[Request/Done] Let's Encrypt Container


rix

Recommended Posts

I got a Let's Encrypt SSL certificate last week off my Raspberry Pi. I want to install this docker on my unRAID since it includes fail2ban. What's the best and easiest way to do this?

 

Install this one and request new certificate or will it automatically renew my old one? I have the files it told me to backup or do I just renew/request brand new one so it overwrites everything?

 

It would be for same URL.

Link to comment

I got a Let's Encrypt SSL certificate last week off my Raspberry Pi. I want to install this docker on my unRAID since it includes fail2ban. What's the best and easiest way to do this?

 

Install this one and request new certificate or will it automatically renew my old one? I have the files it told me to backup or do I just renew/request brand new one so it overwrites everything?

 

It would be for same URL.

Easiest would be to just get a new certificate. Old one will still be active (I believe) unless you revoke it

 

 

Link to comment

Let's Encrypt script renamed to Dehydrated

 

https://github.com/lukas2511/dehydrated

 

Does this effect your build?

No, that's a third party script. I'm using the official one named certbot (used to be called letsencrypt, but changed names after it was transferred to the Electronic Frontier Foundation)

https://certbot.eff.org

 

Ironically, the developer was asked to rename his script because people were confusing it for the official script. Now people think the official script changed its name to dehydrated so I guess letsencrypt was justified in doing so lol

Link to comment

Easiest would be to just get a new certificate. Old one will still be active (I believe) unless you revoke it

 

Thank you for this wonderful docker I'm up and running with new certificate and fail2ban works great via port 443/SSL. Is it possible for me to change on my own for it to check ALL ports/ban?

 

is there any way to make fail2ban send emails when banning to the email address entered in the container?

Fail2ban has emailing capability which can be set through the jail.local file, but the container also needs to be set up with the email client. I'll look into whether it's feasible.

 

I would also love to utilize fail2ban email capabilities.

 

 

Link to comment

Easiest would be to just get a new certificate. Old one will still be active (I believe) unless you revoke it

 

Thank you for this wonderful docker I'm up and running with new certificate and fail2ban works great via port 443/SSL. Is it possible for me to change on my own for it to check ALL ports/ban?

 

is there any way to make fail2ban send emails when banning to the email address entered in the container?

Fail2ban has emailing capability which can be set through the jail.local file, but the container also needs to be set up with the email client. I'll look into whether it's feasible.

 

I would also love to utilize fail2ban email capabilities.

All the fail2ban filters are exported to the config folder. You can add your own filters or modify the ones in there. Then you can enable them through the jail.local file. After you make changes, restart the container and you should be set.

 

I haven't tested the email functionality in there yet.

Link to comment

Ok got Docker working again and i have Letsencrypt container installed.  However, now i see the following errors in the log:

 

*** Running /etc/my_init.d/00_regen_ssh_host_keys.sh...
*** Running /etc/my_init.d/firstrun.sh...
Using existing nginx.conf
Using existing nginx-fpm.conf
Using existing site config
Using existing landing page
Using existing jail.local
Using existing fail2ban filters
SUBDOMAINS entered, processing
Sub-domains processed are: -d MYSUBDOMAIN.duckdns.org -d OTHERSUBDOMAIN.duckdns.org
2048 bit DH parameters present
Generating new certificate
*** Running /etc/my_init.d/00_regen_ssh_host_keys.sh...
*** Running /etc/my_init.d/firstrun.sh...
Using existing nginx.conf
Using existing nginx-fpm.conf
Using existing site config
Using existing landing page
Using existing jail.local
Using existing fail2ban filters
SUBDOMAINS entered, processing
Sub-domains processed are: -d MYSUBDOMAIN.duckdns.org -d OTHERSUBDOMAIN.duckdns.org
2048 bit DH parameters present
Generating new certificate
Failed authorization procedure. duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 54.187.92.222:443 for TLS-SNI-01 challenge

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: duckdns.org
Type: connection
Detail: Failed to connect to 54.187.92.222:443 for TLS-SNI-01

challenge

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory
Error opening input file cert.pem

cert.pem: No such file or directory
* Starting nginx nginx
...fail!
* Starting authentication failure monitor fail2ban
Failed authorization procedure. duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 54.187.92.222:443 for TLS-SNI-01 challenge

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: duckdns.org
Type: connection
Detail: Failed to connect to 54.187.92.222:443 for TLS-SNI-01

challenge

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory
Error opening input file cert.pem

cert.pem: No such file or directory
* Starting nginx nginx
...fail!
* Starting authentication failure monitor fail2ban
ERROR No file(s) found for glob /config/log/nginx/error.log

ERROR Failed during configuration: Have not found any log file for nginx-http-auth jail

...fail!
*** Running /etc/rc.local...
*** Booting runit daemon...
*** Runit started as PID 117
Sep 21 21:53:06 c59b0f0e16a1 syslog-ng[126]: syslog-ng starting up; version='3.5.3'

Link to comment

 

 

Ok got Docker working again and i have Letsencrypt container installed.  However, now i see the following errors in the log:

 

*** Running /etc/my_init.d/00_regen_ssh_host_keys.sh...
*** Running /etc/my_init.d/firstrun.sh...
Using existing nginx.conf
Using existing nginx-fpm.conf
Using existing site config
Using existing landing page
Using existing jail.local
Using existing fail2ban filters
SUBDOMAINS entered, processing
Sub-domains processed are: -d MYSUBDOMAIN.duckdns.org -d OTHERSUBDOMAIN.duckdns.org
2048 bit DH parameters present
Generating new certificate
*** Running /etc/my_init.d/00_regen_ssh_host_keys.sh...
*** Running /etc/my_init.d/firstrun.sh...
Using existing nginx.conf
Using existing nginx-fpm.conf
Using existing site config
Using existing landing page
Using existing jail.local
Using existing fail2ban filters
SUBDOMAINS entered, processing
Sub-domains processed are: -d MYSUBDOMAIN.duckdns.org -d OTHERSUBDOMAIN.duckdns.org
2048 bit DH parameters present
Generating new certificate
Failed authorization procedure. duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 54.187.92.222:443 for TLS-SNI-01 challenge

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: duckdns.org
Type: connection
Detail: Failed to connect to 54.187.92.222:443 for TLS-SNI-01

challenge

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory
Error opening input file cert.pem

cert.pem: No such file or directory
* Starting nginx nginx
...fail!
* Starting authentication failure monitor fail2ban
Failed authorization procedure. duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 54.187.92.222:443 for TLS-SNI-01 challenge

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: duckdns.org
Type: connection
Detail: Failed to connect to 54.187.92.222:443 for TLS-SNI-01

challenge

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory
Error opening input file cert.pem

cert.pem: No such file or directory
* Starting nginx nginx
...fail!
* Starting authentication failure monitor fail2ban
ERROR No file(s) found for glob /config/log/nginx/error.log

ERROR Failed during configuration: Have not found any log file for nginx-http-auth jail

...fail!
*** Running /etc/rc.local...
*** Booting runit daemon...
*** Runit started as PID 117
Sep 21 21:53:06 c59b0f0e16a1 syslog-ng[126]: syslog-ng starting up; version='3.5.3'

 

Url cannot be duckdns.org because you do not own/control it. Url should be the highest domain you control, so in this case it would be yoursubdomain.duckdns.org

Link to comment

ok so i modified the container, looks like I got me some certs, however I still see the following errors.

 

*** Running /etc/my_init.d/00_regen_ssh_host_keys.sh...
*** Running /etc/my_init.d/firstrun.sh...
Setting the correct time

Current default time zone: 'America/Chicago'
Local time is now: Thu Sep 22 10:47:52 CDT 2016.
Universal Time is now: Thu Sep 22 15:47:52 UTC 2016.

Using existing nginx.conf
Using existing nginx-fpm.conf
Using existing site config
Using existing landing page
Using existing jail.local
Using existing fail2ban filters
rm: cannot remove ‘/etc/letsencrypt’: No such file or directory
SUBDOMAINS entered, processing
Sub-domains processed are: -d www.MYSUBDOMAIN.duckdns.org
Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
usage:
certbot-auto [sUBCOMMAND] [options] [-d domain] [-d domain] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
cert. Major SUBCOMMANDS are:

(default) run Obtain & install a cert in your current webserver
certonly Obtain cert, but do not install it (aka "auth")
install Install a previously obtained cert in a server
renew Renew previously obtained certs that are near expiry
revoke Revoke a previously obtained certificate
register Perform tasks related to registering with the CA
rollback Rollback server configuration changes made during install
config_changes Show changes made to server config during installation
plugins Display information about installed plugins
letsencrypt: error: argument --cert-path: No such file or directory

2048 bit DH parameters present
Generating new certificate
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/MYSUBDOMAIN.duckdns.org/fullchain.pem.
Your cert will expire on 2016-12-21. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto

again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you lose your account credentials, you can recover through
e-mails sent to [email protected].
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys:No such file or directory
Error opening input file cert.pem

cert.pem: No such file or directory
* Starting nginx nginx
...fail!
* Starting authentication failure monitor fail2ban
ERROR No file(s) found for glob /config/log/nginx/error.log

ERROR Failed during configuration: Have not found any log file for nginx-http-auth jail

...fail!
*** Running /etc/rc.local...
*** Booting runit daemon...
*** Runit started as PID 170
Sep 22 10:48:04 20def531a784 syslog-ng[179]: syslog-ng starting up; version='3.5.3'

Sep 22 11:09:01 20def531a784 /USR/SBIN/CRON[190]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime))
Sep 22 11:17:01 20def531a784 /USR/SBIN/CRON[202]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Sep 22 11:39:01 20def531a784 /USR/SBIN/CRON[205]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime))
Sep 22 12:09:01 20def531a784 /USR/SBIN/CRON[217]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime))
Sep 22 12:17:01 20def531a784 /USR/SBIN/CRON[229]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Sep 22 12:39:01 20def531a784 /USR/SBIN/CRON[232]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime))
Sep 22 13:09:01 20def531a784 /USR/SBIN/CRON[244]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime))
Sep 22 13:17:01 20def531a784 /USR/SBIN/CRON[256]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Sep 22 13:39:01 20def531a784 /USR/SBIN/CRON[259]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime))

Link to comment

Ahha, it seems because of the initial issue with the url, you identified a bug. Thanks for that.

 

I'll push a fix in a little bit.

 

updated the container, but no change unfortunately from what i can tell I still get the same errors.

 

*** Running /etc/my_init.d/00_regen_ssh_host_keys.sh...
*** Running /etc/my_init.d/firstrun.sh...
Using existing nginx.conf
Using existing nginx-fpm.conf
Using existing site config
Using existing landing page
Using existing jail.local
Using existing fail2ban filters
SUBDOMAINS entered, processing
Sub-domains processed are: -d www.MYSUBDOMAIN.duckdns.org
2048 bit DH parameters present
Generating new certificate
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/MYSUBDOMAIN.duckdns.org/fullchain.pem.
Your cert will expire on 2016-12-22. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto

again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory
Error opening input file cert.pem

cert.pem: No such file or directory
* Starting nginx nginx
...fail!
* Starting authentication failure monitor fail2ban
ERROR No file(s) found for glob /config/log/nginx/error.log

ERROR Failed during configuration: Have not found any log file for nginx-http-auth jail

...fail!
*** Running /etc/rc.local...
*** Booting runit daemon...
*** Runit started as PID 116
Sep 22 21:49:03 14c6e4a89127 syslog-ng[125]: syslog-ng starting up; version='3.5.3'

Link to comment

Ahha, it seems because of the initial issue with the url, you identified a bug. Thanks for that.

 

I'll push a fix in a little bit.

 

updated the container, but no change unfortunately from what i can tell I still get the same errors.

 

*** Running /etc/my_init.d/00_regen_ssh_host_keys.sh...
*** Running /etc/my_init.d/firstrun.sh...
Using existing nginx.conf
Using existing nginx-fpm.conf
Using existing site config
Using existing landing page
Using existing jail.local
Using existing fail2ban filters
SUBDOMAINS entered, processing
Sub-domains processed are: -d www.MYSUBDOMAIN.duckdns.org
2048 bit DH parameters present
Generating new certificate
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/MYSUBDOMAIN.duckdns.org/fullchain.pem.
Your cert will expire on 2016-12-22. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto

again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory
Error opening input file cert.pem

cert.pem: No such file or directory
* Starting nginx nginx
...fail!
* Starting authentication failure monitor fail2ban
ERROR No file(s) found for glob /config/log/nginx/error.log

ERROR Failed during configuration: Have not found any log file for nginx-http-auth jail

...fail!
*** Running /etc/rc.local...
*** Booting runit daemon...
*** Runit started as PID 116
Sep 22 21:49:03 14c6e4a89127 syslog-ng[125]: syslog-ng starting up; version='3.5.3'

Please post a screenshot of your container settings.

 

Does your subdomain contain any weird characters? Or just letters and numbers?

 

It seems the certs are saved in the correct location but the /config/keys symlink is not created properly. A weird character might be breaking the command.

 

If not, please try to delete the config file and install from scratch

Link to comment

I went ahead and deleted the whole container and just started from scratch.  For the record, there were no weird characters in the domain line.  So I reinstalled and was getting the same issue as I was at the beginning of this.  So for shits and giggle i stopped the OpenVPN plugin i have setup in unraid, and tried the install again...poof it installed perfectly, certs setup and everything.  So now that i have this setup and the certs, what exactly do i do now? LOL sorry i am a bit of a noob with all of this.

 

I have OpenVPN setup because i use UseNet and would like to be protected.  Would i need OpenVPN with letsencrypt?  Do i need to move the certs somewhere or just leave them in the containers /etc/letsencrypt/domain/live folder?

 

 

Link to comment

I went ahead and deleted the whole container and just started from scratch.  For the record, there were no weird characters in the domain line.  So I reinstalled and was getting the same issue as I was at the beginning of this.  So for shits and giggle i stopped the OpenVPN plugin i have setup in unraid, and tried the install again...poof it installed perfectly, certs setup and everything.  So now that i have this setup and the certs, what exactly do i do now? LOL sorry i am a bit of a noob with all of this.

 

I have OpenVPN setup because i use UseNet and would like to be protected.  Would i need OpenVPN with letsencrypt?  Do i need to move the certs somewhere or just leave them in the containers /etc/letsencrypt/domain/live folder?

I don't understand what openvpn has anything to do with this. This is just a webserver with https access through a 3rd party validated cert.

 

I can't say anything without seeing your settings for this and openvpn (client or server?)

Link to comment

I went ahead and deleted the whole container and just started from scratch.  For the record, there were no weird characters in the domain line.  So I reinstalled and was getting the same issue as I was at the beginning of this.  So for shits and giggle i stopped the OpenVPN plugin i have setup in unraid, and tried the install again...poof it installed perfectly, certs setup and everything.  So now that i have this setup and the certs, what exactly do i do now? LOL sorry i am a bit of a noob with all of this.

 

I have OpenVPN setup because i use UseNet and would like to be protected.  Would i need OpenVPN with letsencrypt?  Do i need to move the certs somewhere or just leave them in the containers /etc/letsencrypt/domain/live folder?

I don't understand what openvpn has anything to do with this. This is just a webserver with https access through a 3rd party validated cert.

 

I can't say anything without seeing your settings for this and openvpn (client or server?)

 

Hi Sorry for the late response.  I will get you screenshots this evening after work.  I am using OpenVPN Client.

Link to comment

Hi all. First I want to say thanks for creating this - it has made my life so much easier.

 

I have everything set up and working, I am reverse proxying various services (deluge, nzbget, sonarr, couch, etc) and I have basic auth set up for them using htpasswd. All is working fine.

 

There are currently 4 locations that I don't have auth on: /request/, /web/, /plex/ (which just proxies to /web/), and / (which displays index.html).

 

I want to use basic auth on the / location, because I want to create a list of URLs that I can easily access in index.html (instead of having to remember them all), but I only want authenticated users to see this. The problem is, when I put basic auth on the / location, it interferes with my Plex login.

 

Here are the relevant location entries:

 

location / {
auth_basic "Restricted";
auth_basic_user_file /config/nginx/.htpasswd;
try_files $uri $uri/ /index.html /index.php?$args =404;
}
location /web/ {
include /config/nginx/proxy.conf;
proxy_pass http://192.168.XXX.XXX:XXXX/web/;
}
location /plex/ {
proxy_pass http://127.0.0.1/web/;
}

 

Whenever I go to example.mydomain.url/plex or example.mydomain.url/web it begins to load plex, but it will then pause the loading and ask me for the auth (see screenshot). If I put in the correct creds, it will continue loading. I can also click cancel (twice) and it will continue loading. But I don't want to have the auth dialog pop up at all. If I remove the basic auth from / then no auth dialog pops up.

 

The other service that I am not using with basic auth is plex requests. But it does not get affected whether or not / has auth. It will never prompt me to auth (unless I include auth in the location for /request/). Here is it's entry:

 

location /request/ {
include /config/nginx/proxy.conf;
proxy_pass http://192.168.XXX.XXX:XXXX/request/;
}

 

The only difference that I can see between them is that Plex uses a host connection, whereas plex requests uses a bridged connection; but I'm not sure if that's relevant.

 

The workaround that I thought of is to use /home and create www/home/index.html and serve that when I type example.mydomain.url/home, but that is rather inelegant, and I would like to try to make the page appear (with auth) with just using example.mydomain.url

 

Any help is greatly appreciated!

plex_auth.PNG.e9b4a2d25988e52cadb046a9a5cfacc7.PNG

Link to comment

 

 

Hi all. First I want to say thanks for creating this - it has made my life so much easier.

 

I have everything set up and working, I am reverse proxying various services (deluge, nzbget, sonarr, couch, etc) and I have basic auth set up for them using htpasswd. All is working fine.

 

There are currently 4 locations that I don't have auth on: /request/, /web/, /plex/ (which just proxies to /web/), and / (which displays index.html).

 

I want to use basic auth on the / location, because I want to create a list of URLs that I can easily access in index.html (instead of having to remember them all), but I only want authenticated users to see this. The problem is, when I put basic auth on the / location, it interferes with my Plex login.

 

Here are the relevant location entries:

 

location / {
auth_basic "Restricted";
auth_basic_user_file /config/nginx/.htpasswd;
try_files $uri $uri/ /index.html /index.php?$args =404;
}
location /web/ {
include /config/nginx/proxy.conf;
proxy_pass http://192.168.XXX.XXX:XXXX/web/;
}
location /plex/ {
proxy_pass http://127.0.0.1/web/;
}

 

Whenever I go to example.mydomain.url/plex or example.mydomain.url/web it begins to load plex, but it will then pause the loading and ask me for the auth (see screenshot). If I put in the correct creds, it will continue loading. I can also click cancel (twice) and it will continue loading. But I don't want to have the auth dialog pop up at all. If I remove the basic auth from / then no auth dialog pops up.

 

The other service that I am not using with basic auth is plex requests. But it does not get affected whether or not / has auth. It will never prompt me to auth (unless I include auth in the location for /request/). Here is it's entry:

 

location /request/ {
include /config/nginx/proxy.conf;
proxy_pass http://192.168.XXX.XXX:XXXX/request/;
}

 

The only difference that I can see between them is that Plex uses a host connection, whereas plex requests uses a bridged connection; but I'm not sure if that's relevant.

 

The workaround that I thought of is to use /home and create www/home/index.html and serve that when I type example.mydomain.url/home, but that is rather inelegant, and I would like to try to make the page appear (with auth) with just using example.mydomain.url

 

Any help is greatly appreciated!

 

Your plex proxy address is incorrect. 127.0.0.1 is inside the nginx-letsencrypt container. It needs to point to the plex container. Use http://localunraidip:32400/web

Link to comment

Hi,

 

I just installed this container to use with nextcloud and it seems to be working fine.

 

The only difference I made was removing port 80 from the container settings page.

I couldn't find anything why I would have to use this port next to port 443.

So what's the reason behind port 80 and should I add it back?

 

I also don't know why I have to add my email adress?

I thought I would receive a message maybe from letsencrypt or something.

So what's happening when I just leave it blank?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.