smdion's Docker Template Repository - Directions and Help Here


Recommended Posts

 

Here's what's in my proxyconfig.conf

 

(This bit redirects all http traffic to https, which seems like a good idea to me..)

RewriteEngine On
RewriteRule ^/?(.*) https://server.com/$1 [R=301,L]

 

 

I've been trying to force all traffic to HTTPS, however I have three subdomains in my proxy-config and I can't get it to work...here's my working proxy-config:

 

<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /config/ssl.crt
SSLCertificateKeyFile /config/decrypted.ssl.key
SSLCertificateChainFile /config/sub.class1.server.ca.pem

<Location />
Order deny,allow
Deny from all
</Location>

<Location /sonarr>
                ProxyPass http://10.0.0.19:8989/sonarr
                ProxyPassReverse http://10.0.0.19:8989/sonar
</Location>

<Location /couch>
	ProxyPass http://10.0.0.19:5050/couch
	ProxyPassReverse http://10.0.0.19:5050/couch
</Location>

<Location /sabnzbd>
	ProxyPass http://10.0.0.19:8080/sabnzbd
	ProxyPassReverse http://10.0.0.19:8080/sabnzbd
</Location>

</VirtualHost>

<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /var/www

ServerName requests.server.com

ProxyRequests Off
ProxyPreserveHost On
Proxypass / http://10.0.0.19:3000/
ProxyPassReverse / http://10.0.0.19:3000/ 
</VirtualHost>

<VirtualHost *:80>
ServerName cam.server.com

ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://10.0.0.8:8888/
ProxyPassReverse / http://10.0.0.8:8888/
</VirtualHost>

<VirtualHost *:80>
DocumentRoot /var/www
ServerName plexpy.server.com

ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://10.0.0.19:7676/
ProxyPassReverse / http://10.0.0.19:7676/
</VirtualHost>

 

When I put in your RewriteRule, for any subdomain I try to reach on Port 80 it simply redirects me to Plex Requests (?).  Existing URLs work ok (www.server.com/sonarr) and will redirect to HTTPS.

 

I treated plex requests as a different virtual host and created a new set of ssl stuff for it, so added this to my config that I posted above..

 

<VirtualHost *:80>
ServerName requests.server.com
ServerAdmin webmaster@localhost

<Location />
Order deny,allow
Deny from all
</Location>
RewriteEngine On
RewriteRule ^/?(.*) https://requests.server.com/$1 [R=301,L]
</VirtualHost>

<VirtualHost *:443>
ServerName requests.server.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www


SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite AES128+EECDH:AES128+EDH
SSLCertificateFile /config/requests/ssl.crt
SSLCertificateKeyFile /config/requests/decryptedssl.key
SSLCertificateChainFile /config/requests/sub.class1.server.ca.pem
SSLProxyEngine On
SSLProxyVerify none 
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off 

ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass / http://192.168.0.1:3000/
    ProxyPassReverse / http://192.168.0.1:3000/

</VirtualHost>

Link to comment
  • Replies 507
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

@CHBMB - I compared your configs to mine and I don't really see much difference aside from SSLProtocol and SSLCipherSuite. I also updated my owncloud configs to match yours but I still get error 500 with a blank page whenever I try to access. Any idea what could be causing that error?

Link to comment

@CHBMB - I compared your configs to mine and I don't really see much difference aside from SSLProtocol and SSLCipherSuite. I also updated my owncloud configs to match yours but I still get error 500 with a blank page whenever I try to access. Any idea what could be causing that error?

 

No, my config is working, that much I know..

 

Do the Apache logs help at all?

Link to comment

Not really... This is all I see:

 

*** Running /etc/my_init.d/firstrun.sh...
Using existing config file.
*** Running /etc/rc.local...
*** Booting runit daemon...
*** Runit started as PID 7
Setting up watches.
Watches established.
Aug 18 21:58:55 c0a2e70aac30 syslog-ng[14]: syslog-ng starting up; version='3.5.3'

Link to comment

Not really... This is all I see:

 

*** Running /etc/my_init.d/firstrun.sh...
Using existing config file.
*** Running /etc/rc.local...
*** Booting runit daemon...
*** Runit started as PID 7
Setting up watches.
Watches established.
Aug 18 21:58:55 c0a2e70aac30 syslog-ng[14]: syslog-ng starting up; version='3.5.3'

 

I meant the logs in your appdata folder mine are in /mnt/cache/.appdata/apache/logs/

Link to comment

I cannot seem to find the apache logs anywhere... where are they by default? I don't have the directory you listed. Also all my docker containers are on a disk completely outside the array, not on a cache disk.

 

EDIT: Nevermind... I didn't have a logs directory configured. I see this in the error.log.

 

[Wed Aug 19 08:31:12.976810 2015] [ssl:warn] [pid 18] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Aug 19 08:31:12.991777 2015] [ssl:warn] [pid 18] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Aug 19 08:31:12.993053 2015] [mpm_prefork:notice] [pid 18] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.9 OpenSSL/1.0.1f configured -- resuming normal operations
[Wed Aug 19 08:31:12.993068 2015] [core:notice] [pid 18] AH00094: Command line: '/usr/sbin/apache2 -D FOREGROUND'
[Wed Aug 19 08:31:25.941057 2015] [autoindex:error] [pid 24] [client xx.xxx.xxx.xxx:38918] AH01276: Cannot serve directory /var/www/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm) found, and server-generated directory index forbidden by Options directive
[Wed Aug 19 08:36:58.504746 2015] [mpm_prefork:notice] [pid 18] AH00169: caught SIGTERM, shutting down
[Wed Aug 19 08:36:58.545331 2015] [ssl:warn] [pid 52] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Aug 19 08:36:58.558729 2015] [ssl:warn] [pid 52] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Aug 19 08:36:58.560420 2015] [mpm_prefork:notice] [pid 52] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.9 OpenSSL/1.0.1f configured -- resuming normal operations
[Wed Aug 19 08:36:58.560445 2015] [core:notice] [pid 52] AH00094: Command line: '/usr/sbin/apache2 -D FOREGROUND'

Link to comment

I cannot seem to find the apache logs anywhere... where are they by default? I don't have the directory you listed. Also all my docker containers are on a disk completely outside the array, not on a cache disk.

 

EDIT: Nevermind... I didn't have a logs directory configured. I see this in the error.log.

 

[Wed Aug 19 08:31:12.976810 2015] [ssl:warn] [pid 18] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Aug 19 08:31:12.991777 2015] [ssl:warn] [pid 18] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Aug 19 08:31:12.993053 2015] [mpm_prefork:notice] [pid 18] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.9 OpenSSL/1.0.1f configured -- resuming normal operations
[Wed Aug 19 08:31:12.993068 2015] [core:notice] [pid 18] AH00094: Command line: '/usr/sbin/apache2 -D FOREGROUND'
[Wed Aug 19 08:31:25.941057 2015] [autoindex:error] [pid 24] [client xx.xxx.xxx.xxx:38918] AH01276: Cannot serve directory /var/www/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm) found, and server-generated directory index forbidden by Options directive
[Wed Aug 19 08:36:58.504746 2015] [mpm_prefork:notice] [pid 18] AH00169: caught SIGTERM, shutting down
[Wed Aug 19 08:36:58.545331 2015] [ssl:warn] [pid 52] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Aug 19 08:36:58.558729 2015] [ssl:warn] [pid 52] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Aug 19 08:36:58.560420 2015] [mpm_prefork:notice] [pid 52] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.9 OpenSSL/1.0.1f configured -- resuming normal operations
[Wed Aug 19 08:36:58.560445 2015] [core:notice] [pid 52] AH00094: Command line: '/usr/sbin/apache2 -D FOREGROUND'

 

Sorry I'm out of ideas, but it might be worth revisting your SSL config

 

See here

Link to comment

Woohoo! I got it working. Is there a way to use the reverse proxy access a docker without using a directory?

 

For example, is there a way I can configure it so that I access ownCloud at www.example.com, and Sonarr at www.example.com/sonarr?

 

I posted my proxy-config.conf as an example here.  Might be useful..

Link to comment

@CHBMB - Your proxy config was very helpful, but unless I am overlooking something I couldn't find any examples where a docker app is using a location of "/". All the examples I see you must use "/something". I tried using "/" and updating my owncloud config accordingly, but it just results in a bunch of 502 errors.

Link to comment

@CHBMB - Your proxy config was very helpful, but unless I am overlooking something I couldn't find any examples where a docker app is using a location of "/". All the examples I see you must use "/something". I tried using "/" and updating my owncloud config accordingly, but it just results in a bunch of 502 errors.

 

Owncloud is a bit of a bitch to set up to be honest..

 

I access my Owncloud from server.com/Owncloud

 

 

Link to comment

@CHBMB - Your proxy config was very helpful, but unless I am overlooking something I couldn't find any examples where a docker app is using a location of "/". All the examples I see you must use "/something". I tried using "/" and updating my owncloud config accordingly, but it just results in a bunch of 502 errors.

 

 

Just had a quick "play" I can get Owncloud to use server.com but it's not loading the CSS/ Style sheets and I can't login.

 

To be honest, if I were going to tackle this I'd go for owncloud.server.com and setup a new virtual host in proxy-config.conf

Link to comment

@CHBMB - Your proxy config was very helpful, but unless I am overlooking something I couldn't find any examples where a docker app is using a location of "/". All the examples I see you must use "/something". I tried using "/" and updating my owncloud config accordingly, but it just results in a bunch of 502 errors.

 

The other thing you could consider doing is setting up Owncloud manually.  Download it and unpack it to /web directory.  You'd need a mariadb to act as the backend but it's how I run Wordpress.

Link to comment
Just had a quick "play" I can get Owncloud to use server.com but it's not loading the CSS/ Style sheets and I can't login.

 

To be honest, if I were going to tackle this I'd go for owncloud.server.com and setup a new virtual host in proxy-config.conf

 

Yeah I might do that, or try to just setup some redirect rules so www.example.com doesn't just throw a 403. The reason why I didn't set it up as a new subdomain is because I already had to do that with PlexRequests. I didn't want to mess with multiple free Class 1 SSL certs from StartSSL if possible.

Link to comment

Just had a quick "play" I can get Owncloud to use server.com but it's not loading the CSS/ Style sheets and I can't login.

 

To be honest, if I were going to tackle this I'd go for owncloud.server.com and setup a new virtual host in proxy-config.conf

 

Yeah I might do that, or try to just setup some redirect rules so www.example.com doesn't just throw a 403. The reason why I didn't set it up as a new subdomain is because I already had to do that with PlexRequests. I didn't want to mess with multiple free Class 1 SSL certs from StartSSL if possible.

 

Yeah, it's a bit of a pain.... but the more you do it the quicker you get at it I found..  :)

Link to comment
  • 2 weeks later...

Would it be possible to use this fork of HTPC Manager with Sonarr Support https://github.com/Hellowlol/HTPC-Manager with your docker?

 

EDIT: Didn't see it already had it. Thanks :D

 

Does the Plex connection in HTPC manager work? It doesn't seem to with the latest Plex. Is there a place for an auth token somewhere I'm missing?

 

Mike it's working for me, using Linuxserver.io versions of Sonarr & Plex.  No need for auth token that I can see, just put your Unraid machine IP and Port number in and log in and it works.  Been a while since I set it up so don't think I've missed anything.

Link to comment

Mine definitely does not :( I've got everything filled out correctly, and it connects to everything else just fine. I'm using Needo's Plex Docker, which I updated (by restarting) to the newest version of Plex today.

 

Maybe the autodiscovery in plex settings, mine is on?

Link to comment

There are quite a few people that are having problems with their SSL certs. Plex claiming that you should not have to accept a cert, which I definitely have several times after restarting Plex. It also isn't viewable as a secure connection on Plex.TV although any of my friends can see my shared library securely. For the moment I'm going to chalk this up to Plex's new, and not executed correctly, certs and security.

Link to comment

There are quite a few people that are having problems with their SSL certs. Plex claiming that you should not have to accept a cert, which I definitely have several times after restarting Plex. It also isn't viewable as a secure connection on Plex.TV although any of my friends can see my shared library securely. For the moment I'm going to chalk this up to Plex's new, and not executed correctly, certs and security.

 

You may have a point, not sure I have SSL turned on..

Link to comment
Guest
This topic is now closed to further replies.