[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

26 minutes ago, saarg said:

You need to post the docker run command so we can see which folder you are mapping. With the info you posted, we can only guess.

Ok I get it now.  I didn't realize I needed to add the mapping too.  I added a second volume mapping and now everything is fine.  Thanks!

 

(/wwwroot to /mnt/user/wwwroot, from the letsencrypt container edit page in the unraid gui.)

Link to comment
5 hours ago, Chandler said:

Sorry, I was meaning I was trying to set these up for use with Organizr. I have not actually put them in Organizr yet so we can take that out of the equation. All I have done is enable the confs, make sure they are pointing to the right containers/ports, and entering mydomain.com/container and I received all those errors in my post. 

 

I fixed Tautulli. Had to add tautulli to the https root in its config. 

 

For Jackett, I have made no modifications to the subfolder conf other than renaming it to remove the sample portion. I don't get the usual 404 nginx error... 

image.png.37ec53a8a545f26a3c0ba58451e23522.png

Fixed Jackett, needed to redefine the base url in its gui. I guess the grayed out one didn't count. 

 

This leaves Ombi, Radarr, and Sonarr. I am not sure what to do with Ombi yet but Radarr and Sonarr I think I need to modify the confs.. It looks like it is definitely hitting them when I go to mydomain.com/radarr but then Radarr redirects it to mydomain.com/login?returnUrl=/radarr because I have forms authentication enabled. How do I get it to not redirect there? Basically it needs to redirect to mydomain.com/radarr/login?returnUrl=/ instead. 

 

Sonarr and Radarr are also now working since I added base urls to them too.. Now I just have an issue with Ombi. Heading to mydomain.com/ombi greets me with this:
image.png.bfcdc4dad3b5b38790c8fd8e7f539e42.png

You need to follow the instructions at the top of each proxy conf. If it says to set a base url, you need to do that in the upstream app

  • Thanks 1
Link to comment

I have a question,

 

Im currently running this docker, succesfully made subdomain redirects (by using the templates).

 

I want my top domain (****.nl) to redirect to my Wordpress docker and i want (unraid.****.nl to redirect to my unraid server.

 

How do i set this up? all of my configs are defautl except i removed .sample from the proxy-confs folder for the services i use

1931665378_2020-02-1016_24_09-home.miranoverhoef.nl_1010-Verbindingmetexternbureaublad.thumb.png.411dc1a998305efa49308bd354144dbf.png

Edited by Mirano
Link to comment
3 hours ago, Mirano said:

I have a question,

 

Im currently running this docker, succesfully made subdomain redirects (by using the templates).

 

I want my top domain (****.nl) to redirect to my Wordpress docker and i want (unraid.****.nl to redirect to my unraid server.

 

How do i set this up? all of my configs are defautl except i removed .sample from the proxy-confs folder for the services i use

1931665378_2020-02-1016_24_09-home.miranoverhoef.nl_1010-Verbindingmetexternbureaublad.thumb.png.411dc1a998305efa49308bd354144dbf.png

Edit the default site config and modify the location block for "/"

 

For unraid, you can copy and modify an existing proxy conf with unraid values

Link to comment
17 hours ago, aptalca said:

Edit the default site config and modify the location block for "/"

 

For unraid, you can copy and modify an existing proxy conf with unraid values

Perfect thank you,

 

Regarding this. The website loads but upon opening the Shell or looking at processor graph. it doesn't seem to work, did i do something wrong?

 

897440435_1(2).png.923b390840abd8f74d2e324e7461177d.png59947363_1(1).png.ec2c08b6efe8a45d2d7d02acbd56578b.png

1 (3).png

Link to comment

I have a problem with missing port on redirects. I am using subdomain configurations on a non-standard port, because I can't forward port 80 or 443. For example: https://subdomain.mydomain.com:12345.

 

Jellyfin (https://jellyfin.mydomain.com:12345) or cops (https://cops.mydomain.com:12345) is working fine, but airsonic (and others) does not. When I enter https://airsonic.mydomain.com:12345 it redirects me to https://airsonic.mydomain.com/login which does not work without port. When I manually enter port (https://airsonic.mydomain.com:12345/login) it's working, but after logging in it redirects me to url without port.

 

I've been searching for 2 days, sorry if this has been posted before.

Link to comment
19 minutes ago, stealthymocha said:

I have a problem with missing port on redirects. I am using subdomain configurations on a non-standard port, because I can't forward port 80 or 443. For example: https://subdomain.mydomain.com:12345.

 

Jellyfin (https://jellyfin.mydomain.com:12345) or cops (https://cops.mydomain.com:12345) is working fine, but airsonic (and others) does not. When I enter https://airsonic.mydomain.com:12345 it redirects me to https://airsonic.mydomain.com/login which does not work without port. When I manually enter port (https://airsonic.mydomain.com:12345/login) it's working, but after logging in it redirects me to url without port.

 

I've been searching for 2 days, sorry if this has been posted before.

why are you using ports instead of using the proxy confs? I know they may not be one just like what you need but you can modify on to your needs with the ports you need to it can redirect correctly

 

 

Link to comment
Just now, ijuarez said:

oh so your router(gateway) is forwarding https(443) requests to LE that's on port 12345?

No my ISP is blocking all ports, so I am using VPN to port forward random port (12345). So basically, LE is listening on port 12345 (which is allocated to 443 inside container), directly from the internet without any router. That's why I have to always specify port, because default https requests, where unspecified port always means 443, will never work on my setup.

Link to comment

Hi Guys,

 

I have been tearing my hair out trying to get this to work. I am 90% sure I have configured everything correctly but it is still not working for me.

 

When running the docker i get the following errors in the docker log ( I have stared out some sensitive information).

 

If there an issue with the docker or is it me?

Opened ports on my router, tried several different.

 

Most Basic is giving port 80 - 180 and port 447 - 1447, I think configure the docker to use these ports and open them up on my router but still getting the same errors :(

 

Any help would be greatly appreciated

 

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: **********.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://**********.duckdns.org/.well-known/acme-challenge/cHRR6FCd-bgEKS-0VpQ2JNv7npGaHXT6gWX6mB*****
[5.151.***.***]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx</center>\r\n"

Domain: **********.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://**********.duckdns.org/.well-known/acme-challenge/t5lBAsWP_H4iYZhdOpS5LAU5VWmKmaRIiCAlh*****
[5.151.***.***]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx</center>\r\n"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Link to comment
38 minutes ago, nik82 said:

Hi Guys,

 

I have been tearing my hair out trying to get this to work. I am 90% sure I have configured everything correctly but it is still not working for me.

 

When running the docker i get the following errors in the docker log ( I have stared out some sensitive information).

 

If there an issue with the docker or is it me?

Opened ports on my router, tried several different.

 

Most Basic is giving port 80 - 180 and port 447 - 1447, I think configure the docker to use these ports and open them up on my router but still getting the same errors :(

 

Any help would be greatly appreciated

 

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: **********.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://**********.duckdns.org/.well-known/acme-challenge/cHRR6FCd-bgEKS-0VpQ2JNv7npGaHXT6gWX6mB*****
[5.151.***.***]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx</center>\r\n"

Domain: **********.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://**********.duckdns.org/.well-known/acme-challenge/t5lBAsWP_H4iYZhdOpS5LAU5VWmKmaRIiCAlh*****
[5.151.***.***]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx</center>\r\n"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Try changing port 447 to 443. Letsencrypt needs port 443 for validation as that is the default https port.

Link to comment

Does LE utilize a private macvlan? I am trying to figure out why other subnets and vlans cannot access the containers (namely Nextcloud) behind LE. If I understand macvlans correctly, this would explain why I cannot get them all to talk; unless there is a better answer or solution to my issue.

Thanks!

Link to comment
1 hour ago, stealthymocha said:

Try changing port 447 to 443. Letsencrypt needs port 443 for validation as that is the default https port.

Sorry I mean to say that 443 (not 447) and it was changed to 1443 in the docker and port 1443 was opene on the router.

 

I followed space invaders tutorial as per what he did and he recommended changing it as unraid uses port 443

 

This Tutorial - https://youtu.be/I0lhZc25Sro?t=720

Link to comment
2 hours ago, nik82 said:

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

This is where I would go to; assuming your forwarding is setup on your router correctly.

Most providers will assist you in getting the DNS (aka: CNAME) setup with a simple chat.

I struggled initially with it too. I got on a chat with support and I was up and running in about 10 minutes (takes a few minutes for the DNS to propagate)

Link to comment
2 minutes ago, TechMed said:

This is where I would go to; assuming your forwarding is setup on your router correctly.

Most providers will assist you in getting the DNS (aka: CNAME) setup with a simple chat.

I struggled initially with it too. I got on a chat with support and I was up and running in about 10 minutes (takes a few minutes for the DNS to propagate)

Thank you for trying to help, I am using Duckdns so, hopefully without sounding like a complete idiot, is it them I should contact?

Link to comment

In keeping with Ed's (SpaceInvader One's) examples...

Are you using your own domain name?

This is where Ed talks about putting Sonarr and Nextcloud as subDOMAINs

i.e. nextcloud.mydomain_name.com

     sonarr.mydomain_name.com

 

Or

Are you using subfolders off of your DuckDNS account?

i.e. mymadeupname.duckdns.org/nextcloud

     mymadeupname.duckdns.org/sonarr

 

Link to comment
8 minutes ago, TechMed said:

In keeping with Ed's (SpaceInvader One's) examples...

Are you using your own domain name?

This is where Ed talks about putting Sonarr and Nextcloud as subDOMAINs

i.e. nextcloud.mydomain_name.com

     sonarr.mydomain_name.com

 

Or

Are you using subfolders off of your DuckDNS account?

i.e. mymadeupname.duckdns.org/nextcloud

     mymadeupname.duckdns.org/sonarr

 

Hi I have 2 sub domains setup as he recommended it as the "best" solution.

 

1 will only be used to access unraid, the other Nextcloud, Nexcloud is the main reason for this as this is an office server i want to access some files from home.

 

domain1.duckdns.org and domain.duckdns.org

 

In the config i put subdomain1,subdomain2 as subdomain and duckdns.org as the domain name

Edited by nik82
Link to comment

If you are using his recommended "best" solution, then your mixing up your apples and oranges.

 

The duckdns.org portion is only for pointing to your IP (at your office based on your comments).

I am guessing it is setup like "my_office-name.duckdns.org" correct?

 

Assuming you are using your office/company domain name ("best" solution), then you should be able to access your Nextcloud container via nextcloud.my_office_name.com

 

So again, are you using a domain name? (www.my_office_name.com)

Link to comment
3 minutes ago, TechMed said:

If you are using his recommended "best" solution, then your mixing up your apples and oranges.

 

The duckdns.org portion is only for pointing to your IP (at your office based on your comments).

I am guessing it is setup like "my_office-name.duckdns.org" correct?

 

Assuming you are using your office/company domain name ("best" solution), then you should be able to access your Nextcloud container via nextcloud.my_office_name.com

 

So again, are you using a domain name? (www.my_office_name.com)

 

No, I am using sumdomain1.duckdns.org and subdomain2.duckdns.org

The strange this is that I have duckdns setup and working as I am using subdomain1.duckdns.org:5555 to access a Wekan Docker from home and that works perfect. On that occasion I assigned the docker port 5555 port forwarded 5555 on the office router (Zyxel VMG8825-B50B)  and I have full access to it from home and it works great. With the risk of sounding stupid, I "understand" basic port forwarding and "basic" networking as I have set everything up at work, Ip cameras, blue iris servers (with port forwarding), unraid and all office computers, switches, routers etc. However I am by NO MEANS an expert and most things I have setup has been quiet basic. This SSL is however driving me Insane!

Why I am doing is is because I want an SSL certificated so I can get nextcloud working, I have even removed subdomain1 now only use Subdomain2 in the docker container. Subdomain2 is basically the one I will use for nextcloud and it has a name like nextcloudsubdomain.

 

nextcloudsubdomain is set as the subdomain in the subdomain field in the docker config and duckdns.org is set as the domain.

I have redirected port 80 to 181 on the router and port 443 to port 1443, I also tested just opening 180 and 1443 without redirects (neither works)

 

I have set the 2 ports in the docker config to 180 and 1443

 

 

Now for the 4th time today lets encypt has "banned" me for trying any more for 1h so I will have to wait.

Link to comment
3 minutes ago, TechMed said:

Okay... I understand now.

 

Did you add in "subdomain2" to your DuckDNS container as Ed points out here?

 

 

Hi, Thank again 

 

Yes I did, have had it setup for ages, just not got around to do the rest of the work LOL 

 

image.thumb.png.72aa9e938ee3cbc26c9764a56ea66808.png

Edited by nik82
Link to comment
3 minutes ago, TechMed said:

sorry, should have been from this point in the video...

 

If the setup of DuckDNS (the actual DuckDNS container on your server) does not know "subdomain2" exists, it will not resolve and in turn throw a DNS error.

Thank you, there shouldn't be a problem there as it looks correct in the duckdns docker and it is updating the IP correctly. I have also confirmed it in on the Duckdns.org website. I can also connect to my wekan docker if i just add a :5555 at the end of that subdomain as well :)

 

I will take a little break tonight and start with a fresh mind tomorrow morning, thanks for your help and time spent trying to figure this our with me :)

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.