[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

I am in my first steps trying to setup reverse proxy. I have a domainname, static IP and I want to use this container.

 

I am having trouble with port forwarding it seems. As I get the error ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

 

First question I want out of the way:

In the domain config (I use https://controlpanel.tech/), should the destination url be http://[public-ip] or https://[public-ip]?

 

In my setup, unRaid uses port 80 on 172.17.2.3. so I have the letsencrypt docker specified to ip 172.17.2.13 in the docker:
image.thumb.png.920955323f30df2322acf5940343e05e.png

 

Thus, on my router I have forwarded ports 80 and 443 to 172.17.2.13.

 

I am trying to get started with a minimal nginx.conf file, so it looks like this right now (with my domain redacted):

#upstream backend {
#	server 172.17.2.13:19999;
#	keepalive 64;
#}

server {
	listen 443 ssl;
	listen 80;
	return 301 https://$host$request_uri;
	server_name domain.tech;

	ssl_certificate /config/keys/letsencrypt/fullchain.pem;
	ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
	#ssl_trusted_certificate /config/keys/letsencrypt/chain.pem;#
	#ssl_session_timeout 1d;#
	#ssl_session_cache shared:SSL:50m;#
	#ssl_session_tickets off;#
	#add_header Strict-Transport-Security max-age=15768000;#
	#ssl_stapling on;#
	#ssl_stapling_verify on;#
	ssl_dhparam /config/nginx/dhparams.pem;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
	ssl_prefer_server_ciphers on;

	client_max_body_size 0;

	location / {
	root /config/www;
	index index.html index.htm index.php;
	}
	
	#location /glances {
	#	include /config/nginx/proxy.conf;
	#	proxy_pass http://172.17.2.3:61208/;
	#}
}

Help to get this working would be greatly appreciated!

Edited by JohanSF
Link to comment

I have the letsencrypt docker up and running but don't really understand how to use it.  I have a nextcloud docker running but can't find any documentation explaining how to request or download a cert and apply it to nextlcoud.  I'm new to dockers and have little linux knowledge but would love some direction.  I don't mind doing the research but can't seem to find a starting point.  Any help would be greatly appreciated.

Link to comment
21 minutes ago, Aquamac said:

I have the letsencrypt docker up and running but don't really understand how to use it.  I have a nextcloud docker running but can't find any documentation explaining how to request or download a cert and apply it to nextlcoud.  I'm new to dockers and have little linux knowledge but would love some direction.  I don't mind doing the research but can't seem to find a starting point.  Any help would be greatly appreciated.

 

https://www.linuxserver.io/2017/05/10/installing-nextcloud-on-unraid-with-letsencrypt-reverse-proxy/

Link to comment
8 hours ago, JohanSF said:

I am in my first steps trying to setup reverse proxy. I have a domainname, static IP and I want to use this container.

 

I am having trouble with port forwarding it seems. As I get the error ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

 

First question I want out of the way:

In the domain config (I use https://controlpanel.tech/), should the destination url be http://[public-ip] or https://[public-ip]?

 

In my setup, unRaid uses port 80 on 172.17.2.3. so I have the letsencrypt docker specified to ip 172.17.2.13 in the docker:
image.thumb.png.920955323f30df2322acf5940343e05e.png

 

Thus, on my router I have forwarded ports 80 and 443 to 172.17.2.13.

 

I am trying to get started with a minimal nginx.conf file, so it looks like this right now (with my domain redacted):


#upstream backend {
#	server 172.17.2.13:19999;
#	keepalive 64;
#}

server {
	listen 443 ssl;
	listen 80;
	return 301 https://$host$request_uri;
	server_name domain.tech;

	ssl_certificate /config/keys/letsencrypt/fullchain.pem;
	ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
	#ssl_trusted_certificate /config/keys/letsencrypt/chain.pem;#
	#ssl_session_timeout 1d;#
	#ssl_session_cache shared:SSL:50m;#
	#ssl_session_tickets off;#
	#add_header Strict-Transport-Security max-age=15768000;#
	#ssl_stapling on;#
	#ssl_stapling_verify on;#
	ssl_dhparam /config/nginx/dhparams.pem;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
	ssl_prefer_server_ciphers on;

	client_max_body_size 0;

	location / {
	root /config/www;
	index index.html index.htm index.php;
	}
	
	#location /glances {
	#	include /config/nginx/proxy.conf;
	#	proxy_pass http://172.17.2.3:61208/;
	#}
}

Help to get this working would be greatly appreciated!

 

Why don't you post the validation error referenced in the snippet you posted? 

Link to comment
6 hours ago, aptalca said:

 

Why don't you post the validation error referenced in the snippet you posted? 

Here it is:

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donations/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
2048 bit DH parameters present
SUBDOMAINS entered, processing
Sub-domains processed are: -d www.***.tech
E-mail address entered: ***@gmail.com
Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: argument --cert-path: No such file or directory

Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

 

Edited by JohanSF
Link to comment
2 minutes ago, CHBMB said:

docker run command might be useful too.....

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="br0" --ip="172.17.2.13" --privileged="true" -e TZ="Europe/Paris" -e HOST_OS="unRAID" -e "TCP_PORT_80"="80" -e "TCP_PORT_443"="443" -e "EMAIL"="***@gmail.com" -e "URL"="***.tech" -e "SUBDOMAINS"="www," -e "ONLY_SUBDOMAINS"="false" -e "DHLEVEL"="2048" -e "PUID"="99" -e "PGID"="100" -e "HTTPVAL"="true" -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt
ac6a422d7c4e02576358b84796e29cabe830e5f8ae0d7541548c5aa1e916fde3

sensitive information rerplaced with ***.

 

notice that I have set HTTPVAL to true as per https://www.linuxserver.io/2018/01/11/psa-changes-to-our-lets-encrypt-container/

Link to comment
4 minutes ago, JohanSF said:

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="br0" --ip="172.17.2.13" --privileged="true" -e TZ="Europe/Paris" -e HOST_OS="unRAID" -e "TCP_PORT_80"="80" -e "TCP_PORT_443"="443" -e "EMAIL"="***@gmail.com" -e "URL"="***.tech" -e "SUBDOMAINS"="www," -e "ONLY_SUBDOMAINS"="false" -e "DHLEVEL"="2048" -e "PUID"="99" -e "PGID"="100" -e "HTTPVAL"="true" -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt
ac6a422d7c4e02576358b84796e29cabe830e5f8ae0d7541548c5aa1e916fde3

sensitive information rerplaced with ***.

 

notice that I have set HTTPVAL to true as per https://www.linuxserver.io/2018/01/11/psa-changes-to-our-lets-encrypt-container/

 

Try changing /mnt/user/appdata/letsencrypt/ to /mnt/cache/appdata/letsencrypt/  doubt that actually is the problem but easy one to rule out.

 

 

Link to comment
7 hours ago, JohanSF said:

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="br0" --ip="172.17.2.13" --privileged="true" -e TZ="Europe/Paris" -e HOST_OS="unRAID" -e "TCP_PORT_80"="80" -e "TCP_PORT_443"="443" -e "EMAIL"="***@gmail.com" -e "URL"="***.tech" -e "SUBDOMAINS"="www," -e "ONLY_SUBDOMAINS"="false" -e "DHLEVEL"="2048" -e "PUID"="99" -e "PGID"="100" -e "HTTPVAL"="true" -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt
ac6a422d7c4e02576358b84796e29cabe830e5f8ae0d7541548c5aa1e916fde3

sensitive information rerplaced with ***.

 

notice that I have set HTTPVAL to true as per https://www.linuxserver.io/2018/01/11/psa-changes-to-our-lets-encrypt-container/

 

If you set HTTPVAL to true and you're still getting that "authenticator does not support. . ." error, you might need to update your image. Click on the check for updates in unraid gui and update the image

Edited by aptalca
Link to comment

So I've read through the last couple of pages and do not know why I am getting this error

 

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donations/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
2048 bit DH parameters present
SUBDOMAINS entered, processing
Sub-domains processed are: -d www.*************.ca -d plexrequests.*************.ca -d sonarr.*************.ca -d sab.*************.ca -d rtorrent.*************.ca -d plexpy.*************.ca -d radarr.*************.ca -d anime.*************.ca
E-mail address entered: [email protected]
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for *************.ca
http-01 challenge for www.*************.ca
http-01 challenge for plexrequests.*************.ca
http-01 challenge for sonarr.*************.ca
http-01 challenge for sab.*************.ca
http-01 challenge for rtorrent.*************.ca
http-01 challenge for plexpy.*************.ca
http-01 challenge for radarr.*************.ca
http-01 challenge for anime.*************.ca
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:

uthorization procedure. www.*************.ca (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.*************.ca/.well-known/acme-challenge/57SSLSGnDQA25SGGYykkYxXH6PcNeZ0a8XOM4sOPNMs: "<!DOCTYPE html>

<html><head><title>Document Error: Not Found</title></head>

<body><h2>Access Error: 404 -- Not Found</h2>

<p>", *************.ca (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://*************.ca/.well-known/acme-challenge/QmV4FybwAmGud_U1cBtrmTioIG3bEcoFdaZ1vmbK700: "<!DOCTYPE html>

<html><head><title>Document Error: Not Found</title></head>

<body><h2>Access Error: 404 -- Not Found</h2>

<p>", rtorrent.*************.ca (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://rtorrent.*************.ca/.well-known/acme-challenge/8cUEPZ3biWP1LZMXy945qaLn_IkudgI74kvZ26hR4rs: "<!DOCTYPE html>

<html><head><title>Document Error: Not Found</title></head>

<body><h2>Access Error: 404 -- Not Found</h2>

<p>", sonarr.*************.ca (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://sonarr.*************.ca/.well-known/acme-challenge/Q7CnOK-6C3PRw0ZLHyEPWJ8E0b-tFX5dKHhNF4k4MOs: "<!DOCTYPE html>

<html><head><title>Document Error: Not Found</title></head>

<body><h2>Access Error: 404 -- Not Found</h2>

<p>", radarr.*************.ca (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://radarr.*************.ca/.well-known/acme-challenge/yyHOUYplvYz1PZTqyL7hg27eLC6b-e0zBx6nnZTm3kY: "<!DOCTYPE html>

<html><head><title>Document Error: Not Found</title></head>

<body><h2>Access Error: 404 -- Not Found</h2>

<p>", plexpy.*************.ca (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://plexpy.*************.ca/.well-known/acme-challenge/nsW1rxfch2W9_JEPgTqip-TjZUjD0518ES3ytsgTMI0: "<!DOCTYPE html>

<html><head><title>Document Error: Not Found</title></head>

<body><h2>Access Error: 404 -- Not Found</h2>

<p>", anime.*************.ca (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://anime.*************.ca/.well-known/acme-challenge/xa65wZrMCuCe6dW27LZJ8Blt4MVji5fyenl7kez5Kk4: "<!DOCTYPE html>

<html><head><title>Document Error: Not Found</title></head>

<body><h2>Access Error: 404 -- Not Found</h2>

<p>", plexrequests.*************.ca (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://plexrequests.*************.ca/.well-known/acme-challenge/-vx6US77kC7-uneuYZBwYTqCZXQ7EB_mZGAPjRWh32Q: "<!DOCTYPE html>

<html><head><title>Document Error: Not Found</title></head>

<body><h2>Access Error: 404 -- Not Found</h2>

<p>", sab.*************.ca (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://sab.*************.ca/.well-known/acme-challenge/J2cx-gPUi3v-4DBrr1hZpeZBOc2WSf7wy3vP7H8c594: "<!DOCTYPE html>

<html><head><title>Document Error: Not Found</title></head>

<body><h2>Access Error: 404 -- Not Found</h2>

<p>"
- The following errors were reported by the server:

Domain: www.*************.ca
Type: unauthorized
Detail: Invalid response from
http://www.*************.ca/.well-known/acme-challenge/57SSLSGnDQA25SGGYykkYxXH6PcNeZ0a8XOM4sOPNMs:
"<!DOCTYPE html>
<html><head><title>Document Error: Not Found</title></head>

<body><h2>Access Error: 404 -- Not Found</h2>

<p>"

Domain: *************.ca
Type: unauthorized
Detail: Invalid response from
http://*************.ca/.well-known/acme-challenge/QmV4FybwAmGud_U1cBtrmTioIG3bEcoFdaZ1vmbK700:
"<!DOCTYPE html>
<html><head><title>Document Error: Not Found</title></head>

<body><h2>Access Error: 404 -- Not Found</h2>

<p>"

Domain: rtorrent.*************.ca
Type: unauthorized
Detail: Invalid response from
http://rtorrent.*************.ca/.well-known/acme-challenge/8cUEPZ3biWP1LZMXy945qaLn_IkudgI74kvZ26hR4rs:
"<!DOCTYPE html>
<html><head><title>Document Error: Not Found</title></head>

<body><h2>Access Error: 404 -- Not Found</h2>

<p>"

Domain: sonarr.*************.ca
Type: unauthorized
Detail: Invalid response from
http://sonarr.*************.ca/.well-known/acme-challenge/Q7CnOK-6C3PRw0ZLHyEPWJ8E0b-tFX5dKHhNF4k4MOs:
"<!DOCTYPE html>
<html><head><title>Document Error: Not Found</title></head>

<body><h2>Access Error: 404 -- Not Found</h2>

<p>"

Domain: radarr.*************.ca
Type: unauthorized
Detail: Invalid response from
http://radarr.*************.ca/.well-known/acme-challenge/yyHOUYplvYz1PZTqyL7hg27eLC6b-e0zBx6nnZTm3kY:
"<!DOCTYPE html>
<html><head><title>Document Error: Not Found</title></head>

<body><h2>Access Error: 404 -- Not Found</h2>

<p>"

Domain: plexpy.*************.ca
Type: unauthorized
Detail: Invalid response from
http://plexpy.*************.ca/.well-known/acme-challenge/nsW1rxfch2W9_JEPgTqip-TjZUjD0518ES3ytsgTMI0:
"<!DOCTYPE html>
<html><head><title>Document Error: Not Found</title></head>

<body><h2>Access Error: 404 -- Not Found</h2>

<p>"

Domain: anime.*************.ca
Type: unauthorized
Detail: Invalid response from
http://anime.*************.ca/.well-known/acme-challenge/xa65wZrMCuCe6dW27LZJ8Blt4MVji5fyenl7kez5Kk4:
"<!DOCTYPE html>
<html><head><title>Document Error: Not Found</title></head>

<body><h2>Access Error: 404 -- Not Found</h2>

<p>"

Domain: plexrequests.*************.ca
Type: unauthorized
Detail: Invalid response from
http://plexrequests.*************.ca/.well-known/acme-challenge/-vx6US77kC7-uneuYZBwYTqCZXQ7EB_mZGAPjRWh32Q:
"<!DOCTYPE html>
<html><head><title>Document Error: Not Found</title></head>

<body><h2>Access Error: 404 -- Not Found</h2>

<p>"

Domain: sab.*************.ca
Type: unauthorized
Detail: Invalid response from
http://sab.*************.ca/.well-known/acme-challenge/J2cx-gPUi3v-4DBrr1hZpeZBOc2WSf7wy3vP7H8c594:
"<!DOCTYPE html>
<html><head><title>Document Error: Not Found</title></head>

<body><h2>Access Error: 404 -- Not Found</h2>

<p>"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

 

Docker run command

 

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="br0" --ip="192.168.1.30" --privileged="true" -e TZ="America/New_York" -e HOST_OS="unRAID" -e "TCP_PORT_80"="80" -e "TCP_PORT_443"="443" -e "EMAIL"="************" -e "URL"="*****.ca" -e "SUBDOMAINS"="www,plexrequests,sonarr,sab,rtorrent,plexpy,radarr,anime" -e "ONLY_SUBDOMAINS"="false" -e "DHLEVEL"="2048" -e "PUID"="99" -e "PGID"="100" -e "HTTPVAL"="true" -v "/mnt/cache/appdata/letsencrypt":"/config":rw --log-opt max-size=50m --log-opt max-file=1 linuxserver/letsencrypt
7b8965d3de4fbf31cf00b4c1da227ce94fa4cb05b60abf008c91ae61e88e8616

The command finished successfully!

Port 80 and 443 are forwarded to 192.168.1.30 on my EdgeRouter Lite.

 

Any help appreciated

Link to comment
3 minutes ago, tooviral said:

dynamic dns with freedns.afraid.org

 

I've also started the reg nginx container and am able to pull up a test html with same port forwards.  So its not the forwarding.

 

Looks like port 80 isn't forwarded correctly to me.  443 might be which might explain why it's working with a nginx container, which is why I asked for a screenshot.

Edited by CHBMB
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.