[Request/Done] Let's Encrypt Container


rix

Recommended Posts

I am using this with duckdns.org and it works.

From memory you need to put your subdomain into the domain field and leave subdomain blank.

(exactly because you don't own duckdns.org)

 

xxxxx.duckdns.org

 

I am at work at the moment but I can check my config when I get home tonight.

That's right. The url should be the top domain that you want to get certs for (and you can verify ownership of) For duckdns, that would be yoursubdomain.duckdns.org and you can add other (sub)-subdomains like www.yoursubdomain.duckdns.org and ftp.yoursubdomain.duckdns.org to that cert

 

Link to comment

I have got reverse proxy to work, but rutorrent page looks strange? it' the same on other as well, but sabnzbd is OK.

 

my settings for rutorrent

 

 location /rutorrent {
                auth_basic "Restricted";
                auth_basic_user_file /config/nginx/.htpasswd;
                proxy_set_header Authorization "Basic zyz1230";
                rewrite ^/rutorrent(/.*)$ $1 break;
                include /config/nginx/proxy.conf;
                proxy_pass http://192.168.0.190:9080/;
                }

screen1.PNG.9dc23d19256ffc64bc6bbf6262317bc1.PNG

Link to comment
  • 2 weeks later...

I'd like to expose an endpoint of my node red container to the internet whilst protecting the rest of the endpoints:

 

1) I have a dynamic dns setup: xxxxx.duckdns.org and have successfully generated a cert and tested it

 

2) in my default file, I have added:

	location /echo {
        proxy_pass http://192.168.1.22:1880/ui;
}
}

and restarted...

3) If I go to https://xxxx.duckdns.org/echo the url changes in the browser to https://xxxx.duckdns.org/ui but that page is not shown - ie just the default landing page is shown

 

 

any ideas?

Link to comment

I'd like to expose an endpoint of my node red container to the internet whilst protecting the rest of the endpoints:

 

1) I have a dynamic dns setup: xxxxx.duckdns.org and have successfully generated a cert and tested it

 

2) in my default file, I have added:

	location /echo {
        proxy_pass http://192.168.1.22:1880/ui;
}
}

and restarted...

3) If I go to https://xxxx.duckdns.org/echo the url changes in the browser to https://xxxx.duckdns.org/ui but that page is not shown - ie just the default landing page is shown

 

 

any ideas?

 

Try changing it to the following and see if it works:

 

	location /ui {
        proxy_pass http://192.168.1.22:1880/ui;
}
}

 

Some app UIs are weird where they try to force forward to their specific url prefix. I had an issue when I tried to forward sab prefix to sabnzbd where some of the pages would not work due to the app force forwarding to sabnzbd. Once I switched it so it forwards sabnzbd to sabnzbd all issues went away

 

Based on the info here http://nodered.org/docs/configuration it seems there is a setting called httpRoot that will let you change the root url so you might be able to change it to echo instead of ui

 

Link to comment

@ Aptalca,  Having and issue starting this docker.  I've read through this entire thread and haven't been able to find any similar issues.  I have TCP 443 forwarded from my WAN interface to unraid IP TCP 443.  I know that forwarding works because if I start the owncloud docker provided by linuxserver.io listening on TCP 443, I can access from an external PC.  Here's the error and screen shot.  Any help is appreciated.  Thanks

 

"This line is making me think, but I don't see how to register on the LE website.  "You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags"

 

DH parameters successfully created - 2048 bits

Generating new certificate

You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags

/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory

Error opening input file cert.pem

 

cert.pem: No such file or directory

You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags

/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory

Error opening input file cert.pem

 

cert.pem: No such file or directory

* Starting nginx nginx

...fail!

* Starting authentication failure monitor fail2ban

ERROR No file(s) found for glob /config/log/nginx/error.log

 

ERROR Failed during configuration: Have not found any log file for nginx-http-auth jail

 

...fail!

*** Running /etc/rc.local...

*** Booting runit daemon...

*** Runit started as PID 136

Aug 24 13:17:42 55052ec99626 syslog-ng[143]: syslog-ng starting up; version='3.5.3'

lets_encrypt_error.jpg.6c39c65efee9903a59a1d7ff78125c83.jpg

Link to comment

Trying to set up reverse proxy as Aptalca showed on page 5 of this thread. The following code works for location /, but returns a 404 error for location /next  (for LSIO's NextCloud). If I paste https://192.168.8.183:843 into a browser, I get the NextCloud login screen.  But when I go to www.kamhighway.com/next I get 404.

 

What am I missing?

 

server {
listen 80 default_server;

listen 443 ssl;

root /config/www;
index index.html index.htm index.php;

server_name .kamhighway.com ;

ssl_certificate /config/keys/fullchain.pem;
ssl_certificate_key /config/keys/privkey.pem;
ssl_dhparam /config/nginx/dhparams.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;

client_max_body_size 0;

location / {
	try_files $uri $uri/ /index.html /index.php?$args =404;
}
location /next {
            include /config/nginx/proxy.conf;
            proxy_pass https://192.168.8.183:843;
}

}

Link to comment

@ Aptalca,  Having and issue starting this docker.  I've read through this entire thread and haven't been able to find any similar issues.  I have TCP 443 forwarded from my WAN interface to unraid IP TCP 443.  I know that forwarding works because if I start the owncloud docker provided by linuxserver.io listening on TCP 443, I can access from an external PC.  Here's the error and screen shot.  Any help is appreciated.  Thanks

 

"This line is making me think, but I don't see how to register on the LE website.  "You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags"

 

DH parameters successfully created - 2048 bits

Generating new certificate

You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags

/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory

Error opening input file cert.pem

 

cert.pem: No such file or directory

You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags

/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory

Error opening input file cert.pem

 

cert.pem: No such file or directory

* Starting nginx nginx

...fail!

* Starting authentication failure monitor fail2ban

ERROR No file(s) found for glob /config/log/nginx/error.log

 

ERROR Failed during configuration: Have not found any log file for nginx-http-auth jail

 

...fail!

*** Running /etc/rc.local...

*** Booting runit daemon...

*** Runit started as PID 136

Aug 24 13:17:42 55052ec99626 syslog-ng[143]: syslog-ng starting up; version='3.5.3'

Hmm. Agree-to's and email should be provided. I'll look into it

Link to comment

Trying to set up reverse proxy as Aptalca showed on page 5 of this thread. The following code works for location /, but returns a 404 error for location /next  (for LSIO's NextCloud). If I paste https://192.168.8.183:843 into a browser, I get the NextCloud login screen.  But when I go to www.kamhighway.com/next I get 404.

 

What am I missing?

 

server {
listen 80 default_server;

listen 443 ssl;

root /config/www;
index index.html index.htm index.php;

server_name .kamhighway.com ;

ssl_certificate /config/keys/fullchain.pem;
ssl_certificate_key /config/keys/privkey.pem;
ssl_dhparam /config/nginx/dhparams.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;

client_max_body_size 0;

location / {
	try_files $uri $uri/ /index.html /index.php?$args =404;
}
location /next {
            include /config/nginx/proxy.conf;
            proxy_pass https://192.168.8.183:843;
}

}

 

Yup - I'm working on the exact same issue right now.

Link to comment

@ Aptalca,  Having and issue starting this docker.  I've read through this entire thread and haven't been able to find any similar issues.  I have TCP 443 forwarded from my WAN interface to unraid IP TCP 443.  I know that forwarding works because if I start the owncloud docker provided by linuxserver.io listening on TCP 443, I can access from an external PC.  Here's the error and screen shot.  Any help is appreciated.  Thanks

 

"This line is making me think, but I don't see how to register on the LE website.  "You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags"

 

DH parameters successfully created - 2048 bits

Generating new certificate

You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags

/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory

Error opening input file cert.pem

 

cert.pem: No such file or directory

You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags

/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory

Error opening input file cert.pem

 

cert.pem: No such file or directory

* Starting nginx nginx

...fail!

* Starting authentication failure monitor fail2ban

ERROR No file(s) found for glob /config/log/nginx/error.log

 

ERROR Failed during configuration: Have not found any log file for nginx-http-auth jail

 

...fail!

*** Running /etc/rc.local...

*** Booting runit daemon...

*** Runit started as PID 136

Aug 24 13:17:42 55052ec99626 syslog-ng[143]: syslog-ng starting up; version='3.5.3'

+ Attachments and other options

shortcuts: hit alt+s to submit/post or alt+p to preview

 

Hmm. Agree-to's and email should be provided. I'll look into it

 

 

Thanks Aptalca,  let me know when I can test of how I can help

Link to comment

@ Aptalca,  Having and issue starting this docker.  I've read through this entire thread and haven't been able to find any similar issues.  I have TCP 443 forwarded from my WAN interface to unraid IP TCP 443.  I know that forwarding works because if I start the owncloud docker provided by linuxserver.io listening on TCP 443, I can access from an external PC.  Here's the error and screen shot.  Any help is appreciated.  Thanks

 

"This line is making me think, but I don't see how to register on the LE website.  "You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags"

 

DH parameters successfully created - 2048 bits

Generating new certificate

You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags

/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory

Error opening input file cert.pem

 

cert.pem: No such file or directory

You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags

/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory

Error opening input file cert.pem

 

cert.pem: No such file or directory

* Starting nginx nginx

...fail!

* Starting authentication failure monitor fail2ban

ERROR No file(s) found for glob /config/log/nginx/error.log

 

ERROR Failed during configuration: Have not found any log file for nginx-http-auth jail

 

...fail!

*** Running /etc/rc.local...

*** Booting runit daemon...

*** Runit started as PID 136

Aug 24 13:17:42 55052ec99626 syslog-ng[143]: syslog-ng starting up; version='3.5.3'

 

Just tested it with a brand new url, brand new e-mail address, new config folder etc. and it worked just fine.

 

Only thing I can think of is, does your e-mail address contain any weird characters?

Link to comment

Trying to set this up and it all makes sense but I don't know what the default username/password is when trying to access my site. Do I need to add a .htpasswd file into one of the directories?

 

I can see from reverse proxy config on page 5 aptalca has this stored here /config/nginx/.htpasswd; ?? My /config directory maps to /mnt/cache/appdata/nginx and I have tried creating the .htpasswd file in here but it didn't help.

 

Also can I add more sub domains to the environment variables after the initial creation? In case I need to add more sites

 

Thanks for the help!

Link to comment

Trying to set this up and it all makes sense but I don't know what the default username/password is when trying to access my site. Do I need to add a .htpasswd file into one of the directories?

 

I can see from reverse proxy config on page 5 aptalca has this stored here /config/nginx/.htpasswd; ?? My /config directory maps to /mnt/cache/appdata/nginx and I have tried creating the .htpasswd file in here but it didn't help.

 

Also can I add more sub domains to the environment variables after the initial creation? In case I need to add more sites

 

Thanks for the help!

There is no default password. If you want to use one, you have to create the .htpasswd file yourself and add the reference to the site config. Plenty of guides online telling you how to do it.

 

Edit the container settings and add as many subdomains as you like. Comma separated, no spaces. Keep in mind that every time you change the subdomains, the container will revoke the old cert and get a new one. If you do it too many times, letsencrypt will block/throttle your requests for some time.

Link to comment

@ Aptalca,  Having and issue starting this docker.  I've read through this entire thread and haven't been able to find any similar issues.  I have TCP 443 forwarded from my WAN interface to unraid IP TCP 443.  I know that forwarding works because if I start the owncloud docker provided by linuxserver.io listening on TCP 443, I can access from an external PC.  Here's the error and screen shot.  Any help is appreciated.  Thanks

 

"This line is making me think, but I don't see how to register on the LE website.  "You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags"

 

DH parameters successfully created - 2048 bits

Generating new certificate

You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags

/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory

Error opening input file cert.pem

 

cert.pem: No such file or directory

You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags

/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory

Error opening input file cert.pem

 

cert.pem: No such file or directory

* Starting nginx nginx

...fail!

* Starting authentication failure monitor fail2ban

ERROR No file(s) found for glob /config/log/nginx/error.log

 

ERROR Failed during configuration: Have not found any log file for nginx-http-auth jail

 

...fail!

*** Running /etc/rc.local...

*** Booting runit daemon...

*** Runit started as PID 136

Aug 24 13:17:42 55052ec99626 syslog-ng[143]: syslog-ng starting up; version='3.5.3'

Hmm. Agree-to's and email should be provided. I'll look into it

@ Aptalca,  Having and issue starting this docker.  I've read through this entire thread and haven't been able to find any similar issues.  I have TCP 443 forwarded from my WAN interface to unraid IP TCP 443.  I know that forwarding works because if I start the owncloud docker provided by linuxserver.io listening on TCP 443, I can access from an external PC.  Here's the error and screen shot.  Any help is appreciated.  Thanks

 

"This line is making me think, but I don't see how to register on the LE website.  "You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags"

 

DH parameters successfully created - 2048 bits

Generating new certificate

You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags

/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory

Error opening input file cert.pem

 

cert.pem: No such file or directory

You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags

/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory

Error opening input file cert.pem

 

cert.pem: No such file or directory

* Starting nginx nginx

...fail!

* Starting authentication failure monitor fail2ban

ERROR No file(s) found for glob /config/log/nginx/error.log

 

ERROR Failed during configuration: Have not found any log file for nginx-http-auth jail

 

...fail!

*** Running /etc/rc.local...

*** Booting runit daemon...

*** Runit started as PID 136

Aug 24 13:17:42 55052ec99626 syslog-ng[143]: syslog-ng starting up; version='3.5.3'

Hmm. Agree-to's and email should be provided. I'll look into it

 

I know the issue, just not sure how to correct.  my domain is registered with godaddy which does not support DDNS.  I have created CNAME records on godaddy DNS and pointed my sub domains to my duckdns.org domain. (xyz.duckdns.org).  so...  owncloud.mygodaddydomain.com is aliased to xyz.duckdns.org which resolves to my WAN IP.  This works perfectly for any sub domain of mygodaddydomain.com.  however  the root "@" record for "mygodaddydomain.com" is assigned to godaddy IP.  because of this I cannot authenticate mygodaddydomain.com but I could authenticate owncloud.mygodaddydomain.com.

 

any Ideas how to get around it?  does anyone know how to use ddns with godaddy?

 

here's one solution, I just don't want to mess with my google apps subdomain that are registered configured with my domain.

https://saschpe.wordpress.com/2013/11/12/godaddy-dyndns-for-the-poor/

Link to comment

@ Aptalca,  Having and issue starting this docker.  I've read through this entire thread and haven't been able to find any similar issues.  I have TCP 443 forwarded from my WAN interface to unraid IP TCP 443.  I know that forwarding works because if I start the owncloud docker provided by linuxserver.io listening on TCP 443, I can access from an external PC.  Here's the error and screen shot.  Any help is appreciated.  Thanks

 

"This line is making me think, but I don't see how to register on the LE website.  "You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags"

 

DH parameters successfully created - 2048 bits

Generating new certificate

You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags

/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory

Error opening input file cert.pem

 

cert.pem: No such file or directory

You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags

/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory

Error opening input file cert.pem

 

cert.pem: No such file or directory

* Starting nginx nginx

...fail!

* Starting authentication failure monitor fail2ban

ERROR No file(s) found for glob /config/log/nginx/error.log

 

ERROR Failed during configuration: Have not found any log file for nginx-http-auth jail

 

...fail!

*** Running /etc/rc.local...

*** Booting runit daemon...

*** Runit started as PID 136

Aug 24 13:17:42 55052ec99626 syslog-ng[143]: syslog-ng starting up; version='3.5.3'

Hmm. Agree-to's and email should be provided. I'll look into it

@ Aptalca,  Having and issue starting this docker.  I've read through this entire thread and haven't been able to find any similar issues.  I have TCP 443 forwarded from my WAN interface to unraid IP TCP 443.  I know that forwarding works because if I start the owncloud docker provided by linuxserver.io listening on TCP 443, I can access from an external PC.  Here's the error and screen shot.  Any help is appreciated.  Thanks

 

"This line is making me think, but I don't see how to register on the LE website.  "You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags"

 

DH parameters successfully created - 2048 bits

Generating new certificate

You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags

/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory

Error opening input file cert.pem

 

cert.pem: No such file or directory

You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags

/etc/my_init.d/firstrun.sh: line 138: cd: /config/keys: No such file or directory

Error opening input file cert.pem

 

cert.pem: No such file or directory

* Starting nginx nginx

...fail!

* Starting authentication failure monitor fail2ban

ERROR No file(s) found for glob /config/log/nginx/error.log

 

ERROR Failed during configuration: Have not found any log file for nginx-http-auth jail

 

...fail!

*** Running /etc/rc.local...

*** Booting runit daemon...

*** Runit started as PID 136

Aug 24 13:17:42 55052ec99626 syslog-ng[143]: syslog-ng starting up; version='3.5.3'

Hmm. Agree-to's and email should be provided. I'll look into it

 

I know the issue, just not sure how to correct.  my domain is registered with godaddy which does not support DDNS.  I have created CNAME records on godaddy DNS and pointed my sub domains to my duckdns.org domain. (xyz.duckdns.org).  so...  owncloud.mygodaddydomain.com is aliased to xyz.duckdns.org which resolves to my WAN IP.  This works perfectly for any sub domain of mygodaddydomain.com.  however  the root "@" record for "mygodaddydomain.com" is assigned to godaddy IP.  because of this I cannot authenticate mygodaddydomain.com but I could authenticate owncloud.mygodaddydomain.com.

 

any Ideas how to get around it?  does anyone know how to use ddns with godaddy?

 

here's one solution, I just don't want to mess with my google apps subdomain that are registered configured with my domain.

https://saschpe.wordpress.com/2013/11/12/godaddy-dyndns-for-the-poor/

Use the option for subdomains only. It is detailed on the docker hub page

Link to comment

First off thanks for the docker and help so far Aptalca.  I know when I get this working it'll be golden!  So I've made a lot of progress.  My cert issue is resolved and I've moved on to the proxy.  I got the proxy to work with the code below.  I the edited it creating a new server section for each subdomain.  at the same time I edited the allowed "ssl_ciphers" to basically remove support for old browsers etc...  There was a post in this thread that I followed.  anyhow after modifying the ciphers nginx won't start.  simply says "FAIL".  so I restored the original unmodified default file in ./ngix/site-confs but nginx still won't start.  so two questions....

 

1. where is more detailed logging?  I can't find anything in the appdata dir or inside the container.

2. any idea what I need to repair / replace / edit to get it working again.  I don't want to remove and start over for fear let'sEncrpty will blacklist me.

 

thanks

 

server {
        listen 443 ssl;

        server_name movies.mydomain.com;

        ssl_certificate /config/keys/fullchain.pem;
        ssl_certificate_key /config/keys/privkey.pem;
        ssl_dhparam /config/nginx/dhparams.pem;
        ssl_prefer_server_ciphers on;

        client_max_body_size 0;

        location / {
                proxy_pass http://192.168.XXX.XXX:5050;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_connect_timeout 150;
                proxy_send_timeout 100;
                proxy_read_timeout 100;
                proxy_buffers 4 32k;
                client_max_body_size 8m;
                client_body_buffer_size 128k;
        }
}

Link to comment

First off thanks for the docker and help so far Aptalca.  I know when I get this working it'll be golden!  So I've made a lot of progress.  My cert issue is resolved and I've moved on to the proxy.  I got the proxy to work with the code below.  I the edited it creating a new server section for each subdomain.  at the same time I edited the allowed "ssl_ciphers" to basically remove support for old browsers etc...  There was a post in this thread that I followed.  anyhow after modifying the ciphers nginx won't start.  simply says "FAIL".  so I restored the original unmodified default file in ./ngix/site-confs but nginx still won't start.  so two questions....

 

1. where is more detailed logging?  I can't find anything in the appdata dir or inside the container.

2. any idea what I need to repair / replace / edit to get it working again.  I don't want to remove and start over for fear let'sEncrpty will blacklist me.

 

thanks

 

server {
        listen 443 ssl;

        server_name movies.mydomain.com;

        ssl_certificate /config/keys/fullchain.pem;
        ssl_certificate_key /config/keys/privkey.pem;
        ssl_dhparam /config/nginx/dhparams.pem;
        ssl_prefer_server_ciphers on;

        client_max_body_size 0;

        location / {
                proxy_pass http://192.168.XXX.XXX:5050;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_connect_timeout 150;
                proxy_send_timeout 100;
                proxy_read_timeout 100;
                proxy_buffers 4 32k;
                client_max_body_size 8m;
                client_body_buffer_size 128k;
        }
}

 

Ok so I found the issue.  hopefully this will help others.  I was saving copies of ./ngnix/sites-confs/default file in the same directory.  you can't do this.  any file in that directory will be read by ngnix.conf  because of this line...  " include /config/nginx/site-confs/*;"

 

so I removed all files except for "default" to a different directory in ./ngnix/config_backups.  restarted, and all worked.

 

OM!%^&$#$G!!!  sometimes computers really piss me off >:(

 

I though I was doing a good thing by making a copy before editing.

Link to comment

First off thanks for the docker and help so far Aptalca.  I know when I get this working it'll be golden!  So I've made a lot of progress.  My cert issue is resolved and I've moved on to the proxy.  I got the proxy to work with the code below.  I the edited it creating a new server section for each subdomain.  at the same time I edited the allowed "ssl_ciphers" to basically remove support for old browsers etc...  There was a post in this thread that I followed.  anyhow after modifying the ciphers nginx won't start.  simply says "FAIL".  so I restored the original unmodified default file in ./ngix/site-confs but nginx still won't start.  so two questions....

 

1. where is more detailed logging?  I can't find anything in the appdata dir or inside the container.

2. any idea what I need to repair / replace / edit to get it working again.  I don't want to remove and start over for fear let'sEncrpty will blacklist me.

 

thanks

 

server {
        listen 443 ssl;

        server_name movies.mydomain.com;

        ssl_certificate /config/keys/fullchain.pem;
        ssl_certificate_key /config/keys/privkey.pem;
        ssl_dhparam /config/nginx/dhparams.pem;
        ssl_prefer_server_ciphers on;

        client_max_body_size 0;

        location / {
                proxy_pass http://192.168.XXX.XXX:5050;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_connect_timeout 150;
                proxy_send_timeout 100;
                proxy_read_timeout 100;
                proxy_buffers 4 32k;
                client_max_body_size 8m;
                client_body_buffer_size 128k;
        }
}

 

Ok so I found the issue.  hopefully this will help others.  I was saving copies of ./ngnix/sites-confs/default file in the same directory.  you can't do this.  any file in that directory will be read by ngnix.conf  because of this line...  " include /config/nginx/site-confs/*;"

 

so I removed all files except for "default" to a different directory in ./ngnix/config_backups.  restarted, and all worked.

 

OM!%^&$#$G!!!  sometimes computers really piss me off >:(

 

I though I was doing a good thing by making a copy before editing.

 

 

Ahhh! Thanks!!!, have been troubleshooting the exact same problem and this resolved it.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.