aptalca
-
Posts
3,064 -
Joined
-
Last visited
-
Days Won
3
Content Type
Profiles
Forums
Downloads
Store
Gallery
Bug Reports
Documentation
Landing
Posts posted by aptalca
-
-
2 hours ago, CiaoCiao said:
Hi,
Is it possible, while using nginx as a reverse proxy, to forward traffic to a VM in Unraid depending on the subdomain the client requested?
Yes
-
2
-
-
8 hours ago, Marshalleq said:
I was more thinking along these lines:
https://www.nginx.com/resources/wiki/start/topics/examples/imapproxyexample/
Apparently nginx needs to be compiled with special support for the mail directive.
That's imap proxy, completely different.
But in any case, nginx is already compiled with mail in our image
-
54 minutes ago, bombz said:
Thank you,
Yes I saw this a few posts back, went over it. Everything seems to be good on that front.
I also followed 'Spaceinvader' video tutorial as wellFollow those steps exactly
-
1 hour ago, Marshalleq said:
Hi all, anyone know if the lets encrypt container supports the mail directive? Am trying to use it to proxy imap and smtp. Many thanks.
I believe there is sendmail in there
-
49 minutes ago, Bleak said:
Added --cap-add=NET_ADMIN to extra parameters.
Found it somewhere in a forum apparently it should be mentioned somewhere that you need this but could not find it.
Perhaps you should read the readme linked in the first post
-
5 hours ago, guilhem31 said:
I saw that accessing to this adress via WIFI gets me this error page, while accessing via LTE network shows me a 500 Internal Server Error
So I looked into the Nginx error logs :
2020/05/07 08:55:09 [error] 415#415: *66 connect() failed (111: Connection refused) while connecting to upstream, client: 37.171.xxx.xxx, server: radarr.*, request: "GET / HTTP/2.0", subrequest: "/auth", upstream: "http://45.13.xxx.xxx:7878/auth", host: "radarr.nasdoury.ovh" 2020/05/07 08:55:09 [error] 415#415: *66 auth request unexpected status: 502 while sending to client, client: 37.171.xxx.xxx, server: radarr.*, request: "GET / HTTP/2.0", host: "radarr.nasdoury.ovh"
I don't understand the problem at all ^^
Post the proxy conf you used
-
2 hours ago, fireflower said:
seems like this version doesn't support "Finish and stop folding", instead it just starts a new WU.
My guess is that option tells the software process to quit (rather than pause). However, the supervisor is set to restart the process whenever it quits (like when it crashes). So the app itself stops, but is promptly restarted by the container.
-
3 minutes ago, Revrto said:
Thats, what I was thinking about doing but I cant figure out a way to have letsencrypt pass through a valid cert to unraid and point it at that IP. Much less doing that while restricting access to that device to only the local network. Similar to the pfSense example in my second question.
You don't need to provide certs to anything else. You can reverse proxy. You'll also still be able to access unraid on port 80 with http via its ip. If you want remote access, reverse proxy it. You can use allow/deny statements to control access. There is a post here on one of the last couple of pages about that.
-
28 minutes ago, afkrejci90 said:
It pulled the update, so its not a network issue. I deleted the docker and everything in the appdata folder and did a fresh install. Made sure all of the ports were open and still cannot access the webui or access it through any app.
"Did a fresh install, can't access the gui" you do realize that's like emailing your auto mechanic and saying "I bought a new sedan, it doesn't go. What's the issue?", right? How do you expect us to help you with that little info?
-
44 minutes ago, CiaoCiao said:
Hello everyone,
I am setting up Letsencrypt following SpaceInvaderOne's video tutorial.
I am having a hard time getting the validation process to pass successfully.
I own a domain name and my IP is static, so I did not enter "duckdns.org" in the container settings since this would be useless. I entered my custom domain name instead.
Also, I have already created two subdomains which are pointing at my public static IP.
The HTPP and HTTPS ports I entered in the container template before installing are forwarded to my Unraid server's local static IP.
I should probably also mention I think it is weird that the Letsencrypt container is displayed in the Dashboard tab but not in the Docker tab...
Could you please give me a hint as to what to check or change to get this to work?
Thank you in advance.
Here are the logs :
Follow this: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/
-
1
-
-
9 hours ago, Revrto said:
All,
Any help you all can provide would be greatly appreciated. I am stuck in a “less than desirable” network layout and have been beating my head against this wall for the past few days and I am at a loss. Apologies in advance for the book.
Background: I have started experimenting with the letsencrypt docker as a reverse proxy to access services externally and so far, external services are working. I purchased my own domain name and have that CNAME point over to DuckDNS. I am using a pfSense VM on Unraid as my router and configured everything as Spaceinvader One recommends. Unfortunately, I am in an apartment with a roommate who refuses to let his devices fall under my network because he does not want a chance of his games being disrupted. So, I am currently forced to have my pfSense router double NAT underneath his Spectrum(ISP) provided router (I know that is terrible and it does pain me to say it). I was able to place my pfSense router in the DMZ on his router to at least get external services working. (i.e. nextcloud, etc.) However, even though pfSense supports NAT reflection the ISP router does not. So, I cannot access the devices through their domain name (i.e. nextcloud.mydomain.com) and thus do not have https connections on the local network. I thought this would not be a big deal and I would use DNS host overrides in pfSense to do a Split-DNS, however the pfSense host override does not allow DNS host assignments to IP and port (i.e. 192.168.1.5:443). It goes straight to port 80/443. This ends up that anything I try to resolve on the server dumps me at the Unraid WebUI.
Objectives: Hopefully, that is enough background. My two objectives I cannot find answers on anywhere are:
1. How should I work around this host override/NAT reflection issue? I am open to other ideas, but I was thinking of swapping the Unraid WebUI and letsencrypt proxy ports so it routes through the proxy but then I can't find anywhere that says how to have letsencrypt make a cert and passthrough the unraid UI as a subdomain (i.e. UnraidUI.mydomain.com).
2. Related, how can I have the letsencrypt reverse proxy provide valid domains and certificates to other devices and dockers yet restrict them to only the local network. For example, I would like letsencrypt to provide a valid domain name and cert to my pfSense router residing on 192.168.1.1 and make it so It had a valid cert from letsencrypt but the subdomain ‘pfsense.mydomain.com’ was only accessible from the internal network.
I am open to any other solutions be they in docker, Unraid, or pfSense.
Thanks in advance for any help. This has been making my eyes bleed for days.
V/R
Revrto
Well, I couldn't get nat reflection to work on pfsense even without double nat, so maybe that's some consolation for you. I am also using split dns. With that, we have no choice but to run letsencrypt on at least port 443. You'll have to change unraid's https port to something else. I kept unraid on port 80 for http, so when I hit my addresses inside my lan, I use the https endpoint and all is well.
-
4 hours ago, johnnie.black said:
Yes, same for appdata, but not everyone is doing it.
Doesn't unraid default the appdata location to /mnt/user/appdata ? Is that share created as a cache only share by default? I don't remember because I manually set all of mine a long time ago
-
52 minutes ago, mintjberry said:
Can anyone else clarify if this is expected behaviour?
The folder is not remembered, but if you open the folder again, the open files are remembered
-
5 hours ago, milfer322 said:
What files i need edit for the auth lines? I think the readme does not just explain all the necessary steps
Thanks for all.Did you look at the config files?
https://github.com/linuxserver/docker-letsencrypt/blob/master/root/defaults/default#L43
https://github.com/linuxserver/reverse-proxy-confs/blob/master/bazarr.subdomain.conf.sample#L17
-
12 hours ago, nraygun said:
How can I change the hostname of this docker?
I think I need to edit /etc/hostname and maybe /etc/hosts, but there doesn't seem to be an editor included in the docker container (vi and nano are not found).
I just want my system name to be something readable when I access the Rosetta site. Also, the string displayed when I run hostname in the console is different than the Domain name in the Rosetta site.
Is there a different way to change it?
There is a docker argument for setting the hostname
-
6 hours ago, saarg said:
You said you were running it on a single core VPS and I don't see how you can run unraid on a VPS as you need a usb drive for unraids license.
I think letsencrypt tries to renew when it's less than 30 days before the cert expires.
Every night at 2:08.
On container start it only tries to renew if it's expired or expiring within 24 hours
-
11 hours ago, WhazZzZzup17 said:
Hello, for the life of me I can't get my calibre-web to work outside with LetsEncrypt + DuckDNS + nginx?
Does anyone know why?
1. I right clicked the LetEncrypt App and clicked edit and added my new duckdns to the subdomains (lets say calibrewebDNS)
2. I right clicked the DuckDNS App and clicked edit and added my new duckdns to the subdomains (lets say calibrewebDNS)
3. I then navigated to my appdata>letsencrypt>nginx>proxy-config and made a copy of calibre-web.subdomain.conf.sample and removed .sample from the end of the file.
4. Finally I edited the file with notepad and replaced "server_name calibre-web.*;" with "server_name calibrewebDNS.*;"
I cant access the webui from calibrewebdns.duckdns.org
Why don't you take 1 step at a time? Start with reading the docs, because they tell you to put your top duckdns address you have control over as the url, which would include your subdomain.
Then you can enter whatever you like into the subdomains field and they'll cover your sub-subdomains.
Then check the logs to make sure the cert was created successfully.
Then check to make sure your main homepage is working (or try the www version if you did wildcard).
Only then attempt the reverse proxy.
Don't try to set up 5 things at once and then get confused because it didn't work.
-
13 hours ago, milfer322 said:
I read it
But i dont see nothing about .htaccess.
I generated the htpasswd how as the readme file indicates.
That's the point I'm trying to make. We don't use .htaccess, that's an apache thing. Just create the htpasswd file as it says and uncomment the relevant auth lines in the confs
-
6 hours ago, milfer322 said:
Hello,
I have created a .htacces in www and a .passwd in "/nginx/.htpasswd" but still it keeps letting me in without asking for username and password, what am I doing wrong? Thank you!
.htaccess:
AuthName "Restricted Area" AuthType Basic AuthUserFile /mnt/disks/Samsung_SSD_860_EVO_1TB_6Y3105056W/appdata/letsencrypt/nginx/.htpasswd require valid-userRead the instructions in the readme on how to use htpasswd
-
3 hours ago, slim2169 said:
Greetings! I've recently setup Unraid on a new (to me) server and I'm looking to migrate things like Ombi, Sonarr, Radarr and others to dockers. I also have Organizr and all the other apps setup as subdomains through a reverse proxy on an nginx web server running on a pi3. I have a wildcard SSL cert setup through Let's Encrypt that I manually renew every 90 days. I'm looking to setup this docker to get my website migrated to the new server. Will I have any issues getting new certs through here because I already have the wilcard cert?
Thanks!
No, letsencrypt allows multiple certs for the same domains (with some limits)
-
3 hours ago, mintjberry said:
I'm assuming this is maybe expected behaviour, but the session is not stored at all. Is there anyway to work around that?
I.e. I open a directory through the vscode tab, maybe run a npm script and open a few files. If I then close that browser tab and open it back up all the layout/ terminal scripts are lost/no longer running. I want it so that I can keep the session regardless if I close the tab, or open the vscode tab window on another PC.
That's an upstream thing. In earlier versions it was stored, including the last opened folder. Newer versions don't store anything. I don't like it either
-
7 hours ago, Deazo said:
Hi everyone.
Today I noticed that there was an update available for my Plex docker.
I therefore clicked on it and it generated the following:
Now Plex does not work and I am not sure what I did wrong and how this happened.
Can anyone assist me please?
EDIT: I actually see an "update" available for all other dockers as well (Sonarr, Deluge, etc.) None of these actually seem to update anything
Thank you
Sounds like you're having networking issues or some other unraid issue
-
6 hours ago, fhahn said:
It now looks to be working.
I took one of the sample subdomain.conf files and copied it and named it after the VM that I have setup.
I modified these lines:
set $upstream_app 192.168.100.8; <-- IP address of the VM
set $upstream_port 443; <-- Port that I want to forward to Apache on the VM
set $upstream_proto https;
90% of my site now works. I have a couple of web pages that revert from https://www.example.com to https://example.com when I click on them but that may be a configuration error on my part. I need to investigate further.
My last question is can I only do a reverse proxy on subdomains? For example, www.example.com? Or can I make it also work for just example.com?I was going to try and modify this line from this:
server_name www.*;
to this:
server_name www.*,example.com;
Thanks.
Frank Hahn
I don't quite understand the last question, but you can add multiple names to the server name directive http://nginx.org/en/docs/http/server_names.html
-
I'm kinda seeing a trend here. Most if not all of the people experiencing these issues are also using the gpu stats plugin. Did you try without it?
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
in Docker Containers
Posted