[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

29 minutes ago, aptalca said:

That ip is what letsencrypt is getting for your domain name. Check your dns settings if that is not your public ip

most definitely not what duck DNS is pointing to...if I enter the url that I'm redirecting to duck DNS without port forwarding on and the firewall letting the connection through I get to my routers login page.  It's the only reason I'm still working under the assumption that this is a router or docker config issue.  If we think duck DNS is the issue,  I can just redirect to my ip from my domain.  and worry about updating it when/if it changes.  30390998_ScreenShot2020-01-13at7_08_25PM.thumb.png.6674c199cf96711634fd62a5457493e0.pngI

Link to comment

I'm having trouble setting up letsencrypt. Like many people here I've learned about this in the spaceinvaderone video about nextcloud.
The error is

ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

The whole log is

 

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=Europe/Berlin
URL=duckdns.org
SUBDOMAINS=xxx,yyy,zzz
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
EMAIL=***@gmail.com
STAGING=

2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d xxx.duckdns.org -d zzz.duckdns.org -d yyy.duckdns.org
E-mail address entered: ***@gmail.com
http validation is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/zzz.duckdns.org/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/zzz.duckdns.org/privkey.pem
Your cert will expire on 2020-04-14. To obtain a new or tweaked
version of this certificate in the future, simply run certbot

again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Now, the dns should be configured correctly

 

duckdns.thumb.png.ca76e73bfacfc6ac04eb4ece15cdf82e.png

 

yet when trying to access it from remote it doesn't load anything, it doesn't matter if the ports are open or closed. I also have a dyndns account, configured in the settings of the router (a crappy zyxel) - from there when portforwarding I can also access the webui from remote, but for obvious reasons I don't want that, so I'm using duckdns. I don't know if this is the problem. 

 

portforwarding.thumb.png.67b4e2a4211edc5575800d142887ab14.png

 

This is the portforwarding page on my router. As you can see, as the noob I am, I wasn't sure if I needed to open the internal (translation ports) or external port (start-end ports), so I alternatively tried both configuration. Obviously I got the same results for both attempts.

I also created a duckdns container as specified in the video (which is this one, minute 10 starts to talk about the portforwarding)

 

 

I honestly don't know how to deal with this, so I hope there's someone willing to suggest me some troubleshooting techniques.

 

 

Link to comment
2 hours ago, anongum said:

I'm having trouble setting up letsencrypt. Like many people here I've learned about this in the spaceinvaderone video about nextcloud.
The error is


ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

The whole log is

 


User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=Europe/Berlin
URL=duckdns.org
SUBDOMAINS=xxx,yyy,zzz
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
EMAIL=***@gmail.com
STAGING=

2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d xxx.duckdns.org -d zzz.duckdns.org -d yyy.duckdns.org
E-mail address entered: ***@gmail.com
http validation is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/zzz.duckdns.org/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/zzz.duckdns.org/privkey.pem
Your cert will expire on 2020-04-14. To obtain a new or tweaked
version of this certificate in the future, simply run certbot

again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Now, the dns should be configured correctly

 

duckdns.thumb.png.ca76e73bfacfc6ac04eb4ece15cdf82e.png

 

yet when trying to access it from remote it doesn't load anything, it doesn't matter if the ports are open or closed. I also have a dyndns account, configured in the settings of the router (a crappy zyxel) - from there when portforwarding I can also access the webui from remote, but for obvious reasons I don't want that, so I'm using duckdns. I don't know if this is the problem. 

 

portforwarding.thumb.png.67b4e2a4211edc5575800d142887ab14.png

 

This is the portforwarding page on my router. As you can see, as the noob I am, I wasn't sure if I needed to open the internal (translation ports) or external port (start-end ports), so I alternatively tried both configuration. Obviously I got the same results for both attempts.

I also created a duckdns container as specified in the video (which is this one, minute 10 starts to talk about the portforwarding)

 

 

I honestly don't know how to deal with this, so I hope there's someone willing to suggest me some troubleshooting techniques.

 

 

The error in the beginning of the post is not in the full log you posted. In the log it says the certificate was created.

 

Without your docker run command its hard to say if your port forwarding is correct.

 

What does not work?

 

 

Link to comment
9 hours ago, anongum said:

I'm having trouble setting up letsencrypt. Like many people here I've learned about this in the spaceinvaderone video about nextcloud.
The error is


ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

The whole log is

 


User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=Europe/Berlin
URL=duckdns.org
SUBDOMAINS=xxx,yyy,zzz
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
EMAIL=***@gmail.com
STAGING=

2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d xxx.duckdns.org -d zzz.duckdns.org -d yyy.duckdns.org
E-mail address entered: ***@gmail.com
http validation is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/zzz.duckdns.org/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/zzz.duckdns.org/privkey.pem
Your cert will expire on 2020-04-14. To obtain a new or tweaked
version of this certificate in the future, simply run certbot

again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Now, the dns should be configured correctly

 

duckdns.thumb.png.ca76e73bfacfc6ac04eb4ece15cdf82e.png

 

yet when trying to access it from remote it doesn't load anything, it doesn't matter if the ports are open or closed. I also have a dyndns account, configured in the settings of the router (a crappy zyxel) - from there when portforwarding I can also access the webui from remote, but for obvious reasons I don't want that, so I'm using duckdns. I don't know if this is the problem. 

 

portforwarding.thumb.png.67b4e2a4211edc5575800d142887ab14.png

 

This is the portforwarding page on my router. As you can see, as the noob I am, I wasn't sure if I needed to open the internal (translation ports) or external port (start-end ports), so I alternatively tried both configuration. Obviously I got the same results for both attempts.

I also created a duckdns container as specified in the video (which is this one, minute 10 starts to talk about the portforwarding)

 

 

I honestly don't know how to deal with this, so I hope there's someone willing to suggest me some troubleshooting techniques.

 

 

https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/

Link to comment

When attempting to use the latest image to get a wildcard certificate for my domain at Domeneshop I seem to get a "No TXT record found at _acme-challenge.<my domain>.no". It seems at least the API keys work and that the Certbot gets access to my account. Not sure why, but the challenge seems to run two times. Output from log below:

Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for <my domain>.no
dns-01 challenge for <my domain>.no
Unsafe permissions on credentials configuration file: /config/dns-conf/domeneshop.ini
Waiting 60 seconds for DNS changes to propagate
Waiting for verification...
Challenge failed for domain <my domain>.no
Challenge failed for domain <my domain>.no
dns-01 challenge for <my domain>.no
dns-01 challenge for <my domain>.no
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:



   Domain: <my domain>.no
   Type:   unauthorized
   Detail: No TXT record found at _acme-challenge.<my domain>.no



   Domain: <my domain>.no
   Type:   unauthorized
   Detail: No TXT record found at _acme-challenge.<my domain>.no



   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

 

I guess it can be and issue with the Domeneshop plugin, but just thought I would check here in case I missed something. This is the docker compose file i used:

 

version: '2'
services:
  letsencrypt:
    image: linuxserver/letsencrypt
    container_name: letsencrypt
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Oslo
      - URL=<my domain>.no
      - SUBDOMAINS=wildcard
      - VALIDATION=dns
      - DNSPLUGIN=domeneshop
      - EMAIL=<my email>
      - DHLEVEL=4096
    ports:
      - 443:443
    volumes:
      - /home/<min bruker>/appdata/letsencrypt/config:/config
    restart: unless-stopped


 

Link to comment
14 hours ago, saarg said:

The error in the beginning of the post is not in the full log you posted. In the log it says the certificate was created.

 

Without your docker run command its hard to say if your port forwarding is correct.

 

What does not work?

 

Yeah my bad, I omitted that part but the error comes literally just after the last line of the log. 
This is the docker run command:

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='letsencrypt' --net='proxynet' --log-opt max-size='50m' --log-opt max-file='1' --privileged=true -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e 'EMAIL'='***@gmail.com' -e 'URL'='duckdns.org ' -e 'SUBDOMAINS'='xxx,yyy,zzz' -e 'ONLY_SUBDOMAINS'='true' -e 'DHLEVEL'='2048' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'PUID'='99' -e 'PGID'='100' -p '180:80/tcp' -p '1443:443/tcp' -v '/mnt/user/appdata/letsencrypt':'/config':'rw' 'linuxserver/letsencrypt' 
70ac0257d8a22cfa4321672616cf52ace9bd6809870b721300e1e9dfe5915893

The command finished successfully!

I think the problem lies in my router. I'm gonna buy another one (fritzbox 5790) and test if the portforwarding works better.

Link to comment
12 hours ago, norsemanGrey said:

When attempting to use the latest image to get a wildcard certificate for my domain at Domeneshop I seem to get a "No TXT record found at _acme-challenge.<my domain>.no". It seems at least the API keys work and that the Certbot gets access to my account. Not sure why, but the challenge seems to run two times. Output from log below:


Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for <my domain>.no
dns-01 challenge for <my domain>.no
Unsafe permissions on credentials configuration file: /config/dns-conf/domeneshop.ini
Waiting 60 seconds for DNS changes to propagate
Waiting for verification...
Challenge failed for domain <my domain>.no
Challenge failed for domain <my domain>.no
dns-01 challenge for <my domain>.no
dns-01 challenge for <my domain>.no
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:



   Domain: <my domain>.no
   Type:   unauthorized
   Detail: No TXT record found at _acme-challenge.<my domain>.no



   Domain: <my domain>.no
   Type:   unauthorized
   Detail: No TXT record found at _acme-challenge.<my domain>.no



   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

 

I guess it can be and issue with the Domeneshop plugin, but just thought I would check here in case I missed something. This is the docker compose file i used:

 


version: '2'
services:
  letsencrypt:
    image: linuxserver/letsencrypt
    container_name: letsencrypt
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Oslo
      - URL=<my domain>.no
      - SUBDOMAINS=wildcard
      - VALIDATION=dns
      - DNSPLUGIN=domeneshop
      - EMAIL=<my email>
      - DHLEVEL=4096
    ports:
      - 443:443
    volumes:
      - /home/<min bruker>/appdata/letsencrypt/config:/config
    restart: unless-stopped


 

 

This is a support thread for unraid users. Since you are not using unraid, please post it in our Discourse forum or use Discord.

Link to comment
On 12/3/2018 at 12:13 AM, smdion said:

Set the X-Ldap-URL to the server where you have Duo's Auth_Proxy installed and setup. You now have 2FA on all logins that are sent by the ldap-auth docker.  ProxyCache/AuthCache needs to be enabled.

 

Works great.  Thanks!

I'm very curious how you managed to do this, as I'm trying to do the same but I get TLS issues connecting to the DUO Authentication Proxy from the NGINX LDAP companion. Radius works fine from there but NGINX needs to have LDAP.

 

I'm using this container for the DUO Authentication Proxy https://github.com/jumanjihouse/docker-duoauthproxy

 

Can you share your DUO Authentication Proxy config for the [ldap_server_auto] ?

Link to comment
12 hours ago, amviewer said:

I'm very curious how you managed to do this, as I'm trying to do the same but I get TLS issues connecting to the DUO Authentication Proxy from the NGINX LDAP companion. Radius works fine from there but NGINX needs to have LDAP.

 

I'm using this container for the DUO Authentication Proxy https://github.com/jumanjihouse/docker-duoauthproxy

 

Can you share your DUO Authentication Proxy config for the [ldap_server_auto] ?

So I abandoned this for Google's OAUTH using the quay.io/pusher/oauth2_proxy container.  Not sure how I had the LDAP setup before.

Link to comment
On 1/15/2020 at 9:34 PM, saarg said:

What does not work?

 

On 1/16/2020 at 4:46 AM, aptalca said:

I changed router. I'm using a fritzbox 5790 now, the ports are open but I can't get past this error.

ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

image.thumb.png.358484c74d886144913cb52145676f9d.png

image.thumb.png.86c07552cbfd2c0e7bee9c9e8fd58990.png

image.thumb.png.2434dc800049f8de4b2be8334a3d5fa7.png

 

Considering the screen I already provided in the previous posts too, what could the problem be?

Link to comment
2 minutes ago, anongum said:

 

I changed router. I'm using a fritzbox 5790 now, the ports are open but I can't get past this error.


ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

image.thumb.png.358484c74d886144913cb52145676f9d.png

image.thumb.png.86c07552cbfd2c0e7bee9c9e8fd58990.png

image.thumb.png.2434dc800049f8de4b2be8334a3d5fa7.png

 

Considering the screen I already provided in the previous posts too, what could the problem be?

Please post full logs, not only the error. Earlier log you showed a cert was generated. You can use staging to test so you don't get rate limited.

Did you read the blog post you linked?

Have you tried setting up the nginx container to see if you can access it on port 80 remotely or if your isp blocks port 80?

 

Link to comment
5 hours ago, jjthacker said:

Literally just upgraded the container to the latest version and now cannot access any of the sites/servers on my unraid box.

 

When I look at my logs I am getting the error message shown below:

 

Thanks for any help,

 

Jason

restyerror.jpg

It's been discussed to death. Harmless lua error. Unrelated.

 

Server ready means nginx is up and running. Check your dns settings and port forwarding

Link to comment
6 minutes ago, aptalca said:

It's been discussed to death. Harmless lua error. Unrelated.

 

Server ready means nginx is up and running. Check your dns settings and port forwarding

Thanks for the advice. Turns out that the port forwarding on my router was screwed up when I changed the NIC in my server. Turns out it did port forwarding by MAC address not IP address.

Link to comment
16 hours ago, jjthacker said:

Thanks for the advice. Turns out that the port forwarding on my router was screwed up when I changed the NIC in my server. Turns out it did port forwarding by MAC address not IP address.

Glad to hear you figured it out.

 

And just an fyi, "Literally just upgraded the container to the latest version" often means "I changed a bunch of other things as well but I can't remember at the moment" 😉

  • Like 1
Link to comment
On 1/12/2020 at 7:49 PM, aptalca said:

Look into hairpin nat

 

On 1/12/2020 at 11:26 AM, izarkhin said:

Hi guys!

I really hope somebody can help me here. I switched from Comcast to AT&T Gigabit last week. AT&T forces you to use their own gateway. I configured it for IP passthrough in order to keep my Advanced Tomato wireless router setup. Now I can't access my duckdns subdomain from LAN. Externally everything still works. Here are the symptoms:

  • [mysubdomain].duckdns.org works fine externally
  • [mysubdomain].duckdns.org from LAN says "Establishing secure connection..." and then "This site can't be reached"
  • I can successfully ping [mysubdomain].duckdns.org from LAN and get public IP back
  • I can successfully trace [mysubdomain].duckdns.org from LAN
  • duckdns.org website shows the correct public IP
  • my Advanced Tomato router shows the correct public IP address forwarded to its WAN port
  • I restarted letsencrypt container and didn't see any errors in the log
  • I restarted duckdns container and didn't see any errors in the log
  • I didn't make any changes, other that replacing Comcast cable modem with AT&T gateway and configuring it for IP passthrough. I. e. port forwarding, nginx config, etc. are still the same and it worked fine before

What am I missing? How can I troubleshoot?

 

On 1/12/2020 at 7:49 PM, aptalca said:

Look into hairpin nat

NAT Loopback is set to "All" and NAT Target - to "MASQUERADE" (as they have been before), so I don't think that's it.

 

Here is an abbreviated output of the "iptables -n -L -v -t nat" command:

Chain PREROUTING (policy ACCEPT 5731 packets, 389K bytes)
 pkts bytes target     prot opt in     out     source               destination
   92  5686 WANPREROUTING  all  --  *      *       0.0.0.0/0            [public IP]

 

Chain POSTROUTING (policy ACCEPT 26 packets, 1620 bytes)
 pkts bytes target     prot opt in     out     source               destination
 5110  330K MASQUERADE  all  --  *      vlan2   0.0.0.0/0            0.0.0.0/0

 

Chain WANPREROUTING (1 references)
 pkts bytes target     prot opt in     out     source               destination
    1    44 DNAT       icmp --  *      *       0.0.0.0/0            0.0.0.0/0            to:[Advanced Tomato IP]

    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:[unRAID IP]:[letsencrypt HTTPS PORT]
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:[unRAID IP]:[letsencrypt HTTP PORT]

 

My understanding is that, according to this, all outbound requests for my duckdns subdomain from LAN should be pre-routed to [public IP] and then post-routed back to letsencrypt. Am I wrong?

Edited by izarkhin
Link to comment
Hello All 

 

Hopefully someone will be able to help as I cant work out what could be wrong and its driving me nuts 

 

I have followed all the video's I can find on getting Lets Encrypt working with NextCloud - Works fine till I edit the config files and try and get it to work via an external domain 

 

Below are my configs minus any personal data. 

 

NEXTCLOUD.SUBDOMAIN.CONF 

 

 

server {

    listen 443 ssl;

    listen [::]:443 ssl;

    server_name downloads.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {

        include /config/nginx/proxy.conf;

        resolver 127.0.0.11 valid=30s;

        set $upstream_nextcloud nextcloud;

        proxy_max_temp_file_size 2048m;

        proxy_pass https://$upstream_nextcloud:443;

    }

}

 

CONFIG.PHP (from NextCloud) 

 

 

<?php

$CONFIG = array (

  'memcache.local' => '\\OC\\Memcache\\APCu',

  'datadirectory' => '/data',

  'instanceid' => 'oc4vag78a6fo',

  'passwordsalt' => 'liPhgdvDE1exeucvrm9n9Lms3BWZAP',

  'secret' => '1dETA0S8OmAO7FD4KxsC+AD/xlwDXpVNE8RP7FkrhNT+Of0m',

  'trusted_domains' => 

  array (

    0 => '192.168.0.70:444',

    1 => 'downloads.ikweb.co.uk',

  ),

  'overwrite.cli.url' => 'https://downloads.google.co.uk',

  'overwritehost' => 'downloads.google.co.uk',

  'overwriteprotocol' => 'https',

  'dbtype' => 'mysql',

  'version' => '17.0.2.1',

  'dbname' => 'nextclouddb',

  'dbhost' => '192.168.0.70:3306',

  'dbport' => '',

  'dbtableprefix' => 'oc_',

  'mysql.utf8mb4' => true,

  'dbuser' => 'nextcloud-user',

  'dbpassword' => 'Password',

  'installed' => true,

);

 

 

But with the above configs in place all I get is the image below. Both NextCloud and LetsEncrypt and on there own network within Docker. as per the videos from Spaceinvador but I am buggered if I can get it working. 

 

Any help would be very welcome. 

 

image.thumb.png.474e4086b3da28e89a9a47a679d22907.png

 

 

 

 

 

I’m far from a expert but I’d imagine the Overwrite Host/CLI can’t point a domain you don’t control. Not sure about yours specifically but I’m my a nextcloud.subdomain.conf I had to have my server name as its url, not a name.*. It never did work right having it that way for me despite having first part of subdomain correct.

Link to comment
10 minutes ago, blaine07 said:

I’m far from a expert but I’d imagine the Overwrite Host/CLI can’t point a domain you don’t control. Not sure about yours specifically but I’m my a nextcloud.subdomain.conf I had to have my server name as its url, not a name.*. It never did work right having it that way for me despite having first part of subdomain correct.

Just for info 

 

downloads.google.co.uk

 

isnt a domain I own, i used this as an example. When this has my domain in for example downloads.mydomain.co.uk - is when i get the error. I removed my personal URL so it doesnt get hit by all the bots that pull info from forums 🙂

 

 

Link to comment
Just for info 
 
downloads.google.co.uk
 
isnt a domain I own, i used this as an example. When this has my domain in for example downloads.mydomain.co.uk - is when i get the error. I removed my personal URL so it doesnt get hit by all the bots that pull info from forums
 
 

Well a few lines up your domain, I assume, still is there by “array”... if that’s the case.
Link to comment

Hi guys

So I setup letsencrypt last night. My domains are pointing to cloudflare and then I have my sub domains as A Records.

Now I used DNS as verification and put my cloudflare api key into letsencrypt. And when I check the logs it says Server Ready.

I then renamed the config files for sonar.sub-domain.conf-sample and removed the sample. Same for radarr and nzbget and some others.

Restarted letsencrypt and the entire server no dice. I just get a cloudflare host is unavailable.

Is there something specific I need to do to use cloudflare with my sub domains?

Ps all my dockers are from linuxserver.io

 

Is there some specific setup I need to do when using Cloudflare for my sub domains using A Records? I see people always mention CNAME. 

I have a static IP at home so I dont need DuckDNS. 

 

I keep getting Error 522 Connection Timed Out, Host Error from Cloudflare.

 

Thanks

Docker Log: https://pastebin.com/mPqxRFrq

Edited by SavellM
Link to comment
1 hour ago, SavellM said:

Hi guys

So I setup letsencrypt last night. My domains are pointing to cloudflare and then I have my sub domains as A Records.

Now I used DNS as verification and put my cloudflare api key into letsencrypt. And when I check the logs it says Server Ready.

I then renamed the config files for sonar.sub-domain.conf-sample and removed the sample. Same for radarr and nzbget and some others.

Restarted letsencrypt and the entire server no dice. I just get a cloudflare host is unavailable.

Is there something specific I need to do to use cloudflare with my sub domains?

Ps all my dockers are from linuxserver.io

 

Is there some specific setup I need to do when using Cloudflare for my sub domains using A Records? I see people always mention CNAME. 

I have a static IP at home so I dont need DuckDNS. 

 

I keep getting Error 522 Connection Timed Out, Host Error from Cloudflare.

 

Thanks

Docker Log: https://pastebin.com/mPqxRFrq

1) turn off cloudflare proxy

2) fix your port forwarding

Link to comment

@aptalca Cloudflare has been set to DNS only on each A record, unless there is somewhere else?

Also Port Forwarding shouldnt matter as its doing DNS verification. 

Or do I still need to port forward 80 and 443 to unRAID? With DNS I thought it wouldnt need the ports anymore, and as you can see from the logs its kinda working?

 

Ok re-enabled my port forwarding and I think its working... derp

Also wouldnt using the Cloudflare proxy be of benefit?

Edited by SavellM
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.