[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

On 5/9/2019 at 4:15 AM, darrenyorston said:

Hello. I am trying to setup letsencrypt following spaceinvaderone's video. However, I cannot get letsencrypt to verify.

 

I am utilise an Ubiquiti USG as my router. I have set port forwarding in the the controller (running in a docker container) for port 80 to 180 and 443 to 1443 following spaceinvaderone's recommendation. According to the controller the port forwarding is working.

 

I have set the same ports in the container template and added my own domain name and the subdomain. I have edited the DNS settings in my domain provider adding a new CNAME "nextcloud" with the value set to my dynamic IP address with no-ip.

 

I am getting the message "ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container"

 

I have gone over my settings quite a few times but cannot see what I have done wrong. Could someone offer advice?

 

I have noted in no-ip's control panel that the dynamic DNS is not configured/detected for the subdomain. I dont know if this is the problem. It is showing the correct IP target though. I have dynamic DNS set in the unifi controller to my host name, but not to the second hostname listed in the dashboard. The unifi controller wont allow me to set two dynamic DNS etries to the same service.

I'm having this exact problem as well. When I port forward external port 80 to internal port 80, the unraid interface show up like normal on my domain. However the alternative internal port (I tried 180 and a few others and corresponding ports on the docker) will not work...

Link to comment
5 hours ago, ErikH said:

I'm having this exact problem as well. When I port forward external port 80 to internal port 80, the unraid interface show up like normal on my domain. However the alternative internal port (I tried 180 and a few others and corresponding ports on the docker) will not work...

NAT reflection or hairpin NAT is what you need.

 

http://$IPADDRESS:180 or https://$IPADDRESS:1443 should work fine internally though

Link to comment
15 hours ago, CHBMB said:

http://$IPADDRESS:180 or https://$IPADDRESS:1443 should work fine internally though

Thanks for your reply! 

Hoewever it seems that this doens't work either... all the other docker containers work fine except the letsencrypt one... I tried it on two machines now and both give the same result.

Edited by ErikH
Link to comment
5 minutes ago, ErikH said:
An unexpected error occurred:

UnicodeDecodeError: 'utf-8' codec can't decode byte 0xae in position 2: invalid start byte
Please see the logfiles in /var/log/letsencrypt for more details.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Nginx is never starting up......

Need to fix that error before anything else.

Link to comment

Hi, I have just installed this docker and having issues connecting to Sonarr, the only issue I see in the log is the following

 

nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:
no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')
Server ready

 

Anyone know how to correct these errors?

 

Thanks

Link to comment
4 hours ago, CHBMB said:

Nginx is never starting up......

Need to fix that error before anything else.

Alright, then I know the problem is Nginx. In the mean while I tried a clean unraid install + letsencrypt on yet another system and there the exact same thing happend. 

Any idea on how to fix this error?

Link to comment
5 minutes ago, ErikH said:

Alright, then I know the problem is Nginx. In the mean while I tried a clean unraid install + letsencrypt on yet another system and there the exact same thing happend. 

Any idea on how to fix this error?

He said the opposite. Nginx is not the problem as the creation of the cert is failing.

Link to comment
2 hours ago, saarg said:

He said the opposite. Nginx is not the problem as the creation of the cert is failing.

My bad... I thought "Nginx is never starting up......" was the problem. 

So then... if the creation of the cert is failing, where do I look then?

Link to comment

is there a way to make this 

#LOCAL IP ALLOW GEO BLOCK
    if ($lan-ip = yes) {
		set $allowed_country yes;
    }
    
	# COUNTRY GEO BLOCK 
    if ($allowed_country = no) {
		return 444;
    }

default for all configurations without the need to add it to each proxy-conf configuration?

Link to comment
4 minutes ago, syniex said:

is there a way to make this 


#LOCAL IP ALLOW GEO BLOCK
    if ($lan-ip = yes) {
		set $allowed_country yes;
    }
    
	# COUNTRY GEO BLOCK 
    if ($allowed_country = no) {
		return 444;
    }

default for all configurations without the need to add it to each proxy-conf configuration?

Perhaps you can add it to nginx.conf outside of all the server blocks so it gets inherited by them

 

Pay attention to all the "include" statements. They literally mean copy and paste that file right here. That's how nginx starts with the main nginx.conf, imports all the included files and creates a giant config file that it then sorts through

Edited by aptalca
Link to comment
1 hour ago, trevaaaaaaa said:

Hi, I have just installed this docker and having issues connecting to Sonarr, the only issue I see in the log is the following

 

nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:
no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')
Server ready

 

Anyone know how to correct these errors?

 

Thanks

That's an unrelated issue due to the alpine lua package. No fix for that yet, but it's not the cause of your proxy issue

Link to comment
2 minutes ago, aptalca said:

Perhaps you can add it to nginx.conf outside of all the server blocks so it gets inherited by them

didn't work, "ginx: [emerg] "if" directive is not allowed here in /config/nginx/site-confs/default:118"

 

i tried both default file and nginx.conf

Link to comment
4 hours ago, aptalca said:

That's an unrelated issue due to the alpine lua package. No fix for that yet, but it's not the cause of your proxy issue

Yeah didn't think it was related as server was ready, just trying to resolve issues in the log...thanks for clarifying the error :)

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.