[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

Yes! But it's not working...
I forget the choices for connection type.. Is there TCP and rdp?

Does the container start with that port? Something else may be using it. I dont see it in your screenshot though so it's probably not that...

Sent from my SM-G930W8 using Tapatalk

Link to comment
Yes! But it's not working...
I just tried installing the container and it is configured as host network. It may not like the bridge config.

Can you try changing network type to host in the container config?

Nging won't reach it after that but we can fix it later

Sent from my SM-G930W8 using Tapatalk

Link to comment
5 hours ago, dgwharrison said:

I'm a bit new to reverse proxies, however I have this all setup fine for sonarr, lidarr, radarr etc. I want to add a one more end point for the Unraid server itself such that I can login to the unraid web ui remotely. How do I do that? I can't see a config file for it.

 

 

We don't really recommend it for security reasons, but if you really want to, you can edit one of the existing ones and use the unraid ip and port in the proxy_pass directive to proxy via the subdomain method

Link to comment

may a weird question if thats possible

i d like to reverse proxy my privoxy socks5 proxy.

 

dataflow sample external browser -> website via proxy.mydomain.com (nginx) (browser proxy setting) -> privoxy (with vpn) -> website

as privoxy has no htaccess config and i dont want to open it to www ;) only ip´s possible but here its always a dynamic range ...

 

as its a socks5 ... i have no clue if its possible or if so, howto ... ;)

 

currently i use a ubuntu xrdp docker with chrome therefore (using the privoxy) ... just a thought to make the privoxy easy and secure usable from outside.

 

ok, seems its may possible with an module from here wich i cant get compiled into this container, https://github.com/dannote/socks-nginx-module

Edited by alturismo
Link to comment

I couldn’t find anything working thus far; trying to find a WORKING CONF for Bitwarden. Been having a heck of a time.

I tried using Sonar and changing to “bitwarden” and changing all the ports but no dice. My domain is bw.Xxxxxx.net, and my Unraid is on 192.169.1.5 and using a “proxynet” as in space invaders videos.

Could anyone be as kind to help me figure out a working CONF?

Link to comment
I couldn’t find anything working thus far; trying to find a WORKING CONF for Bitwarden. Been having a heck of a time.

I tried using Sonar and changing to “bitwarden” and changing all the ports but no dice. My domain is bw.Xxxxxx.net, and my Unraid is on 192.169.1.5 and using a “proxynet” as in space invaders videos.

Could anyone be as kind to help me figure out a working CONF?
I've got it working, but I can't get to my conf right now. Heading to bed, but I'll get it to you tomorrow

Sent from my ONEPLUS A5010 using Tapatalk

  • Like 1
Link to comment
2 hours ago, blaine07 said:

 


Would be greatly appreciated!

 

As a bit of warning, I had a few dockers set up before starting down the path of using letsencrypt, so I never did set up the custom bridge. I had to make the call to the IP address instead of using the name, but I hacked it together from my radarr conf file.

 

server {
    listen 443 ssl;

    server_name bitwarden.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_bitwarden bitwarden;
	proxy_pass http://192.168.1.xxx:8888;
    }
}

Hope this helps

  • Like 1
Link to comment
As a bit of warning, I had a few dockers set up before starting down the path of using letsencrypt, so I never did set up the custom bridge. I had to make the call to the IP address instead of using the name, but I hacked it together from my radarr conf file.
 
server {   listen 443 ssl;   server_name bitwarden.*;   include /config/nginx/ssl.conf;   client_max_body_size 0;   location / {       include /config/nginx/proxy.conf;       resolver 127.0.0.11 valid=30s;       set $upstream_bitwarden bitwarden;proxy_pass http://192.168.1.xxx:8888;   }}

Hope this helps



Finally, somehow, figured it out. Must’ve been that 1,253,397th attempt lol
Link to comment

I'm trying to setup Let's Encrypt along side Bitwarden... I have it to the point where I can go to my DDNS.Net domain/address and I get the Let's Encrypt "Welcome page". 

I have my router setup.. I think.. it's an ASUS - external Port 443, internal port 1443 Tower IP.. and External Port 80, Internal 180 Tower IP.. I have tweaked the bitwarden.subdomain.conf file and I can't get it to through to the Bitwarden.  Any ideas?  I did setup the Proxynet network (followed spaceinvaders video).

 

Link to comment
I'm trying to setup Let's Encrypt along side Bitwarden... I have it to the point where I can go to my DDNS.Net domain/address and I get the Let's Encrypt "Welcome page". 
I have my router setup.. I think.. it's an ASUS - external Port 443, internal port 1443 Tower IP.. and External Port 80, Internal 180 Tower IP.. I have tweaked the bitwarden.subdomain.conf file and I can't get it to through to the Bitwarden.  Any ideas?  I did setup the Proxynet network (followed spaceinvaders video).
 



server {
listen 443 ssl http2;

server_name XX.ddns.net;

include /config/nginx/ssl.conf;

client_max_body_size 0;
# add_header X-Content-Type-Options nosniff;
# add_header X-XSS-Protection "1; mode=block";
# add_header Referrer-Policy same-origin;

location / {
# auth_basic "Restricted";
# auth_basic_user_file /config/nginx/.htpasswd;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_Bitwarden Bitwarden;
proxy_pass http://INSERT-UNRAID-IP&&Change to port BITWARDEN IS ON:8343;
# proxy_set_header X-Real-IP $remote_addr
}
}
Link to comment

Hello everybody,

Before I come with my next problem, I wanted to thank you first for your commitment. I read a lot here, so I could solve a lot of problems or avoid them right away and find this community great.

Unfortunately, pure reading does not help me with the following problem. After reporting a problem with port forwarding in another thread a few days ago (downgrading the firmware and the controller solved the problem by the way), I now have a problem with Letsencrypt and Nextcloud.

The two Docker container I have set up after the very good video instructions from Spaceinvader and ran until a few days ago without problems. Now that I've fixed the port forwarding issues yesterday, the cloud can be recovered from outside and doing what it should. However, it is no longer possible to access the cloud via the local network.

Here I suspect the reverse proxy of Letsencrypt because the requests from the WAN as well as from the LAN arrive at the container, but this does not forward the requests from the LAN to Nextcloud.

I have already re-installed the Letsencrypt Docker and the new certification of the subdomains ran without problems. Also, the configs have been checked and recreated several times, but can find no error.

So now I need your help, hoping that you have an idea or even a solution to that.

My router has a static IPv4 at my ISP. Hairpinning - NAT loopback is enabled. Via NSlookup I land on both the WAN and LAN at the right address.

Below my settings and configs.

greetings
Gorosch

 

Quote

nextcloud.subdomain.conf:

 

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name cloud.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_nextcloud nextcloud;
        proxy_max_temp_file_size 2048m;
        proxy_pass https://$upstream_nextcloud:443;
    }
}

 

 

Quote

Nextcloud config.php

 

  array (
    0 => '192.168.1.2:444',
    1 => 'cloud.insertanydomain.de',
  ),
  'trusted_proxies' => 'letsencrypt',   <<== New entry. Without this also no change in this problem
  'overwrite.cli.url' => 'https://cloud.insertanydomain.de',
   'overwritehost' => 'cloud.insertanydomain.de',
  'overwriteprotocol' => 'https',

 

No further files were modified

 

03.JPG

04.JPG

05.JPG

Edited by Gorosch
Link to comment

Hi Guys,

 

Looking for a bit of direction with adding a website I access on another computer in my local network.

I have the letsencrypt docker setup and working to access a few other dockers, like ombi & sonarr and everything works great. Now, I have another computer (is actually a windows VM on another unraid server) that hosts a webpage that me and a couple of ppl have acess to. Currently, I just port forward and use a complex password. I would rather close the port, and use letsencrypt to handle the access. Is it possible?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.