[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

1 hour ago, dalben said:

I do have some dlink webcams that are exposed to the intraweb via the dlink myhome software but there is no port forwarding of 443 required for that.

I reckon that's the problem.  The dlink software, is it using https?  Might not have opened the ports but what about uPnP, may be doing it without you realising it?

Link to comment
1 hour ago, CHBMB said:

I reckon that's the problem.  The dlink software, is it using https?  Might not have opened the ports but what about uPnP, may be doing it without you realising it?

Doing some reading DLink are a bit vague on how the webcams make it to their server.  I'll deregister the cameras and see what happens when then.

Link to comment

Does anyone know how to add additional lop level domains after this docker app has been configured? ie example.com AND example.org. If any commands need to be run or scripts modified I can do that, just need a little direction. Thanks!

 

edit- I'm referring to the letsencrypt portion of this (not nginx)

Edited by harperbrett
Link to comment
Does anyone know how to add additional lop level domains after this docker app has been configured? ie example.com AND example.org. If any commands need to be run or scripts modified I can do that, just need a little direction. Thanks!
 
edit- I'm referring to the letsencrypt portion of this (not nginx)


This container only supports one domain.

You could redirect the org to the com, though, if they are pointing to the same web folder
Link to comment

Hello

Thanks for maintaining this wonderful docker.

I have a minecraft server running and use a tool called overview which creates a "google maps" like map. This tool runs on a ubuntu VM and outputs all files in a folder. Now to share that I'd like to use the nginx webserver. My question now is whats the best way to mount that folder within the docker to be able to share it?

Link to comment
Hello

Thanks for maintaining this wonderful docker.

I have a minecraft server running and use a tool called overview which creates a "google maps" like map. This tool runs on a ubuntu VM and outputs all files in a folder. Now to share that I'd like to use the nginx webserver. My question now is whats the best way to mount that folder within the docker to be able to share it?


Is the vm on unraid? You can probably do a 9p share in the vm, save into that folder and map that for this container
Link to comment

In my personal opinion, htpasswd with a fail2ban rule that prevents brute force attempts by banning after so many tries

 

On my company server, I even have a recidive rule set up so if any fail2ban rule does 3 10min bans in a 3hr period, they get banned for a week

 

 

Link to comment
In my personal opinion, htpasswd with a fail2ban rule that prevents brute force attempts by banning after so many tries
 
On my company server, I even have a recidive rule set up so if any fail2ban rule does 3 10min bans in a 3hr period, they get banned for a week
 
 

But isn't passing htpasswd for one site (using brute, social eng, whatever) opens up all your sites to the attacker?
Using every specific app built in authentication enables different passwords to different systems.
Or am I missing something?

Sent from my LG-K430 using Tapatalk

Link to comment

Sorry to bother you again...

I'm trying to run nextcloud in your nginx docker. When I try to access the site it would not open the site but would download the index.php file.

 

My nginx config: 

server {
    listen 80;
	server_name cloud.XXX.ch;

	return 301 https://$server_name$request_uri;
}

server {
	listen 443 ssl;
	server_name cloud.XXX.ch;
	root /config/www/cloud;
	index index.php index.html;
	access_log /var/log/nginx/cloud.example.com.access.log;
	error_log /var/log/nginx/cloud.example.com.error.log;
	
	client_max_body_size 0;
	underscores_in_headers on;

	ssl on;
	ssl_certificate /config/keys/letsencrypt/fullchain.pem;
	ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

	ssl_stapling on;
	ssl_stapling_verify on;
	
	location / {
	    	proxy_headers_hash_max_size 512;
		proxy_headers_hash_bucket_size 64;
		proxy_set_header Host $host;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

		add_header Front-End-Https on;
		}
}

Can you find the reason behind this?

Link to comment

I don't understand what you're trying to do?

 

1.  Reverse proxy our Nextcloud container with this one?

2.  Install Nextcloud into this container?

 

If it's the first then wait for me to finish my guide.  If it's the 2nd then you're on your own, configuring nginx for each individual app people want to install is way beyond what we're able to support.  We support getting the container up and running. Advanced config is past that.

Link to comment
18 hours ago, CHBMB said:

I don't understand what you're trying to do?

 

1.  Reverse proxy our Nextcloud container with this one?

2.  Install Nextcloud into this container?

 

If it's the first then wait for me to finish my guide.  If it's the 2nd then you're on your own, configuring nginx for each individual app people want to install is way beyond what we're able to support.  We support getting the container up and running. Advanced config is past that.


Would have been the 2nd. Was hoping you've seen this problem before...

Link to comment

Hello

I created letsencrypt  container with 3 different subdomains (pydio and nextcloud included). Then I followed latest article to run nextcloud behind nginx reverese proxy.

for nextcloud it is working

but with pydio (2 different config files)

it fails with :

SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown ....

 

I am wondering how you differ the subdomain keys? Because in keys folder is only a link to one folder mydomain.com

and in config file we have these lines each:

ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

do I have to do something different?

 

Thank

 

Link to comment

For anyone that wants to get this working with cloudflare enabled. First toggle your the cloud icon for you domains in the DNS section so that they are grey and DNS only is enabled. Then install Letsencrypt and generate your certs. Once that is done go back to cloudflare crypto section and change the SSL cert from flexible to full strict and wait for it to issue, its says it can take up to 24 hours but mine was done in about 20 minutes. After all has been completed and working fine toggle the clouds back to original setting in DNS in the cloudflare panel. 

Link to comment
6 hours ago, Malykai said:

Homer-S, can you include the rest of the error? A lot of the time that error is pointing out an incorrect IP but that part doesn't seem to be included here.

 

Sorry, for sure I can.

 

Quote

SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: XX.174.239.197, server: pydio.XX.myadress.de, request: "GET / HTTP/1.1", upstream: "https://192.168.100.10:84/", host: "pydio.XX.myadress.de"

 

 

Is there a way to check if all three subdomains are included in keys?

 

I found my mistake!!!

wrong:

proxy_pass https://192.168.100.10:84/;

correct:

proxy_pass http://192.168.100.10:84/;

 

That was the reason for SSL error

 

Thanks anyway

Edited by Homer-S
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.