aptalca
-
Posts
3064 -
Joined
-
Last visited
-
Days Won
3
Content Type
Profiles
Forums
Downloads
Store
Gallery
Bug Reports
Documentation
Landing
Posts posted by aptalca
-
-
3 hours ago, mbc0 said:
Hi,
Thanks for the reply, as I said the container created the folder so not sure why it is not using 99:100 as it is in the template
The container doesn't touch media folders as they are not essential and they are user owned and managed. The container only fixes permissions on the config folder, which is essential for its own operations.
We used to fix permissions on media folders but for every person who wants that, there are ten people who don't
-
10 hours ago, mbc0 said:
Hi,
I have just replaced my download disk and now getting "Cannot change permissions of /downloads/incomplete"
I have deleted the folder and let the container re-create it and the permissions look fine, any ideas?
They need to be owned by user 99:100, not root
-
14 hours ago, PzrrL said:
By default, after installing the letsencrypt docker, when accessing mydomain.com or *.mydomain.com (except defined subdomain), we would land on a page with the following message:
<div class="message"> <h1>Welcome to our server</h1> <p>The website is currently being setup under this address.</p> <p>For help and support, please contact: <a href="[email protected]">[email protected]</a></p> </div>
May I know is there a way to return 404 or 444 or whatever error for any pages that I have not defined yet, like this page is totally inaccessible? For example, I defined cloud.mydomain.com under "letsencrypt\nginx\proxy-confs" to access my nextcloud docker. This means that only cloud.mydomain.com is actually redirecting to some meaning page.
Now, what I want is that only cloud.mydomain.com is redirecting to the expected site, but other thing else return error page, like you are going to a totally wrong page or typed wrong url, instead of the default HTML block shown above.
I tried to edit "nginx\site-confs\default", but then it will block all the pages and I cannot access them. Would anyone please give some advice please? thanks!
Create a new server block as a catch all, set it as default, and serve the 404 or block. That way anything that doesn't match another server block will match there
-
53 minutes ago, Jarsky said:
Yes that's all done fine, I can see the GPU in BOINC.
The problem is, it says it doesnt support OpenCL
Mon 25 May 2020 11:17:54 PM UTC | | CUDA: NVIDIA GPU 0: GeForce GTX 1070 (driver version 440.59, CUDA version 10.2, compute capability 6.1, 4096MB, 3972MB available, 6900 GFLOPS peak)They see the gpu even if you don't pass the gpu id. But they can't connect unless you pass it correctly
-
5 hours ago, Shamalamadindong said:
Anyone happen to know if there's a writeup or container coming up for Authelia? I noticed some config files were added.
It's in the works
-
2
-
-
1 hour ago, Vagus said:
I'm running into a strange situation where everytime I update SABnzbd I need to re-setup everything. As in I click update in the Unraid webui, it says update successful, then when I open the SABnzbd webui it has the configuration wizard, all my previous settings are lost. This has happened the past 2-3 updates, I just got a new update notification and I haven't run the update wondering if there is something I can do to keep from having to reconfigure everything?
Likely your volume mounts are incorrect
-
2 hours ago, Jarsky said:
I just switched my Unraid over to BOINC, and I was wondering if anyone has worked out how to get NVIDIA GPU going?
I'm using the Nvidia Unraid build by LinuxServer.io
On the BOINC Docker i've tried setting "NVIDIA_DRIVER_CAPABILITIES" to all
But just keep seeing these errors in BOINC Manager that the driver doesn't support OpenCL
2020-05-25 23:13:25.0738 [PID=30327] [version] Checking plan class 'FGRPopenclTV-nvidia' 2020-05-25 23:13:25.0738 [PID=30327] [version] parsed project prefs setting 'gpu_util_fgrp': 1.000000 2020-05-25 23:13:25.0738 [PID=30327] [version] NVidia device (or driver) doesn't support OpenCLDid you pass the gpu id?
-
1
-
-
7 hours ago, biggeek said:
Saw this today and curious if I should be concerned.
I did get a free license key, created a new variable as instructed and entered the key.
Downloading GeoIP2 City database.
tar: invalid tar magicPost your full log. It worked when I tested it
-
1 hour ago, uek2wooF said:
Restarting the container makes everything run fine again, for a week or so. The docker run command isn't really exposed for community apps in unraid that I can tell. I think it is somehow dynamically created. I don't really tinker with unraid much lately so I can't think of anything that has changed. I did add another nginx conf file for another host and this problem started a couple of weeks after that. But if there was a problem with the conf why would it work fine for a couple of weeks first?
It looks like 3 things run out of cron, logrotate, libmaxmindb, and /app/le-renew.sh. That last one is for renewing certs and it restarts nginx. I bet that one is the problem. I guess I will disable it and just set a calendar reminder to manually renew the certs.
You're manually running commands inside the container and heavily customizing it, therefore we can no longer provide support.
-
37 minutes ago, Killabee44 said:
Hello everyone,
I am having an issue with a certificate that won't renew automatically like it should. I did get notifications but have been too busy to tackle this issue. My cert expired last night.
Here is my letsencrypt log:
User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=America/New_York URL=mydomain.com SUBDOMAINS=server,nextcloud,sonarr EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=http DNSPLUGIN= [email protected] STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d server.mydomain.com -d nextcloud.mydomain.com -d sonarr.mydomain.com E-mail address entered: [email protected] http validation is selected Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for nextcloud.mydomain.com http-01 challenge for server.mydomain.com http-01 challenge for sonarr.mydomain.com Waiting for verification... Challenge failed for domain sonarr.mydomain.com http-01 challenge for sonarr.mydomain.com Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: sonarr.mydomain.com Type: dns Detail: DNS problem: NXDOMAIN looking up A for sonarr.mydomain.com - check that a DNS record exists for this - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the containerAnd here is an error I am getting over and over again in my Unraid log :
May 24 00:56:23 RSUNR nginx: 2020/05/24 00:56:23 [error] 7100#7100: *146195 connect() to unix:/var/tmp/letsencrypt.sock failed (111: Connection refused) while connecting to upstream, client: 192.168.1.29, server: , request: "GET /dockerterminal/letsencrypt/ws HTTP/1.1", upstream: "http://unix:/var/tmp/letsencrypt.sock:/ws", host: "rsunr"192.168.1.29 is the address of the desktop I use to access my Unraid server in my home network. Not sure about this error..
I did try to add and remove a subdomain in order to get it to renew the cert.
Please let me know if I should upload any other logs that can help troubleshoot this issue.
Thanks to anyone that can chime in and help.
It tells you right there in the log. Fix your dns entry for the sonarr subdomain
-
31 minutes ago, itlists said:
Is there a way to add more than 1 subdomain in the docker config?
Comma separated, no spaces
-
1
-
2
-
-
4 hours ago, bdzschau said:
I am trying to set up a Reverse Proxy with letsencrypt (letsencrypt works with other containers) and when I set up the proxy-conf I get a 502 Bad Gateway error.
Am I missing a step in setting up the Reverse Proxy?
502 means letsencrypt can't reach code-server. You likely forgot to put them in the same user defined bridge network
-
1
-
-
3 hours ago, splerman said:
I'm trying to configure my linuxserver/letsencrypt reverse proxy to do source-IP-based access control and authentication for various applications. I'm using sonarr as my test application (with its own authentication disabled). My intended restrictions are shown, below. It works for Private LAN, Guest Wi-Fi and Elsewhere. OpenVPN clients, however are being denied (403 Forbidden) even though they should be allowed. I'm using an iPad (Safari) as my test device since it is easy to disconnect from the LAN/Wi-Fi and reconnect via the VPN over LTE. I wonder/suspect that OpenVPN's use of NAT might be causing the problem. I also wonder if caching on the iPad/Safari is causing some unexpected results as certain inconsistencies seem to be happening over repeated test cycles. OpenVPN access is being provided by linuxserver/openvpn-as. Configs are all provided, below. Is it logical that NAT would cause problems? If so, is there a fix that can be done without changing the OpenVPN AS configuration? If the answer is to reconfigure the OpenVPN AS for routing instead of NAT, guidance on specifics are appreciated as I previously tried reconfiguring for Routing, but couldn't get it working (Changed OpenVPN's VPN config to use routing, added route in my internet access router such that Next Hop for 172.27.224.0/20 was the IP of the Unraid Server...Wasn't sure how to add a route in Unraid pointing 172.27.224.0/20 to the OpenVPN AS container, though....for now I've reverted back to NAT config).
My goal is as follows:
# Intended Access Restrictions and Authentication Requirements:
# Private LAN (192.168.1.0/24): Access Allowed; No Authentication
# OpenVPN Clients (172.27.224.0/20): Access Allowed; No Authentication
# Guest Wi-Fi (192.168.2.0/24): Access Allowed; Authentication Required
# Elsewhere (incl. Public Internet): DeniedHere's my docker run command for letsencrypt:
root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='letsencrypt' --net='proxynet' --privileged=true -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -e 'EMAIL'='[email protected]' -e 'URL'='xyz.com' -e 'SUBDOMAINS'='bazarr,calibre,ds-one,ds-two,jackett,jdownloader,mail,nzbget,ombi,qbittorrent,radarr,sonarr,speedtest,tautulli,unifi,unraid,webdav,www,nextcloud,onlyoffice,openvpn' -e 'ONLY_SUBDOMAINS'='true' -e 'DHLEVEL'='2048' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'PUID'='99' -e 'PGID'='100' -p '80:80/tcp' -p '443:443/tcp' -v '/mnt/user/appdata/letsencrypt':'/config':'rw' 'linuxserver/letsencrypt' c9d6dd6d8b23f11c7532f2a47582d1acaff3ee958a5aa1xxxxxde0c9e1d1f2e7 The command finished successfully!Here's my sonarr.subdomain.conf:
# Sonarr reverse proxy config for NGINX # File location: \\unraid\appdata\letsencrypt\nginx\proxy-confs\sonarr.subdomain.com # Modified from sonarr.subdomain.conf.sample # Make sure that your dns has a cname set for sonarr and that your sonarr container is not using a base url # Intended Access Restrictions and Authentication Requirements: # Private LAN (192.168.1.0/24): Access Allowed; No Authentication # OpenVPN Clients (172.27.224.0/20): Access Allowed; No Authentication # Guest Wi-Fi (192.168.2.0/24): Access Allowed; Authentication Required # Elsewhere (incl. Public Internet): Denied # Set $allowed_ips to 1 if the client ip is in an allowed range else set to 0 to deny. geo $allowed_ips { default 0; 192.168.1.0/24 1; 192.168.2.0/24 1; 172.27.224.0/20 1; } # Set $authentication to "Authentication Required" if nginx authentication required of the client ip # else set to "off". geo $authentication { default "Authentication Required"; 192.168.1.0/24 "off"; 192.168.2.0/24 "Authentication Required"; 172.27.224.0/20 "off"; } server { listen 443 ssl; listen [::]:443 ssl; server_name sonarr.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # if allowed_ips is 0, then the login is from an IP address that is excluded, so return 403 Forbidden if ( $allowed_ips = 0 ) { return 403; } # if authentication is required, $authentication set to "Authentication Required" above, # otherwise, $authentication set to "off" above. auth_basic $authentication; auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app sonarr; set $upstream_port 8989; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } location ~ (/sonarr)?/api { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app sonarr; set $upstream_port 8989; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } }My openvpn-as docker run command:
root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='openvpn-as' --net='bridge' -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -e 'PGID'='100' -e 'PUID'='99' -p '943:943/tcp' -p '9443:9443/tcp' -p '1194:1194/udp' -v '/mnt/user/appdata/openvpn-as':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/openvpn-as' f346af968420c62654e0ee992debd831a24b313eb0e71xxxxxfafd28641111 The command finished successfully!My OpenVPN AS VPN Config:
Check the nginx logs to see what ip is listed as the source when you connect over vpn. I suspect it will look like the openvpn container ip as everything is nat'ed through that
-
1 hour ago, Unixsystem said:
Any chance for an update to 440.82?
Addressed in the first port
-
1
-
-
8 hours ago, Jaster said:
How can I drill down the issue? I haven't remaned the container and the port is pretty straight forward. It work for several other containers, but not for nextcloud.
Can't say without seeing your settings
-
28 minutes ago, License said:
Has anybody encountered any of these errors before? This shows when you go to the Unraid Nvidia settings.
Looks like networking issues
-
9 hours ago, hawihoney said:
Sure, did point previous posters to the reason of their problems. The link in my post can help to identify problems on duckdns side as they don't have a status page AFAIK.
My bad, missed the link
-
9 hours ago, hawihoney said:
DuckDNS.org seems to have Problems. I can't reach my sites any longer. This is the second time in a week now.
https://intodns.com/duckdns.org
We're not the admins of duckdns service.
-
8 hours ago, Tucubanito07 said:
This is the config i am using under letsencrypt/nginx/proxy-confs/ # REDIRECT WWW TO https://[domain.com] server { listen 80; listen 443 ssl http2; server_name www.domainame.com; return 301 https://domainame.com$request_uri; } # REDIRECT HTTP TRAFFIC TO https://[domain.com] server { listen 80; server_name domainame.com; return 301 https://domainame.com$request_uri; } # BLOG SITE server { listen 443 ssl http2; server_name domainame.com; ## Source: https://github.com/1activegeek/nginx-config-collection ## READ THE COMMENT ON add_header X-Frame-Options AND add_header Content-Security-Policy IF YOU USE THIS ON A SUBDOMAIN YOU WANT TO IFRAME! ## Certificates from LE container placement ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ## Strong Security recommended settings per cipherli.st ssl_dhparam /config/nginx/dhparams.pem; # Bit value: 4096 ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 ssl_session_timeout 10m; ## NOTE: The add_header Content-Security-Policy won't work with duckdns since you don't own the root domain. Just buy a domain. It's cheap ## Settings to add strong security profile (A+ on securityheaders.io/ssllabs.com) add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; #SET THIS TO index IF YOU WANT GOOGLE TO INDEX YOU SITE! add_header Content-Security-Policy "frame-ancestors https://*.$server_name https://$server_name"; ## Use *.domain.com, not *.sub.domain.com (*.$server_name) when using this on a sub-domain that you want to iframe! add_header X-Frame-Options "ALLOW-FROM https://*.$server_name" always; ## Use *.domain.com, not *.sub.domain.com (*.$server_name) when using this on a sub-domain that you want to iframe! add_header Referrer-Policy "strict-origin-when-cross-origin"; add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;"; #FEATURE POLICY: READ MORE HERE: https://scotthelme.co.uk/a-new-security-header-feature-policy/ proxy_cookie_path / "/; HTTPOnly; Secure"; ##NOTE: This may cause issues with unifi. Remove HTTPOnly; or create another ssl config for unifi. more_set_headers "Server: Classified"; more_clear_headers 'X-Powered-By'; client_max_body_size 0; root /config/www/wordpress/; index index.html index.php; location ~ /\. { deny all; } location / { try_files $uri $uri/ /index.php?_url=$uri&$query_string; } # PHP location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; # With php7-cgi alone: fastcgi_pass 127.0.0.1:9000; # With php7-fpm: #fastcgi_pass unix:/var/run/php7-fpm.sock; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } fastcgi_buffer_size 4K; fastcgi_buffers 64 4k; }When you say tag do you mean like this? @saarg
You have way too many modifications there. Either contact the author of the guide you used, or use our guide here: https://blog.linuxserver.io/2019/04/25/letsencrypt-nginx-starter-guide/
-
40 minutes ago, Tucubanito07 said:
Hey guys. I have followed this site to create a website using Wordpress but when i go to the https://servername.com it goes to my nextcloud. However, when i go to https://www.servername.com it gives me this site can be reached. Can someone help me figure out the issue please? i am using the EXTRA_DOMAIN parameters and i dont see the name of the domain i use on the logs. I only see the others from my DNS provider.
Post what you changed/tried to make it work and we'll take a look
-
1 hour ago, Marshalleq said:
Thanks - yeah in my original it says Imap - but recognise easy to overlook, you have a huge job responding to all these requests! Many thanks for the info, will check it out!
Marshalleq
Oh yeah I did overlook on mobile 😄
I thought you were trying to send emails from within the container.
That's exactly what you want for proxy. The nginx.conf I believe has a very basic sample in there which you can enable and modify: https://github.com/linuxserver/docker-letsencrypt/blob/master/root/defaults/nginx.conf#L85
-
12 minutes ago, Ccheese4 said:
I'm following the SpaceInvaderOne video on setting up a Reverse Proxy with LetsEncrypt and I've run into a permissions issue.
At around 20:00 in the video, he's editing the configuration files in the appdata/letsencrypt/nginx/proxy-confs folder. He saves the file directly into the proxy-confs folder, but I'm unable to do that. I get "Destination Folder Access Denied. You need permission to perform this action." whenever I try to save a file, or rename a file in that folder. I'm accessing it through Windows Explorer. I do have read/write access to the nginx folder right above this one. I can't figure out how to get permissions to this folder. Has anyone had this issue setting this up? How do I get permissions to this folder?
I recommend unraid console for those operations. Simple "cp sourcefilename targetfilename" will do what you want. And use "nano filename" to edit files
-
2 hours ago, bombz said:
I have setup port forwarding for 80 and 443 -> custom port for letsencrypt
letsencrypt is using using a different network 'proxy'
Perhaps I am confused and not understanding as I am learning this.
Following the video guide nginx was not referenced.
reading the troubleshooting guide I was reading about nginx and thought letsencrypt handled what nginx did or does.
nginx container needs to run alongside letsencrypt?
I will feel terrible if that's the case this is new to me.Also I have been fiddling with letsencrypt restarts too many times that I am now at a standstill as I have received from letencrypt "too many failed authorizations recently"
as far as I know I am required to wait up to 1 week before I can try again 😞
binhex nginx is installed
80 > 8080
443 > 8443
Cannot hit nginx from outside the networkSmh. You see the linuxserver version and the binhex version side by side in your screenshot and you still select the binhex version. Why? Not that there is anything wrong with that version, but I'm asking you to follow the simple steps outlined in the troubleshooting article. We put a lot of time into it and it gets frustrating when users still don't follow them even when we spell them out step by step.
The whole point of the troubleshooting article is so you can make sure that your ports are properly mapped and forwarded and that the container is accessible from the internet. Only then, you should try to set up letsencrypt. Otherwise there are too many reasons why it can fail and as you experienced, if it fails a bunch of times, you're throttled.
So read the directions carefully.
-
2 hours ago, bombz said:
Yes I followed them.
I have also completely removed the docker and the files in appdata to start a fresh install. Have the ports and fw rules set, can ping the domain successfully, I can hit the domain service on the direct port with a port forward rule directly to the service.
I have rebooted modem and gateway etc.
can't seem to get the docker app to talk
Still have:
http-01 challenge for domainnamehere
Cleaning up challenges
Some challenges have failed
Domain: domiannamehere
Type: connection
Detail: Fetching
http://domainnamehere/.well-known/acme-challenge/long string of data (I do not see this folder anywhere under the letsencrypt folder via SSH)
Error getting validation data
I have added the default config from letsencrypt/nginx/site-confs/
not sure if this will help
there are also no logs being created on /var/logs/letsencrypt - as stated in the error window
Did you set up nginx with the same port mappings as letsencrypt and can see the welcome page when you connect to your domain on http port 80 via cell phone with wifi disabled?
[Support] Linuxserver.io - SABnzbd
in Docker Containers
Posted
99:100 you set that in the template as PUID/PGID