recommend setting up the new one fresh, and then you can copy over your books and database to the correct locations
-
12 hours ago, KoNeko said:
I have a problem with fail2ban it does not seems to ban anything that i try.
When i got to mydomain.com/doesnotexcist and i keep changing it it does not ban the IP after X amount of tries.
Before it didnt even give a error when i go to a url that does not excist.
That i got Fixed by commenting this out.
# location / { # try_files $uri $uri/ /index.html /index.php?$args=404; # } # # location ~ \.php$ { # fastcgi_split_path_info ^(.+\.php)(/.+)$; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # include /etc/nginx/fastcgi_params; # }Now when i go to a url that does not excist i get a
404 Not Found
nginx/1.18.0
error.
i also see the line in the error.log.
root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='letsencrypt' --net='br0' --ip='192.168.1.15' -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e 'TCP_PORT_80'='' -e 'TCP_PORT_443'='443' -e 'EMAIL'='' -e 'URL'='' -e 'SUBDOMAINS'='www,' -e 'ONLY_SUBDOMAINS'='false' -e 'DHLEVEL'='4096' -e 'VALIDATION'='dns' -e 'DNSPLUGIN'='transip' -e 'PUID'='99' -e 'PGID'='100' -v '/mnt/user/appdata/letsencrypt':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/letsencrypt' 3628795c34f972e77adddacacedbfab0df03244672aa54a1563b2daf1b5d55e4 The command finished successfully!When i create the docker i added also the "--cap-add=NET_ADMIN" at Extra Parameters:
not sure if it needs to be there or somewhere else.
but still it isnt blocking any ip's
When i check on unraid terminal and i type the following commands
Docker exec -it letsencrypt fail2ban-client status nginx-deny Status for the jail: nginx-deny |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- File list: /config/log/nginx/error.log `- Actions |- Currently banned: 0 |- Total banned: 0 `- Banned IP list: root@tower:~# docker exec -it letsencrypt fail2ban-client status Status |- Number of jail: 4 `- Jail list: nginx-badbots, nginx-botsearch, nginx-deny, nginx-http-authit seems to be working, But when i do.
docker exec -it letsencrypt /bin/bash Iptables -S -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPTNon of the rules/ports etc are there.
Easiest way to test is, turn http auth on for some service, enter the password wrong a few times. Boom, banned.
-
1 hour ago, ChIck3n said:
Ok, little confusion in wording here I guess. My LAN IP is 192, I know not to use this. The WAN IP of my router is the one starting with 10. The one DuckDNS reports is the one starting with 96. 96 is what all the "find IP" websites return as well, and shows all the correct data for my ISP. The only info on the 10 address is that it is a LAN IP, but this router is plugged directly into the ISP provided fiber network box. I'm at a loss here, it's like my ISP is running me on an internal LAN or something?
Nope, no VPN is enabled on my end. All my devices return that IP when I go to IP check websites, but the WAN IP on my router is different. The one DuckDNS reports has all the correct info for my ISP, so it's not like it's getting bad info, but it's just not the one on my router. More and more it's looking like something weird my ISP is doing, but I'm not sure.
Sounds like your isp put your router behind a nat, so your router is not getting the public ip (10.x.x.x are typically private addresses). The public ip address seems to be the one starting with 96.
What kind of fiber box are you using? Is it a router? My isp has a fiber ont on the outside of my house, which is the equivalent of a modem. They also tried to sell me their router which they claim is required for tv capability. If you have that and connected your own router to it, then you're double natted.
I refused their router and instead hooked up my own router (pfsense) directly to the ont unit via Ethernet so my router gets the public ip directly (I don't care for tv service).
-
IP checks including duckdns' auto check rely on pinging a remote server and asking the remote server to respond back with the address they see the request coming from.
Somehow your internet connection is going out through that IP you're seeing but don't recognize.
Does your internet connection go out through a vpn? If so, that's your vpn provider's IP
-
9 minutes ago, DeathByDentures said:
Is there a way to edit a perf-conf file to direct traffic to an external machine?
Basically I had this setup and working with my tautulli and Letsencrypt in dockers on my server. I've moved my tautulli installation to an external machine for better tracking and notifications. However, I'd like to forward the traffic that was going to my old docker via tautulli.mydomain.com to my new one on the network. I've got my ports opened up, I tried some basic changes to the tautulli.subdomain.conf, but no luck.
I'm not even certain this is possible. But I figured I'd ask! Thanks!Post your setup details and post what you tried and we'll take a look. If you redact sensitive info, keep the structure, don't redact the whole thing ie. https://redacted.com/blah:444
-
6 hours ago, mbc0 said:
Hi,
Thanks for your reply but I have the same issue if the appdata is in the cache drive or on an unassigned drive, it makes no difference. Maybe a re-install would be the way forward but I am unable to backup first.
If you're doing a chown -R on unraid console and the files are still owned by root, you have deeper issues with unraid. That's not related to docker at all.
-
5 hours ago, buellmule said:
DOOOH! Thank you!!!!
I thought since I changed the port to 8018, I needed to in the conf file. ALl fixed and working in less than 30 min. THANK YOU!Read our documentation. It's explained very clearly there.
-
6 hours ago, mbc0 said:
Hi, can anyone help with this please?
Many Thanks 🙂
Likely an issue with how you mounted the drive. You should ask in the unassigned disks thread as it's not related to sab or docker
-
5 hours ago, Nosirus said:
Is it really useful to create a proxy network? What's the point of doing it?
I guess it must be awkward with the wireguard plugin unless you're using Heimdall or organizr ?
It's just another bridge network like the default bridge all containers run on by default. The difference is, user defined bridge allows containers to connect to each other via container names as dns hostnames.
-
24 minutes ago, bigbangus said:
I came across this in my letsencrypt container log. It's the only highlighted text and everything seems to be working ok, but I don't want to be complacent.
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)I'm currently trying to resolve some nextcloud iOS app camera roll upload issues and just making sure this isn't related.
Not related, just an alert
-
1
-
-
8 hours ago, andyd said:
In case this is an issue for anyone else using multiple subdomains: don't use spaces between the domain and comma. it will fail to pick up the domains correctly
That's why the readme states "comma separated, no spaces" 😉
-
1
-
1
-
-
6 hours ago, isvein said:
So I take it once the nvidia drivers are part of core unraid, this version will be no more?
That's right
-
1 hour ago, TangTrapper said:
saarg, thanks for the reply!
I am still getting a 502 error when using the reverse proxy, I feel like it has something to do with the listening port for the HTTP as the logs still show: 'info HTTP server listening on http://0.0.0.0:8443' which is not the port that the container should be using, which is why i'm thinking its hard coded into the application/docker itself.
I had to do something similar with Wiki.js under config.yaml when Rocket.Chat took over port 3000 I had to update the port (outside of the initial container config) in order to get the reverse proxy running. The picture below is with vi config.yaml inside of wiki.js. Proxy would not work until i changed the port: 3000 to a different ip with BindIP: 0.0.0.0 | even though the host port was different. [Different problem but same situation]
Code-Server proxy works fine if i disable the Unifi-Controller and Revert Code-Server port in nginx config back to internal port 8443 and the mapping port.
I must be missing something but not sure what.
Thanks again,
Don't change the port in the proxy confs. They refer to internal container ports.
If you're reverse proxying that way, you don't even need to map a port for the container, you can remove them. Or set then to whatever, it doesn't matter.
-
1 hour ago, capt.shitface said:
Ohhh! i found the problem!
After weeks of troubleshooting, reinstalled routers and support-tickets to my ISP i found the problem!
I use DynDNS on OPNsense to update my ip to loopia.se and my subdomain www.mydomain.se was not in there! Just the other subdomains (nextcloud, plex etc...)
I added www to the dyndns-client and now it works!
Thanks for the help, im gonna remove my pics and domain info now from the thread just to be safe
Again thanks for your time and help!Glad to hear you figured it out, but it sounds like you didn't follow the troubleshooting guide properly as that test would tell you the IP was not correct for that subdomain
[Support] Linuxserver.io - Code-server
in Docker Containers
Posted
See here: https://github.com/cdr/code-server/issues/1284
It looks like because they are closed source, they are not included in code-server marketplace. But you can install them manually