[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

Is there any way to run a custom, internal website (intranet only) using the letsencrypt docker? For example, could I add a folder containing my custom website to the www folder in the letsencrypt appdata directory? Something like this:

appdata/letsencrypt/www/custom-website-folder
  • If so, how would I go about accessing it from my home network?
    • Is there any way I could type in my servers IP address and a backslash to access it? Something like http://10.0.0.3/custom-website?
  • Would I have to create another entry in my default config file (path shown below)?
letsencrypt/nginx/site-confs/default

 

Link to comment
10 hours ago, secondsunrise said:

Is there any way to run a custom, internal website (intranet only) using the letsencrypt docker? For example, could I add a folder containing my custom website to the www folder in the letsencrypt appdata directory? Something like this:


appdata/letsencrypt/www/custom-website-folder
  • If so, how would I go about accessing it from my home network?
    • Is there any way I could type in my servers IP address and a backslash to access it? Something like http://10.0.0.3/custom-website?
  • Would I have to create another entry in my default config file (path shown below)?

letsencrypt/nginx/site-confs/default

 

For something internal only, you can use our nginx image.

 

You can drop the web files into folder www and set the default site conf accordingly.

  • Like 1
Link to comment

Hi Guys,

 

I really want to switch from Apache (my own custom docker) this this one. In all honesty, when I try, I give up very quickly.

 

I have created my own private web site using PHP that places and extracts data in a MariaDB (Docker) table. With my Apache, and PHP 5.5, I am able to read the data properly. When I try LE NGINX, the data from the db does not show up.

 

I believe there are issues w/ PHP 7 that makes it more strict. But I just want to render the data.... The html/PHP where the page quits looks like this?

 

<table width="100%" border="0" cellspacing="0" cellpadding="0" >
	<tr valign="top">  					
		<td width=30px bgcolor=white height=76>	
			<?php
			$servername = $MysqlRSSServer;
			$username = "root";
			$password = "xxxxxx";
			$dbname = "rssfeeds";

			// Create connection
			$conn = new mysqli($servername, $username, $password, $dbname);
			// Check connection
			if ($conn->connect_error) {
				die("Connection failed: " . $conn->connect_error);
			}
	(Code continues from here....)								
		

 

In my browser, if I look at the resulting page source.... I get this where it abruptly ends...

 

<div id="poster" class="poster">

	<table width="100%" border="0" cellspacing="0" cellpadding="0" >
		<tr valign="top">  					
			<td width=30px bgcolor=white height=76>	
							

I have a PHP script that I have in cron that does put data into the db table.

 

Does anyone have a tip on how I can get this to work? I really want to switch over to LSIO LE!

 

Thank you.

 

H.

 

Edited by hernandito
Link to comment

Thanks Squid.... I was hoping there was a more starightforward solution. It has taken me years developing and tweaking my extensive php... it would be a nightmare trying to disssect all the changes.

 

Is there a way to make the Docker use PHP 5?

 

I find all kinds of links to downgrade PHP versions, but not not for the LSIO docker base.

 

Thanks again,

 

H.

Link to comment

ok, so here it goes.

I am familiar with setting up webservers with nginx. Have been using cloudflare for a while for work and other sites. But this is kicking my ass.

I followed all the steps, yet I can't get around the 521 522 error. (I deleted the port fwd for 80 and now i get 522 instead of 521.) No logs generated.

image.png.eb58c7ea889012c7f54e273a47fdda1c.pngimage.thumb.png.493bb4394714a3e633d95b06cb259853.png

 

 

Link to comment
ok, so here it goes.
I am familiar with setting up webservers with nginx. Have been using cloudflare for a while for work and other sites. But this is kicking my ass.
I followed all the steps, yet I can't get around the 521 522 error. (I deleted the port fwd for 80 and now i get 522 instead of 521.) No logs generated.
image.png.eb58c7ea889012c7f54e273a47fdda1c.pngimage.thumb.png.493bb4394714a3e633d95b06cb259853.png
 
 
Got any logs from container setup? Otherwise impossible to say what's going on.

Sent from my Mi A1 using Tapatalk

Link to comment
Didn't look like that was the setup log. Just start up log. Or are they one in  the same?
 
Here is that...
https://www.hastebin.com/hakafawemu.cs
 
Well Nginx is starting up fine so it must be an issue with whatever you're trying to configure.

But I'm still not clear what the issue you're having is....

Are you getting errors on a fresh pull, with fresh appdata and before you edit any site configs?

Or are you editing your site configs then getting an error?

Sent from my Mi A1 using Tapatalk

Link to comment
22 minutes ago, dbinott said:

right now it's ERR_CONNECTION_REFUSED. host resolves. 443 is fwd'd.

 

Just trying to configure it to get the default index right now. Deal with other stuff after that is dealt with.

Not sure what I did, but it's working now. 👍

 

Is there a way to get to it inside the network? Nevermind. 

Edited by dbinott
Link to comment

Hey I am very new to this Topic and im having some difficulty.

I can only use a service with mi sip which forwards a chosen ip+port from my network to a adress+port directly to the internet. I can access a docker for example on a generated fixed address like: "custom.serviceProvider.net:port". 

 

I want that Gitea and nextCloud are available over https over adresses like that.

I have seen the Tutorial with DNSDuck, which I can not use with this service, and I am unsure how to make that possible.

To make that possible I want to have Ports with SSL that I can just forward to the generated address from the service I use.

The service is www.feste-ip.net and because of my ISP I can not do it without it because of DS Lite.

 

I hope I could explain my problem properly. I am no native English speaker but I would love to get some help or ideas.

 

 

Link to comment
1 hour ago, Etti said:

Hey I am very new to this Topic and im having some difficulty.

I can only use a service with mi sip which forwards a chosen ip+port from my network to a adress+port directly to the internet. I can access a docker for example on a generated fixed address like: "custom.serviceProvider.net:port". 

 

I want that Gitea and nextCloud are available over https over adresses like that.

I have seen the Tutorial with DNSDuck, which I can not use with this service, and I am unsure how to make that possible.

To make that possible I want to have Ports with SSL that I can just forward to the generated address from the service I use.

The service is www.feste-ip.net and because of my ISP I can not do it without it because of DS Lite.

 

I hope I could explain my problem properly. I am no native English speaker but I would love to get some help or ideas.

 

 

Read the image description and check out our blog article: https://blog.linuxserver.io/2019/04/25/letsencrypt-nginx-starter-guide/

Link to comment

Hey all - I following spaceinvader one's guide to setting this up and I'm struggling with a couple of issues.  I have my own domain and a few subdomains setup. I set up the ports and port forwarding exactly as SI did in the video.  When I start the docker, I am getting the error that the "Cert does not exist! Please see the validate error above. The issue may be due to incorrect dns or port forwarding..."  Up above, it references "some challenges have failed".  

 

I tested internally to see if I could telnet to the ports and it fails.  It's not a router/port forwarding issue (at least i don't think).  I set the http and https to the same numbers that SI used (180 and 1443).  When I try to telnet into those ports locally, I get an error "could not open connection to the host, on port 180: Connect failed".  The same thing happens for 1443.  I followed the instructions and set 'yes' to the preserve user defined networks setting and restored docker. I created a terminal window and did "docker network create proxynet" and assigned that network to the container config.  

To me it seems as though unraid isn't forwarding the request over to the correct container.  

Is there anything else I can do to troubleshoot?  I'm at a loss.

 

Thanks all!

Link to comment
Hey all - I following spaceinvader one's guide to setting this up and I'm struggling with a couple of issues.  I have my own domain and a few subdomains setup. I set up the ports and port forwarding exactly as SI did in the video.  When I start the docker, I am getting the error that the "Cert does not exist! Please see the validate error above. The issue may be due to incorrect dns or port forwarding..."  Up above, it references "some challenges have failed".  
 
I tested internally to see if I could telnet to the ports and it fails.  It's not a router/port forwarding issue (at least i don't think).  I set the http and https to the same numbers that SI used (180 and 1443).  When I try to telnet into those ports locally, I get an error "could not open connection to the host, on port 180: Connect failed".  The same thing happens for 1443.  I followed the instructions and set 'yes' to the preserve user defined networks setting and restored docker. I created a terminal window and did "docker network create proxynet" and assigned that network to the container config.  
To me it seems as though unraid isn't forwarding the request over to the correct container.  
Is there anything else I can do to troubleshoot?  I'm at a loss.
 
Thanks all!
You cannot telnet to port 80 or 443, post your config. Few things, are you sure that your ISP does not block port 80? I'm assuming you're using http to validate your cert?

Sent from my SM-N960U using Tapatalk

Link to comment

Hi I recently followed space invaders guide on how to set up letsencrypt with duckdns and tried to configure it with emby instead of sonarr like shown in the guide. The DuckDNS and LetsEncrypt dockers are working fine and I have created two subdomains on duckdns. I edited the .conf sample file for emby in letsencrypt and changed emby's network to a custom one (proxynet) the same one letsencrypt is running on. In the emby user interface I changed the settings following the instructions in the .conf file. When i tried to browse to the https address for the emby subdomain it was showing nginx is setting it up. I tried to restart emby and it broke. No matter what I did I couldnt get the http server on emby to work reverted back to original settings and still nothing multiple reboots and docker reinstalls nothing worked. I was using binhex-emby container. So I installed the linuxserver version of the emby docker container and had to set up everything from scratch users libraries etc (didnt have a backup)

 

So at the moment I have a different version of emby installed which is working. I have Duckdns and letsencrypt both configured and working. I am afraid that I am doing something wrong and dont want things to mess up again.

 

Please can someone explain what I need to do to use https with emby I have letsencrypt configured but I havent edited the emby.conf files. any help is appreciated as I am sharing my server with my brother overseas and want the traffic to be secure.

 

Thanks in advance.

Link to comment
3 hours ago, fachizel90 said:

Hi I recently followed space invaders guide on how to set up letsencrypt with duckdns and tried to configure it with emby instead of sonarr like shown in the guide. The DuckDNS and LetsEncrypt dockers are working fine and I have created two subdomains on duckdns. I edited the .conf sample file for emby in letsencrypt and changed emby's network to a custom one (proxynet) the same one letsencrypt is running on. In the emby user interface I changed the settings following the instructions in the .conf file. When i tried to browse to the https address for the emby subdomain it was showing nginx is setting it up. I tried to restart emby and it broke. No matter what I did I couldnt get the http server on emby to work reverted back to original settings and still nothing multiple reboots and docker reinstalls nothing worked. I was using binhex-emby container. So I installed the linuxserver version of the emby docker container and had to set up everything from scratch users libraries etc (didnt have a backup)

 

So at the moment I have a different version of emby installed which is working. I have Duckdns and letsencrypt both configured and working. I am afraid that I am doing something wrong and dont want things to mess up again.

 

Please can someone explain what I need to do to use https with emby I have letsencrypt configured but I havent edited the emby.conf files. any help is appreciated as I am sharing my server with my brother overseas and want the traffic to be secure.

 

Thanks in advance.

 

Not sure which emby container you installed, but we do not have an emby container.

 

Without you posting any logs or run commands, it's hard to say what you did wrong. Post the log from letsencrypt, the proxy config and docker run command. Also screenshot of your firewall port forward.

Link to comment
4 hours ago, saarg said:

 

Not sure which emby container you installed, but we do not have an emby container.

 

Without you posting any logs or run commands, it's hard to say what you did wrong. Post the log from letsencrypt, the proxy config and docker run command. Also screenshot of your firewall port forward.

Hi I used the binhex-emby container but it stopped working so I tried the one thats called Emby Server in community apps. That worked. Tried to setup the reverse proxy again and was successful this time am able to use emby with https. Thanks anyways I just followed the instructions in the .conf sample files more carefully this time around.

Link to comment
16 hours ago, ijuarez said:

You cannot telnet to port 80 or 443, post your config. Few things, are you sure that your ISP does not block port 80? I'm assuming you're using http to validate your cert?

Sent from my SM-N960U using Tapatalk
 

You can telnet to any port, provided you specify it in the command as an argument.  If the port is available, the screen will just turn black.  If the port is not available, it'll fail.  This is also in space invaders vid on it if you want to see an example.  Its a great way to test ports being opened.

I am using http to validate the cert.

 

My ISP does not block 80.  I am not testing the port from outside my firewall.  I am going directly to the port of the container to verify it is responding. It does not appear to be an issue with my firewall or my ISP because I am going directly to it.  

 

What config are you looking for? Should I take screenshots of the container settings?

 

PS. To show how I am testing, use telnet to connect to a known port on your unraid server.  example "telnet 192.168.1.2 32400" , if you can reach that port from the device you are telnetting from, the screen goes black, that means the connection is established.  Is there is no connection at that port, it was simply say 'could not open connection to host, on port 9999: connect failed'

Link to comment
4 hours ago, ledfortr said:

You can telnet to any port, provided you specify it in the command as an argument.  If the port is available, the screen will just turn black.  If the port is not available, it'll fail.  This is also in space invaders vid on it if you want to see an example.  Its a great way to test ports being opened.

I am using http to validate the cert.

 

My ISP does not block 80.  I am not testing the port from outside my firewall.  I am going directly to the port of the container to verify it is responding. It does not appear to be an issue with my firewall or my ISP because I am going directly to it.  

 

What config are you looking for? Should I take screenshots of the container settings?

 

PS. To show how I am testing, use telnet to connect to a known port on your unraid server.  example "telnet 192.168.1.2 32400" , if you can reach that port from the device you are telnetting from, the screen goes black, that means the connection is established.  Is there is no connection at that port, it was simply say 'could not open connection to host, on port 9999: connect failed'

You're assuming something is listening on those ports. That assumption is incorrect in your situation.

 

Only during validation, port 80 is listening. After it fails, nothing is listening as nginx is not started.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.