[Support] binhex - DelugeVPN


8745 posts in this topic Last Reply

Recommended Posts

Looks like to change to a specific version you add the version you want in the Repository line - i.e. binhex/arch-delugevpn:1.3.14-1-05

 

It works if I go back to 1.3.14-1-05 but after that it doesn't.  I think I'll stay on this version for now, until I see the VPN place make a new cert.

Link to post
  • Replies 8.7k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

OK guys, multi remote endpoint support is now in for this image please pull down the new image (this change will be rolled out to all my vpn images shortly).   What this means is that the im

There has been an issue raised on GitHub related to tracker announce request IP leakage under certain circumstances, after careful review of iptables i have tightened up the rules to prevent this. A n

I wanted to summarize how I got Mullvad working with DelugeVPN as I had to piece together several "solutions" from different comments in this thread and there was some incorrect info; likely old.

Posted Images

18 hours ago, binhex said:

@roland switch on debug, see here for instructions:- 

 

I did, but it turns out for this docker the variable needs to be set to true not yes.

 

Anyway, I get debug now and I have the same error as @danith above.

I can follow his workaround and revert back to an old version but that seems a bad idea especially for this kind of docker.

 

Wed May 17 21:33:07 2017 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=CH, ST=ZH, O=Monzoon Networks AG, OU=OpenVPN server, CN=server, emailAddress=operations@monzoon.net
Wed May 17 21:33:07 2017 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Wed May 17 21:33:07 2017 TLS_ERROR: BIO read tls_read_plaintext error
Wed May 17 21:33:07 2017 TLS Error: TLS object -> incoming plaintext read error
Wed May 17 21:33:07 2017 TLS Error: TLS handshake failed
Wed May 17 21:33:07 2017 Fatal TLS error (check_tls_errors_co), restarting
Wed May 17 21:33:07 2017 SIGUSR1[soft,tls-error] received, process restarting
Wed May 17 21:38:07 2017 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Wed May 17 21:38:07 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed May 17 21:38:07 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]80.254.79.101:443
Wed May 17 21:38:07 2017 Attempting to establish TCP connection with [AF_INET]80.254.79.101:443 [nonblock]
Wed May 17 21:38:08 2017 TCP connection established with [AF_INET]80.254.79.101:443
Wed May 17 21:38:08 2017 TCP_CLIENT link local: (not bound)
Wed May 17 21:38:08 2017 TCP_CLIENT link remote: [AF_INET]80.254.79.101:443

 

I downloaded a new ovpn and ca.crt file from the provider but it did not change anything.

Any other ideas?

 

I will contact the VPN provider as well to get some update from them.

 

Thanks!

Link to post
21 minutes ago, roland said:

I downloaded a new ovpn and ca.crt file from the provider but it did not change anything.

Any other ideas?

 

I will contact the VPN provider as well to get some update from them.

 

nothing that can be done by yourself or me, this is purely down to your provider, in short their certs are using a weak cipher and thus openssl ver 1.1.x is telling you so, if they dont seem bothered then i would move provider, not sure i would be overly happy continuing with a provider who doesnt taken security seriously, esp seeing that is the whole aim of using a vpn tunnel in the first place, but thats completely your call.

Edited by binhex
Link to post
11 minutes ago, binhex said:

if they dont seem bothered then i would move provider

 

totally agree with you.

I have just sent a request to them, depending on the answer I will decide what to do next.

Thanks for your help

 

Link to post

I'm having a similar issue to roland (in regards to not being able to access the gui), however my vpn provider's certs don't seem to be the issue.

 

These are my debug logs (I went back to a previous version of deluge, and also attempted a fresh install with new configs, all to no avail)

 

2017-05-17 09:29:00.893048 [info] Starting Supervisor...
2017-05-17 09:29:01,439 CRIT Set uid to user 0
2017-05-17 09:29:01,439 INFO Included extra file "/etc/supervisor/conf.d/delugevpn.conf" during parsing
2017-05-17 09:29:01,444 INFO supervisord started with pid 7
2017-05-17 09:29:02,446 INFO spawned: 'start-script' with pid 112
2017-05-17 09:29:02,447 INFO spawned: 'deluge-script' with pid 113
2017-05-17 09:29:02,449 INFO spawned: 'deluge-web-script' with pid 114
2017-05-17 09:29:02,450 INFO spawned: 'privoxy-script' with pid 115
2017-05-17 09:29:02,459 DEBG 'start-script' stdout output:
[info] VPN is enabled, beginning configuration of VPN

2017-05-17 09:29:02,459 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2017-05-17 09:29:02,459 INFO success: deluge-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2017-05-17 09:29:02,460 INFO success: deluge-web-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2017-05-17 09:29:02,460 INFO success: privoxy-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2017-05-17 09:29:02,461 DEBG 'deluge-script' stdout output:
[info] Deluge config file already exists, skipping copy

2017-05-17 09:29:02,462 DEBG 'deluge-script' stdout output:
[info] VPN is enabled, checking VPN tunnel local ip is valid

2017-05-17 09:29:02,462 DEBG 'deluge-script' stdout output:
[debug] Waiting for valid IP address from tunnel...

2017-05-17 09:29:02,465 DEBG 'privoxy-script' stdout output:
[info] Privoxy set to disabled

2017-05-17 09:29:02,466 DEBG fd 26 closed, stopped monitoring <POutputDispatcher at 47283889609760 for <Subprocess at 47283888881536 with name privoxy-script in state RUNNING> (stderr)>
2017-05-17 09:29:02,466 DEBG fd 22 closed, stopped monitoring <POutputDispatcher at 47283889610048 for <Subprocess at 47283888881536 with name privoxy-script in state RUNNING> (stdout)>
2017-05-17 09:29:02,466 INFO exited: privoxy-script (exit status 0; expected)
2017-05-17 09:29:02,467 DEBG received SIGCLD indicating a child quit
2017-05-17 09:29:02,473 DEBG 'start-script' stdout output:
[info] VPN default certs defined, copying to /config/openvpn/...

2017-05-17 09:29:02,479 DEBG 'start-script' stdout output:
[debug] Environment variables defined as follows
BASH=/bin/bash
BASHOPTS=cmdhist:complete_fullquote:extquote:force_fignore:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath
BASH_ALIASES=()
BASH_ARGC=()
BASH_ARGV=()
BASH_CMDS=()
BASH_LINENO=([0]="0")
BASH_SOURCE=([0]="/root/start.sh")
BASH_VERSINFO=([0]="4" [1]="4" [2]="12" [3]="1" [4]="release" [5]="x86_64-unknown-linux-gnu")
BASH_VERSION='4.4.12(1)-release'
DEBUG=true
DIRSTACK=()
ENABLE_PRIVOXY=on
EUID=0

)
HOME=/home/nobody
HOSTNAME=7b5d6c862ffe
HOSTTYPE=x86_64
HOST_OS=unRAID
IFS=$' \t\n'
LANG=en_GB.UTF-8
LAN_NETWORK=192.168.1.0/24
MACHTYPE=x86_64-unknown-linux-gnu
NAME_SERVERS=8.8.8.8,37.235.1.174,8.8.4.4,37.235.1.177
OPTERR=1
OPTIND=1
OSTYPE=linux-gnu
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PGID=100
PIPESTATUS=([0]="0")
PPID=7

2017-05-17 09:29:02,479 DEBG 'start-script' stdout output:
PS4='+ '
PUID=99
PWD=/
SHELL=/bin/bash
SHELLOPTS=braceexpand:hashall:interactive-comments
SHLVL=1
STRONG_CERTS=no
SUPERVISOR_ENABLED=1
SUPERVISOR_GROUP_NAME=start-script
SUPERVISOR_PROCESS_NAME=start-script
TERM=xterm
TZ=America/New_York
UID=0
VPN_CONFIG=/config/openvpn/openvpn.ovpn
VPN_DEVICE_TYPE=tun
VPN_ENABLED=yes
VPN_OPTIONS=
VPN_PASS=**********
VPN_PORT=1198
VPN_PROTOCOL=udp
VPN_PROV=pia
VPN_REMOTE=nl.privateinternetaccess.com
VPN_USER=********
_='[debug] Environment variables defined as follows'
exit_code_chmod=0
exit_code_chown=0
[debug] Directory listing of files in /config/openvpn as follows

2017-05-17 09:29:02,501 DEBG 'start-script' stdout output:
total 16
drwxrwxrwx 1 nobody users 97 May 17 09:15 .
drwxrwxr-x 1 nobody users 98 May 16 15:40 ..
-rwxrwxrwx 1 nobody users 2025 May 17 09:29 ca.rsa.2048.crt
-rwxrwxrwx 1 nobody users 20 May 17 09:15 credentials.conf
-rwxrwxrwx 1 nobody users 869 May 17 09:29 crl.rsa.2048.pem
-rwxrwxrwx 1 nobody users 272 May 17 09:29 openvpn.ovpn

2017-05-17 09:29:02,502 DEBG 'start-script' stdout output:
[info] VPN config file (ovpn extension) is located at /config/openvpn/openvpn.ovpn

2017-05-17 09:29:02,656 DEBG 'start-script' stderr output:
dos2unix: converting file /config/openvpn/openvpn.ovpn to Unix format...

2017-05-17 09:29:02,728 DEBG 'start-script' stdout output:
[debug] Contents of ovpn file /config/openvpn/openvpn.ovpn as follows...

2017-05-17 09:29:02,729 DEBG 'start-script' stdout output:
client
dev tun

p
remote nl.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
cipher aes-128-cbc

1
tls-client
remote-cert-tls server
auth-user-pass credentials.conf
comp-lzo
verb 1
crl-verify crl.rsa.2048.pem
ca ca.rsa.2048.crt
disable-occ

2017-05-17 09:29:02,736 DEBG 'start-script' stdout output:
[info] Default route for container is 172.17.0.1

2017-05-17 09:29:02,741 DEBG 'start-script' stdout output:
[info] Adding 8.8.8.8 to /etc/resolv.conf

2017-05-17 09:29:02,746 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.174 to /etc/resolv.conf

2017-05-17 09:29:02,751 DEBG 'start-script' stdout output:
[info] Adding 8.8.4.4 to /etc/resolv.conf

2017-05-17 09:29:02,756 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.177 to /etc/resolv.conf
[debug] Show name servers defined for container

2017-05-17 09:29:02,757 DEBG 'start-script' stdout output:
nameserver 8.8.8.8
nameserver 37.235.1.174
nameserver 8.8.4.4
nameserver 37.235.1.177

2017-05-17 09:29:02,758 DEBG 'start-script' stdout output:
[debug] Show name resolution for VPN endpoint nl.privateinternetaccess.com

2017-05-17 09:29:02,974 DEBG 'start-script' stdout output:
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 47891
;; flags: qr rd ra ; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; nl.privateinternetaccess.com.	IN	A

;; ANSWER SECTION:
nl.privateinternetaccess.com.	300	IN	A	46.166.188.214
nl.privateinternetaccess.com.	300	IN	A	46.166.188.225
nl.privateinternetaccess.com.	300	IN	A	46.166.138.130
nl.privateinternetaccess.com.	300	IN	A	46.166.186.234
nl.privateinternetaccess.com.	300	IN	A	46.166.138.135
nl.privateinternetaccess.com.	300	IN	A	46.166.137.234
nl.privateinternetaccess.com.	300	IN	A	46.166.138.164
nl.privateinternetaccess.com.	300	IN	A	46.166.188.244
nl.privateinternetaccess.com.	300	IN	A	46.166.188.199
nl.privateinternetaccess.com.	300	IN	A	46.166.190.229
nl.privateinternetaccess.com.	300	IN	A	46.166.190.189
nl.privateinternetaccess.com.	300	IN	A	46.166.138.156
nl.privateinternetaccess.com.	300	IN	A	46.166.186.238

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 148 msec
;; SERVER: 37.235.1.177
;; WHEN: Wed May 17 09:29:02 2017
;; MSG SIZE rcvd: 254

2017-05-17 09:29:02,987 DEBG 'start-script' stdout output:
[info] Adding 192.168.1.0/24 as route via docker eth0

2017-05-17 09:29:02,988 DEBG 'start-script' stdout output:
[info] ip route defined as follows...
--------------------

2017-05-17 09:29:02,989 DEBG 'start-script' stdout output:
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.2
192.168.1.0/24 via 172.17.0.1 dev eth0

2017-05-17 09:29:02,989 DEBG 'start-script' stdout output:
--------------------
[debug] Modules currently loaded for kernel

2017-05-17 09:29:02,993 DEBG 'start-script' stdout output:
Module Size Used by
xt_nat 1913 18
veth 4966 0
iptable_filter 1706 3
ipt_MASQUERADE 1277 20
nf_nat_masquerade_ipv4 1865 1 ipt_MASQUERADE
iptable_nat 1897 1
nf_conntrack_ipv4 5874 2
nf_nat_ipv4 4199 1 iptable_nat
nf_nat 11145 3 xt_nat,nf_nat_masquerade_ipv4,nf_nat_ipv4
md_mod 36572 4
iptable_mangle 1658 1
ip_tables 9853 3 iptable_mangle,iptable_filter,iptable_nat
tun 19304 2
bonding 92464 0
igb 128723 0
ptp 9308 1 igb
pps_core 5928 1 ptp
i2c_algo_bit 4752 1 igb
coretemp 5340 0
kvm_intel 160423 0
kvm 289582 1 kvm_intel
mpt3sas 168061 5
ahci 26326 0
i2c_i801 11888 0
raid_class 3380 1 mpt3sas
libahci 19716 1 ahci
i2c_smbus 3041 1 i2c_i801
scsi_transport_sas 21714 1 mpt3sas
pata_jmicron 2627 0
i5500_temp 2561 0
i2c_core 20390 4 i2c_algo_bit,igb,i2c_i801,i2c_smbus
acpi_cpufreq 7054 1

2017-05-17 09:29:03,003 DEBG 'start-script' stdout output:
[info] iptable_mangle support detected, adding fwmark for tables

2017-05-17 09:29:03,012 DEBG 'start-script' stdout output:
[debug] Docker interface defined as eth0

2017-05-17 09:29:03,017 DEBG 'start-script' stdout output:
[debug] Docker IP defined as 172.17.0.2

2017-05-17 09:29:03,023 DEBG 'start-script' stdout output:
[debug] Docker netmask defined as 255.255.0.0

2017-05-17 09:29:03,036 DEBG 'start-script' stdout output:
[info] Docker network defined as 172.17.0.0/16

2017-05-17 09:29:03,127 DEBG 'start-script' stdout output:
[info] iptables defined as follows...
--------------------

2017-05-17 09:29:03,129 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 1198 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8112 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8112 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -i eth0 -p tcp -m tcp --dport 58846 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1198 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8112 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8112 -j ACCEPT
-A OUTPUT -d 192.168.1.0/24 -o eth0 -p tcp -m tcp --sport 58846 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

2017-05-17 09:29:03,130 DEBG 'start-script' stdout output:
--------------------

2017-05-17 09:29:03,130 DEBG 'start-script' stdout output:
[debug] OpenVPN command line '/usr/bin/openvpn --cd /config/openvpn --config /config/openvpn/openvpn.ovpn --daemon --dev tun0 --remote nl.privateinternetaccess.com 1198 --proto udp --reneg-sec 0 --mute-replay-warnings --auth-nocache --keepalive 10 60 --setenv VPN_PROV pia --script-security 2 --up /root/openvpnup.sh --up-delay --up-restart --auth-user-pass credentials.conf --disable-occ --log-append /config/supervisord.log'
[info] Starting OpenVPN...

2017-05-17 09:29:03,155 DEBG 'start-script' stdout output:
[info] OpenVPN started

2017-05-17 09:29:03,155 DEBG 'start-script' stdout output:
[debug] Waiting for valid IP address from tunnel...

 

Link to post

2 binhex:

Hello, Please its possible to put into this docker (or transmission) also an FTP server?

 

Reason:

I dont have public IP

- if i use VPN i get public IP, but there is also no FW in unRAID

- So would be great to have torrent client + FTP server inside VPN docker together

 

Is there an option how to isolate those 2 apps or even others, without installing VM with OS + apps?

 

thanks

Link to post
54 minutes ago, killeriq said:

2 binhex:

Hello, Please its possible to put into this docker (or transmission) also an FTP server?

 

Reason:

I dont have public IP

- if i use VPN i get public IP, but there is also no FW in unRAID

- So would be great to have torrent client + FTP server inside VPN docker together

 

Is there an option how to isolate those 2 apps or even others, without installing VM with OS + apps?

 

thanks

 

I'm afraid this just isnt going to happen, including more and more apps inside a single container is not the done thing for multiple reasons.

 

Link to post
14 minutes ago, killeriq said:

ok i see and is there a way how to have those 2 together? or a separate docker with FTP VPN? havent found any...

 

thanks

 

not easily no, im not clear as to why you need the ftp server to be connectable via vpn tunnel?, if your unraid server can see the internet (which it must be able to do in order to create a vpn tunnel), then all you need to do is simply add a docker container running some ftp server software as a separate container, port forward the correct incoming port and your done, this does NOT expose your unraid host to the internet, it only exposes that single container on the defined host port (can be/should be something other than port 22 or 25).

Link to post
29 minutes ago, binhex said:

port forward the correct incoming port

What if you don't have access to the endpoint router? I think the point is with a VPN you CAN forward an incoming port, but with some ISP's you can't.

Link to post
26 minutes ago, jonathanm said:

What if you don't have access to the endpoint router? I think the point is with a VPN you CAN forward an incoming port, but with some ISP's you can't.

 

that would be a problem :-), however running it via a vpn tunnel would create its own problems, as the port is dynamic, as well as the ip address, so tracking that is going to be, well interesting to say the least.

Link to post
35 minutes ago, binhex said:

 

that would be a problem :-), however running it via a vpn tunnel would create its own problems, as the port is dynamic, as well as the ip address, so tracking that is going to be, well interesting to say the least.

Didn't say it was easy or practical, but I'm pretty sure that's what he wants to do. :)

Link to post

Hello,

I've been using this docker for a few this and really like it.
But why is it when I change my OpenVPN port whit creating the docker or when changing te openvpn config file the file still says port 1198?
And why are my speeds so slow? I'm on a Gbit connection on a dedicated Hetzner server.

 

Luuk

Link to post
21 hours ago, hexal191 said:

Hello,

I've been using this docker for a few this and really like it.
But why is it when I change my OpenVPN port whit creating the docker or when changing te openvpn config file the file still says port 1198?
And why are my speeds so slow? I'm on a Gbit connection on a dedicated Hetzner server.

 

Luuk

 

There are two ports, Container port and host port.  The container port is "in grey" and shouldn't be changed, the host port can be changed.  This means that say two dockers run on 8080, you can have two containers use that port but buts use different host ports.... ie Container A on 80/8080 Container B on 81/8080.  both dockers using 8080 :D

Link to post

 

Reverse proxy for Deluge-VPN questions

 

Deluge-VPN docker is running absolutely amazing, I just could not get the reverse proxy to work.

 

Here is the log for letsencrypt
 

-------------------------------------
_ _ _
| |___| (_) ___
| / __| | |/ _ \
| \__ \ | | (_) |
|_|___/ |_|\___/
|_|

Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donations/
-------------------------------------
GID/UID
-------------------------------------
User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
2048 bit DH parameters present
SUBDOMAINS entered, processing
Sub-domains processed are: -d www.[my_external_domain] -d cloud.[my_external_domain] -d download.[my_external_domain] -d sickrage.[my_external_domain] -d couchpotato.[my_external_domain] -d plex.[my_external_domain]
<------------------------------------------------->

<------------------------------------------------->
cronjob running on Tue May 23 10:21:39 ICT 2017
Running certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/[my_external_domain].conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
No renewals attempted, so not running post-hook

The following certs are not due for renewal yet:
/etc/letsencrypt/live/[my_external_domain]/fullchain.pem (skipped)
No renewals were attempted.
Server ready
[cont-init.d] 50-config: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.

Here is the configuration for letsencrypt nginx

upstream backend {
	server 192.168.0.29:19999;
	keepalive 64;
}

server {
	listen 443 ssl default_server;
	listen 80 default_server;
	root /config/www;
	index index.html index.htm index.php;

	server_name _;

	ssl_certificate /config/keys/letsencrypt/fullchain.pem;
	ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
	ssl_dhparam /config/nginx/dhparams.pem;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
	ssl_prefer_server_ciphers on;

	client_max_body_size 0;

	location / {
		include /config/nginx/proxy.conf;
		proxy_pass http://192.168.0.29:82/;
	}
	#HeadPhones
	location /headphones {
	include /config/nginx/proxy.conf;
	proxy_pass http://192.168.0.29:8181/headphones;
	}
	
	location /downloads {
	include /config/nginx/proxy.conf;
	proxy_pass http://192.168.0.29:8112/;
	proxy_set_header X-Deluge-Base “/downloads/”;
	add_header X-Frame-Options SAMEORIGIN;
	}
	
	# Radarr
	#location /radarr {
	#include /config/nginx/proxy.conf;
	#proxy_pass http://192.168.0.29:7878/radarr;
	#proxy_set_header X-Real-IP $remote_addr;
	#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	#}
	
	# Transmission
	#location /transmission {
	#proxy_pass http://192.168.0.29:9091;
	#proxy_set_header Host $host;
	#proxy_set_header X-Real-IP $remote_addr;
	#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	#}
	
	# CouchPotato
	location /couchpotato {
	include /config/nginx/proxy.conf;
	proxy_pass http://192.168.0.29:5050;
	}
	
	# SickRage
	location /sickrage {
	include /config/nginx/proxy.conf;
	proxy_pass http://192.168.0.29:8081;
	}
	
	#PLEX
	location /web {
		# serve the CSS code
		proxy_pass http://192.168.0.29:32400;
	}

	# Main /plex rewrite
	location /plex {
		# proxy request to plex server
		proxy_pass http://192.168.0.29:32400/web;
	}

	location /nextcloud {
		include /config/nginx/proxy.conf;
		proxy_pass https://192.168.0.29:444;
	}
	
	location /unifi {
		include /config/nginx/proxy.conf;
		proxy_pass https://192.168.0.18/;
	}
	
	location ~ /netdata/(?<ndpath>.*) {
		proxy_set_header X-Forwarded-Host $host;
		proxy_set_header X-Forwarded-Server $host;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_pass http://backend/$ndpath$is_args$args;
		proxy_http_version 1.1;
		proxy_pass_request_headers on;
		proxy_set_header Connection "keep-alive";
		proxy_store off;
	}
}

proxy.conf

client_max_body_size 10m;
client_body_buffer_size 128k;

#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;

# Basic Proxy Config
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect  http://  $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;

this is the error i get when i tried to connect to my deluge WEB through MY_EXTERNAL_DOMAIN_ADDRESS

web.Server Traceback (most recent call last):
exceptions.TypeError: normalize() argument 2 must be unicode, not str
/usr/lib/python2.7/site-packages/twisted/web/server.py:185 in process
184        try:
185            resrc = self.site.getResourceFor(self)
186            if resource._IEncodingResource.providedBy(resrc):
/usr/lib/python2.7/site-packages/twisted/web/server.py:791 in getResourceFor
790        request.sitepath = copy.copy(request.prepath)
791        return resource.getChildForRequest(self.resource, request)
792
/usr/lib/python2.7/site-packages/twisted/web/resource.py:98 in getChildForRequest
97        request.prepath.append(pathElement)
98        resource = resource.getChildWithDefault(pathElement, request)
99    return resource
/usr/lib/python2.7/site-packages/deluge/ui/web/server.py:559 in getChildWithDefault
558
559        request.base = base.encode('idna')
560
/usr/lib/python2.7/encodings/idna.py:164 in encode
163        for label in labels:
164            result.append(ToASCII(label))
165        # Join with U+002E
/usr/lib/python2.7/encodings/idna.py:76 in ToASCII
75    # Step 2: nameprep
76    label = nameprep(label)
77
/usr/lib/python2.7/encodings/idna.py:21 in nameprep
20            continue
21        newlabel.append(stringprep.map_table_b2(c))
22    label = u"".join(newlabel)
/usr/lib/python2.7/stringprep.py:197 in map_table_b2
196    al = map_table_b3(a)
197    b = unicodedata.normalize("NFKC", al)
198    bl = u"".join([map_table_b3(ch) for ch in b])
exceptions.TypeError: normalize() argument 2 must be unicode, not str

Thank you so much.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Link to post

OK, so the provider came back with a new certificate and ovpn file.

 

This is the file:

remote zrh-vpn39.monzoon.net 1194 tcp-client
persist-key
auth-user-pass
tls-client
pull
ca ca.crt
redirect-gateway def1
nobind
persist-tun
dev tun
route 80.254.79.10 255.255.255.255
remote-cert-tls server
cipher AES-128-CBC
auth SHA1

when  I define the protocol as tcp I get these errors:

[info] Starting OpenVPN...

Options error: --proto tcp is ambiguous in this context.  Please specify --proto tcp-server or --proto tcp-client
Use --help for more information.
2017-05-24 21:50:56,012 DEBG 'start-script' stdout output:
[info] OpenVPN started

2017-05-24 21:50:56,012 DEBG 'start-script' stdout output:
[debug] Waiting for valid IP address from tunnel...

and it never moves on from there.

So I changed the protocol to tcp-client and I get these errors

 

2017-05-24 21:59:07,725 DEBG 'start-script' stderr output:
iptables v1.6.1: unknown protocol "tcp-client" specified
Try `iptables -h' or 'iptables --help' for more information.

2017-05-24 21:59:07,747 DEBG 'start-script' stdout output:
[info] iptables defined as follows...
--------------------

2017-05-24 21:59:07,749 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8112 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8112 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -i eth0 -p tcp -m tcp --dport 58846 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -d 172.17.0.0/16 -i eth0 -p tcp -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8112 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8112 -j ACCEPT
-A OUTPUT -d 192.168.2.0/24 -o eth0 -p tcp -m tcp --sport 58846 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 192.168.2.0/24 -o eth0 -p tcp -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

Any idea?

Thanks

Link to post

Hi @binhex,

I think I'm having an issue similar to @DJiK - I have a remote dedicated server runing Ubuntu 16.04 LTS and have the docker running just fine, being able to connect using localhost:8112, and 163.172.215.172:8112 (after some further testing I found out this only works with VPN_ENABLED=false), with VPN_ENABLED set both to true and false. The problem is that I can't connect to webui outside of the LAN.

 

This is my ifconfig

docker0   Link encap:Ethernet  HWaddr 02:42:96:c4:22:19
          inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: (hidden) Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11453 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16801 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:5042532 (5.0 MB)  TX bytes:8401763 (8.4 MB)

enp0s20   Link encap:Ethernet  HWaddr (hidden)
          inet addr:163.172.215.172  Bcast:163.172.215.255  Mask:255.255.255.0
          inet6 addr: (hidden) Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:113322 errors:0 dropped:0 overruns:0 frame:0
          TX packets:72874 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:16154982 (16.1 MB)  TX bytes:30441888 (30.4 MB)

I have the LAN_NETWORK set to 163.172.215.172/24

 

Thank you for making such a great docker, and I really appreciate how helpful you are.

 

supervisord.log

Edited by krealle
Link to post
Hi [mention=11148]binhex[/mention],
I think I'm having an issue similar to [mention=75742]DJiK[/mention] - I have a remote dedicated server runing Ubuntu 16.04 LTS and have the docker running just fine, being able to connect using localhost:8112, and 163.172.215.172:8112 (after some further testing I found out this only works with VPN_ENABLED=false), with VPN_ENABLED set both to true and false. The problem is that I can't connect to webui outside of the LAN.
 
This is my ifconfig
docker0   Link encap:Ethernet  HWaddr 02:42:96:c4:22:19         inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0         inet6 addr: (hidden) Scope:Link         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1         RX packets:11453 errors:0 dropped:0 overruns:0 frame:0         TX packets:16801 errors:0 dropped:0 overruns:0 carrier:0         collisions:0 txqueuelen:0         RX bytes:5042532 (5.0 MB)  TX bytes:8401763 (8.4 MB)enp0s20   Link encap:Ethernet  HWaddr (hidden)         inet addr:163.172.215.172  Bcast:163.172.215.255  Mask:255.255.255.0         inet6 addr: (hidden) Scope:Link         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1         RX packets:113322 errors:0 dropped:0 overruns:0 frame:0         TX packets:72874 errors:0 dropped:0 overruns:0 carrier:0         collisions:0 txqueuelen:1000         RX bytes:16154982 (16.1 MB)  TX bytes:30441888 (30.4 MB)

I have the LAN_NETWORK set to 163.172.215.172/24
 
Thank you for making such a great docker, and I really appreciate how helpful you are.
 
supervisord.log




You do have the same issue youre right, is on my list to do

Sent from my LG-V500 using Tapatalk

Link to post
Hey. 
 
I just noticed, that my PIA vpn through this docker connects to russia, even though I have set the VPN_REMOTE to nl.privateinternetacces.com. Have anyone experienced something similar?

I've never seen or heard of this, how are you identifying the country location?

Sent from my SM-G900F using Tapatalk

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.