[[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)]

38 minutes ago, nik82 said:

Hi Guys,

 

I have been tearing my hair out trying to get this to work. I am 90% sure I have configured everything correctly but it is still not working for me.

 

When running the docker i get the following errors in the docker log ( I have stared out some sensitive information).

 

If there an issue with the docker or is it me?

Opened ports on my router, tried several different.

 

Most Basic is giving port 80 - 180 and port 447 - 1447, I think configure the docker to use these ports and open them up on my router but still getting the same errors

 

Any help would be greatly appreciated. 

 

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: **********.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://**********.duckdns.org/.well-known/acme-challenge/cHRR6FCd-bgEKS-0VpQ2JNv7npGaHXT6gWX6mB*****
[5.151.***.***]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx</center>\r\n"

Domain: **********.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://**********.duckdns.org/.well-known/acme-challenge/t5lBAsWP_H4iYZhdOpS5LAU5VWmKmaRIiCAlh*****
[5.151.***.***]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx</center>\r\n"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Try changing port 447 to 443. Letsencrypt needs port 443 for validation as that is the default https port.

[[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)]

Just now, ijuarez said:

oh so your router(gateway) is forwarding https(443) requests to LE that's on port 12345?

No my ISP is blocking all ports, so I am using VPN to port forward random port (12345). So basically, LE is listening on port 12345 (which is allocated to 443 inside container), directly from the internet without any router. That's why I have to always specify port, because default https requests, where unspecified port always means 443, will never work on my setup.

[[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)]

1 minute ago, ijuarez said:

why are you using ports instead of using the proxy confs? I know they may not be one just like what you need but you can modify on to your needs with the ports you need to it can redirect correctly

 

 

I am using reverse proxies. Just the nginx/letencrypt is running on port 12345 instead of 443.

[[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)]

I have a problem with missing port on redirects. I am using subdomain configurations on a non-standard port, because I can't forward port 80 or 443. For example: https://subdomain.mydomain.com:12345.

 

Jellyfin (https://jellyfin.mydomain.com:12345) or cops (https://cops.mydomain.com:12345) is working fine, but airsonic (and others) does not. When I enter https://airsonic.mydomain.com:12345 it redirects me to https://airsonic.mydomain.com/login which does not work without port. When I manually enter port (https://airsonic.mydomain.com:12345/login) it's working, but after logging in it redirects me to url without port.

 

I've been searching for 2 days, sorry if this has been posted before.

[WireGuard - VPN Tunneled Access to a commercial VPN provider]

23 hours ago, Dataone said:

 

I know that this is the trick for Plex, but you may be able to do the same with the jellyfin ports.

PostUp  = iptables -t nat -I PREROUTING -p tcp --dport *external port* -j REDIRECT --to-ports 32400 (internal plex port)
PreDown = iptables -t nat -D PREROUTING -p tcp --dport *external port* -j REDIRECT --to-ports 32400 (internal plex port)

 

Thank you, but it does not seem to be working. I think I'll just reverse proxy from raspberry pi with openvpn.

 

EDIT: OK, i feel stupid. Looks like it was the usual solution: Turn system off and then on again. After reboot, port forwarding works.

[WireGuard - VPN Tunneled Access to a commercial VPN provider]

Hi, I am using Mullvad, because my ISP does not allow any port forwarding (for jellyfin and other services). I have port forwarded in Mullvad, it worked fine on Windows before with the Wireguard app, but it does not work work here (tested with iperf). Is there problem with my settings? Or is there some workaround?