smdion Posted November 27, 2014 Author Share Posted November 27, 2014 Tried setting up the reverse proxy to use https & SSL. I created a SSL .cert, .key and a .pfk file from StartSSL. I converted the .pfk to a .pem file like your example configuration but so far its not working. I also tried port forwarding 443 on my router. But navigating to http://www.MyDomain.com or https://www.MyDomain.com is giving a "This webpage is not available". Any tips or things I'm not doing correctly? Are you listening on port 443 in your config? Upload your config if you could And here is my proxy-config.conf <VirtualHost *:443> ServerName www.MyDomain.com ServerAlias MyDomain.com ServerAdmin webmaster@localhost DocumentRoot /var/www SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile /config/ssl/ssl.crt SSLCertificateKeyFile /config/ssl/private-decrypt-ssl.key SSLCertificateChainFile /config/ssl/certificate-ssl.pem <Location /couchpotato> ProxyPass http://192.168.1.5:5050/couchpotato ProxyPassReverse http://192.168.1.5:5050/couchpotato AuthUserFile /config/.htpasswd AuthType Basic AuthName "CouchPotato - Proxy" Require user robert </Location> <Location /sonarr> ProxyPass http://192.168.1.5:8989/sonarr ProxyPassReverse http://192.168.1.5:8989/sonarr AuthUserFile /config/.htpasswd AuthType Basic AuthName "NZBDrone - Proxy" Require user robert </Location> <Location /sabnzbd> ProxyPass http://192.168.1.5:8090/sabnzbd ProxyPassReverse http://192.168.1.5:8090/sabnzbd AuthUserFile /config/.htpasswd AuthType Basic AuthName "Sabnzbd - Proxy" Require user robert </Location> </VirtualHost> <VirtualHost *:80> ServerName www.MyDomain.com ServerAlias MyDomain.com ServerAdmin webmaster@localhost DocumentRoot /var/www </VirtualHost> Looks okay to me. What happens when you go to https://www.mydomain.com/couchpotato ? Also, anything show up in the logs as an error? Link to comment
vlefevre86 Posted November 28, 2014 Share Posted November 28, 2014 Hi Smdion ! Thanks for your dockers, they're awesome, really. Could there be a little how to for the reverse dns one? I'm a little confused about its configuration, especially the certificates part... How can I generate them ? I've followed the ubuntu how to, but I'm having an "Internal Server Error"... Here is my configuration : <VirtualHost *:443> ServerName www.tower.com ServerAlias tower.com ServerAdmin webmaster@localhost DocumentRoot /var/www SSLEngine on SSLProtocol all -SSLv2 #SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile /config/server.crt SSLCertificateKeyFile /config/server.key # SSLCertificateChainFile /config/sub.class1.server.ca.pem <Location /couchpotato> ProxyPass http://<local ip>:8082/couchpotato ProxyPassReverse http://<local ip>:8082/couchpotato AuthUserFile /config/.htpasswd AuthType Basic AuthName "CouchPotato - Proxy" Require user admin </Location> <Location /sickrage> ProxyPass http://<local ip>:8081/sickrage ProxyPassReverse http://<local ip>:8081/sickrage AuthUserFile /config/.htpasswd AuthType Basic AuthName "Sickrage - Proxy" Require user admin </Location> </VirtualHost> Link to comment
smdion Posted November 28, 2014 Author Share Posted November 28, 2014 I've put together some basic how-to guides: Setup DNS - http://seandion.info/2014/11/28/setup-a-domain-name/ Apache Proxy Config - http://seandion.info/2014/11/28/apache-reverse-proxy-info-for-smdions-dockers/ Setup SSL on Reverse Proxy - http://seandion.info/2014/11/28/add-ssl-to-your-reverse-proxy-for-free/ Add Password Protection - http://seandion.info/2014/11/28/password-protect-unraid-reverse-proxy-using-htaccess/ Let me know if these help! Link to comment
eroz Posted November 28, 2014 Share Posted November 28, 2014 Tried setting up the reverse proxy to use https & SSL. I created a SSL .cert, .key and a .pfk file from StartSSL. I converted the .pfk to a .pem file like your example configuration but so far its not working. I also tried port forwarding 443 on my router. But navigating to http://www.MyDomain.com or https://www.MyDomain.com is giving a "This webpage is not available". Any tips or things I'm not doing correctly? Are you listening on port 443 in your config? Upload your config if you could And here is my proxy-config.conf <VirtualHost *:443> ServerName www.MyDomain.com ServerAlias MyDomain.com ServerAdmin webmaster@localhost DocumentRoot /var/www SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile /config/ssl/ssl.crt SSLCertificateKeyFile /config/ssl/private-decrypt-ssl.key SSLCertificateChainFile /config/ssl/certificate-ssl.pem <Location /couchpotato> ProxyPass http://192.168.1.5:5050/couchpotato ProxyPassReverse http://192.168.1.5:5050/couchpotato AuthUserFile /config/.htpasswd AuthType Basic AuthName "CouchPotato - Proxy" Require user robert </Location> <Location /sonarr> ProxyPass http://192.168.1.5:8989/sonarr ProxyPassReverse http://192.168.1.5:8989/sonarr AuthUserFile /config/.htpasswd AuthType Basic AuthName "NZBDrone - Proxy" Require user robert </Location> <Location /sabnzbd> ProxyPass http://192.168.1.5:8090/sabnzbd ProxyPassReverse http://192.168.1.5:8090/sabnzbd AuthUserFile /config/.htpasswd AuthType Basic AuthName "Sabnzbd - Proxy" Require user robert </Location> </VirtualHost> <VirtualHost *:80> ServerName www.MyDomain.com ServerAlias MyDomain.com ServerAdmin webmaster@localhost DocumentRoot /var/www </VirtualHost> Looks okay to me. What happens when you go to https://www.mydomain.com/couchpotato ? Also, anything show up in the logs as an error? I just get "This webpage is not available" for any proxy website I try. The logs for Apache just show *** Running /etc/my_init.d/00_regen_ssh_host_keys.sh... *** Running /etc/my_init.d/firstrun.sh... Using existing config file. *** Running /etc/rc.local... *** Booting runit daemon... *** Runit started as PID 9 which look normal to me. Link to comment
smdion Posted November 28, 2014 Author Share Posted November 28, 2014 Tried setting up the reverse proxy to use https & SSL. I created a SSL .cert, .key and a .pfk file from StartSSL. I converted the .pfk to a .pem file like your example configuration but so far its not working. I also tried port forwarding 443 on my router. But navigating to http://www.MyDomain.com or https://www.MyDomain.com is giving a "This webpage is not available". Any tips or things I'm not doing correctly? Are you listening on port 443 in your config? Upload your config if you could And here is my proxy-config.conf <VirtualHost *:443> ServerName www.MyDomain.com ServerAlias MyDomain.com ServerAdmin webmaster@localhost DocumentRoot /var/www SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile /config/ssl/ssl.crt SSLCertificateKeyFile /config/ssl/private-decrypt-ssl.key SSLCertificateChainFile /config/ssl/certificate-ssl.pem <Location /couchpotato> ProxyPass http://192.168.1.5:5050/couchpotato ProxyPassReverse http://192.168.1.5:5050/couchpotato AuthUserFile /config/.htpasswd AuthType Basic AuthName "CouchPotato - Proxy" Require user robert </Location> <Location /sonarr> ProxyPass http://192.168.1.5:8989/sonarr ProxyPassReverse http://192.168.1.5:8989/sonarr AuthUserFile /config/.htpasswd AuthType Basic AuthName "NZBDrone - Proxy" Require user robert </Location> <Location /sabnzbd> ProxyPass http://192.168.1.5:8090/sabnzbd ProxyPassReverse http://192.168.1.5:8090/sabnzbd AuthUserFile /config/.htpasswd AuthType Basic AuthName "Sabnzbd - Proxy" Require user robert </Location> </VirtualHost> <VirtualHost *:80> ServerName www.MyDomain.com ServerAlias MyDomain.com ServerAdmin webmaster@localhost DocumentRoot /var/www </VirtualHost> Looks okay to me. What happens when you go to https://www.mydomain.com/couchpotato ? Also, anything show up in the logs as an error? I just get "This webpage is not available" for any proxy website I try. The logs for Apache just show *** Running /etc/my_init.d/00_regen_ssh_host_keys.sh... *** Running /etc/my_init.d/firstrun.sh... Using existing config file. *** Running /etc/rc.local... *** Booting runit daemon... *** Runit started as PID 9 which look normal to me. If everything was working under port 80, it makes me think something is wrong with the SSL certs. I just made these guides... are these the steps you took? http://seandion.info/2014/11/28/add-ssl-to-your-reverse-proxy-for-free/ Link to comment
eroz Posted November 28, 2014 Share Posted November 28, 2014 If everything was working under port 80, it makes me think something is wrong with the SSL certs. I just made these guides... are these the steps you took? http://seandion.info/2014/11/28/add-ssl-to-your-reverse-proxy-for-free/ Yeah going through I think I have them labeled incorrectly. The decrypted key file I have labeled as private-decrypt-ssl.key, you have labeled as Decrypted SSL File (SSLCertificateFile). So I'm not sure now how each is to be labeled. My private-decrypt-ssl.key starts with -----BEGIN RSA PRIVATE KEY----- . My ssl.crt file starts with -----BEGIN CERTIFICATE----- And the file I was using as the .pem file, certificate-ssl.pem contains the files above inside. Link to comment
smdion Posted November 28, 2014 Author Share Posted November 28, 2014 If everything was working under port 80, it makes me think something is wrong with the SSL certs. I just made these guides... are these the steps you took? http://seandion.info/2014/11/28/add-ssl-to-your-reverse-proxy-for-free/ Yeah going through I think I have them labeled incorrectly. The decrypted key file I have labeled as private-decrypt-ssl.key, you have labeled as Decrypted SSL File (SSLCertificateFile). So I'm not sure now how each is to be labeled. My private-decrypt-ssl.key starts with -----BEGIN RSA PRIVATE KEY----- . My ssl.crt file starts with -----BEGIN CERTIFICATE----- And the file I was using as the .pem file, certificate-ssl.pem contains the files above inside. Labeling doesn't matter. Only thing that matters is that the correct file is called from the proxy-conf. Did you download the intermediate file (.pem), the one I called sub.class1.server.ca from StartSSL? Link to comment
eroz Posted November 28, 2014 Share Posted November 28, 2014 Yeah....but it looks like I created the wrong type of certificate. So I'm in the process of doing it over. I created a Class1 (S/MIME certificate) instead of a Class 2 (Web Server SSL/TLS Certificate). Link to comment
smdion Posted November 28, 2014 Author Share Posted November 28, 2014 Yeah....but it looks like I created the wrong type of certificate. So I'm in the process of doing it over. I created a Class1 (S/MIME certificate) instead of a Class 2 (Web Server SSL/TLS Certificate). That would make sense! Nice catch. Link to comment
eroz Posted November 28, 2014 Share Posted November 28, 2014 Yeah....but it looks like I created the wrong type of certificate. So I'm in the process of doing it over. I created a Class1 (S/MIME certificate) instead of a Class 2 (Web Server SSL/TLS Certificate). That would make sense! Nice catch. Awesome!!! Got it working. It's always those little things that trip you up.. Thanks! Link to comment
Capt.Insano Posted December 9, 2014 Share Posted December 9, 2014 Any chance of adding an option like EDGE=1 for HTPC manager? So that it git pulls the install rather than installing using wget -P /tmp/ https://github.com/styxit/HTPC-Manager/archive/0.11.0.tar.gz Similar option is available in other plugins such as CaouchPotao and SickRage as examples and it would reduce the need to update HTPC everytime it is restarted. Thanks for your work!! The Capt. Link to comment
smdion Posted December 9, 2014 Author Share Posted December 9, 2014 Any chance of adding an option like EDGE=1 for HTPC manager? So that it git pulls the install rather than installing using wget -P /tmp/ https://github.com/styxit/HTPC-Manager/archive/0.11.0.tar.gz Similar option is available in other plugins such as CaouchPotao and SickRage as examples and it would reduce the need to update HTPC everytime it is restarted. Thanks for your work!! The Capt. You ask and I deliver. EDGE=1 now pulls GIT directly. Link to comment
Capt.Insano Posted December 9, 2014 Share Posted December 9, 2014 You ask and I deliver. EDGE=1 now pulls GIT directly. LEGEND!! Link to comment
sparklyballs Posted December 13, 2014 Share Posted December 13, 2014 i'm uploading my first docker to the docker hub and i'd like to make a small repo for my personal tweaks to dockers, can i use your xml files on github as a template please. Link to comment
smdion Posted December 13, 2014 Author Share Posted December 13, 2014 i'm uploading my first docker to the docker hub and i'd like to make a small repo for my personal tweaks to dockers, can i use your xml files on github as a template please. Go for it. If you need any help let me know. Link to comment
savestheday Posted December 13, 2014 Share Posted December 13, 2014 I am having some trouble setting up the reverse proxy. I have a reverse proxy running on a VM now so I'm a bit familiar with how it goes. Would love to use your docker instead! I am trying to run the server on port 5770 instead of 443. Am I doing this right? Here is my config: http://d.pr/i/16kIx and then I have my proxy-config.conf setup as such http://d.pr/i/1ctic What am I doing wrong here? If I change the Docker port to 443 and my port to 5770, I can get to the page but nothing else. Also, the /web directory never gets populated (permissions are set correctly on both directories). Link to comment
sparklyballs Posted December 13, 2014 Share Posted December 13, 2014 i'm uploading my first docker to the docker hub and i'd like to make a small repo for my personal tweaks to dockers, can i use your xml files on github as a template please. Go for it. If you need any help let me know. I might pick your brains about environment variables, what i'm hoping to be able to do is have XBMC headless docker take in the settings for mysql via the template settings for variables and pass that through to a config file in the docker. Get it as "plug n play" as possible. I'm just not sure how to implement it from the template side and the docker side itself. That's for tomorrow though, it's movie time now, lol. Link to comment
smdion Posted December 13, 2014 Author Share Posted December 13, 2014 I am having some trouble setting up the reverse proxy. I have a reverse proxy running on a VM now so I'm a bit familiar with how it goes. Would love to use your docker instead! I am trying to run the server on port 5770 instead of 443. Am I doing this right? Here is my config: http://d.pr/i/16kIx and then I have my proxy-config.conf setup as such http://d.pr/i/1ctic What am I doing wrong here? If I change the Docker port to 443 and my port to 5770, I can get to the page but nothing else. Also, the /web directory never gets populated (permissions are set correctly on both directories). Container port should still be 443. Think of it as a forwarding rule. There are other conf files in the docker (ports.conf, Dockerfile) that are all set to 443. So I would still have everything as 443 in your proxy conf and just know that Docker is forwarding 443 to 5770. /web doesn't get populated. You can put whatever you want to host in there. Ninja Edit: I would also recommend AGAINST having unRAID in your reverse proxy. WebGUI was not designed with security to the outside world in mind. Link to comment
savestheday Posted December 13, 2014 Share Posted December 13, 2014 Ok I took unRAID out of my reverse proxy. Looks like that hint about leaving the port at 443 and 80 worked! Thank you! I am using self signed certs for now, I need to go through the start ssl process but that should be easy enough to replace. Link to comment
savestheday Posted December 13, 2014 Share Posted December 13, 2014 Oh btw, just curious, would you know how to turn a dockerfile into a docker template? I am still wrapping my head around the whole docker thing but found a Docker for Ventrilo that I would love to setup. I posted about it here. http://lime-technology.com/forum/index.php?topic=36750.0 If you can point me in the right direction I would appreciate it. I'll setup my own Docker repo once I have it figured out. Thanks! Link to comment
smdion Posted December 13, 2014 Author Share Posted December 13, 2014 Oh btw, just curious, would you know how to turn a dockerfile into a docker template? I am still wrapping my head around the whole docker thing but found a Docker for Ventrilo that I would love to setup. I posted about it here. http://lime-technology.com/forum/index.php?topic=36750.0 If you can point me in the right direction I would appreciate it. I'll setup my own Docker repo once I have it figured out. Thanks! You can create your own .xml files with all the needed info. Once you have the XML files (I would put them all in a folder so they are oranganized in dockerman) in GIT you can get the link for that branch and set that up as your Repo. Link to comment
sparklyballs Posted December 13, 2014 Share Posted December 13, 2014 i'm uploading my first docker to the docker hub and i'd like to make a small repo for my personal tweaks to dockers, can i use your xml files on github as a template please. Go for it. If you need any help let me know. I might pick your brains about environment variables, what i'm hoping to be able to do is have XBMC headless docker take in the settings for mysql via the template settings for variables and pass that through to a config file in the docker. Get it as "plug n play" as possible. I'm just not sure how to implement it from the template side and the docker side itself. That's for tomorrow though, it's movie time now, lol. I've modified one of your firstrun.sh scripts to hopefully cover the first part of getting the advancedsettings.xml file into the right directory on startup if it doesn't already exist. thus:- #!/bin/bash #make .xbmc/userdata folder if it doesn't exist yet, so test below does not fail. mkdir -p /root/.xbmc/userdata # Check if advancedsettins.xml exists. If not, copy in sample advancedsettings.xml if [ -f /root/.xbmc/userdata/advancedsettings.xml ]; then echo "Using existing advancedsettings.xml file." else mkdir -p /root/.xbmc/userdata chown root:root /root/advancedsettings.xml mv /root/advancedsettings.xml /root/.xbmc/userdata/advancedsettings.xml fi if this works, then i'm going to need to work out how to pass variables from the template into the advancedsettings.xml file, i'm guessing some kind of sed type arrangement. Link to comment
smdion Posted December 14, 2014 Author Share Posted December 14, 2014 i'm uploading my first docker to the docker hub and i'd like to make a small repo for my personal tweaks to dockers, can i use your xml files on github as a template please. Go for it. If you need any help let me know. I might pick your brains about environment variables, what i'm hoping to be able to do is have XBMC headless docker take in the settings for mysql via the template settings for variables and pass that through to a config file in the docker. Get it as "plug n play" as possible. I'm just not sure how to implement it from the template side and the docker side itself. That's for tomorrow though, it's movie time now, lol. I've modified one of your firstrun.sh scripts to hopefully cover the first part of getting the advancedsettings.xml file into the right directory on startup if it doesn't already exist. thus:- #!/bin/bash #make .xbmc/userdata folder if it doesn't exist yet, so test below does not fail. mkdir -p /root/.xbmc/userdata # Check if advancedsettins.xml exists. If not, copy in sample advancedsettings.xml if [ -f /root/.xbmc/userdata/advancedsettings.xml ]; then echo "Using existing advancedsettings.xml file." else mkdir -p /root/.xbmc/userdata chown root:root /root/advancedsettings.xml mv /root/advancedsettings.xml /root/.xbmc/userdata/advancedsettings.xml fi if this works, then i'm going to need to work out how to pass variables from the template into the advancedsettings.xml file, i'm guessing some kind of sed type arrangement. Would you want the advancedsettings.xml to be accessible to the user or contained in the docker? If you want it accessible to the user you may want to make a volume and do a symbolic link? Link to comment
sparklyballs Posted December 14, 2014 Share Posted December 14, 2014 i'm uploading my first docker to the docker hub and i'd like to make a small repo for my personal tweaks to dockers, can i use your xml files on github as a template please. Go for it. If you need any help let me know. I might pick your brains about environment variables, what i'm hoping to be able to do is have XBMC headless docker take in the settings for mysql via the template settings for variables and pass that through to a config file in the docker. Get it as "plug n play" as possible. I'm just not sure how to implement it from the template side and the docker side itself. That's for tomorrow though, it's movie time now, lol. I've modified one of your firstrun.sh scripts to hopefully cover the first part of getting the advancedsettings.xml file into the right directory on startup if it doesn't already exist. thus:- #!/bin/bash #make .xbmc/userdata folder if it doesn't exist yet, so test below does not fail. mkdir -p /root/.xbmc/userdata # Check if advancedsettins.xml exists. If not, copy in sample advancedsettings.xml if [ -f /root/.xbmc/userdata/advancedsettings.xml ]; then echo "Using existing advancedsettings.xml file." else mkdir -p /root/.xbmc/userdata chown root:root /root/advancedsettings.xml mv /root/advancedsettings.xml /root/.xbmc/userdata/advancedsettings.xml fi if this works, then i'm going to need to work out how to pass variables from the template into the advancedsettings.xml file, i'm guessing some kind of sed type arrangement. Would you want the advancedsettings.xml to be accessible to the user or contained in the docker? If you want it accessible to the user you may want to make a volume and do a symbolic link? i'd like it accessible so people can add any tweaks of their own to advancedsettings, the issue i seem to be having is that when xbmc first runs it creates a set of folders for itself (usually in the users home folder, or in opt if run in portable mode), trying to add in another file to those folders is proving problematic. the attempt with the firstrun.sh approach failed, i can inject the settings for the webserver into the settings.xml file at the compile stage so they are automatically the default setting, it's just getting the settings for mysql host, that you have to have in advancedsettings.xml. Link to comment
smdion Posted December 14, 2014 Author Share Posted December 14, 2014 i'm uploading my first docker to the docker hub and i'd like to make a small repo for my personal tweaks to dockers, can i use your xml files on github as a template please. Go for it. If you need any help let me know. I might pick your brains about environment variables, what i'm hoping to be able to do is have XBMC headless docker take in the settings for mysql via the template settings for variables and pass that through to a config file in the docker. Get it as "plug n play" as possible. I'm just not sure how to implement it from the template side and the docker side itself. That's for tomorrow though, it's movie time now, lol. I've modified one of your firstrun.sh scripts to hopefully cover the first part of getting the advancedsettings.xml file into the right directory on startup if it doesn't already exist. thus:- #!/bin/bash #make .xbmc/userdata folder if it doesn't exist yet, so test below does not fail. mkdir -p /root/.xbmc/userdata # Check if advancedsettins.xml exists. If not, copy in sample advancedsettings.xml if [ -f /root/.xbmc/userdata/advancedsettings.xml ]; then echo "Using existing advancedsettings.xml file." else mkdir -p /root/.xbmc/userdata chown root:root /root/advancedsettings.xml mv /root/advancedsettings.xml /root/.xbmc/userdata/advancedsettings.xml fi if this works, then i'm going to need to work out how to pass variables from the template into the advancedsettings.xml file, i'm guessing some kind of sed type arrangement. Would you want the advancedsettings.xml to be accessible to the user or contained in the docker? If you want it accessible to the user you may want to make a volume and do a symbolic link? i'd like it accessible so people can add any tweaks of their own to advancedsettings, the issue i seem to be having is that when xbmc first runs it creates a set of folders for itself (usually in the users home folder, or in opt if run in portable mode), trying to add in another file to those folders is proving problematic. the attempt with the firstrun.sh approach failed, i can inject the settings for the webserver into the settings.xml file at the compile stage so they are automatically the default setting, it's just getting the settings for mysql host, that you have to have in advancedsettings.xml. I would run it in portable mode and see where it creates those folders. Then you could (in the Dockerfile) do a VOLUME ["/opt/xmbc/createdfolder1", "/opt/xmbc/createdfolder2", "/opt/xmbc/createdfolder3"] and allow the user to choose where those folders are on unRAID. When XBMC runs it should create those folders on the host instead of in the container. Link to comment
Recommended Posts