[Request/Done] Let's Encrypt Container


rix

Recommended Posts

I'm also trying to reverse proxy linuxserver.io's ruTorrent docker but it's not working. Maybe something to do with not being able to set a URL base?

 

This is the config I'm trying:

 

    location /ru {
        include /config/nginx/proxy.conf;
        proxy_pass http://192.168.1.252:88/ru;
}

I get a 404 not found error from nginx.

But you are saying http://192.168.1.252:88/ru works fine inside your network?
Link to comment

Testing it at work. Looks like company firewall blocks access to dynamic DNS! (I can access my domain on my phone).

 

Is there anything else I can do, or should I try a VPN?

I learned that it depends on the domain. For example, at my work place they block [yourname].hopto.org, but not [yourname].mynetgear.com. So I suggest you try different free domains before resorting to VPN. BTW, from my work place I can't get on openVPN either unless I switch to an unsecure guest wireless connection. Good luck!

Link to comment

But you are saying http://192.168.1.252:88/ru works fine inside your network?

 

Errr no, I access it with http://192.168.1.252:88.

 

Ok I realize I should be using that instead of the http://192.168.1.252:88/ru . I thought I tried it but I must be confused.

 

I can now access it via http://mydomain.org/ru but it's like an incomplete page:

 

index.php?action=dlattach;topic=43696.0;attach=38297;image

You can either use the subdomain method in a new server block, or if you're using the linuxserver version, you can make it use a base url. In the rutorrent config folder, edit the file nginx/nginx.conf and change the line "root /var/www/localhost/rutorrent;" to "root /var/www/localhost;" and restart.

Now you'll have to access it at the baseurl "rutorrent" and can set it up for reverse proxy with that

Link to comment

I'm also trying to reverse proxy linuxserver.io's ruTorrent docker but it's not working. Maybe something to do with not being able to set a URL base?

 

This is the config I'm trying:

 

    location /ru {
        include /config/nginx/proxy.conf;
        proxy_pass http://192.168.1.252:88/ru;
}

 

This is a blind copy paste, I don't know what I'm doing here, but try this.

    location /ru {
        include /config/nginx/proxy.conf;
        rewrite ^/ru$ /ru/ redirect;
        proxy_pass http://192.168.1.252:88/ru;
}

 

Link to comment

 

You can get your own domain. There is a free option but I cannot remember the name

 

I do have a domain I can use, I'll have to figure that out. I'm using a DuckDNS docker right now, will have to look into the CloudFlare docker and figure out how to use it for DDNS.

 

 

 

You can either use the subdomain method in a new server block, or if you're using the linuxserver version, you can make it use a base url. In the rutorrent config folder, edit the file nginx/nginx.conf and change the line "root /var/www/localhost/rutorrent;" to "root /var/www/localhost;" and restart.

Now you'll have to access it at the baseurl "rutorrent" and can set it up for reverse proxy with that

 

That worked perfectly even though I don't know what I'm doing at all!

 

This is a blind copy paste, I don't know what I'm doing here, but try this.

    location /ru {
        include /config/nginx/proxy.conf;
        rewrite ^/ru$ /ru/ redirect;
        proxy_pass http://192.168.1.252:88/ru;
}

 

Thanks for jumping in but the above code solved it!

Link to comment

Hey guys,

It just doesnt want to work for me. I forwarded port 443 to the Unraid machine in my router, I believe I entered everything correctly. I'm probably just being stupid, but I would really appreciate your help guys:

 

*** Running /etc/my_init.d/00_regen_ssh_host_keys.sh...
*** Running /etc/my_init.d/firstrun.sh...
Setting the correct time

Current default time zone: 'Europe/Berlin'
Local time is now: Mon Nov 7 19:18:27 CET 2016.
Universal Time is now: Mon Nov 7 18:18:27 UTC 2016.

Copying the default nginx.conf
Copying the default nginx-fpm.conf
Copying the default site config
Copying the default landing page
Copying the default jail.local
Copying default fail2ban filters
SUBDOMAINS entered, processing
Sub-domains processed are: -d www.XXXXXXXX.duckdns.org
Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
...+....................+...+...+...+...+...+........................................................................................+.........................................+.....................+........................+...+..............................................................................................+.................+...................................................................................................+...................................................................................+.......................................+...+...+.........................................................................+...........................+....................................................+......................................+...+.....+...+...+...+...+.............+...+.....................................................................+...+...............................................+...+..............+.....................................................................+..........................+.....................................................................+.................................................+.......................................................................+..................+...............................................................................................+...+.............................................+...................................................................+.......................................+...........................................................................................+..............................................................+...+.................................................................................................+..........+...................................................................+.......................................................+..............................................+.........................+....................................................+.....................................................................................+.....................................................................+...+.................................................................................................+........+...+...+...........................+.......+..........+...............................................+...+..........................................................................................+..............+...+............................................................................+.........................................+.......................+..............................+...+............................+...+..................................................................+...+.................................+...+...............................+......................................+................................................................................................+...........................+....+...................................+............................................................+......................................+..............................................+................................................................+....................................................+...........+...............+....................................+.....................................+.................+.......................+...+............................+...++*++*
DH parameters successfully created - 2048 bits
Generating new certificate
Upgrading certbot-auto 0.8.1 to 0.9.3...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
WARNING: The standalone specific supported challenges flag is deprecated.

Please use the --preferred-challenges flag instead.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for XXXXXXXX.duckdns.org
tls-sni-01 challenge for www.XXXXXXXX.duckdns.org
Waiting for verification...
Performing the following challenges:
tls-sni-01 challenge for XXXXXXXX.duckdns.org
tls-sni-01 challenge for www.XXXXXXXX.duckdns.org
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. XXXXXXXX.duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to XX.XXX.XXX.XXX:443 for TLS-SNI-01 challenge, www.XXXXXXXX.duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to XX.XXX.XXX.XXX:443 for TLS-SNI-01 challenge

IMPORTANT NOTES:
- If you lose your account credentials, you can recover through
e-mails sent to [email protected].
- The following errors were reported by the server:

Domain: XXXXXXXX.duckdns.org
Type: connection
Detail: Failed to connect to XX.XXX.XXX.XXX:443 for TLS-SNI-01

challenge

Domain: www.XXXXXXXX.duckdns.org
Type: connection
Detail: Failed to connect to XX.XXX.XXX.XXX:443 for TLS-SNI-01

challenge

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory
Error opening input file cert.pem

cert.pem: No such file or directory
* Starting nginx nginx
...fail!
* Starting authentication failure monitor fail2ban
ERROR No file(s) found for glob /config/log/nginx/error.log

ERROR Failed during configuration: Have not found any log file for nginx-http-auth jail

...fail!
*** Running /etc/rc.local...
*** Booting runit daemon...
*** Runit started as PID 326
Nov 7 19:20:11 934a18475510 syslog-ng[335]: syslog-ng starting up; version='3.5.3'

Link to comment

Hey guys,

It just doesnt want to work for me. I forwarded port 443 to the Unraid machine in my router, I believe I entered everything correctly. I'm probably just being stupid, but I would really appreciate your help guys:

 

*** Running /etc/my_init.d/00_regen_ssh_host_keys.sh...
*** Running /etc/my_init.d/firstrun.sh...
Setting the correct time

Current default time zone: 'Europe/Berlin'
Local time is now: Mon Nov 7 19:18:27 CET 2016.
Universal Time is now: Mon Nov 7 18:18:27 UTC 2016.

Copying the default nginx.conf
Copying the default nginx-fpm.conf
Copying the default site config
Copying the default landing page
Copying the default jail.local
Copying default fail2ban filters
SUBDOMAINS entered, processing
Sub-domains processed are: -d www.XXXXXXXX.duckdns.org
Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
...+....................+...+...+...+...+...+........................................................................................+.........................................+.....................+........................+...+..............................................................................................+.................+...................................................................................................+...................................................................................+.......................................+...+...+.........................................................................+...........................+....................................................+......................................+...+.....+...+...+...+...+.............+...+.....................................................................+...+...............................................+...+..............+.....................................................................+..........................+.....................................................................+.................................................+.......................................................................+..................+...............................................................................................+...+.............................................+...................................................................+.......................................+...........................................................................................+..............................................................+...+.................................................................................................+..........+...................................................................+.......................................................+..............................................+.........................+....................................................+.....................................................................................+.....................................................................+...+.................................................................................................+........+...+...+...........................+.......+..........+...............................................+...+..........................................................................................+..............+...+............................................................................+.........................................+.......................+..............................+...+............................+...+..................................................................+...+.................................+...+...............................+......................................+................................................................................................+...........................+....+...................................+............................................................+......................................+..............................................+................................................................+....................................................+...........+...............+....................................+.....................................+.................+.......................+...+............................+...++*++*
DH parameters successfully created - 2048 bits
Generating new certificate
Upgrading certbot-auto 0.8.1 to 0.9.3...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
WARNING: The standalone specific supported challenges flag is deprecated.

Please use the --preferred-challenges flag instead.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for XXXXXXXX.duckdns.org
tls-sni-01 challenge for www.XXXXXXXX.duckdns.org
Waiting for verification...
Performing the following challenges:
tls-sni-01 challenge for XXXXXXXX.duckdns.org
tls-sni-01 challenge for www.XXXXXXXX.duckdns.org
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. XXXXXXXX.duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to XX.XXX.XXX.XXX:443 for TLS-SNI-01 challenge, www.XXXXXXXX.duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to XX.XXX.XXX.XXX:443 for TLS-SNI-01 challenge

IMPORTANT NOTES:
- If you lose your account credentials, you can recover through
e-mails sent to [email protected].
- The following errors were reported by the server:

Domain: XXXXXXXX.duckdns.org
Type: connection
Detail: Failed to connect to XX.XXX.XXX.XXX:443 for TLS-SNI-01

challenge

Domain: www.XXXXXXXX.duckdns.org
Type: connection
Detail: Failed to connect to XX.XXX.XXX.XXX:443 for TLS-SNI-01

challenge

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory
Error opening input file cert.pem

cert.pem: No such file or directory
* Starting nginx nginx
...fail!
* Starting authentication failure monitor fail2ban
ERROR No file(s) found for glob /config/log/nginx/error.log

ERROR Failed during configuration: Have not found any log file for nginx-http-auth jail

...fail!
*** Running /etc/rc.local...
*** Booting runit daemon...
*** Runit started as PID 326
Nov 7 19:20:11 934a18475510 syslog-ng[335]: syslog-ng starting up; version='3.5.3'

What is your docker run command? (or you can post a screenshot of your container settings)

Link to comment

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="Nginx-letsencrypt" --net="bridge" --privileged="true" -e TZ="Europe/Berlin" -e HOST_OS="unRAID" -e "EMAIL"="[email protected]" -e "URL"="XXXXXXX.duckdns.org" -e "SUBDOMAINS"="www" -p 2132:80/tcp -p 443:443/tcp -v "/mnt/user/appdata/Nginx-letsencrypt":"/config":rw aptalca/nginx-letsencrypt

adb8d02c04a3c41e18866e7be435ed10dd33ed416c18ea7eab31f4a2f269ea41

Link to comment

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="Nginx-letsencrypt" --net="bridge" --privileged="true" -e TZ="Europe/Berlin" -e HOST_OS="unRAID" -e "EMAIL"="[email protected]" -e "URL"="XXXXXXX.duckdns.org" -e "SUBDOMAINS"="www" -p 2132:80/tcp -p 443:443/tcp -v "/mnt/user/appdata/Nginx-letsencrypt":"/config":rw aptalca/nginx-letsencrypt

adb8d02c04a3c41e18866e7be435ed10dd33ed416c18ea7eab31f4a2f269ea41

 

So you need to forward WAN port 80 to 2132 on Unraid.

Link to comment

OK, just to rule out silly problems, why don't you post a snippet of a screenshot with your port forwards.  No offence meant, just I'm the guy who spent 2 hours last night wrestling with TVheadend and minisatip before I realised I should have put it into host mode...

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.