dv8ed Posted September 11, 2016 Share Posted September 11, 2016 I got a Let's Encrypt SSL certificate last week off my Raspberry Pi. I want to install this docker on my unRAID since it includes fail2ban. What's the best and easiest way to do this? Install this one and request new certificate or will it automatically renew my old one? I have the files it told me to backup or do I just renew/request brand new one so it overwrites everything? It would be for same URL. Quote Link to comment
aptalca Posted September 11, 2016 Share Posted September 11, 2016 I got a Let's Encrypt SSL certificate last week off my Raspberry Pi. I want to install this docker on my unRAID since it includes fail2ban. What's the best and easiest way to do this? Install this one and request new certificate or will it automatically renew my old one? I have the files it told me to backup or do I just renew/request brand new one so it overwrites everything? It would be for same URL. Easiest would be to just get a new certificate. Old one will still be active (I believe) unless you revoke it Quote Link to comment
jacan Posted September 15, 2016 Share Posted September 15, 2016 is there any way to make fail2ban send emails when banning to the email address entered in the container? Quote Link to comment
aptalca Posted September 15, 2016 Share Posted September 15, 2016 is there any way to make fail2ban send emails when banning to the email address entered in the container? Fail2ban has emailing capability which can be set through the jail.local file, but the container also needs to be set up with the email client. I'll look into whether it's feasible. Quote Link to comment
JonathanM Posted September 19, 2016 Share Posted September 19, 2016 Let's Encrypt script renamed to Dehydrated https://github.com/lukas2511/dehydrated Does this effect your build? Quote Link to comment
aptalca Posted September 19, 2016 Share Posted September 19, 2016 Let's Encrypt script renamed to Dehydrated https://github.com/lukas2511/dehydrated Does this effect your build? No, that's a third party script. I'm using the official one named certbot (used to be called letsencrypt, but changed names after it was transferred to the Electronic Frontier Foundation) https://certbot.eff.org Ironically, the developer was asked to rename his script because people were confusing it for the official script. Now people think the official script changed its name to dehydrated so I guess letsencrypt was justified in doing so lol Quote Link to comment
dv8ed Posted September 19, 2016 Share Posted September 19, 2016 Easiest would be to just get a new certificate. Old one will still be active (I believe) unless you revoke it Thank you for this wonderful docker I'm up and running with new certificate and fail2ban works great via port 443/SSL. Is it possible for me to change on my own for it to check ALL ports/ban? is there any way to make fail2ban send emails when banning to the email address entered in the container? Fail2ban has emailing capability which can be set through the jail.local file, but the container also needs to be set up with the email client. I'll look into whether it's feasible. I would also love to utilize fail2ban email capabilities. Quote Link to comment
aptalca Posted September 20, 2016 Share Posted September 20, 2016 Easiest would be to just get a new certificate. Old one will still be active (I believe) unless you revoke it Thank you for this wonderful docker I'm up and running with new certificate and fail2ban works great via port 443/SSL. Is it possible for me to change on my own for it to check ALL ports/ban? is there any way to make fail2ban send emails when banning to the email address entered in the container? Fail2ban has emailing capability which can be set through the jail.local file, but the container also needs to be set up with the email client. I'll look into whether it's feasible. I would also love to utilize fail2ban email capabilities. All the fail2ban filters are exported to the config folder. You can add your own filters or modify the ones in there. Then you can enable them through the jail.local file. After you make changes, restart the container and you should be set. I haven't tested the email functionality in there yet. Quote Link to comment
blknitro11 Posted September 21, 2016 Share Posted September 21, 2016 Question. When i go to add the container, It completes the Pulling process then I get the following error "Error: layers from manifest dont match image configuration" Any ideas as to what this could mean? Thanks!! Quote Link to comment
aptalca Posted September 21, 2016 Share Posted September 21, 2016 Question. When i go to add the container, It completes the Pulling process then I get the following error "Error: layers from manifest dont match image configuration" Any ideas as to what this could mean? Thanks!! http://lime-technology.com/forum/index.php?topic=40937.msg481138.msg#481138 Quote Link to comment
blknitro11 Posted September 22, 2016 Share Posted September 22, 2016 Ok got Docker working again and i have Letsencrypt container installed. However, now i see the following errors in the log: *** Running /etc/my_init.d/00_regen_ssh_host_keys.sh... *** Running /etc/my_init.d/firstrun.sh... Using existing nginx.conf Using existing nginx-fpm.conf Using existing site config Using existing landing page Using existing jail.local Using existing fail2ban filters SUBDOMAINS entered, processing Sub-domains processed are: -d MYSUBDOMAIN.duckdns.org -d OTHERSUBDOMAIN.duckdns.org 2048 bit DH parameters present Generating new certificate *** Running /etc/my_init.d/00_regen_ssh_host_keys.sh... *** Running /etc/my_init.d/firstrun.sh... Using existing nginx.conf Using existing nginx-fpm.conf Using existing site config Using existing landing page Using existing jail.local Using existing fail2ban filters SUBDOMAINS entered, processing Sub-domains processed are: -d MYSUBDOMAIN.duckdns.org -d OTHERSUBDOMAIN.duckdns.org 2048 bit DH parameters present Generating new certificate Failed authorization procedure. duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 54.187.92.222:443 for TLS-SNI-01 challenge IMPORTANT NOTES: - The following errors were reported by the server: Domain: duckdns.org Type: connection Detail: Failed to connect to 54.187.92.222:443 for TLS-SNI-01 challenge To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. /etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory Error opening input file cert.pem cert.pem: No such file or directory * Starting nginx nginx ...fail! * Starting authentication failure monitor fail2ban Failed authorization procedure. duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 54.187.92.222:443 for TLS-SNI-01 challenge IMPORTANT NOTES: - The following errors were reported by the server: Domain: duckdns.org Type: connection Detail: Failed to connect to 54.187.92.222:443 for TLS-SNI-01 challenge To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. /etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory Error opening input file cert.pem cert.pem: No such file or directory * Starting nginx nginx ...fail! * Starting authentication failure monitor fail2ban ERROR No file(s) found for glob /config/log/nginx/error.log ERROR Failed during configuration: Have not found any log file for nginx-http-auth jail ...fail! *** Running /etc/rc.local... *** Booting runit daemon... *** Runit started as PID 117 Sep 21 21:53:06 c59b0f0e16a1 syslog-ng[126]: syslog-ng starting up; version='3.5.3' Quote Link to comment
aptalca Posted September 22, 2016 Share Posted September 22, 2016 Ok got Docker working again and i have Letsencrypt container installed. However, now i see the following errors in the log: *** Running /etc/my_init.d/00_regen_ssh_host_keys.sh... *** Running /etc/my_init.d/firstrun.sh... Using existing nginx.conf Using existing nginx-fpm.conf Using existing site config Using existing landing page Using existing jail.local Using existing fail2ban filters SUBDOMAINS entered, processing Sub-domains processed are: -d MYSUBDOMAIN.duckdns.org -d OTHERSUBDOMAIN.duckdns.org 2048 bit DH parameters present Generating new certificate *** Running /etc/my_init.d/00_regen_ssh_host_keys.sh... *** Running /etc/my_init.d/firstrun.sh... Using existing nginx.conf Using existing nginx-fpm.conf Using existing site config Using existing landing page Using existing jail.local Using existing fail2ban filters SUBDOMAINS entered, processing Sub-domains processed are: -d MYSUBDOMAIN.duckdns.org -d OTHERSUBDOMAIN.duckdns.org 2048 bit DH parameters present Generating new certificate Failed authorization procedure. duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 54.187.92.222:443 for TLS-SNI-01 challenge IMPORTANT NOTES: - The following errors were reported by the server: Domain: duckdns.org Type: connection Detail: Failed to connect to 54.187.92.222:443 for TLS-SNI-01 challenge To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. /etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory Error opening input file cert.pem cert.pem: No such file or directory * Starting nginx nginx ...fail! * Starting authentication failure monitor fail2ban Failed authorization procedure. duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 54.187.92.222:443 for TLS-SNI-01 challenge IMPORTANT NOTES: - The following errors were reported by the server: Domain: duckdns.org Type: connection Detail: Failed to connect to 54.187.92.222:443 for TLS-SNI-01 challenge To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. /etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory Error opening input file cert.pem cert.pem: No such file or directory * Starting nginx nginx ...fail! * Starting authentication failure monitor fail2ban ERROR No file(s) found for glob /config/log/nginx/error.log ERROR Failed during configuration: Have not found any log file for nginx-http-auth jail ...fail! *** Running /etc/rc.local... *** Booting runit daemon... *** Runit started as PID 117 Sep 21 21:53:06 c59b0f0e16a1 syslog-ng[126]: syslog-ng starting up; version='3.5.3' Url cannot be duckdns.org because you do not own/control it. Url should be the highest domain you control, so in this case it would be yoursubdomain.duckdns.org Quote Link to comment
blknitro11 Posted September 22, 2016 Share Posted September 22, 2016 ok so i modified the container, looks like I got me some certs, however I still see the following errors. *** Running /etc/my_init.d/00_regen_ssh_host_keys.sh... *** Running /etc/my_init.d/firstrun.sh... Setting the correct time Current default time zone: 'America/Chicago' Local time is now: Thu Sep 22 10:47:52 CDT 2016. Universal Time is now: Thu Sep 22 15:47:52 UTC 2016. Using existing nginx.conf Using existing nginx-fpm.conf Using existing site config Using existing landing page Using existing jail.local Using existing fail2ban filters rm: cannot remove ‘/etc/letsencrypt’: No such file or directory SUBDOMAINS entered, processing Sub-domains processed are: -d www.MYSUBDOMAIN.duckdns.org Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created usage: certbot-auto [sUBCOMMAND] [options] [-d domain] [-d domain] ... Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the cert. Major SUBCOMMANDS are: (default) run Obtain & install a cert in your current webserver certonly Obtain cert, but do not install it (aka "auth") install Install a previously obtained cert in a server renew Renew previously obtained certs that are near expiry revoke Revoke a previously obtained certificate register Perform tasks related to registering with the CA rollback Rollback server configuration changes made during install config_changes Show changes made to server config during installation plugins Display information about installed plugins letsencrypt: error: argument --cert-path: No such file or directory 2048 bit DH parameters present Generating new certificate IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/MYSUBDOMAIN.duckdns.org/fullchain.pem. Your cert will expire on 2016-12-21. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you lose your account credentials, you can recover through e-mails sent to [email protected]. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le /etc/my_init.d/firstrun.sh: line 138: cd: /config/keys:No such file or directory Error opening input file cert.pem cert.pem: No such file or directory * Starting nginx nginx ...fail! * Starting authentication failure monitor fail2ban ERROR No file(s) found for glob /config/log/nginx/error.log ERROR Failed during configuration: Have not found any log file for nginx-http-auth jail ...fail! *** Running /etc/rc.local... *** Booting runit daemon... *** Runit started as PID 170 Sep 22 10:48:04 20def531a784 syslog-ng[179]: syslog-ng starting up; version='3.5.3' Sep 22 11:09:01 20def531a784 /USR/SBIN/CRON[190]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime)) Sep 22 11:17:01 20def531a784 /USR/SBIN/CRON[202]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Sep 22 11:39:01 20def531a784 /USR/SBIN/CRON[205]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime)) Sep 22 12:09:01 20def531a784 /USR/SBIN/CRON[217]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime)) Sep 22 12:17:01 20def531a784 /USR/SBIN/CRON[229]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Sep 22 12:39:01 20def531a784 /USR/SBIN/CRON[232]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime)) Sep 22 13:09:01 20def531a784 /USR/SBIN/CRON[244]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime)) Sep 22 13:17:01 20def531a784 /USR/SBIN/CRON[256]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Sep 22 13:39:01 20def531a784 /USR/SBIN/CRON[259]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime)) Quote Link to comment
aptalca Posted September 22, 2016 Share Posted September 22, 2016 Ahha, it seems because of the initial issue with the url, you identified a bug. Thanks for that. I'll push a fix in a little bit. Quote Link to comment
blknitro11 Posted September 23, 2016 Share Posted September 23, 2016 Ahha, it seems because of the initial issue with the url, you identified a bug. Thanks for that. I'll push a fix in a little bit. oh ya, uh huh, i knew that...uummm your welcome? HAHAHA Cool glad i could help, thought i was doing something wrong. Thanks for the help man! Quote Link to comment
blknitro11 Posted September 23, 2016 Share Posted September 23, 2016 Ahha, it seems because of the initial issue with the url, you identified a bug. Thanks for that. I'll push a fix in a little bit. updated the container, but no change unfortunately from what i can tell I still get the same errors. *** Running /etc/my_init.d/00_regen_ssh_host_keys.sh... *** Running /etc/my_init.d/firstrun.sh... Using existing nginx.conf Using existing nginx-fpm.conf Using existing site config Using existing landing page Using existing jail.local Using existing fail2ban filters SUBDOMAINS entered, processing Sub-domains processed are: -d www.MYSUBDOMAIN.duckdns.org 2048 bit DH parameters present Generating new certificate IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/MYSUBDOMAIN.duckdns.org/fullchain.pem. Your cert will expire on 2016-12-22. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le /etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory Error opening input file cert.pem cert.pem: No such file or directory * Starting nginx nginx ...fail! * Starting authentication failure monitor fail2ban ERROR No file(s) found for glob /config/log/nginx/error.log ERROR Failed during configuration: Have not found any log file for nginx-http-auth jail ...fail! *** Running /etc/rc.local... *** Booting runit daemon... *** Runit started as PID 116 Sep 22 21:49:03 14c6e4a89127 syslog-ng[125]: syslog-ng starting up; version='3.5.3' Quote Link to comment
aptalca Posted September 23, 2016 Share Posted September 23, 2016 Ahha, it seems because of the initial issue with the url, you identified a bug. Thanks for that. I'll push a fix in a little bit. updated the container, but no change unfortunately from what i can tell I still get the same errors. *** Running /etc/my_init.d/00_regen_ssh_host_keys.sh... *** Running /etc/my_init.d/firstrun.sh... Using existing nginx.conf Using existing nginx-fpm.conf Using existing site config Using existing landing page Using existing jail.local Using existing fail2ban filters SUBDOMAINS entered, processing Sub-domains processed are: -d www.MYSUBDOMAIN.duckdns.org 2048 bit DH parameters present Generating new certificate IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/MYSUBDOMAIN.duckdns.org/fullchain.pem. Your cert will expire on 2016-12-22. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le /etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory Error opening input file cert.pem cert.pem: No such file or directory * Starting nginx nginx ...fail! * Starting authentication failure monitor fail2ban ERROR No file(s) found for glob /config/log/nginx/error.log ERROR Failed during configuration: Have not found any log file for nginx-http-auth jail ...fail! *** Running /etc/rc.local... *** Booting runit daemon... *** Runit started as PID 116 Sep 22 21:49:03 14c6e4a89127 syslog-ng[125]: syslog-ng starting up; version='3.5.3' Please post a screenshot of your container settings. Does your subdomain contain any weird characters? Or just letters and numbers? It seems the certs are saved in the correct location but the /config/keys symlink is not created properly. A weird character might be breaking the command. If not, please try to delete the config file and install from scratch Quote Link to comment
blknitro11 Posted September 23, 2016 Share Posted September 23, 2016 I went ahead and deleted the whole container and just started from scratch. For the record, there were no weird characters in the domain line. So I reinstalled and was getting the same issue as I was at the beginning of this. So for shits and giggle i stopped the OpenVPN plugin i have setup in unraid, and tried the install again...poof it installed perfectly, certs setup and everything. So now that i have this setup and the certs, what exactly do i do now? LOL sorry i am a bit of a noob with all of this. I have OpenVPN setup because i use UseNet and would like to be protected. Would i need OpenVPN with letsencrypt? Do i need to move the certs somewhere or just leave them in the containers /etc/letsencrypt/domain/live folder? Quote Link to comment
aptalca Posted September 23, 2016 Share Posted September 23, 2016 I went ahead and deleted the whole container and just started from scratch. For the record, there were no weird characters in the domain line. So I reinstalled and was getting the same issue as I was at the beginning of this. So for shits and giggle i stopped the OpenVPN plugin i have setup in unraid, and tried the install again...poof it installed perfectly, certs setup and everything. So now that i have this setup and the certs, what exactly do i do now? LOL sorry i am a bit of a noob with all of this. I have OpenVPN setup because i use UseNet and would like to be protected. Would i need OpenVPN with letsencrypt? Do i need to move the certs somewhere or just leave them in the containers /etc/letsencrypt/domain/live folder? I don't understand what openvpn has anything to do with this. This is just a webserver with https access through a 3rd party validated cert. I can't say anything without seeing your settings for this and openvpn (client or server?) Quote Link to comment
blknitro11 Posted September 26, 2016 Share Posted September 26, 2016 I went ahead and deleted the whole container and just started from scratch. For the record, there were no weird characters in the domain line. So I reinstalled and was getting the same issue as I was at the beginning of this. So for shits and giggle i stopped the OpenVPN plugin i have setup in unraid, and tried the install again...poof it installed perfectly, certs setup and everything. So now that i have this setup and the certs, what exactly do i do now? LOL sorry i am a bit of a noob with all of this. I have OpenVPN setup because i use UseNet and would like to be protected. Would i need OpenVPN with letsencrypt? Do i need to move the certs somewhere or just leave them in the containers /etc/letsencrypt/domain/live folder? I don't understand what openvpn has anything to do with this. This is just a webserver with https access through a 3rd party validated cert. I can't say anything without seeing your settings for this and openvpn (client or server?) Hi Sorry for the late response. I will get you screenshots this evening after work. I am using OpenVPN Client. Quote Link to comment
cglatot Posted September 28, 2016 Share Posted September 28, 2016 Hi all. First I want to say thanks for creating this - it has made my life so much easier. I have everything set up and working, I am reverse proxying various services (deluge, nzbget, sonarr, couch, etc) and I have basic auth set up for them using htpasswd. All is working fine. There are currently 4 locations that I don't have auth on: /request/, /web/, /plex/ (which just proxies to /web/), and / (which displays index.html). I want to use basic auth on the / location, because I want to create a list of URLs that I can easily access in index.html (instead of having to remember them all), but I only want authenticated users to see this. The problem is, when I put basic auth on the / location, it interferes with my Plex login. Here are the relevant location entries: location / { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; try_files $uri $uri/ /index.html /index.php?$args =404; } location /web/ { include /config/nginx/proxy.conf; proxy_pass http://192.168.XXX.XXX:XXXX/web/; } location /plex/ { proxy_pass http://127.0.0.1/web/; } Whenever I go to example.mydomain.url/plex or example.mydomain.url/web it begins to load plex, but it will then pause the loading and ask me for the auth (see screenshot). If I put in the correct creds, it will continue loading. I can also click cancel (twice) and it will continue loading. But I don't want to have the auth dialog pop up at all. If I remove the basic auth from / then no auth dialog pops up. The other service that I am not using with basic auth is plex requests. But it does not get affected whether or not / has auth. It will never prompt me to auth (unless I include auth in the location for /request/). Here is it's entry: location /request/ { include /config/nginx/proxy.conf; proxy_pass http://192.168.XXX.XXX:XXXX/request/; } The only difference that I can see between them is that Plex uses a host connection, whereas plex requests uses a bridged connection; but I'm not sure if that's relevant. The workaround that I thought of is to use /home and create www/home/index.html and serve that when I type example.mydomain.url/home, but that is rather inelegant, and I would like to try to make the page appear (with auth) with just using example.mydomain.url Any help is greatly appreciated! Quote Link to comment
malleyc Posted September 28, 2016 Share Posted September 28, 2016 Quick question about reverse proxying Is it necessary? or can you just enter the port the app is running on? For instance if i imported the cert files to CP and port forwarded 5050 would this work? https://mysubdomain.duckdns.org:5050 Quote Link to comment
aptalca Posted September 29, 2016 Share Posted September 29, 2016 Hi all. First I want to say thanks for creating this - it has made my life so much easier. I have everything set up and working, I am reverse proxying various services (deluge, nzbget, sonarr, couch, etc) and I have basic auth set up for them using htpasswd. All is working fine. There are currently 4 locations that I don't have auth on: /request/, /web/, /plex/ (which just proxies to /web/), and / (which displays index.html). I want to use basic auth on the / location, because I want to create a list of URLs that I can easily access in index.html (instead of having to remember them all), but I only want authenticated users to see this. The problem is, when I put basic auth on the / location, it interferes with my Plex login. Here are the relevant location entries: location / { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; try_files $uri $uri/ /index.html /index.php?$args =404; } location /web/ { include /config/nginx/proxy.conf; proxy_pass http://192.168.XXX.XXX:XXXX/web/; } location /plex/ { proxy_pass http://127.0.0.1/web/; } Whenever I go to example.mydomain.url/plex or example.mydomain.url/web it begins to load plex, but it will then pause the loading and ask me for the auth (see screenshot). If I put in the correct creds, it will continue loading. I can also click cancel (twice) and it will continue loading. But I don't want to have the auth dialog pop up at all. If I remove the basic auth from / then no auth dialog pops up. The other service that I am not using with basic auth is plex requests. But it does not get affected whether or not / has auth. It will never prompt me to auth (unless I include auth in the location for /request/). Here is it's entry: location /request/ { include /config/nginx/proxy.conf; proxy_pass http://192.168.XXX.XXX:XXXX/request/; } The only difference that I can see between them is that Plex uses a host connection, whereas plex requests uses a bridged connection; but I'm not sure if that's relevant. The workaround that I thought of is to use /home and create www/home/index.html and serve that when I type example.mydomain.url/home, but that is rather inelegant, and I would like to try to make the page appear (with auth) with just using example.mydomain.url Any help is greatly appreciated! Your plex proxy address is incorrect. 127.0.0.1 is inside the nginx-letsencrypt container. It needs to point to the plex container. Use http://localunraidip:32400/web Quote Link to comment
aptalca Posted September 29, 2016 Share Posted September 29, 2016 Quick question about reverse proxying Is it necessary? or can you just enter the port the app is running on? For instance if i imported the cert files to CP and port forwarded 5050 would this work? https://mysubdomain.duckdns.org:5050 It should work. But you have to reimport every 60 days when the certs are renewed Quote Link to comment
Marv Posted September 29, 2016 Share Posted September 29, 2016 Hi, I just installed this container to use with nextcloud and it seems to be working fine. The only difference I made was removing port 80 from the container settings page. I couldn't find anything why I would have to use this port next to port 443. So what's the reason behind port 80 and should I add it back? I also don't know why I have to add my email adress? I thought I would receive a message maybe from letsencrypt or something. So what's happening when I just leave it blank? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.