October 4, 20169 yr Although that's a lot easier than hardening each containers webserver individually. The idea is you do all your SSL and security on the reverse proxy, then communicate to every other app that isn't hardened. I don't use nginx but Apache, it's very simple to add an app in general, once you understand how to do it, takes about five minutes. Some apps require setting a webroot though. Sent from my LG-H815 using Tapatalk
October 4, 20169 yr Although that's a lot easier than hardening each containers webserver individually. The idea is you do all your SSL and security on the reverse proxy, then communicate to every other app that isn't hardened. I don't use nginx but Apache, it's very simple to add an app in general, once you understand how to do it, takes about five minutes. Some apps require setting a webroot though. Sent from my LG-H815 using Tapatalk Hmmm... seems simple. I currently have Nginx set up like this Nginx --> nginx ---> site-confs ---> 'default' file --> www ---> root of Wordpress install So do I have to make a new site-confs file and make Nginx get it somehow...? I'm not a network guru, anybody help? Let's say I have a Nextcloud docker at port 9000, IP xx.xx.xx.xx. Any examples on how to configure it?
October 4, 20169 yr There's a nextcloud guide on the ls.io website, for Apache but some nextcloud side changes will apply to both. Sent from my LG-H815 using Tapatalk
October 4, 20169 yr There's a nextcloud guide on the ls.io website, for Apache but some nextcloud side changes will apply to both. Sent from my LG-H815 using Tapatalk Thanks... I've set up Nextcloud but now I'm stuck at the configuring it for reverse proxy. I have no idea how to point it towards the port. Maybe somebody with Nginx expertise can help me. CHBMB do you use Nginx as well? I understand if you only know Apache, just asking. Currently I made a backup of my default configuration just in case I screw up everything and trash my Wordpress as well. EDIT: Currently this is how I want it set up. Requests from (cloud.ideaman924.com) goes to Nextcloud, requests from (ideaman924.com or www.ideaman924.com) goes to Wordpress. Wordpress bit is done, but I'm having trouble with Nextcloud. I understand I need to make a new server{} block and mess around in there, but really, I'm about as dumb as a brick when it comes to networking stuff.
October 4, 20169 yr Read my first post, I don't use nginx Sent from my LG-H815 using Tapatalk OK CHBMB. Something's wrong... I did manage to set up reverse proxy and my Nextcloud is now live in cloud.ideaman924.com . Which is great. What's not so great is Chrome refusing to execute inline scripts: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-hlSW1HZGmKtDyIDU+HuibO0pPuKa/wQJaUWM+5ysR38='), or a nonce ('nonce-...') is required to enable inline execution. OK... Chrome... What? Funnily when I connect directly (xx.xx.xx.xx:9000), then Chrome shows a 'warning, ssl certificate invalid' error but runs the freaking inline script. I did set up Cloudflare but this shouldn't be relevant because the SSL settings are flexible. Any ideas? EDIT: I just figured it out... lol. Turns out that you need to modify config.php in Nextcloud directory. I didn't read the tutorial properly... EDIT2: Actually, that did nothing. I'm still stuck with the inline script not launching thing.
October 4, 20169 yr If anybody has the time, it would be nice to add Let's Encrypt support to the docker image so I can actually secure my website. Aptalca has a docker with Let's Encrypt build in. Take a look here for Nextcloud setup with Nginx: https://lime-technology.com/forum/index.php?topic=51466.0
October 5, 20169 yr If anybody has the time, it would be nice to add Let's Encrypt support to the docker image so I can actually secure my website. Aptalca has a docker with Let's Encrypt build in. Take a look here for Nextcloud setup with Nginx: https://lime-technology.com/forum/index.php?topic=51466.0 Thanks but I already have it set up nice and secure with the current Nginx from Linuxserver. Don't wanna switch base just for an SSL cert. Thanks for the NextCloud link, though!
December 13, 20169 yr I'm not sure, tbh, it's kind of been superceded by the letsencrypt version. Sent from my LG-H815 using Tapatalk
March 27, 20179 yr Is there a way to have crontabs remain past an update at all please, like the letsencrypt container. I've used this as a generic container for my web based apps, but am struggling with the cron getting wiped out. Thanks in advance.
March 27, 20179 yr 5 hours ago, local.bin said: Is there a way to have crontabs remain past an update at all please, like the letsencrypt container. I've used this as a generic container for my web based apps, but am struggling with the cron getting wiped out. Thanks in advance. I solved this for my Nextcloud docker with running a script via Community Applications Auto Update module. Info from http://tower/Settings/Settings/caHelp#autoupdate: /boot/config/plugins/ca.update.applications/scripts/starting/{nameOfContainer} This script will be executed whenever {nameOfContainer} has been updated This is in my Nextcloud docker auto update script in /boot/config/plugins/ca.update.applications/scripts/starting/nexctcloud #!/bin/bash grep -q -F 'nextcloud' /etc/crontabs/abc || echo '*/15 * * * * php -f /var/www/nextcloud/cron.php > /dev/null 2>&1' >> /etc/crontabs/abc Edited March 27, 20179 yr by ICDeadPpl
March 28, 20179 yr 20 hours ago, ICDeadPpl said: I solved this for my Nextcloud docker with running a script via Community Applications Auto Update module. Info from http://tower/Settings/Settings/caHelp#autoupdate: /boot/config/plugins/ca.update.applications/scripts/starting/{nameOfContainer} This script will be executed whenever {nameOfContainer} has been updated This is in my Nextcloud docker auto update script in /boot/config/plugins/ca.update.applications/scripts/starting/nexctcloud #!/bin/bash grep -q -F 'nextcloud' /etc/crontabs/abc || echo '*/15 * * * * php -f /var/www/nextcloud/cron.php > /dev/null 2>&1' >> /etc/crontabs/abc Thanks for the insight and option for me to try. I have added similar for my case and await an update to test it. I was hoping for the letsencrypt crontab functionality to be added, but hopefully this will do the job.
March 28, 20179 yr Is there a way to have crontabs remain past an update at all please, like the letsencrypt container. I've used this as a generic container for my web based apps, but am struggling with the cron getting wiped out. Thanks in advance.I'll look into it
March 28, 20179 yr 9 hours ago, aptalca said: I'll look into it Appreciated, thanks for taking a look.
March 30, 20179 yr On 3/27/2017 at 2:53 PM, ICDeadPpl said: This is in my Nextcloud docker auto update script in /boot/config/plugins/ca.update.applications/scripts/starting/nexctcloud #!/bin/bash grep -q -F 'nextcloud' /etc/crontabs/abc || echo '*/15 * * * * php -f /var/www/nextcloud/cron.php > /dev/null 2>&1' >> /etc/crontabs/abc OK, so my script ran according to the logs but only the nextcloud one worked. My other one failed for some reason. I think it was because in the grep command I only had piwik, rather than nginx-piwik. Just to clarify, your abc cron file, is that in addition to the root cron that exists in /etc/crontabs already? I presume so, so how do you get cron to see it as an additional cron? I have manually added abc cron file and restarted the cron service, but abc's commands do not get listed as current crons in crontab -l
March 30, 20179 yr 2 minutes ago, local.bin said: OK, so my script ran according to the logs but only the nextcloud one worked. My other one failed for some reason. I think it was because in the grep command I only had piwik, rather than nginx-piwik. Just to clarify, your abc cron file, is that in addition to the root cron that exists in /etc/crontabs already? I presume so, so how do you get cron to see it as an additional cron? I have manually added abc cron file and restarted the cron service, but abc's commands do not get listed as current crons in crontab -l To list the abc crontab, you have to use crontab -u abc -l root@nextcloud:/$ crontab -l */15 * * * * s6-setuidgid abc php7 -f /config/www/nextcloud/cron.php root@nextcloud:/$ crontab -u abc -l */16 * * * * php -f /var/www/nextcloud/cron.php > /dev/null 2>&1
March 30, 20179 yr 12 minutes ago, ICDeadPpl said: To list the abc crontab, you have to use crontab -u abc -l root@nextcloud:/$ crontab -l */15 * * * * s6-setuidgid abc php7 -f /config/www/nextcloud/cron.php root@nextcloud:/$ crontab -u abc -l */16 * * * * php -f /var/www/nextcloud/cron.php > /dev/null 2>&1 mmh, yes, thats what I was using too, but hadn't noticed a spurious hash in front of the command! Quote root@222cce405d7f:/$ # crontab -u abc -l Sorry about that Edited March 30, 20179 yr by local.bin clarification
April 8, 20179 yr On 27/03/2017 at 2:53 PM, ICDeadPpl said: I solved this for my Nextcloud docker with running a script via Community Applications Auto Update module. Info from http://tower/Settings/Settings/caHelp#autoupdate: /boot/config/plugins/ca.update.applications/scripts/starting/{nameOfContainer} This script will be executed whenever {nameOfContainer} has been updated This is in my Nextcloud docker auto update script in /boot/config/plugins/ca.update.applications/scripts/starting/nexctcloud #!/bin/bash grep -q -F 'nextcloud' /etc/crontabs/abc || echo '*/15 * * * * php -f /var/www/nextcloud/cron.php > /dev/null 2>&1' >> /etc/crontabs/abc Could you clarify if you have anything else done to get this working, as it doesn't recreate the abc crontab file for me. The command works fine in isolation and works great when I manually enter the same details in the abc crontab file myself. It wont though create the file itself on container update. I am trying to track down which logs I might find some information as to why at the moment.
April 8, 20179 yr 30 minutes ago, local.bin said: Could you clarify if you have anything else done to get this working, as it doesn't recreate the abc crontab file for me. The command works fine in isolation and works great when I manually enter the same details in the abc crontab file myself. It wont though create the file itself on container update. I am trying to track down which logs I might find some information as to why at the moment. Sorry, I missed a step or two in my explanation. Here's more detailed instructions. I have made a script in the /config directory of my docker (host path: /mnt/cache/apps/nextcloud) called install-stuff.sh which contains this: #!/bin/bash grep -q -F 'nextcloud' /etc/crontabs/abc || echo '*/16 * * * * php -f /var/www/nextcloud/cron.php > /dev/null 2>&1' >> /etc/crontabs/abc You can add more packages and stuff in that script, if needed. Just check what package manager the docker uses, apt, apk and so on. I have that script run every time the docker updates with the following in my /boot/config/plugins/ca.update.applications/scripts/starting/nexctcloud file: docker exec -t nextcloud /config/install-stuff.sh Just make sure that the install-stuff.sh has execution rights:. # From unRAID shell ls -l /mnt/cache/apps/nextcloud/install-stuff.sh # Result should look something like this: -rwxrwxrwx 1 nobody users 153 Mar 19 08:48 /mnt/cache/apps/nextcloud/install-stuff.sh* # If not, the run this: chmod 777 /mnt/cache/apps/nextcloud/install-stuff.sh or # From inside the docker shell root@nextcloud:/$ ls -l /config/install-stuff.sh # Result should look something like this: -rwxrwxrwx 1 abc abc 153 Mar 19 08:48 /config/install-stuff.sh # If not, the run this: chmod 777 /config/install-stuff.sh Hope this helps!
April 13, 20179 yr On 08/04/2017 at 11:53 AM, ICDeadPpl said: Sorry, I missed a step or two in my explanation. Here's more detailed instructions. .... Hope this helps! Thanks, I had a feeling it was a little more involved Haven't had a chance to take a look yet, but will do hopefully over the weekend.
April 30, 20179 yr I installed this docker last night and got the following errors. It mentions www.dlink.com but I don't run dlink routers. I do have some dlink webcams that are exposed to the intraweb via the dlink myhome software but there is no port forwarding of 443 required for that. I'm wondering if letsencrypt is hanging onto a previous cert tied to the IP my domain has at the moment. [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... 2048 bit DH parameters present SUBDOMAINS entered, processing Sub-domains processed are: -d www.<mydomain> Generating new certificate WARNING: The standalone specific supported challenges flag is deprecated. Please use the --preferred-challenges flag instead. Saving debug log to /var/log/letsencrypt/letsencrypt.log Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for www.dlink.com tls-sni-01 challenge for <mydomain> /usr/lib/python2.7/site-packages/OpenSSL/rand.py:58: UserWarning: implicit cast from 'char *' to a different pointer type: will be forbidden in the future (check that the types are as you expect; use an explicit ffi.cast() if they are correct) result_code = _lib.RAND_bytes(result_buffer, num_bytes) Waiting for verification... Cleaning up challenges Failed authorization procedure. <mydomain> (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested aec5e3e7f34dde8c7cce57e6d1771dc1.81ab33f90fa1bed9df091e4aa8ed108d.acme.invalid from <myip>:443. Received 1 certificate(s), first certificate had names "www.dlink.com", <mydomain> (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 8fffff13a46234f55f4bdcdb7b5e7b07.19a22a976cb3972071f41176337ae159.acme.invalid from <myip>:443. Received 1 certificate(s), first certificate had names "www.dlink.com" IMPORTANT NOTES: - The following errors were reported by the server: Domain: <mydomain> Type: unauthorized Detail: Incorrect validation certificate for tls-sni-01 challenge. Requested aec5e3e7f34dde8c7cce57e6d1771dc1.81ab33f90fa1bed9df091e4aa8ed108d.acme.invalid from <myip>:443. Received 1 certificate(s), first certificate had names "www.dlink.com" Domain: <mydomain> Type: unauthorized Detail: Incorrect validation certificate for tls-sni-01 challenge. Requested 8fffff13a46234f55f4bdcdb7b5e7b07.19a22a976cb3972071f41176337ae159.acme.invalid from <myip>:443. Received 1 certificate(s), first certificate had names "www.dlink.com" To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. /var/run/s6/etc/cont-init.d/50-config: line 108: cd: /config/keys/letsencrypt: No such file or directory [cont-init.d] 50-config: exited 1. [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] syncing disks. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting.
April 30, 20179 yr This is the thread for nginx, not letsencrypt Regarding the issue, it is likely due to incorrect forwarding of your domain. Make sure the A record is correct.
June 17, 20179 yr Is this Nginx docker still being supported/updated? The LS hub.docker.com page shows it was last updated June 6th 2017, but the unRAID CA page shows it was last updated December 5, 2015. I already have wild card certs for my domains, so I do not need LetsEncrypt. I just need an Nginx proxy for my other dockers. Thanks for ALL the great work and support from the LinuxServer.io team! buzz
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.