[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

2 hours ago, CyberMew said:

I got it working lets encrypt part now, but however the server part doesnt seems to be working..

 

Currently ombi.domain.com is pointing to my server's wan ip address. I have portforwarding done for 12345.

 

If I access http://ombi.domain.com:12345, it loads correctly. However if I do https://ombi.domain.com:12345, it redirects me back to http.

 

I actually wanted it to:

1. when accessing http, redirect to https

2. when access subdomain, it loads ombi, no manual input of port required.

 

This is my current default file:


server {
	listen 443 ssl;

	root /config/www;
	index index.html index.htm index.php;

	server_name ombi.*;

# removed the default ssl stuff here for brevity

	client_max_body_size 0;

	location / {
		include /config/nginx/proxy.conf;
		proxy_pass http://192.168.1.55:12345;	
	}
}

Not sure if I am doing this correctly?

Letsencrypt is listening on port 443, the default port for https

Link to comment
2 minutes ago, aptalca said:

Letsencrypt is listening on port 443, the default port for https

Sorry but I don't understand, ah so you mean so we can't ever do something like https://ombi.domain.com:12345 because https overwrites the 12345 port with 443? If so that is ok for me, since I want https://ombi.domain.com to point to http://192.168.1.55:12345. The problem now is I'm getting ERR_CONNECTION_REFUSED when accessing https://ombi.domain.com.

 

I manage to solve Point 1 by adding this server block of code in case someone is looking for it too:

 

server {
	listen 80 default_server;
	server_name _;
	return 301 https://$host$request_uri;
}

 

 

Link to comment
2 hours ago, CyberMew said:

Sorry but I don't understand, ah so you mean so we can't ever do something like https://ombi.domain.com:12345 because https overwrites the 12345 port with 443? If so that is ok for me, since I want https://ombi.domain.com to point to http://192.168.1.55:12345. The problem now is I'm getting ERR_CONNECTION_REFUSED when accessing https://ombi.domain.com.

 

I manage to solve Point 1 by adding this server block of code in case someone is looking for it too:

 


server {
	listen 80 default_server;
	server_name _;
	return 301 https://$host$request_uri;
}

 

 

I think you're confused about how webservers and reverse proxy works. 

 

You port forwarded 12345 directly to the container's gui. So if you go to domain:12345 you connect directly to the container's gui. It does not go through nginx.

 

With that config, nginx is listening on port 443 so you have to go to https://domain:443 or you can just go to https://domain because 443 is the default https port, meaning if you don't define it, the browser will connect to it by default

 

Then nginx will connect to your container on its internal port and will proxy the connection

 

You may need to read up on how reverse proxy works to learn the basics of the concept. Google is your friend. 

Link to comment
5 hours ago, Glenn said:

i need some assistance with letsencypt.  i keep getting a binding error for port 80. Im also not very smart, yall will have to dumb it down barney style for me. 

 

image.png.ac97605b88294f21f4761ae51a15d6d2.png

 

image.thumb.png.4e5801b0ecbf4fc48bfa07c2b370c8d6.png

 

 

1) You are running it in host network mode, switch to bridge

2) unraid gui is on port 80, map it to a different port like 81

3) on your router, forward outside port 80 to unraid's port 81

Link to comment
after doing this i cant open my containers through webui (except plex). am i missing another setting? i did get the server ready under the letsencrypt log though. 
 
I suggest you head over to youtube and search for spaceinvader one he is member if this forums and has produced some great how to's

Sent from my BND-L34 using Tapatalk

Link to comment

nevermind. i guess i also had to change not just port 80 in identification but also 443??? because i changed 443 to 4443 and now it starts. 

image.thumb.png.c12438af26aed7214858688bc7481091.png

 

 

i cant access my other dockers from the webui after changing the id though. do i have to adjust config files for those programs?

 

Link to comment
2 hours ago, ijuarez said:

No, that's is just letting you the LE container is working, you need to access your server via it's new port 192.168.7.60: XXX

Sent from my BND-L34 using Tapatalk
 

I can access the server by putting :8080 at the end of my ip. But I can’t access the dockers. That’s the message I get when I click webui on any of my dockers except plex 

 

Link to comment
10 hours ago, Glenn said:

I can access the server by putting :8080 at the end of my ip. But I can’t access the dockers. That’s the message I get when I click webui on any of my dockers except plex 

 

 

very odd it looks like your containers do not  have the host ip 192.168.7.60, also is there a reason why you chose to have most of your containers in host mode instead of bridge mode.

 

Care to share your network settings page.

Link to comment
On 9/9/2018 at 5:47 AM, aptalca said:

I think you're confused about how webservers and reverse proxy works. 

 

You port forwarded 12345 directly to the container's gui. So if you go to domain:12345 you connect directly to the container's gui. It does not go through nginx.

 

With that config, nginx is listening on port 443 so you have to go to https://domain:443 or you can just go to https://domain because 443 is the default https port, meaning if you don't define it, the browser will connect to it by default

 

Then nginx will connect to your container on its internal port and will proxy the connection

 

You may need to read up on how reverse proxy works to learn the basics of the concept. Google is your friend. 

Ok I get now how it roughly works, however I'm still baffled as to why it isn't loading correct for me. It just "refused to connect". proxy_pass url is definitely correct. I even typed in the exact server_name ombi.domain.com. If anyone has any ideas on how to solve it I would appreciate it a lot! 

Link to comment
2 hours ago, CyberMew said:

Ok I get now how it roughly works, however I'm still baffled as to why it isn't loading correct for me. It just "refused to connect". proxy_pass url is definitely correct. I even typed in the exact server_name ombi.domain.com. If anyone has any ideas on how to solve it I would appreciate it a lot! 

Post what you have. Either pastebin or screenshots where necessary. 

 

And also, are you going to https://ombi.domain.com

Link to comment
5 hours ago, ijuarez said:

 

very odd it looks like your containers do not  have the host ip 192.168.7.60, also is there a reason why you chose to have most of your containers in host mode instead of bridge mode.

 

Care to share your network settings page.

I haven't really learned the ins and outs of the modes yet, so I just went off of what the guides i was using had. 

 

 

image.thumb.png.75e0d8f637633c137eb79b2f9e803ce0.png

image.thumb.png.1c634866cc21cbba6ffbb289eeec28b3.png

 

image.thumb.png.71f8226402fceda5ba294ff7b1f8cf30.png

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.