aptalca Posted November 28, 2019 Share Posted November 28, 2019 6 hours ago, blaine07 said: Wow, some crazy stuff being asked lately. I’m just wanting to reach out for some much more basic info LOL. I know their are some VERY knowledgeable folks subbed here so... I currently and using Letsencrypt with DuckDNS through pfSense Appliance to Letsencrypt and to my containers. I am using GoDaddy as domain registrar, Hostgator for Hosting. I am debating switching entire setup to Cloudflare, port 80/443 is NOT being blocked by ISP. What are advantages with Cloudflare or using it versus current setup? Is it a real pain to switch current entire setup to using Cloudflare over how it’s currently setup? Should I? Should I not switch? I don't quite follow the second paragraph there. What is your current setup? Just a website running on HostGator with the domain purchased from GoDaddy? And your contemplating switching that to self hosted at home via letsencrypt? In that scenario cloudflare would only be used for dns, for which it does a great job. 1 Quote Link to comment
aptalca Posted November 28, 2019 Share Posted November 28, 2019 6 hours ago, dandiodati said: On i did notice this error in letsencypt log but does not see to cause any issues: nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: Any ideas or help for solving this issue ? Been fighting with it for a long time with no solution. Dan unms.subdomain.conf 1.42 kB · 0 downloads Openresty errors are harmless. Quote Link to comment
blaine07 Posted November 28, 2019 Share Posted November 28, 2019 I don't quite follow the second paragraph there. What is your current setup? Just a website running on HostGator with the domain purchased from GoDaddy? And your contemplating switching that to self hosted at home via letsencrypt? In that scenario cloudflare would only be used for dns, for which it does a great job.Yeah, it’s been a LONG day. Sigh. LolYes debating purchasing a new domain, from name cheap, and using Cloudflare for DNS to Letsencrypt on Unraid. Is it a disaster to switch from current setup to Cloudflare with Letsencrypt? I don’t have a static IP at home so I’d still have to keep DuckDNS in the middle of Cloudflare and Letsencrypt on Unraid? Quote Link to comment
aptalca Posted November 28, 2019 Share Posted November 28, 2019 3 minutes ago, blaine07 said: Yeah, it’s been a LONG day. Sigh. Lol Yes debating purchasing a new domain, from name cheap, and using Cloudflare for DNS to Letsencrypt on Unraid. Is it a disaster to switch from current setup to Cloudflare with Letsencrypt? I don’t have a static IP at home so I’d still have to keep DuckDNS in the middle of Cloudflare and Letsencrypt on Unraid? It really depends on how complicated your setup on HostGator is. I have a website on HostGator that I never switched over to anything because it was so entrenched in and was setup over a decade ago. Also because there were too many mailers set up and I didn't want to bother with hosting a mail server at home so I just left it there. But if it's a relatively simple site, it shouldn't be a big deal. For updating ip on cloudflare, you can use ddclient, or your router may even have that capability (many routers do). 1 Quote Link to comment
bluesky509 Posted November 28, 2019 Share Posted November 28, 2019 Anybody know how to setup custom error pages? Specifically interested in 401 and 50x error pages. Quote Link to comment
Tzundoku Posted November 28, 2019 Share Posted November 28, 2019 On 11/23/2019 at 2:47 PM, aptalca said: After following @saarg's advice, use this to confirm: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/ Changed settings as shown in the image and followed the linked guide, letsencrypt still comes up with: Challenge failed for domain .myserver.com Type: Unauthorized "To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address." Checked. When trying to access nginx from outside the network according to the guide (i.e. nextcloud.myserver.com) a page comes up along the lines of "this page is under construction". Also, when attempting to port check ports 80, 180, 443, 1443, the connection is refused on 80/443 and timed out on 180/1443. Thoughts? Quote Link to comment
blaine07 Posted November 28, 2019 Share Posted November 28, 2019 It really depends on how complicated your setup on HostGator is. I have a website on HostGator that I never switched over to anything because it was so entrenched in and was setup over a decade ago. Also because there were too many mailers set up and I didn't want to bother with hosting a mail server at home so I just left it there. But if it's a relatively simple site, it shouldn't be a big deal. For updating ip on cloudflare, you can use ddclient, or your router may even have that capability (many routers do).Using PFsense. Would that update the Cnames IP even as dynamic changed? Quote Link to comment
aptalca Posted November 28, 2019 Share Posted November 28, 2019 53 minutes ago, blaine07 said: Using PFsense. Would that update the Cnames IP even as dynamic changed? Pfsense has dynamic dns support and can update your A records (I'm using it). Your CNAMEs should be pointing to your main A record (alternatively you can have a wildcard CNAME, just a *, which points them all to the main A record) 1 Quote Link to comment
blaine07 Posted November 28, 2019 Share Posted November 28, 2019 Pfsense has dynamic dns support and can update your A records (I'm using it). Your CNAMEs should be pointing to your main A record (alternatively you can have a wildcard CNAME, just a *, which points them all to the main A record)So hypothetically if I were to switch to CloudFlare I could remove all the crap with DuckDNS in middle(because dynamic IP) and go straight to Unraid Reverse proxy from the domain name && all the controls and benefits of CF. At moment not sure I’ll ever use “domain.co”; am going to use “cloud.domain.co” and etc though. Quote Link to comment
aptalca Posted November 29, 2019 Share Posted November 29, 2019 12 hours ago, blaine07 said: So hypothetically if I were to switch to CloudFlare I could remove all the crap with DuckDNS in middle(because dynamic IP) and go straight to Unraid Reverse proxy from the domain name && all the controls and benefits of CF. At moment not sure I’ll ever use “domain.co”; am going to use “cloud.domain.co” and etc though. Yup 1 Quote Link to comment
blaine07 Posted November 29, 2019 Share Posted November 29, 2019 Yup Yeah bought a domain to “test” with and was playing with forwarding and such(since server isn’t actually setup with test domain). I think it’s going to work nicely with server. I think this weekend going to pull plug and migrate main domain to over to Cloudflare. My main domain has 23 DNS records. When I start, but not change NS, all seems well. Any advice on that front as far as converting NS? Figured If I save a copy of what everything is now if I were to really Bork it I could just roll it back? Any other tips? (Oh yeah, figured out how to get PFSense to update A records with CF, too, since dynamic IPs. Easy like you said!) Thanks a ton for your advice@aptalca, I appreciate it Quote Link to comment
PsiKoTicK Posted November 29, 2019 Share Posted November 29, 2019 On 11/27/2019 at 12:39 PM, aptalca said: You're mixing and matching elements from subdomains and subfolder proxy method. Which are you trying to accomplish? I have a subdomain, comics.domain.com. I am using the ubooquity.subdomain.conf.sample, and just updated it to server_name comics.* instead of ubooquity.* The Ubooquity page requires domain.com:2202/ubooquity or domain.com:2203/ubooquity/admin for admin access. I changed the server_name and added the /ubooquity and the /ubooquity/admin in the proxy_pass, but it won't pass that through properly. That is what I'm trying to figure out, I think. With Booksonic, I was able to tell the booksonic server to use no base URL, so it just goes to domain.com:4040/ instead of domain.com:4040/booksonic/ If it would be easier to use the subfolder method, and just a redirect for my subdomain, I'm fine with that as well, I honestly just had that thought, but I'm not quite sure how I'd set that up in my domain provider (which is namecheap, but if I know the methodology to use I can figure that part out) Quote Link to comment
blaine07 Posted November 30, 2019 Share Posted November 30, 2019 On 11/27/2019 at 11:37 AM, aptalca said: Turn off cloudflare proxy (click on the orange cloud) Random Q... could you be as kind to enlighten me when Cloudflare proxy should or shouldn’t be used? Made FULL jump to CF as we spoke about a few days ago(happy so far, too)... so far NextCloud, Guacamole, Emby, BitWarden and OnlyOffice are all working fine with the CF Proxy ON. Not having issues but for future reference does proxy being on just cause issues with some containers or? (Knock on wood, no issues here with it on yet). Any elaboration in case somehow I run into issues later would be awesome mate 😀 Quote Link to comment
aptalca Posted November 30, 2019 Share Posted November 30, 2019 4 minutes ago, blaine07 said: Random Q... could you be as kind to enlighten me when Cloudflare proxy should or shouldn’t be used? Made FULL jump to CF as we spoke about a few days ago(happy so far, too)... so far NextCloud, Guacamole, Emby, BitWarden and OnlyOffice are all working fine with the CF Proxy ON. Not having issues but for future reference does proxy being on just cause issues with some containers or? (Knock on wood, no issues here with it on yet). Any elaboration in case somehow I run into issues later would be awesome mate 😀 Cloudflare proxy has a bunch of different settings and depending on how they are set, it can break letsencrypt validation. If yours is working and it validated with the proxy on, then you're fine. But for most people it won't validate as cloudflare will highjack the connections from the letsencrypt server. 1 Quote Link to comment
blaine07 Posted November 30, 2019 Share Posted November 30, 2019 Cloudflare proxy has a bunch of different settings and depending on how they are set, it can break letsencrypt validation. If yours is working and it validated with the proxy on, then you're fine. But for most people it won't validate as cloudflare will highjack the connections from the letsencrypt server.Exactly why I wanted your insight! If I have issues in future it may be related to proxy being on; just disable CF Proxy and try again? My certs haven’t expired since change so it’s very possible come time to re-new they won’t... Very valuable point! Thank you! Quote Link to comment
aptalca Posted November 30, 2019 Share Posted November 30, 2019 12 hours ago, blaine07 said: Exactly why I wanted your insight! If I have issues in future it may be related to proxy being on; just disable CF Proxy and try again? My certs haven’t expired since change so it’s very possible come time to re-new they won’t... Very valuable point! Thank you! Yup, if you put in your email when you last validated, look out for expiration email, then confirm the expiration date in the browser. If it's expiring in less than 30 days, look for the logs in the config folder to see why it failed. 1 Quote Link to comment
blaine07 Posted November 30, 2019 Share Posted November 30, 2019 Yup, if you put in your email when you last validated, look out for expiration email, then confirm the expiration date in the browser. If it's expiring in less than 30 days, look for the logs in the config folder to see why it failed. Have certs being generated successfully in Letsencrypt(when I delete a subdomain, start/stop LE and add subdomain back it fully completes and no errors in LE log) but browser says my SSL is Cloudflare and doesn’t expire for 313 days? Any disadvantage to using CFs SSL? I think under security in CF I can change something to not use their SSL? Have SSL set to “Full” in CF. The way I read it if I were to switch to “Flexible” it would use my own SSL for sever to Cloudflare connection. Any advantage either way? Sorry for all the questions; I most certainly appreciate your continued guidance. Just not sure if “all SSLs are created equally..” or Quote Link to comment
aptalca Posted November 30, 2019 Share Posted November 30, 2019 6 hours ago, blaine07 said: Have certs being generated successfully in Letsencrypt(when I delete a subdomain, start/stop LE and add subdomain back it fully completes and no errors in LE log) but browser says my SSL is Cloudflare and doesn’t expire for 313 days? Any disadvantage to using CFs SSL? I think under security in CF I can change something to not use their SSL? Have SSL set to “Full” in CF. The way I read it if I were to switch to “Flexible” it would use my own SSL for sever to Cloudflare connection. Any advantage either way? Sorry for all the questions; I most certainly appreciate your continued guidance. Just not sure if “all SSLs are created equally..” or Cloudflare proxy is an entirely different commercial product with a different purpose, which is beyond the scope of this thread. Please open a new thread to discuss that. 1 Quote Link to comment
Tucubanito07 Posted December 3, 2019 Share Posted December 3, 2019 Hey Guys. I googled "letsencrypt welcome to our server page edit" and i dont see anything about modifying the Welcome to our server. Can we modify this to something else? Thank you. Quote Link to comment
saarg Posted December 3, 2019 Share Posted December 3, 2019 14 minutes ago, Tucubanito07 said: Hey Guys. I googled "letsencrypt welcome to our server page edit" and i dont see anything about modifying the Welcome to our server. Can we modify this to something else? Thank you. It's a webserver, so you can do whatever you want with the landing page. Quote Link to comment
Tucubanito07 Posted December 3, 2019 Share Posted December 3, 2019 (edited) 1 hour ago, saarg said: It's a webserver, so you can do whatever you want with the landing page. I did some changes and saved it using nano and when I refresh the docker it did not update with everything I changed on that file. That’s why I asked. Thank you @aptalca when I change anything in there so I have to do anything else to make sure it comes up with the updates I made on the confit file? What is the location of the file? I want to make sure I am making changes to the right configure file. Edited December 3, 2019 by Tucubanito07 Quote Link to comment
saarg Posted December 3, 2019 Share Posted December 3, 2019 1 hour ago, Tucubanito07 said: I did some changes and saved it using nano and when I refresh the docker it did not update with everything I changed on that file. That’s why I asked. Thank you @aptalca when I change anything in there so I have to do anything else to make sure it comes up with the updates I made on the confit file? What is the location of the file? I want to make sure I am making changes to the right configure file. The default folder for www is /config/www or appdata folder of letsemcrypt/www. You probably have to restart the container for the changes to be active. Quote Link to comment
aptalca Posted December 4, 2019 Share Posted December 4, 2019 1 hour ago, saarg said: The default folder for www is /config/www or appdata folder of letsemcrypt/www. You probably have to restart the container for the changes to be active. Also do a refresh of the browser (perhaps a force refresh with ctrl F5 or shift F5) Quote Link to comment
Tucubanito07 Posted December 4, 2019 Share Posted December 4, 2019 11 hours ago, aptalca said: Also do a refresh of the browser (perhaps a force refresh with ctrl F5 or shift F5) Thank you. I was modifying the right file just had to learn how to save using nano Text editor. Quote Link to comment
growlith Posted December 8, 2019 Share Posted December 8, 2019 On 3/8/2018 at 10:35 AM, BrandonG777 said: I'm trying to use Google DNS, followed directions to the best of my abilities but I get this... Failed authorization procedure. 777.mystupiddomain.com (dns-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record "_osh_Dq_e2Ns8E02XDK4ahHa7ZaIn7JEO0N6nGxK5GI" found at _acme-challenge.777.mystupiddomain.com I've now hit the rate limit so be awhile before I can try anything. Damn this is frustrating. Were you able to get this to work with Google DNS? I have 25 subdomains and a wildcard cert seems like it would make more sense at this point. I get to the acme-challenge step and it says that it cannot find a text record. I setup the service account, the dns api, the managed zone. Not sure what I am missing. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.