[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

On 6/17/2019 at 5:33 PM, deepthought said:

I'm having issues accessing Nextcloud from the same LAN that the server is on.  I know that this is a common issue and I have read the last ~dozen or so pages of this thread prior to posting.  My setup was created following the spaceinvader one "How to Setup and Configure a Reverse Proxy on unRAID with LetsEncrypt & NGINX" video.  Everything is working fine (certs, outside access) aside from local network access.

 

Hairpin NAT is enabled in my edgerouter, I have restarted the router and server, and cleared my local machines DNS cache since enabling it.  At this point, I just need to confirm if hairpin NAT is related to my issue or if something else is the case.  The ubiquiti docs for hairpin NAT are pretty hefty and I don't want to dig through it without cause.

 

When connecting, I get the following:

 

Error: 404 Not Found

Sorry, the requested URL 'https://[mydomain].duckdns.org/index.php/login' caused an error:

Not found: '/index.php/login'

 

Does this sound like a hairpin nat issue?

I have the same exact issue and I can't figure it out for the life of me, I think it has something to do with the ports I have forwarded in the router, but I had it working on my previous router, and this only started when I upgraded my wireless/network over to Ubiquiti & Unifi.

 

I've attached the ports I have open, again copied exactly from my older router setup.

 

Everything works perfectly from outside the network, but when I try to connect to my duckdns address from inside I get the following error

 

Error: 404 Not Found

Sorry, the requested URL 'https://xxxxxxx.duckdns.org/sonarr' caused an error:

Not found: '/sonarr'

 

 

Screen Shot 2019-06-22 at 8.15.00 AM.png

Link to comment
2 hours ago, kelmino said:

I have the same exact issue and I can't figure it out for the life of me, I think it has something to do with the ports I have forwarded in the router, but I had it working on my previous router, and this only started when I upgraded my wireless/network over to Ubiquiti & Unifi.

 

I've attached the ports I have open, again copied exactly from my older router setup.

 

Everything works perfectly from outside the network, but when I try to connect to my duckdns address from inside I get the following error

 

Error: 404 Not Found

Sorry, the requested URL 'https://xxxxxxx.duckdns.org/sonarr' caused an error:

Not found: '/sonarr'

 

 

Screen Shot 2019-06-22 at 8.15.00 AM.png

You have some incorrect port forwards. For starters, your outside port 443 has two rules trying to forward it to different ports.

 

And some have the outside and inside ports switched. It should go from 80 to 81 not the other way around

Link to comment
2 hours ago, MarkPla7z said:

Hello can someone help me. Lets encrypt is not working however I configured everything as it should have been done

 

https://gyazo.com/3be724840cde3467cbf1451bd5994d69 - Docker Containers

https://gyazo.com/d0a16a5c0b0560397fc05435dcf12d8f - Lets Encrypt Config

https://gyazo.com/6e3711b7907d19b2cacf68209cd8cb1a - Conf Files

https://gyazo.com/1dd6daa8bb1dd414ef366ba557b28839 - Port Forwarding

https://gyazo.com/61cf2ada525841a28063e6d399e19f91 - CNAME Records

https://gyazo.com/4c340a2ed20d568f20577af70d3e9661 - Lets Encrypt Logs

 

Define not working

Link to comment

 

 
 
1
2 hours ago, aptalca said:

You have some incorrect port forwards. For starters, your outside port 443 has two rules trying to forward it to different ports.

 

And some have the outside and inside ports switched. It should go from 80 to 81 not the other way around

 

 

Thanks,  I really do appreciate the help, 

 

 I took out the one 443 port, I think I just started adding ports when it stopped working.

I swapped the 80/81 ports around and got rid of some of the ones that I added after the fact.

I rebooted the router and tried from an incognito window to see if that helped, and I still have the same issues.  Here are my ports now.

 

 

Screen Shot 2019-06-22 at 1.18.38 PM.png

Link to comment

HI.

 

My problem is that my let's encrypt doesn't work internally. If I connect using my phone with data I can connect and get it. 

 

As a workaround for now I added a dns entry for my internal WAN where the web server is running.  But I've already seen a lot of people about the same time as me. Having this type of issue that let's encrypt is not working in the internal network. 

 

And my setup has been solid since day one. Only thing that changed is the comcast router looks like it got an update, that deleted my previous port forward (But I added that again exactly as it was)

 

Link to comment
Just now, gacpac said:

HI.

 

My problem is that my let's encrypt doesn't work internally. If I connect using my phone with data I can connect and get it. 

 

As a workaround for now I added a dns entry for my internal WAN where the web server is running.  But I've already seen a lot of people about the same time as me. Having this type of issue that let's encrypt is not working in the internal network. 

 

And my setup has been solid since day one. Only thing that changed is the comcast router looks like it got an update, that deleted my previous port forward (But I added that again exactly as it was)

 

NAT Reflection/Hairpin NAT 

 

Nothing to do with the container.  That problem is always an issue with your LAN setup.

Link to comment
NAT Reflection/Hairpin NAT 
 
Nothing to do with the container.  That problem is always an issue with your LAN setup.
Understood.
I guess it's a coincidence that I got the problem at the same time other users asking for the same.

And it confuses more, that it just stopped working after almost a year.

Sent from my Pixel 2 XL using Tapatalk

Link to comment
Understood.
I guess it's a coincidence that I got the problem at the same time other users asking for the same.

And it confuses more, that it just stopped working after almost a year.

Sent from my Pixel 2 XL using Tapatalk

But your Comcast got an update.....

Sent from my Mi A1 using Tapatalk

Link to comment
Yes, 
 
That is true too, which makes me wonder [mention=68786]Rivvern[/mention] [mention=81437]slimshizn[/mention] [mention=91787]Spoonsy1480[/mention] 
 
Are your containers working in your internal network now, I'm having the same problem.
Personally if I were you I'd concentrate on finding a solution yourself, everybody tends to have different router hardware and that's why we can't suggest any fixes.

Sent from my Mi A1 using Tapatalk

Link to comment
8 minutes ago, CHBMB said:

Personally if I were you I'd concentrate on finding a solution yourself, everybody tends to have different router hardware and that's why we can't suggest any fixes.

Sent from my Mi A1 using Tapatalk
 

Thanks for the tip. That's me finding my own solution If I can narrow down why it the containers stopped working almost at the same time, also checking if they have the same ISP. I can have my own conclusion. Process of elimination

 

Who knows, maybe it wasn't supposed to be working and it broke now after the update from Comcast. 

 

I'll create my own post in the lounge or reddit and if I find the solution I'll post it here 

 

;)

Edited by gacpac
Link to comment
Thanks for the tip. That's me finding my own solution If I can narrow down why it the containers stopped working almost at the same time, also checking if they have the same ISP. I can have my own conclusion. Process of elimination
 
Who knows, maybe it wasn't supposed to be working and it broke now after the update from Comcast. 
 
I'll create my own post in the lounge or reddit and if I find the solution I'll post it here 
 

If you want to prove the issue is routing just go to

https://unraid-ip-address:host-letsencrypt-port-for-443

Sent from my Mi A1 using Tapatalk

Link to comment
34 minutes ago, A75G said:

Hello,

I been having problem with letsencrypt, I followed Spaceinvader One video guide, but letsencrypt had some errors https://pastebin.com/DMD7nGhX 

this is my domain, router and docker screenshots https://imgur.com/a/5jXtC94

if anyone could help i would be thankful 

and if you require more info about the settings do tell. Thanks

Is your ISP blocking port 80?

You can try to install the nginx container and see if you get the default webpage to check if port 80 is blocked or not.

  • Like 1
Link to comment
1 hour ago, A75G said:

 

thanks for the reply, i think they my isp is blocking port 80. so i made DNS Verification in my domain with cloudflare the old errors not appearing, but there are new error 

Edit: never mind saw ur past post about it thanks i think ill make sure to double check every configuration i made 


nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:

 

The Lua errors are harmless, and it's also mentioned the last 30 pages 😉

  • Like 1
Link to comment
8 hours ago, A75G said:

im sorry to bother u again,

i tried everything nothing work https://pastebin.com/dGhtPerq - https://pastebin.com/3DVSqgUX <- this is just for testing lidarr i tried nextcloud and sonarr nothing work it goes to cloudflare but it stop in my domain https://imgur.com/a/X0Xznzd

i put the Letsencrypt and the dockers in the same network type

Nothing work is a description that doesn't say much, is it?

 

Try turning off the cloudflare proxy, the yellow cloud.

  • Like 1
Link to comment
2 hours ago, A75G said:

i apologize when i setup up every thing the site down work but the cloudflare tell me either "origin is unreachable" or "connection timed out"

in Letsencrypt everything seems good in the logs but im not sure what i should do

and i tested making cloudflare without proxy same issue site is not up

 

Proxy should be off.

Have you pointed the domain to your Wan IP in cloudflare?

 

Link to comment

g morning, docker update from today morning here, possible something broke ?

or is there a change i have to add ?

 

nginx: [emerg] dlopen() "/var/lib/nginx/modules/ngx_stream_geoip2_module.so" failed (Error relocating /var/lib/nginx/modules/ngx_stream_geoip2_module.so: ngx_stream_add_variable: symbol not found) in /etc/nginx/modules/http_geoip2.conf:1
 

Link to comment
4 minutes ago, alturismo said:

g morning, docker update from today morning here, possible something broke ?

or is there a change i have to add ?

 

nginx: [emerg] dlopen() "/var/lib/nginx/modules/ngx_stream_geoip2_module.so" failed (Error relocating /var/lib/nginx/modules/ngx_stream_geoip2_module.so: ngx_stream_add_variable: symbol not found) in /etc/nginx/modules/http_geoip2.conf:1
 

Same exact problem here after updating a few minutes ago. - 30.06.19: - Add geoip2 module.

Link to comment

Hi

 

I'm getting this error in my logs but it still seems to be working:

 

nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:

no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.