aptalca Posted April 1, 2018 Share Posted April 1, 2018 1 hour ago, clause said: @d2dyno I tired forwarding my domain name to my duckdns and then removed subdomains, but it still isnt working. Are you sure there isn't something else running on port 81 on unraid? According to your log, letsencrypt servers cannot reach your container when they try to connect to your domain on port 80, which could be that your dns is not set up correctly, or duckdns is forwarding to the wrong ip, or your router is not forwarding to the correct lan ip or port, or your container is not listening on the right port. You can temporarily put up a regular nginx container (while letsencrypt container is down) with the same ports and try to connect to it through your domain on port 80 and see if you get the default placeholder page Quote Link to comment
Kube Posted April 1, 2018 Share Posted April 1, 2018 (edited) pihole? anyone got this to work through nginx? I have it partially working, but it looks like only the html loads and not the php # Pihole location /pihole/ { proxy_pass http://192.168.11.10:80/admin/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 90; } This gets the page to load but the graphs and counters dont populate. developer tools tell me this when i hit f12 Failed to load resource: the server responded with a status of 404 (Not Found)https://domain.pw/pihole/api.php?overTimeData10mins Failed to load resource: the server responded with a status of 404 (Not Found) jquery.min.js:4 GET https://domain.pw/pihole/api.php?overTimeData10mins 404 (Not Found) I've been hacking away at this all day and just cant get it to work. Any help Please? Thanks Edited April 1, 2018 by Kube Quote Link to comment
clause Posted April 2, 2018 Share Posted April 2, 2018 3 hours ago, aptalca said: Are you sure there isn't something else running on port 81 on unraid? According to your log, letsencrypt servers cannot reach your container when they try to connect to your domain on port 80, which could be that your dns is not set up correctly, or duckdns is forwarding to the wrong ip, or your router is not forwarding to the correct lan ip or port, or your container is not listening on the right port. You can temporarily put up a regular nginx container (while letsencrypt container is down) with the same ports and try to connect to it through your domain on port 80 and see if you get the default placeholder page I put up a regular nginx container with the same ports, and I was able to connect to it fine. Removed the nginx container and recreated the LE container, and still had the same error, so i think my forwarding is fine. Quote Link to comment
aptalca Posted April 2, 2018 Share Posted April 2, 2018 1 hour ago, clause said: I put up a regular nginx container with the same ports, and I was able to connect to it fine. Removed the nginx container and recreated the LE container, and still had the same error, so i think my forwarding is fine. Try changing the config folder location to /mnt/cache or /mnt/disk (longshot) Quote Link to comment
bdillahu Posted April 2, 2018 Share Posted April 2, 2018 2 hours ago, clause said: I put up a regular nginx container with the same ports, and I was able to connect to it fine. Removed the nginx container and recreated the LE container, and still had the same error, so i think my forwarding is fine. I think I had the same problem... I had a variable in "show more settings" called HTTPVAL: - it was set to True as I had had to do that sometime in the past I believe. I changed it to "false" and started getting some stuff working. Haven't finished testing, but wanted to pass it on. Quote Link to comment
clause Posted April 2, 2018 Share Posted April 2, 2018 1 hour ago, aptalca said: Try changing the config folder location to /mnt/cache or /mnt/disk (longshot) Tried that. Still no luck. Quote Link to comment
clause Posted April 2, 2018 Share Posted April 2, 2018 4 minutes ago, bdillahu said: I think I had the same problem... I had a variable in "show more settings" called HTTPVAL: - it was set to True as I had had to do that sometime in the past I believe. I changed it to "false" and started getting some stuff working. Haven't finished testing, but wanted to pass it on. No HTTPVAL in my command. Here it is.root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='letsencrypt' --net='bridge' --privileged=true -e TZ="America/Los_Angeles" -e HOST_OS="unRAID" -e 'EMAIL'='XXXXXXXX' -e 'URL'='duckdns.org' -e 'SUBDOMAINS'='XXXXXXX,' -e 'ONLY_SUBDOMAINS'='true' -e 'DHLEVEL'='2048' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'PUID'='99' -e 'PGID'='100' -p '81:80/tcp' -p '444:443/tcp' -v '/mnt/cache/appdata/letsencrypt/':'/config':'rw' 'linuxserver/letsencrypt' d3a3282f734239ff8f7722288607e7cb56b6cd74a45022ed17f02f97b32a8b77The command finished successfully! Quote Link to comment
clause Posted April 2, 2018 Share Posted April 2, 2018 I ended up setting up Cloudflare and got it working that way. Quote Link to comment
GilbN Posted April 3, 2018 Share Posted April 3, 2018 (edited) On 2.4.2018 at 12:47 AM, Kube said: pihole? anyone got this to work through nginx? I have it partially working, but it looks like only the html loads and not the php # Pihole location /pihole/ { proxy_pass http://192.168.11.10:80/admin/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 90; } This gets the page to load but the graphs and counters dont populate. developer tools tell me this when i hit f12 Failed to load resource: the server responded with a status of 404 (Not Found)https://domain.pw/pihole/api.php?overTimeData10mins Failed to load resource: the server responded with a status of 404 (Not Found) jquery.min.js:4 GET https://domain.pw/pihole/api.php?overTimeData10mins 404 (Not Found) I've been hacking away at this all day and just cant get it to work. Any help Please? Thanks Try location /admin/ instead You can also try with this rewrite (I haven't tried it) if ($http_referer ~* /pihole/) { rewrite ^/admin/(.*) /pihole/admin/$1? redirect; } Edited April 3, 2018 by GilbN Quote Link to comment
ebnerjoh Posted April 4, 2018 Share Posted April 4, 2018 Hi, I have some troubles with LetsEncrypt. I got now several times an email, that my certs are expiring soon. So I checked the logs on LetsEncrypt and noticed the follwoing warning: Attempting to renew cert (xxx.yyy.com) from /etc/letsencrypt/... produced and unexpected error: Failed authorization procedure xxx.yyy.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain. In the past I had issues after a LetsEncrypt-Update and I had to add the HTTPVAL Key with setting true. Regardless if I set it to false or true, it is still not working. Br, Johannes Quote Link to comment
ebnerjoh Posted April 4, 2018 Share Posted April 4, 2018 1 hour ago, ebnerjoh said: Hi, I have some troubles with LetsEncrypt. I got now several times an email, that my certs are expiring soon. So I checked the logs on LetsEncrypt and noticed the follwoing warning: Attempting to renew cert (xxx.yyy.com) from /etc/letsencrypt/... produced and unexpected error: Failed authorization procedure xxx.yyy.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain. In the past I had issues after a LetsEncrypt-Update and I had to add the HTTPVAL Key with setting true. Regardless if I set it to false or true, it is still not working. Br, Johannes My mistake. I somehow removed the Portforwarding for Port 80 and only allowed 443. Added 80 and now it is working again. Br, Johannes Quote Link to comment
aptalca Posted April 4, 2018 Share Posted April 4, 2018 6 hours ago, ebnerjoh said: My mistake. I somehow removed the Portforwarding for Port 80 and only allowed 443. Added 80 and now it is working again. Br, Johannes Also keep in mind that httpval is deprecated and replaced with "VALIDATION", which can be set to http or dns. So far it is still backwards compatible, but in the future, httpval support will get dropped Quote Link to comment
ijuarez Posted April 4, 2018 Share Posted April 4, 2018 (edited) 1 hour ago, aptalca said: Also keep in mind that httpval is deprecated and replaced with "VALIDATION", which can be set to http or dns. So far it is still backwards compatible, but in the future, httpval support will get dropped Well crap, what page is that on? Nevermind I found it Edited April 4, 2018 by ijuarez resolved Quote Link to comment
aptalca Posted April 4, 2018 Share Posted April 4, 2018 4 hours ago, ijuarez said: Well crap, what page is that on? Nevermind I found it Docker hub info, github page, blog post on the website Quote Link to comment
hawihoney Posted April 5, 2018 Share Posted April 5, 2018 Two unRAID servers, a Plex docker on each machine, DuckDNS and LetsEncrypt on the first machine - how to do that? Below is my current configuration. Because I can open port 80/443 to one single machine only, I create redirections in the nginx default conf. My questions: - Is this ok/safe or is there a better way? - Plex on the second machine reports indirect connections only. Is there a way to get around that? - Please have a look at my proxy_pass settings. I use https there. Is this ok? Many thanks in advance. Router: port 80 (extern) --> port 81 (intern) port 443 (extern) --> port 444 (intern) DuckDNS subdomains t***1.duckdns.org t***2.duckdns.org DuckDNS container (on first unRAID machine): SUBDOMAINS: t***1,t***2 LetsEncrypt container (on first unRAID machine): Email: h***[email protected] Domainname: duckdns.org Subdomain(s): t***1 Only subdomains: true Plex network settings (on first machine): External URL: https://t***1.duckdns.org/plex01/ --> working perfect Plex network settings (on second machine): External URL: https://t***1.duckdns.org/plex02/ --> working indirect nginx/site-confs/default: - first machine is 192.168.178.35 - second machine is 192.168.178.34 Many thanks in advance. upstream backend { server 192.168.178.35:19999; keepalive 64; } server { listen 443 ssl default_server; listen 80 default_server; root /config/www; index index.html index.htm index.php; server_name _; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers '***'; ssl_prefer_server_ciphers on; client_max_body_size 0; location = / { return 301 /; } location /web { # serve the CSS code proxy_pass https://192.168.178.35:32400; } location /plex01 { # proxy request to plex server auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass https://192.168.178.35:32400/web; } location /plex02 { # proxy request to plex server auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass https://192.168.178.34:32400/web; } location ~ /netdata/(?<ndpath>.*) { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://backend/$ndpath$is_args$args; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; } } Quote Link to comment
NewDisplayName Posted April 5, 2018 Share Posted April 5, 2018 Can this be used without using 443 and 80? Quote Link to comment
aptalca Posted April 5, 2018 Share Posted April 5, 2018 1 hour ago, nuhll said: Can this be used without using 443 and 80? If you use dns validation, yes Quote Link to comment
hawihoney Posted April 6, 2018 Share Posted April 6, 2018 Are the last two posts related to my questions? If yes, what does that mean? Quote Link to comment
NewDisplayName Posted April 6, 2018 Share Posted April 6, 2018 15 hours ago, aptalca said: If you use dns validation, yes I guess, i cant use that with a free dns. I really dont like exposing 80 or 443 to the internet... Quote Link to comment
aptalca Posted April 6, 2018 Share Posted April 6, 2018 1 hour ago, nuhll said: I guess, i cant use that with a free dns. I really dont like exposing 80 or 443 to the internet... Just get your own domain and point the name servers to cloudflare. It's free and works great. Then you can use whatever port you like Quote Link to comment
aptalca Posted April 6, 2018 Share Posted April 6, 2018 (edited) 5 hours ago, hawihoney said: Are the last two posts related to my questions? If yes, what does that mean? It was a separate question. Can't answer your question fully because I haven't reverse proxied plex, let alone two of them. At first look, it seems that the /web location is shared between both plex servers and all requests are forwarded to one and not the other. You might be better off proxying them via subdomains at the root so you don't have to worry about proxying additional subfolders like web. Change your URL in letsencrypt settings to yoursubdomain.duckdns.org, set only_subdomains to false (should have been that way from the start, but I guess you followed an external guide rather than the description in the container settings, it is specifically spelled out there). Then you can set the subdomains to plex1,plex2 In the default site config, use the first server block for plex1.yoursubdomain.duckdns.org and the second one for plex2 Edited April 6, 2018 by aptalca Quote Link to comment
NewDisplayName Posted April 6, 2018 Share Posted April 6, 2018 16 minutes ago, aptalca said: Just get your own domain and point the name servers to cloudflare. It's free and works great. Then you can use whatever port you like Yes, i thought about that, but.. i have dynamic ip. And also, i guess, letsencrypt needs to redo the cert at some time and will check again on 80 and 443, or not!? Quote Link to comment
aptalca Posted April 6, 2018 Share Posted April 6, 2018 3 hours ago, nuhll said: Yes, i thought about that, but.. i have dynamic ip. And also, i guess, letsencrypt needs to redo the cert at some time and will check again on 80 and 443, or not!? Ddclient updates ip on cloudflare If you do dns validation, all renewals will also validate through dns, not through ports Quote Link to comment
ijuarez Posted April 6, 2018 Share Posted April 6, 2018 4 hours ago, aptalca said: Just get your own domain and point the name servers to cloudflare. It's free and works great. Then you can use whatever port you like hmmm this is an interesting way to do it. I like the fact you don't have to use ports, i don't use ddclient but pfsense will have to work that gem out. Quote Link to comment
hawihoney Posted April 6, 2018 Share Posted April 6, 2018 Quote Change your URL in letsencrypt settings to yoursubdomain.duckdns.org, set only_subdomains to false (should have been that way from the start, but I guess you followed an external guide rather than the description in the container settings, it is specifically spelled out there). Then you can set the subdomains to plex1,plex2 In the default site config, use the first server block for plex1.yoursubdomain.duckdns.org and the second one for plex2 Could it be that easy? Wow, worked immediately. Out of the box. Have plex1.t***.duckdns.org and plex2.t***.duckdns.org now. Thanks a million. One last question - more Plex related: If I remove port forwarding of 3240x from my router Plex tells me about missing direct connection. I mean, what is that 3240x port used for if the connection works over 443? This one puzzles me a bit. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.