jrdnlc Posted October 6, 2016 Share Posted October 6, 2016 @cglatot When I try going to domain.com it says page cannot load and also the rest of my services are unreachable. But, if I remove the code everything starts working again (ex domain.com, domain.com/cp etc ) Quote Link to comment
cglatot Posted October 6, 2016 Share Posted October 6, 2016 @jrdnlc - Can you post your entire default file code including what you have in for the plex entries? (Make sure to X out any personal details) Does the log say anything relevant? And are you restarting the nginx docker after each change? Quote Link to comment
jrdnlc Posted October 6, 2016 Share Posted October 6, 2016 @jrdnlc - Can you post your entire default file code including what you have in for the plex entries? (Make sure to X out any personal details) Does the log say anything relevant? And are you restarting the nginx docker after each change? I'll send you the pastebin link via Pm and yeah I'm restarting the docker after changes. Quote Link to comment
cglatot Posted October 6, 2016 Share Posted October 6, 2016 I replied with a tweak to the /web/ entry. Try that and let me know. Quote Link to comment
barakthecat Posted October 10, 2016 Share Posted October 10, 2016 Thanks Bjonness406 and EdgarWallace (and of course kamhighway for the instructions). I had some typos along the way that of course messed the whole thing up. So I've got it working now if I got to https://mydomain.com/nextcloud but what I'd like to do is https://nextcloud.mydomain.com. Right now that just goes to my default index page. Any directions for making that work? Quote Link to comment
Marv Posted October 11, 2016 Share Posted October 11, 2016 I tried using Nginex-letsencrypt with EmbyServer aswell now and it seems to work fine. I just added another location I found in the Emby forums to my config. location /emby { # Send traffic to the backend proxy_pass http://192.168.xxx.x:8096/emby; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $remote_addr; proxy_set_header X-Forwarded-Protocol $scheme; proxy_redirect off; # Send websocket data to the backend aswell proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; As I don't really understand much from this and already got Nextcloud running fine with the help of kamhighways guide from here (https://lime-technology.com/forum/index.php?topic=51466.0) I have already included a proxy.conf file located under /mnt/cache/appdata/letsecrypt/nginx/ which looks like this client_max_body_size 10m; client_body_buffer_size 128k; # Timeout if the real server is dead proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; # Advanced Proxy Config send_timeout 5m; proxy_read_timeout 240; proxy_send_timeout 240; proxy_connect_timeout 240; # Basic Proxy Config proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_redirect http:// $scheme://; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_cache_bypass $cookie_session; proxy_no_cache $cookie_session; proxy_buffers 32 4k; So my question is if I could just use this instead of the one I found in the Emby Forums (as some lines are a bit different) and just add the following as a location to my config. location /emby { include /config/nginx/proxy.conf; proxy_pass http://192.168.xxx.x:8096/emby; Quote Link to comment
heytcass Posted October 11, 2016 Share Posted October 11, 2016 Has anyone gotten this working with a DuckDNS URL? If I ping my address with no https:// it works just fine, but once I add https:// I get "cannot resolve https://XXXXXXX.duckdns.org: Unknown host" Quote Link to comment
JonathanM Posted October 11, 2016 Share Posted October 11, 2016 I tried using Nginex-letsencrypt with EmbyServer aswell now and it seems to work fine. Have you tested any of the apps externally? I have my emby set up behind apache, and it works great with the web client, but I can't get any of the emby apps to see it. Quote Link to comment
Waseh Posted October 11, 2016 Share Posted October 11, 2016 Have you tested any of the apps externally? I have my emby set up behind apache, and it works great with the web client, but I can't get any of the emby apps to see it. I have Emby setup behind nginx and working both on internal and external network on both Android and ios Quote Link to comment
aptalca Posted October 11, 2016 Share Posted October 11, 2016 Has anyone gotten this working with a DuckDNS URL? If I ping my address with no https:// it works just fine, but once I add https:// I get "cannot resolve https://XXXXXXX.duckdns.org: Unknown host" Forward port 443 on the router Duckdns works fine for me Quote Link to comment
jrdnlc Posted October 12, 2016 Share Posted October 12, 2016 How can I block access to domain.com/test.txt, /folder, /sample.doc etc etc ? Quote Link to comment
Marv Posted October 12, 2016 Share Posted October 12, 2016 Have you tested any of the apps externally? I have my emby set up behind apache, and it works great with the web client, but I can't get any of the emby apps to see it. I have Emby setup behind nginx and working both on internal and external network on both Android and ios Its working for me aswell. Just kept it like this now with the proxy.conf file included. location /emby { include /config/nginx/proxy.conf; proxy_pass http://192.168.xxx.x:8096/emby; Did you do it the same way? Would it be possible to use localhost instead of my unraid ip btw and is it a good idea generally? Quote Link to comment
cglatot Posted October 12, 2016 Share Posted October 12, 2016 How can I block access to domain.com/test.txt, /folder, /sample.doc etc etc ? EDIT: I would like to know a more elegant method to do this, but in the meantime you can block multiple files / directories using this location format: location ~ /(dir1|dir2|dir3|file1.ext|file2.ext|file3.ext) { deny all; return 404; } I would also like to know this! I didn't even realise that they could be accessed! Quote Link to comment
heytcass Posted October 12, 2016 Share Posted October 12, 2016 Has anyone gotten this working with a DuckDNS URL? If I ping my address with no https:// it works just fine, but once I add https:// I get "cannot resolve https://XXXXXXX.duckdns.org: Unknown host" Forward port 443 on the router Duckdns works fine for me 443 is forwarded. Still have the issue. Issue might be in my router. Quote Link to comment
Bjonness406 Posted October 12, 2016 Share Posted October 12, 2016 Has anyone gotten this working with a DuckDNS URL? If I ping my address with no https:// it works just fine, but once I add https:// I get "cannot resolve https://XXXXXXX.duckdns.org: Unknown host" Forward port 443 on the router Duckdns works fine for me 443 is forwarded. Still have the issue. Issue might be in my router. post config Quote Link to comment
jrdnlc Posted October 12, 2016 Share Posted October 12, 2016 How can I block access to domain.com/test.txt, /folder, /sample.doc etc etc ? EDIT: I would like to know a more elegant method to do this, but in the meantime you can block multiple files / directories using this location format: location ~ /(dir1|dir2|dir3|file1.ext|file2.ext|file3.ext) { deny all; return 404; } I would also like to know this! I didn't even realise that they could be accessed! Where in the config file do I enter that code? I tried all the way at the bottom but it messes up my whole domain.com page. Quote Link to comment
malleyc Posted October 13, 2016 Share Posted October 13, 2016 Have you tested any of the apps externally? I have my emby set up behind apache, and it works great with the web client, but I can't get any of the emby apps to see it. I have Emby setup behind nginx and working both on internal and external network on both Android and ios I'm having trouble adding the server to android devices (android app) outside of local network. web broswer traffic works fine internal and external When you add the server are you putting port 443 as the port? and the host as https://my.subdomain/emby my proxy and default conf below Thanks! Proxy.conf client_max_body_size 10m; client_body_buffer_size 128k; #Timeout if the real server is dead proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; # Advanced Proxy Config send_timeout 5m; proxy_read_timeout 240; proxy_send_timeout 240; proxy_connect_timeout 240; # Basic Proxy Config proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_redirect http:// $scheme://; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_cache_bypass $cookie_session; proxy_no_cache $cookie_session; proxy_buffers 32 4k; location /emby { include /config/nginx/proxy.conf; proxy_pass http://192.168.#.#:8096/emby; Quote Link to comment
cglatot Posted October 13, 2016 Share Posted October 13, 2016 How can I block access to domain.com/test.txt, /folder, /sample.doc etc etc ? EDIT: I would like to know a more elegant method to do this, but in the meantime you can block multiple files / directories using this location format: location ~ /(dir1|dir2|dir3|file1.ext|file2.ext|file3.ext) { deny all; return 404; } I would also like to know this! I didn't even realise that they could be accessed! Where in the config file do I enter that code? I tried all the way at the bottom but it messes up my whole domain.com page. Put it in the same place as your other location directives. Make sure that you do not include any directories that house resources like CSS, images, etc. that any html/php files need access to. The deny all is a literal deny ALL. I'm still trying to work out how to stop direct-linking to images / css files whilst still allowing the server to serve them in web-pages. Apparently it can be done with nginx referer parameters, but I couldn't get it to work. Quote Link to comment
EdgarWallace Posted October 13, 2016 Share Posted October 13, 2016 I'm using a template from here: html5up.net Just download one and modify the index.html The guy is super talented and these are really easy to customize Thanks for sharing aptalca. The webUI is showing a nice overview now :-) However I don't quite understand how to open the Apps by clicking on the nice buttons. Where does this need to be added? https://192.168.xxx.xxx:xxx/nextcloud Another question on how the conf files act together. E.g. the definition client_max_body_size can be found in all three files below. What is best practice for all these definitions? Would that work: proxy.conf: anything starting with proxy_ and removing the rest default: removing this as nginx.conf already contains these definitions. ssl_prefer_server_ciphers on add_header Strict-Transport-Security client_max_body_size proxy.conf: client_max_body_size 10m; client_body_buffer_size 128k; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; send_timeout 5m; proxy_read_timeout 240; proxy_send_timeout 240; proxy_connect_timeout 240; proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_redirect http:// $scheme://; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_cache_bypass $cookie_session; proxy_no_cache $cookie_session; proxy_buffers 32 4k; nginx.conf: user nobody users; worker_processes 4; pid /run/nginx.pid; events { worker_connections 768; } http { sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; client_max_body_size 0; include /etc/nginx/mime.types; default_type application/octet-stream; access_log /config/log/nginx/access.log; error_log /config/log/nginx/error.log; gzip on; gzip_disable "msie6"; text/javascript; include /etc/nginx/conf.d/*.conf; include /config/nginx/site-confs/*; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; ssl_stapling on; # Requires nginx >= 1.3.7 ssl_stapling_verify on; # Requires nginx => 1.3.7 } default: server { listen 80; listen 443 ssl default_server; root /config/www; index index.html index.htm index.php; server_name server.dyndns.com; ssl_certificate /config/keys/fullchain.pem; ssl_certificate_key /config/keys/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 10G; fastcgi_buffers 64 4K; location / { try_files $uri $uri/ /index.html /index.php?$args =404; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location /nextcloud { include /config/nginx/proxy.conf; proxy_pass https://192.168.178.28:444/nextcloud; } location /emby { include /config/nginx/proxy.conf; proxy_pass http://192.168.178.28:8096/emby; } location /calibre { include /config/nginx/proxy.conf; proxy_pass http://192.168.178.28:8083/calibre; } location /tvheadend { include /config/nginx/proxy.conf; proxy_pass http://192.168.178.28:9982/tvheadend; } } Quote Link to comment
cglatot Posted October 13, 2016 Share Posted October 13, 2016 I'm using a template from here: html5up.net Just download one and modify the index.html The guy is super talented and these are really easy to customize Thanks for sharing aptalca. The webUI is showing a nice overview now :-) However I don't quite understand how to open the Apps by clicking on the nice buttons. Where does this need to be added? https://192.168.xxx.xxx:xxx/nextcloud You need to edit the HTML file(s) to include links to your apps. If you are using reverse proxy, use your domain, not the IP (local IPs will only work from the local network / VPN). If you don't know HTML: http://www.w3schools.com/html/ Quote Link to comment
EdgarWallace Posted October 13, 2016 Share Posted October 13, 2016 Great link, thanks a lot cglatot. Is there anyone with some advise on the 2nd question on how the conf files are working together? Quote Link to comment
aptalca Posted October 13, 2016 Share Posted October 13, 2016 Great link, thanks a lot cglatot. Is there anyone with some advise on the 2nd question on how the conf files are working together? Sure, you can modify them however you like. Nginx gives different priorities to different config files when there are duplicate parameters set. For instance nginx.conf can set a parameter for all, but then you can override that in a specific server block while leaving the others as default Quote Link to comment
jrdnlc Posted October 13, 2016 Share Posted October 13, 2016 @cglatot Have you figured it out how to block access to certain files/directories? Quote Link to comment
m0dd3r43v3r Posted October 15, 2016 Share Posted October 15, 2016 So I can't seem to get this figured out. I have the default page working but when I edit the "default" file to add the location for one of my services, once i restart the docker it shows *starting nginx nginx ...fail! I've looked at multiple file setups and tried to emulate but nothing so far has worked Quote Link to comment
aptalca Posted October 15, 2016 Share Posted October 15, 2016 So I can't seem to get this figured out. I have the default page working but when I edit the "default" file to add the location for one of my services, once i restart the docker it shows *starting nginx nginx ...fail! I've looked at multiple file setups and tried to emulate but nothing so far has worked We can't say anything without seeing the config file Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.