SWAG Connections issues (newbie)


Recommended Posts

First time posting here guys. Just started playing with unraid. So far I like it. Just learning more how to use it. First I was trying to follow a couple online videos about how to setup nextcloud with a reverse proxy using duckdns and swag. I think I have the duckdns part setup fine. (I also setup openvpn-as and that works fine.) However I keep getting errors when starting swag up in the log file. I setup swag using a proxynet as described by spaceinvader on youtube. I have swag pointed to my duckdns subdomain. I setup the port forwards in my router. (spaceinvader used 180,1443. Also forwarded another port for openvpn-as. Confirmed that doesn't work if not forwarded. Works fine forwarded.) I am getting certbot failed to authenticate some domains error. Any help would be much appreciated. I've done nothing but read and recheck what I've done the past couple days. Ultimately I want nextcloud as my personal gdrive if you will. Below I have the log file (I think), the x's are personal things I edited out really quick. 

 

Using Let's Encrypt as the cert provider
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d xxxxxx.duckdns.org
E-mail address entered: xxxxxxx@gmail.com
http validation is selected
Generating new certificate
Requesting a certificate for xxxxx.duckdns.org

 

 

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: xxxxx.duckdns.org
Type: connection
Detail: Fetching http://xxxxxx.duckdns.org/.well-known/acme-challenge/Hwgvot2j9PxOGJvd5RFZ0mNG2zyS8zMbRPp8OZ91lgY: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority couldn't externally verify that the standalone plugin completed the required http-01 challenges. Ensure the plugin is configured correctly and that the changes it makes are accessible from the internet.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Link to comment

I'm experiencing the same issue. I just noticed my bitwarden container would no longer save my passwords and upon investigation I can see that swag is failing to issue a cert. I've not changed any settings since I first set it up some months back and was able to use the reverse proxy just fine until recently. Pretty much word for word the same error that 2000gtacoma is getting.

Link to comment
Posted (edited)
9 hours ago, Gragorg said:

Can you confirm that the port forward is  external port 443 to internal port 1443 and external port 80 to internal port 180 for servers ip?  Sounds like it could be port forward issue.

So I created the proxynet as suggested. The swag docker has ip of 172.18.0.x and the points to the server's ip of 192.168 on port 1443 and 180. I forwarded ports 1443 and 180 as well as 443 and 80 in my router. I can only port forward to ip addresses in my router. I can open a console from the swag container and ping 8.8.8.8(google) and it pings fine. I can ping my server as well. I even went as far as to disable the entire ipv4 firewall temporarily on my router and still didn't work. I am on centurylink and use the modem/router from them. I don't really see any option to say "translate" port 443 external to port 1443 internal.

Edited by 2000gtacoma
Link to comment
9 minutes ago, 2000gtacoma said:

I don't really see any option to say "translate" port 443 external to port 1443 internal.

That's the issue then. Requests sent to your WAN IP on port 80 MUST be redirected to port 180 at the server's IP.

 

You will need to talk to your ISP and get instructions on how to accomplish that, or look up the make / model of that router on google and see if anyone posted instructions. It's also possible that your ISP blocks port 80 on your WAN IP, which means you can't use that method to get certificates.

 

BTW, this thread should NOT be here in general support, there is already a support thread specifically for SWAG that addresses these and other issues. You can find the support thread for containers by clicking on the container in the GUI and selecting the support link.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.