[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

Without having paged through all 102 pages of this one, I do have a question.

With this container acting as a proxy/gateway for all the configured services, are there any plans for (or does anyone think it might be worth having):

  • An internal admin/control panel for the web server
  • Ability to configure sites/services without needing to create config files or restart the container
  • Ability to "switch off/on" a configured service within a control panel
  • Some stat's on what services are being used (traffic by service over time, average response times etc..)

I just think these could be really useful or am I wrong?

Link to comment
Without having paged through all 102 pages of this one, I do have a question.
With this container acting as a proxy/gateway for all the configured services, are there any plans for (or does anyone think it might be worth having):
  • An internal admin/control panel for the web server
  • Ability to configure sites/services without needing to create config files or restart the container
  • Ability to "switch off/on" a configured service within a control panel
  • Some stat's on what services are being used (traffic by service over time, average response times etc..)
I just think these could be really useful or am I wrong?
They may be useful if that's what you need, but they are way beyond an install of Nginx. They won't be included by default.

Sent from my Mi A1 using Tapatalk

Link to comment
7 minutes ago, CHBMB said:

They may be useful if that's what you need, but they are way beyond an install of Nginx. They won't be included by default.

Sent from my Mi A1 using Tapatalk
 

Absolutely, I agree - for the majority of users the basic Nginx container suits them fine.

 

How easy (or hard) do you think it could be to write a plugin to sit within unraid to integrate with it?

I might actually have a go if I can get some time.

Edited by Saldash
  • Thanks 1
Link to comment
8 hours ago, YouAreTheOneNeo said:

Log:

 


-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=Europe/London
URL=example.com
SUBDOMAINS=www, unifi, tautulli, pihole, cp, sonarr, heimdall, plex, calibre, ombi
EXTRA_DOMAINS=vpn.example.com
ONLY_SUBDOMAINS=false
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
[email protected]
STAGING=

2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Sub-domains processed are: -d www.example.com -d unifi.example.com -d tautulli.example.com -d pihole.example.com -d cp.example.com -d sonarr.example.com -d heimdall.example.com -d plex.example.com -d calibre.example.com -d ombi.example.com
EXTRA_DOMAINS entered, processing
Extra domains processed are: -d vpn.example.com
E-mail address entered: [email protected]
http validation is selected
Certificate exists; parameters unchanged; attempting renewal
<------------------------------------------------->

<------------------------------------------------->
cronjob running on Thu Oct 25 08:50:56 BST 2018
Running certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/example.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Running pre-hook command: if ps aux | grep [n]ginx: > /dev/null; then s6-svc -d /var/run/s6/services/nginx; fi
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for calibre.example.com
http-01 challenge for cp.example.com
http-01 challenge for heimdall.example.com
http-01 challenge for ombi.example.com
http-01 challenge for pihole.example.com
http-01 challenge for plex.example.com
http-01 challenge for sonarr.example.com
http-01 challenge for tautulli.example.com
http-01 challenge for unifi.example.com
http-01 challenge for vpn.example.com
http-01 challenge for www.example.com
http-01 challenge for example.com
Waiting for verification...
Cleaning up challenges
Cleaning up challenges
Attempting to renew cert (example.com) from /etc/letsencrypt/renewal/example.com.conf produced an unexpected error: Failed authorization procedure. example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx [88.98.197.66]: 404. Skipping.

All renewal attempts failed. The following certs could not be renewed:

/etc/letsencrypt/live/example.com/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:

/etc/letsencrypt/live/example.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Running post-hook command: if ps aux | grep 's6-supervise nginx' | grep -v grep > /dev/null; then s6-svc -u /var/run/s6/services/nginx; fi; cd /config/keys/letsencrypt && openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass: && cat {privkey,fullchain}.pem > priv-fullchain-bundle.pem
Hook command "if ps aux | grep 's6-supervise nginx' | grep -v grep > /dev/null; then s6-svc -u /var/run/s6/services/nginx; fi; cd /config/keys/letsencrypt && openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass: && cat {privkey,fullchain}.pem > priv-fullchain-bundle.pem" returned error code 1

Error output from if:

cat: {privkey,fullchain}.pem: No such file or directory

1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: example.com
Type: unauthorized
Detail: Invalid response from
http://example.com/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[1.1.1.1]: 404

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
[cont-init.d] 50-config: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Server ready

and container settings:

 

image.thumb.png.425449179c996fca01c510741ee20f02.png

 

Based on the error, it seems your port 80 is not correctly forwarded by your router to this container

Link to comment
12 hours ago, aptalca said:

Based on the error, it seems your port 80 is not correctly forwarded by your router to this container

Thanks - it is forwarded correctly, but my site-conf has a permanent 301 redirect from HTTP to HTTPS:

 

server {
	listen 80 default_server;
	root /config/www;
	index index.html index.htm index.php;

	server_name _;

	return 301 https://$host$request_uri;

}

Presumably this is redirecting the certbot to https when it needs to use insecure http to do validation.

 

Is there a way to add an exception to the site config? I am not too hot on nginx configuration.

 

I would assume the more secure method of validation is to use the dns method, perhaps it is time for me to switch over.

 

Edit: I also had the .htaccess file on my domain provider set up with the following redirect from example.com to www.example.com:

 

 RewriteEngine On
 RewriteCond %{REQUEST_URI} !\.well-known/acme-challenge
 RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
 RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

I have removed that now, and when browsing to http://example.com, nginx is now rewriting the URL to httpS://www.example.com/example, and I can't figure out why.

 

Browsing to http://example.com/.well-known/acme-challenge/CHALLENGEKEY is returning https://example.com/404.

 

 

Edited by YouAreTheOneNeo
Additional information
Link to comment
3 hours ago, YouAreTheOneNeo said:

Presumably this is redirecting the certbot to https when it needs to use insecure http to do validation.

No, the validation script sets up a temporary server that doesn't use your site configs. It's only online long enough to validate through port 80, then the server is restarted with your configuration.

Link to comment

so my ISP provider doesn't give me the Admin password for my router (pifffff)

and the router remote management using https (443)

so i want to change the port for the ngnix to something else.

 

so i open a new port forwarding to internal 443

but some of the reverse proxy doesn't work,

i am connecting to the server with the custom port but when the reverse proxy forward me the custom port get deleted and forward me to normal https (443)

is there a way to make ngnix always add the custom port to the outside world?

Link to comment
5 hours ago, YouAreTheOneNeo said:

Thanks - it is forwarded correctly, but my site-conf has a permanent 301 redirect from HTTP to HTTPS:

 


server {
	listen 80 default_server;
	root /config/www;
	index index.html index.htm index.php;

	server_name _;

	return 301 https://$host$request_uri;

}

Presumably this is redirecting the certbot to https when it needs to use insecure http to do validation.

 

Is there a way to add an exception to the site config? I am not too hot on nginx configuration.

 

I would assume the more secure method of validation is to use the dns method, perhaps it is time for me to switch over.

 

Edit: I also had the .htaccess file on my domain provider set up with the following redirect from example.com to www.example.com:

 


 RewriteEngine On
 RewriteCond %{REQUEST_URI} !\.well-known/acme-challenge
 RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
 RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

I have removed that now, and when browsing to http://example.com, nginx is now rewriting the URL to httpS://www.example.com/example, and I can't figure out why.

 

Browsing to http://example.com/.well-known/acme-challenge/CHALLENGEKEY is returning https://example.com/404.

 

 

I don't know why or where you're using an .htaccess file but that's likely your issue. You need to pass ports 443 and 80 to the letsencrypt container unaltered. 

 

Browser thing is just a cache issue. 301 redirects are permanently cached 

Link to comment
1 hour ago, syniex said:

so my ISP provider doesn't give me the Admin password for my router (pifffff)

and the router remote management using https (443)

so i want to change the port for the ngnix to something else.

 

so i open a new port forwarding to internal 443

but some of the reverse proxy doesn't work,

i am connecting to the server with the custom port but when the reverse proxy forward me the custom port get deleted and forward me to normal https (443)

is there a way to make ngnix always add the custom port to the outside world?

I would put a different router in there to be honest. 

 

Different port should work unless you have incorrect redirects in your site config files

Link to comment
3 hours ago, aptalca said:

I don't know why or where you're using an .htaccess file but that's likely your issue. You need to pass ports 443 and 80 to the letsencrypt container unaltered. 

 

Browser thing is just a cache issue. 301 redirects are permanently cached 

I was using the .htaccess because I am stupid.

 

Managed to get the root domain to point to my static IP rather than forward the request via the .htaccess file that I was doing before.

 

Everything fine now. Thanks!

  • Like 1
Link to comment
8 hours ago, aptalca said:

I would put a different router in there to be honest. 

 

Different port should work unless you have incorrect redirects in your site config files

not up to me,

the server is located at my friend house (he has 1gb/1gb connection, i got only 100mb/3mb).

Link to comment

My tale of woe:

 

Followed SpaceinvaderOne's lovely video all the way through, successfully... except I still can't see my site, when trying to navigate to it off my phone (so not on the home WiFi!); am using Namecheap for my domain name.

 

Port forwarding settings / namecheap settings / docker setting screenshots attached.  Logs are all fine, letsencrypt below.

 

Can  ping all three subdomains (radarr/sonarr/nextcloud) but can't even get into the first two -- I'm aware nextcloud might take more finagling, left that one to last.

 

Any ideas?

 

Quote


-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=America/New_York
URL=___REDACTED___
SUBDOMAINS=nextcloud,sonarr,radarr
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
EMAIL=___REDACTED___
STAGING=

2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d nextcloud.___REDACTED___ -d sonarr.___REDACTED___ -d radarr.___REDACTED___
E-mail address entered: ___REDACTED___
http validation is selected
Certificate exists; parameters unchanged; attempting renewal
<------------------------------------------------->

<------------------------------------------------->
cronjob running on Fri Oct 26 23:10:54 EDT 2018
Running certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/nextcloud.___REDACTED___.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following certs are not due for renewal yet:
/etc/letsencrypt/live/nextcloud.___REDACTED___/fullchain.pem expires on 2019-01-25 (skipped)
No renewals were attempted.
No hooks were run.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[cont-init.d] 50-config: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Server ready

 

 

port forwarding.png

namecheap dns.png

docker.png

Link to comment
10 hours ago, superpsych0 said:

My tale of woe:

 

Followed SpaceinvaderOne's lovely video all the way through, successfully... except I still can't see my site, when trying to navigate to it off my phone (so not on the home WiFi!); am using Namecheap for my domain name.

 

Port forwarding settings / namecheap settings / docker setting screenshots attached.  Logs are all fine, letsencrypt below.

 

Can  ping all three subdomains (radarr/sonarr/nextcloud) but can't even get into the first two -- I'm aware nextcloud might take more finagling, left that one to last.

 

Any ideas?

 

 

port forwarding.png

namecheap dns.png

docker.png

Did you enable the preset proxy confs? Did you create the new network as described in the readme in the proxy conf folder? 

Link to comment
16 hours ago, syniex said:

not up to me,

the server is located at my friend house (he has 1gb/1gb connection, i got only 100mb/3mb).

We need more info on your setup. Describe where and how you're running the container (friend's or yours?) and how you're trying to access. Also post your site config that's giving you issues

Link to comment
10 hours ago, aptalca said:

Did you enable the preset proxy confs? Did you create the new network as described in the readme in the proxy conf folder? 

Yes and yes, as per the video... Ed is really thorough about these things.

 

Like I said, I wanted to get at least Radarr and Sonarr working as I know Nextcloud can be a little more work.

 

Getting worried that my ISP (Rogers in Toronto, Canada) is blocking port 80, that would be a hell of a kick in the nuts!

 

So, the screenshots! :)

 

And, by the by, thanks for replying... it's appreciated!

proxy confs.png

new network.png

Edited by superpsych0
Link to comment
Yes and yes, as per the video... Ed is really thorough about these things.

 

Like I said, I wanted to get at least Radarr and Sonarr working as I know Nextcloud can be a little more work.

 

Getting worried that my ISP (Rogers in Toronto, Canada) is blocking port 80, that would be a hell of a kick in the nuts!

 

So, the screenshots!

 

And, by the by, thanks for replying... it's appreciated!

39394539_proxyconfs.png.76636259860cbb47cc262e1876de8c18.png

895387140_newnetwork.png.ff2d50c9330aa0c60edfd000a692dce7.png

If you get to server ready, ports shouldn’t be block. To check anyway you can go to canyouseeme and check your ports

 

Also if you haven’t setup http to https redirect you need to put https://

 

Sent from my iPhone using Tapatalk Pro

Link to comment

I am already using subdomain "plex.mydomain.com" for ombi because it's easier for my users to remember. So I want to change the reverse proxy domain for plex to be say "plexw". How can I change the "plex.subdomain.conf" in proxy-confs to be "plexw.mydomain.com" instead?

 

EDIT: Solved it by just changing the "plex.*" in the conf to "whatever.*" works like a charm.

Edited by truetype
Link to comment

Hi,

 

I'm trying to to get calibre-web to reverse proxy. since there is no sample conf file for it in the proxy-confs folder I tried to copy one using the location block I found on the docker page. I really have no experience in this kind of thing. 

 

server {
    listen 443 ssl;

    server_name books.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;
    
    # enable for ldap auth, fill in ldap details in ldap.conf 
    #include /config/nginx/ldap.conf;

    location /calibre-web {
            proxy_pass              http://192.168.0.9:8083;
            proxy_set_header        Host            $http_host;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header        X-Scheme        $scheme;
            proxy_set_header        X-Script-Name   /calibre-web;
    }
}

 

i only ever get the attached nginx page.

 

Any help would be greatly appreciated.

 

Regards,

Bilal

 

chrome_2018-10-29_14-10-43.png

Link to comment
25 minutes ago, Bilal Yassine said:

Hi,

 

I'm trying to to get calibre-web to reverse proxy. since there is no sample conf file for it in the proxy-confs folder I tried to copy one using the location block I found on the docker page. I really have no experience in this kind of thing. 

 


server {
    listen 443 ssl;

    server_name books.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;
    
    # enable for ldap auth, fill in ldap details in ldap.conf 
    #include /config/nginx/ldap.conf;

    location /calibre-web {
            proxy_pass              http://192.168.0.9:8083;
            proxy_set_header        Host            $http_host;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header        X-Scheme        $scheme;
            proxy_set_header        X-Script-Name   /calibre-web;
    }
}

 

 

 

 

I don't use a subdomain but my subfolder setup works and it looks a lot like yours:

location /calibre-web {
    auth_basic "Restricted";
    auth_basic_user_file /config/nginx/.htpasswd;
	proxy_pass              http://192.168.1.111:8083;
	proxy_set_header        Host            $http_host;
	proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header        X-Scheme        $scheme;
	proxy_set_header        X-Script-Name   /calibre-web;
}

that I put in appdata\letsencrypt\nginx\proxy-confs\calibre-web.subfolder.conf

 

So that looks fine.  It seems that you are configuring books.apolo.... but you are also configuring a subfolder.

 

Try https://books.unabolo.net/calibre-web or set your location as root: "location /"

 

Link to comment

I've tried searching this threadnought to no avail, but is there a way to have a 2nd domain on the same docker?

 

Eg. everything currently is on domain1.com, with several subdomains, I need to set up www.domain2.org as well, but this seems not possible?

 

Running a 2nd instance of the docker is of little help as the router will port forward all the traffic to the first...

 

Edit: Ignore me I have figured it out. For anyone else finding this, you have to add an extra variable to the docker settings with the key "EXTRA_DOMAINS" (no quotes) and put in the full domain you want a cert for.

Edited by rtho782
Link to comment
47 minutes ago, Gog said:

 

I don't use a subdomain but my subfolder setup works and it looks a lot like yours:


location /calibre-web {
    auth_basic "Restricted";
    auth_basic_user_file /config/nginx/.htpasswd;
	proxy_pass              http://192.168.1.111:8083;
	proxy_set_header        Host            $http_host;
	proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header        X-Scheme        $scheme;
	proxy_set_header        X-Script-Name   /calibre-web;
}

that I put in appdata\letsencrypt\nginx\proxy-confs\calibre-web.subfolder.conf

 

So that looks fine.  It seems that you are configuring books.apolo.... but you are also configuring a subfolder.

 

Try https://books.unabolo.net/calibre-web or set your location as root: "location /"

 

wow, thanks so much... it's starting to make sense and seems like such a trivial error. it works now, I decided to change the location from /calibre-web to / just so it stays the same as all my other subdomains. 

 

Link to comment
My tale of woe:
 
Followed SpaceinvaderOne's lovely video all the way through, successfully... except I still can't see my site, when trying to navigate to it off my phone (so not on the home WiFi!); am using Namecheap for my domain name.
 
Port forwarding settings / namecheap settings / docker setting screenshots attached.  Logs are all fine, letsencrypt below.
 
Can  ping all three subdomains (radarr/sonarr/nextcloud) but can't even get into the first two -- I'm aware nextcloud might take more finagling, left that one to last.
 
Any ideas?
 


-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=America/New_York
URL=___REDACTED___
SUBDOMAINS=nextcloud,sonarr,radarr
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
EMAIL=___REDACTED___
STAGING=

2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d nextcloud.___REDACTED___ -d sonarr.___REDACTED___ -d radarr.___REDACTED___
E-mail address entered: ___REDACTED___
http validation is selected
Certificate exists; parameters unchanged; attempting renewal



cronjob running on Fri Oct 26 23:10:54 EDT 2018
Running certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/nextcloud.___REDACTED___.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following certs are not due for renewal yet:
/etc/letsencrypt/live/nextcloud.___REDACTED___/fullchain.pem expires on 2019-01-25 (skipped)
No renewals were attempted.
No hooks were run.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[cont-init.d] 50-config: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Server ready
 
 
399896331_portforwarding.png.1dcbdd191de484ecef0f9f6362f8654c.png
888349259_namecheapdns.thumb.png.39e7bcae46a25cc2f3faf2e23f157b53.png
docker.thumb.png.15252bab756d9d310de4c20375ec83cf.png
Not sure what brand if router you have but the very first line you have http going from port 80 to 80 then later on you have your let's encrypt forward. I assuming that your router applies forwards from top to bottom that maybe your problem. If not they might blocking port 80.

Sent from my BND-L34 using Tapatalk

Link to comment
20 hours ago, ijuarez said:

 
399896331_portforwarding.png.1dcbdd191de484ecef0f9f6362f8654c.png
888349259_namecheapdns.thumb.png.39e7bcae46a25cc2f3faf2e23f157b53.png
docker.thumb.png.15252bab756d9d310de4c20375ec83cf.png
Not sure what brand if router you have but the very first line you have http going from port 80 to 80 then later on you have your let's encrypt forward. I assuming that your router applies forwards from top to bottom that maybe your problem. If not they might blocking port 80.

Sent from my BND-L34 using Tapatalk
 

Damn good catch, God knows how Cisco interprets "rule is first but is disabled."

 

I'll give it a shot, thanks for taking a look!

Link to comment

@happyagnostic

 

So I tried that (adding port forward 32400, protocol = TCP) and adding the lines that you wrote. The good news: I can actually open the Plex GUI now, but I just get a page saying:

Plex is not reachable.

Make sure your server has an internet connection and any firewalls or other programs are set to allow access.

So back to square one. (This is when I run it in custom bridge mode - if I run it in host mode, I can at least access my files but still get complaints about not being able to reach Plex and I can't sign in).

Link to comment

So reading the release notes for Unraid 6.6.4 I see they have integrated nginx and letsencrypt into the OS. What does this mean for your docker? I am using it quite heavily as I have subdomained every app I want to access externally.

 

Is it safe to upgrade? or will it break this oh so useful docker?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.