codecitymayor

Okay, that worked perfectly. Thank you very much. I have spent quite some time trying to get a volume mapped for this, so the configs can persist. I tried having a mount like: /var/www/html <--> /mnt/user/appdata/leantime However, I just ended up with an empty /var/www/html. I also tried /, /config, /var/www/html/config, but none of them worked. I want to persistently store SMTP settings in the config file. I am not seeing any environment variables I can pass to the container to run these configs. Does anyone have any thoughts on this? Am I just missing something stupid?

The leantime documentation has a link to a proper nginx.conf for people that want to run it with nginx. Has anyone successfully done this to include TLS? Also, has anyone been able to get this working behind the linuxserver letsencrypt reverse proxy?

@bucky2076 you might need to try your `<IP>:<PORT>` as the value for `DB_HOST`.

Has anyone gotten this to work behind their nginx reverse proxy? I am getting 502 errors for some reason. Following is my config in the letsencrypt docker container by linuxserver: Welp, I fixed it. Following is an example config that works. server { listen 443 ssl http2; #listen [::]:443 ssl http2; server_name kanban.example.com; # root /config/www; # index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie-Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AE S128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:E CDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128- GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-S HA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:1m; ssl_protocols TLSv1 TSLv1.1 TSLv1.2; ### Web Browser Security REdirect ### if ($http_user_agent ~ "MSIE" ) { return 303 https://browser-update.org/update.html; } ### Add HTTP Strict Transport Security ### # add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; # add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass http://192.168.0.3:8089; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto https; proxy_max_temp_file_size 2048m; include /config/nginx/proxy.conf; } }

If possible, will you expand on this for me? I wrote off SSH over the internet for this Gitlab-CE container, but I would really like to use it and provide this service in a responsible way. I want to do this through the let's encrypt proxy. Where in the proxy-confs/gitlab-ce.subdomain.conf is port 9022 dealt with? If I forward 22 from my router to the unRAID host's 9022, why is configuring the letsencrypt proxy involved? Also, thank you for posting your configs.

Did anyone getting this reversed proxied using the subdomain method? I got it. I was just missing a semi-colon.

I am having problems getting bookstack to work behind my nginx reverse proxy. Following are my config files: letsencrypt configuration: /config/nginx/site-confs/default # On letsencrypt proxy server { listen 443 ssl; server_name bookstack.mydomain.com; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie-Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES1'; #this line is much longer and copied from other configs, so it should not be the problem ###Extra Settings### ssl_prefer_server_ciphers on; #ssl_session_cache shared:SSL:1m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass http://192.168.0.15:6875/; #proxy_redirect http://192.168.0.15:6875/ https://bookstack.mydomain.com/login; proxy_max_temp_file_size 2048m; include /config/nginx/proxy.conf; } } Bookstack Configuration: /config/www/.env # Application key # Used for encryption where needed. # Run `php artisan key:generate` to generate a valid key. APP_KEY=base64:Z0Rsbv/9gHq8Nezl7gT1jtYClYmTyNRPUILFRt6+Sw8= # Application URL # Remove the hash below and set a URL if using BookStack behind # a proxy, if using a third-party authentication option. # This must be the root URL that you want to host BookStack on. # All URL's in BookStack will be generated using this value. APP_URL=http://bookstack.mydomain.com # Database details DB_HOST=172.17.0.5:3306 DB_DATABASE=bookstack DB_USERNAME=dbuser DB_PASSWORD=my.secret.password.for.dbuser # Mail system to use # Can be 'smtp', 'mail' or 'sendmail' MAIL_DRIVER=smtp # SMTP mail options MAIL_HOST=localhost MAIL_PORT=1025 MAIL_USERNAME=null MAIL_PASSWORD=null MAIL_ENCRYPTION=null Error Log on letsencrypt proxy: /config/log/nginx/error.log 2019/03/24 13:07:55 [error] 353#353: *521 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client: 25.25.25.25, server: bookstack.mydomain.com, request: "GET / HTTP/1.1", upstream: "https://192.168.0.15:6875/", host: "bookstack.mydomain.com"2019/03/24 13:07:55 [error] 353#353: *521 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client: 25.25.25.25, server: bookstack.mydomain.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://192.168.0.15:6875/favicon.ico", host: "bookstack.mydomain.com", referrer: "https://bookstack.mydomain.com/" I followed the instructions here, as suggested, and I know it's connecting to the database. When I set the APP_URL variable in the .env file inside of bookstack, I can access bookstack locally from 192.168.0.15:6875. I can login and make stuff. When I navigate to https://bookstack.mydomain.com, I get a 502 Bad Gateway error. My first inclination was to read the logs. I researched the aforementioned error, and tried some things. At this point I am flailing. Any help would be greatly appreciated. I feel like I have spent days reading documentation, and I have learned a lot, but none of the things I have implemented work. I know this is an easy solution that I am just not seeing, because I use the letsencrypt proxy for many other things. Again, any help would be greatly appreciated. Ok. I filled out an ID10T form, as well. I was had a port mapping from the Bookstack's docker IP from 172.17.0.7:80 to 192.168.0.15:6875. I referenced that same IP:PORT in my proxy_pass line. I was getting the SSL error, because I was trying to negotiate SSL to Bookstack's HTTP service, not it's HTTPS service. My setup is working perfectly, now.