-
Posts
3,064 -
Joined
-
Last visited
-
Days Won
3
Content Type
Profiles
Forums
Downloads
Store
Gallery
Bug Reports
Documentation
Landing
Posts posted by aptalca
-
-
I don't understand what the issue is. The certs are there, and the nightly renewal script is running successfully. So the container is running fine.
This didn't work initially, but I just recently updated the container and now have the following in my letsencrypt log file:
<-------------------------------------------------><------------------------------------------------->cronjob running on Tue Jul 25 02:08:00 PDT 2017Running certbot renewSaving debug log to /var/log/letsencrypt/letsencrypt.log-------------------------------------------------------------------------------Processing /etc/letsencrypt/renewal/box3.duckdns.org.conf-------------------------------------------------------------------------------Cert not yet due for renewalThe following certs are not due for renewal yet: /etc/letsencrypt/live/box3.duckdns.org/fullchain.pem (skipped)No renewals were attempted.No hooks were run.
I'm also getting the following readout in the nginx error log file (real IP address hidden):
2017/07/23 18:41:23 [crit] 742#742: *663 SSL_do_handshake() failed (SSL: error:14037085:SSL routines:ACCEPT_SR_KEY_EXCH:ccs received early) while SSL handshaking, client: xxx.xxx.xxx.xxx, server: 0.0.0.0:443
The nginx error log has to do with a client that tried to access your site. It could be an issue on their end or an issue with your site config or contents. I have no information to determine that. -
I'm using a single btrfs cache drive still. No problems. I added the other drives through unassigned devices
-
2 hours ago, jamesp469 said:
Thanks!
Network Type: bridge
Privileged: on
http: 81
https: 444
email: registered email address for DuckDNS
Domain Name: duckdns.org
Subdomain(s): test
Only Subdomains: true
Diffle Hellman: 2048
AppData Config Path: /mnt/user/appdata/letsencrypt
PUID: 99
PGID: 100
all ports are being forwarded correctly, and the duckdns docker is set up correctly as well.
Try restarting the container (not reinstall). There is an intermittent bug that pops up every once in a while on first boot, but works on a reboot. If that doesn't work, post the full container log
-
1 hour ago, stefer said:
Calibre server has no gui to change settings. It looks for the library at /config. Set that to your existing library location. It has to already be set up with calibre prior. Otherwise use the rdp version and create a new library and set it however you like
-
17 hours ago, jamesp469 said:
I'm having issues getting this up and running on my server; I am getting the following from my LetsEncrypt log:
/bin/sh: /app/le-renew.sh: Permission denied
Has anyone else experienced this, and does anyone have any potential solutions? I'm not exactly sure what permissions need to be enabled.
I don't experience it.
Please post your container settings and we'll take a look
-
Cheers for looking into it [emoji4]
Any luck so far? [emoji3]
Not an easy fix. There are a few options but none are really ideal. Currently discussing internally the best recourse-
1
-
-
Hi, how can I run an aspx website with this docker? The fastcgi protocol is already enabled for php, so it should just be some config file changes right? I'm not sure if the fast cgi mono server is included in this docker? Thanks for any help!
Never used aspx, so not entirely sure, but there is no mono in this image, so probably a no go. -
Anyone able to help me out with the 502 error i am getting? It would be greatly appreciated.
Nginx cannot connect to the reverse proxied servers. If you didn't change the nginx site config in a while, then you probably changed your router/firewall rules or something. Can you connect to Sonarr directly at 192.168.2.90:9898? -
This image is still supported.
There used to be a separate location mapped for transcode but now you can select a location in the plex gui so no need for that additional mapping. -
I assume adding or switching to the DNS method is non-trivial. Either way, thank you for your work on this docker.
Not feasible in an automated way -
8 hours ago, nexusmaniac said:
Shameless bump...
You're right. I realized I'm on an older version as well. We'll look into it.
Thanks
-
1
-
-
I tried to read through and figure out what the implications are, but it goes beyond me. It seems like if I own my domain yyyyy.com, I can get the wildcard certificate for *.yyyyy.com. Is that right? or am I totally off base?
Yes, that is correct about wildcard certs.
Letsencrypt (acme) uses a couple of different methods to verify that you control the domain. One is using a webserver and serving a custom file to the letsencrypt server. That is the method we use in this container.
Another method is to add a custom txt variable in the public dns settings of the domain, which letsencrypt reads to validate.
Unfortunately the wildcard domains will work only with the dns method. -
You can edit the nginx.conf but don't overwrite it with a config from another server or you'll break it. Nginx package from the ubuntu repo has very different defaults than this container which is alpine based, and uses s6 as the supervisor.
What you posted is just a snippet of the site config. And not related to the error you're getting.-
1
-
-
I just switched back to unRAID, and am working on getting the LE+Nginx docker setup. Nginx starts, but the logs are constantly being populated with the following:
2017/07/11 16:25:04 [emerg] 366#366: bind() to 0.0.0.0:82 failed (98: Address in use)2017/07/11 16:25:04 [emerg] 366#366: bind() to 0.0.0.0:444 failed (98: Address in use)
No matter what I put the port to in the docker config, or in the nginx.conf, these errors just stream across with the port I specified. Nothing is using those ports except for nginx. I'm able to access most of the proxy_pass (except plex, working on that too), but within just a few minutes, my error.log is growing huge. Anyone come across this before?
I suspect you highly modified the nginx. conf and perhaps removed the "daemon off" setting so it's trying to launch a second instance unsuccessfully.
Did you by any chance copy your nginx settings over from another install? If so, go back to defaults by deleting them and restarting the container. Then modify the defaults as needed.
If that doesn't work, post your container settings along with nginx and site configs and we'll take a look.-
1
-
-
15 hours ago, mattekure said:
I just read that LetsEncrypt recently announced that starting in Jan 2018, they will offer wildcard certificates for free. so you could have one for all the subdomains
DNS challenge only
https://community.letsencrypt.org/t/wildcard-certificates-coming-january-2018/37567/8
-
19 hours ago, mikeyw said:
All,
First of all ThanX!, I have been watching this thread for a while. it has helped me get letsencrypt/nginx running on my (Unraid)server with no real issues till now. I have a working nextcloud confg and I can get to my index page. (which I have modified slightly just so I know its mine) and can get my instance of couch potato running on my server. So now I am having issues with getting a rev proxy to my instance of home-assistant, I followed a thread bite from feb 17 about this but have tried the included config file with no success. So just looking for a little help. So here is what I have also done: copied my working nextcloud file an changed it accordingly. added the necessary stuff to the ha config file.
Now what I get is "502 Bad Gateway" when I go to https://subdomain.my_server.com
Here is a portion from the error log file:
2017/07/10 14:47:06 [error] 347#347: *1 SSL_do_handshake() failed (SSL: error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number) while SSL handshaking to upstream, client: ISP, server: SUBDOMAIN.myserver.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://0.0.0.0:port/favicon.ico", host: "SUBDOMAIN.myserver.com", referrer: "https://SUBDOMAIN.myserver.com/"
And here is the "site-confs" file:( just the one that seems to be the issue):
# This is the virtual host part that allows a subdomain include server { listen 443 ssl; server_name subdomain.my_server.com; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'there is really a key here'; ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass https://0.0.0.0:port/; proxy_max_temp_file_size 2048m; include /config/nginx/proxy.conf; } }
hopefully I didn't redact too much info for it to make sense but here it is. I am sure it is something that I missed, so I would appreciate some extra eyes.
ThanX in advance
Mikey
A couple of thing I noticed. . .
I am not sure if 0.0.0.0 is the real ip you are trying to reverse proxy or if that's your redaction. If former, that is incorrect. 0.0.0.0 in net=bridge will refer only to the letsencrypt container, not the host and not other containers. You can use the server ip to connect to a different container.
Also, you are trying to reverse proxy an https page. That is likely the reason you are getting the ssl handshake error (or a combination with a nonexistent service on 0.0.0.0 as referenced above). Try to use an http address for the reverse proxy.
-
Hi Mr. Aptalca,
Looks like the RDP-Calibre docker is broken. The RDP part does not load. Someone says that v. 3 of Calibre broke the RDP.
This is in my top 3 favorite dockers....
Thank,
H.
Works fine here. It wasn't the rdp part that broke, it was the built in server. It is now fixed but you have to enable in the gui settings. Details on docker hub description -
I want to restart nginx, without restarting the whole docker, prefferably by using
docker exec letsencrypt nginx -s reload
But all i get is
nginx: [error] open() "/run/nginx/nginx.pid" failed (2: No such file or directory)
Is there any easy fix i can do on my end?
s6-svc -h /var/run/s6/services/nginx -
-
Hi,
I am also interested how to add the new variable.
Br,
Johannes
Click on "Add another Path, Port or Variable" -
For google domains dns setting, see the link, second paragraph: https://haskovec.com/ssl-certificates-google-domains/
-
1
-
-
FYI, the new version of this image supports multiple domains through a new environment variable. Details are on the docker hub page
-
1
-
-
So I've also tried using google domain with the docker to failure like you and peruse the forums at letsencrypt and finally found one person that said create the A record and put the public ip. In you case 68.XXX.XXX.XXX ip, go to the section labeled custom resource records leave @ A 1H add your ip. then run the docker boom you'll get your cert.
Only drawback is if your IP changes you have to update google.
I don't understand why google is so hard and duckdns.org works flawlessly but i have a feeling they want to control that too and pay them money.
Every dns provider expects you to update your ip with them when it changes, including duckdns. Otherwise, how would they know what your new ip is? [emoji6]
Most of them have an api and they provide tools so you can automate that part if you want to.
-
Unlike other containers, this one is [...] actively supported!
Ouch, that hurt [emoji14]
Jokes aside, great job on the vnc baseimage [emoji106]-
1
-
(Support) Aptalca's docker templates
in Docker Containers
Posted