January 29, 20251 yr 2 hours ago, cosmicrelish said: Here is the conf file for Mealie that is in the swag proxy-conf folder. 13 hours ago, alturismo said: and may a docker run from your mealie docker
January 30, 20251 yr On 1/22/2025 at 10:15 PM, alturismo said: may rather take a look at the apps configuration, i dont know kimal now, but is there something to set the external url ? may your non native https port needs to be added to the url there too ... also, may if kimal is somehow calling http, your redirect rule in the default site conf from nginx will redirect to https ... may consider changing this to your custom https port too ... overall, not the best idea to use a custom https port but you will have your reasons ... and you are aware its "off" standard ... Thank you for the help. It ended up being that the swag template for kimai is not suitable for this scenario. I found this on the kimai website for reverse proxies, plus I set environmental variables on the kimai container for TRUSTED_PROXIES and TRUSTED_HOSTS based off some old github comments from the owner (similar to the instructions in the Nextcloud swag conf) server { listen 443 ssl; listen [::]:443 ssl; server_name kimai.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth (requires ldap-location.conf in the location block) #include /config/nginx/ldap-server.conf; # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; location / { proxy_pass https://internalIPaddressForKimaiContainerGoesHere:443/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; } # Redirect HTTP to HTTPS, in case an invalid (plain HTTP) request was sent to port 443 error_page 497 https://$host:$server_port$request_uri; } Edited January 30, 20251 yr by bhcompy
March 17, 20251 yr Hi, I´ve tried to secure npm with fail2ban from @linuxserver.io / lscr.io/linuxserver/fail2ban fail2ban triggers IPs correctly: IPv4: 2025-03-16 15:12:25,087 146D00D56B38 INFO [npm] Found 80.187.xxx - 2025-03-16 15:12:24 2025-03-16 15:12:43,834 146D00D56B38 INFO [npm] Found 80.187.xxx - 2025-03-16 15:12:43 2025-03-16 15:12:49,078 146D00D56B38 INFO [npm] Found 80.187.xxx - 2025-03-16 15:12:49 2025-03-16 15:12:49,177 146D00B4BB38 NOTIC [npm] Ban 80.187.xxx 2025-03-16 15:12:49,195 146D00B4BB38 ERROR 146d01b5fd20 -- exec: { iptables -w -C f2b-npm -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-npm || true; iptables -w -A f2b-npm -j RETURN; } for proto in $(echo 'tcp' | sed 's/,/ /g'); do { iptables -w -C DOCKER-USER -p $proto -m multiport --dports 12345 -j f2b-npm >/dev/null 2>&1; } || { iptables -w -I DOCKER-USER -p $proto -m multiport --dports 12345 -j f2b-npm; } done 2025-03-16 15:12:49,196 146D00B4BB38 ERROR 146d01b5fd20 -- stderr: 'iptables: No chain/target/match by that name.' 2025-03-16 15:12:49,196 146D00B4BB38 ERROR 146d01b5fd20 -- returned 1 2025-03-16 15:12:49,196 146D00B4BB38 ERROR Failed to execute ban jail 'npm' action 'iptables-multiport' info 'ActionInfo({'ip': '80.187.xxx', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x146d01b85a80>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x146d01b86200>})': Error starting action Jail('npm')/iptables-multiport: 'Script error' IPv6: 2025-03-16 15:05:59,104 146D00D56B38 INFO [npm] Found 2003:da:xxx - 2025-03-16 15:05:58 2025-03-16 15:06:02,336 146D00D56B38 INFO [npm] Found 2003:da:xxx - 2025-03-16 15:06:01 2025-03-16 15:06:09,597 146D00D56B38 INFO [npm] Found 2003:da:xxx - 2025-03-16 15:06:09 2025-03-16 15:06:10,344 146D00B4BB38 NOTIC [npm] Ban 2003:da:xxx 2025-03-16 15:06:10,379 146D00B4BB38 ERROR 146d01b796f0 -- exec: { ip6tables -w -C f2b-npm -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-npm || true; ip6tables -w -A f2b-npm -j RETURN; } for proto in $(echo 'tcp' | sed 's/,/ /g'); do { ip6tables -w -C DOCKER-USER -p $proto -m multiport --dports 12345 -j f2b-npm >/dev/null 2>&1; } || { ip6tables -w -I DOCKER-USER -p $proto -m multiport --dports 12345 -j f2b-npm; } done 2025-03-16 15:06:10,381 146D00B4BB38 ERROR 146d01b796f0 -- stderr: 'ip6tables: No chain/target/match by that name.' 2025-03-16 15:06:10,382 146D00B4BB38 ERROR 146d01b796f0 -- returned 1 2025-03-16 15:06:10,383 146D00B4BB38 ERROR Failed to execute ban jail 'npm' action 'iptables-multiport' info 'ActionInfo({'ip': '2003:da:xxx', 'family': 'inet6', 'fid': <function Actions.ActionInfo.<lambda> at 0x146d01b85a80>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x146d01b86200>})': Error starting action Jail('npm')/iptables-multiport: 'Script error' it seems that the fail2ban container can´t access iptables, although it has privileged rights. jail.local: [DEFAULT] bantime = 4h maxretry = 3 [npm] enabled = true port = 12345 backend = polling logpath = /var/log/proxy-host-*_error.log chain = DOCKER-USER action = %(known/action)s any ideas? unraid 7.0.1
March 17, 20251 yr Hi, i updated SWAG this morning to the latest release but now SWAG doesn't seem to works. If i click on SWAG and choose logs I'm getting spammed with: 2025/03/17 11:37:58 [emerg] 2164#2164: module "/var/lib/nginx/modules/ngx_http_lua_module.so" version 1026003 instead of 1026002 in /etc/nginx/modules/30_http_lua.conf:1 I can't access any resource behind swag. Crowdsec enabled and fail2ban disabled. Any tips? Edited March 17, 20251 yr by lusitopp
March 17, 20251 yr I got closer to the problem: the container uses "iptables v1.8.10 (nf_tables)" Unraid uses: "iptables v1.8.11 (legacy)" @linuxserver.io could you solve this ?
March 17, 20251 yr Updated the swag container today, and I get a load of these messages repeated over and over - and while it is started, it does not work. 2025/03/18 07:47:34 [alert] 3024#3024: failed to load the 'resty.core' module (https://github.com/openresty/lua-resty-core); ensure you are using an OpenResty release from https://openresty.org/en/download.html (reason: /usr/share/lua/common/resty/core/base.lua:24: ngx_http_lua_module 0.10.27 required) in /config/nginx/nginx.conf:172 I looked at line 172 that I suppose it is referring to (I am not good with this stuff), and it just has a ')' - so I assume it is that whole section ? Further to this - Editied - I moved in all the sample files and still get this issue........ As I have used nginx, then swag for 10+ years and had a load of my own custom config - so I assume it is in the container itself. FIXED - ok the issue is the crowdsec dockermod for the swag container. ghcr.io/linuxserver/mods:swag-crowdsec If you have the docker mod for this, then this crashes with this error as shown above. I have removed it for now. Edited March 18, 20251 yr by vw-kombi more testing.
March 18, 20251 yr 12 hours ago, vw-kombi said: FIXED - ok the issue is the crowdsec dockermod for the swag container. ghcr.io/linuxserver/mods:swag-crowdsec If you have the docker mod for this, then this crashes with this error as shown above. I have removed it for now. Thanks for the tip! For anyone else who hits this, it's not stopping the crowdsec container, but updating the swag container's DOCKER_MODS value to not include it. Make sure you backup what you have there (I used the description field on that value) so can reinstate when the issue gets resolved. Cheers
April 10, 20251 yr Hey folks, I'm using SWAG as a web server via the www directory and trying to run PHP scripts on my web pages. The pages are saved as .php files, however they don't appear to be getting passed off to the PHP engine. When I access the pages in a browser, it appears as though it's trying to parse the PHP as if it's html. The inspector in Firefox shows me, for instance... <!--? phpinfo(); ?--> ... instead of the results of the function. I've confirmed via the console that PHP 8.3.19 is installed in the container, as expected, and I haven't changed anything, so it should be configured per linuxserver defaults - is there some configuration option that I have to change to enable the PHP engine to execute files in the www directory? EDIT - I gather swag/nginx/site-confs/default.conf is what controls this. Here is how I have that configured... # main server block server { listen 443 ssl default_server; listen [::]:443 ssl default_server; server_name www.mydomain.name mydomain.name; include /config/nginx/ssl.conf; root /config/www; index index.html index.htm index.php; # enable subfolder method reverse proxy confs include /config/nginx/proxy-confs/*.subfolder.conf; # enable for ldap auth (requires ldap-location.conf in the location block) #include /config/nginx/ldap-server.conf; # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; location / { # enable for basic auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable for ldap auth (requires ldap-server.conf in the server block) #include /config/nginx/ldap-location.conf; # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; try_files $uri $uri/ /index.html /index.htm /index.php$is_args$args; } location ~ ^(.+\.php)(.*)$ { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable for ldap auth (requires ldap-server.conf in the server block) #include /config/nginx/ldap-location.conf; # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; fastcgi_split_path_info ^(.+\.php)(.*)$; if (!-f $document_root$fastcgi_script_name) { return 404; } fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } # deny access to .htaccess/.htpasswd files location ~ /\.ht { deny all; } } EDIT #2 many months later because I was embarrassed - Turns out I was configuring short_open_tag=On in a place that was getting overwritten every time I restarted the container. Set the variable in the php-local.ini stored in /mnt/user/appdata/swag/php/ instead and it persists. Updating so someone as dumb as me will have an answer if they're trying to google it. Edited January 20Jan 20 by DogEatWaffle
April 23, 20251 yr getting a lot of errors in nginx error log lately. I assume its trying to validate the letsencrpt certificate and failing? My sites seem to work ok massive amounts of these errors not sure what changed in swag lately but there really isnt an indication that there is a problem without looking 2025/04/21 17:35:20 [error] 984#984: e6.o.lencr.org could not be resolved (110: Operation timed out) while requesting certificate status, responder: e6.o.lencr.org, certificate: "/config/keys/cert.crt" 2025/04/21 17:43:09 [error] 986#986: e6.o.lencr.org could not be resolved (110: Operation timed out) while requesting certificate status, responder: e6.o.lencr.org, certificate: "/config/keys/cert.crt" server: za.*, request: "POST /api/webhook/18b659ea610297da1687675d589e2c33bbb52f42d654bea0b734f5ba1822b7bd HTTP/1.1", upstream: "http://192.168.1.1:8123/api/webhook/18b659ea610297da1687675d589e2c33bbb52f42d654bea0b734f5ba1822b7bd", host: "mydomain" 2025/04/22 18:11:36 [error] 955#955: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 18.210.179.88, server: za.*, request: "POST /api/webhook/18b659ea610297da1687675d589e2c33bbb52f42d654bea0b734f5ba1822b7bd HTTP/1.1", upstream: "http://192.168.1.1:8123/api/webhook/18b659ea610297da1687675d589e2c33bbb52f42d654bea0b734f5ba1822b7bd", host: "mydomain" 2025/04/22 18:11:39 [error] 959#959: e6.o.lencr.org could not be resolved (110: Operation timed out) while requesting certificate status, responder: e6.o.lencr.org, certificate: "/config/keys/cert.crt" 2025/04/22 18:11:40 [error] 960#960: e6.o.lencr.org could not be resolved (110: Operation timed out) while requesting certificate status, responder: e6.o.lencr.org, certificate: "/config/keys/cert.crt" Edited April 23, 20251 yr by xokia
April 30, 20251 yr It would appear that ngnix is unable to resolve dns. /etc/resolv.conf nameserver 127.0.0.11 options ndots:0 This appears to point to the docker dns which should in return point to the host dns. The host dns resolves. I cant seem to change the /etc/resolv.conf file in swag as each time I change it then restart swag it recreates itself. I can't figure out why the docker container is unable to resolve dns if the host can. This is a relatively new occurrence and I haven't changed anything in swag or unraid other then the pushed updates. Any help would be appreciated host dns below root@Server:~# dig A r3.o.lencr.org @1.1.1.1 +short dig A r3.o.lencr.org @1.0.0.1 +short dig A r3.o.lencr.org @8.8.8.8 +short o.lencr.edgesuite.net. a1887.dscq.akamai.net. 104.100.168.73 104.100.168.115 o.lencr.edgesuite.net. a1887.dscq.akamai.net. 104.103.68.73 104.103.68.105 ; <<>> DiG 9.16.42 <<>> A r3.o.lencr.org @8.8.8.8 +short ;; global options: +cmd ;; connection timed out; no servers could be reached Edited April 30, 20251 yr by xokia
April 30, 20251 yr I remember having something similar for another container. It’s was a while back and not swag. I googled it and maybe I did this - Configure DNS for Docker Containers Docker containers may not inherit the host's DNS settings. To force proper DNS resolution for containers: Edit the Docker daemon configuration file: Go to Settings > Docker in Unraid. Under "Docker custom network DNS server", add 1.1.1.1 and 8.8.8.8. *Sometimes a network reload helps here: /etc/rc.d/rc.docker restart
May 3, 20251 yr Now I am confused if I ping the offending address from the swag container it resolves! Maybe there is something wrong with letsencrypt? I know my error log is full of these it appears it tries every 5 min or so. 2025/05/02 18:14:06 [error] 961#961: e6.o.lencr.org could not be resolved (110: Operation timed out) while requesting certificate status, responder: e6.o.lencr.org, certificate: "/config/keys/cert.crt" 2025/05/02 18:19:46 [error] 969#969: e6.o.lencr.org could not be resolved (110: Operation timed out) while requesting certificate status, responder: e6.o.lencr.org, certificate: "/config/keys/cert.crt" 2025/05/02 18:19:58 [error] 970#970: e6.o.lencr.org could not be resolved (110: Operation timed out) while requesting certificate status, responder: e6.o.lencr.org, certificate: "/config/keys/cert.crt" PING e6.o.lencr.org (23.32.152.232): 56 data bytes 64 bytes from 23.32.152.232: seq=0 ttl=45 time=29.889 ms 64 bytes from 23.32.152.232: seq=1 ttl=45 time=30.711 ms 64 bytes from 23.32.152.232: seq=2 ttl=45 time=29.913 ms 64 bytes from 23.32.152.232: seq=3 ttl=45 time=30.170 ms 64 bytes from 23.32.152.232: seq=4 ttl=45 time=29.624 ms 64 bytes from 23.32.152.232: seq=5 ttl=45 time=30.873 ms 64 bytes from 23.32.152.232: seq=6 ttl=45 time=29.585 ms ^C --- e6.o.lencr.org ping statistics --- 7 packets transmitted, 7 packets received, 0% packet loss round-trip min/avg/max = 29.585/30.109/30.873 ms Edited May 3, 20251 yr by xokia
May 3, 20251 yr 13 hours ago, vw-kombi said: Stop docker, then try the above settings. I run my own dns server .20 is my dns server. I tried manually adding the dns to the swag container. I also tried --dns 8.8.8.8 --dns 1.1.1.1 made zero difference. There is no option for custom dns server under the docker setting Edited May 3, 20251 yr by xokia
May 4, 20251 yr I found where I had this exact same issue. It was with the iCloudPD container. Reason I could not find it here was I posted on their discord support. issue was the tailscale plugin. i uninstalled that and dns worked again. attaching screenshot of my post. Something to do with magic dns.
May 4, 20251 yr 14 hours ago, vw-kombi said: I found where I had this exact same issue. It was with the iCloudPD container. Reason I could not find it here was I posted on their discord support. issue was the tailscale plugin. i uninstalled that and dns worked again. attaching screenshot of my post. Something to do with magic dns. The plugin disables Tailscale DNS by default. Unfortunately, one of the popular video tutorial makers put out a video a while back that directed people to turn it on, which is probably why you had the issue.
May 5, 20251 yr On 3/17/2025 at 11:46 AM, Avenga said: I got closer to the problem: the container uses "iptables v1.8.10 (nf_tables)" Unraid uses: "iptables v1.8.11 (legacy)" @linuxserver.io could you solve this ? I've having the same issue. fail2ban detects and blocks IP but its not being applied to host machines iptables
May 5, 20251 yr 13 hours ago, EDACerton said: The plugin disables Tailscale DNS by default. Unfortunately, one of the popular video tutorial makers put out a video a while back that directed people to turn it on, which is probably why you had the issue. Dunno about that - I never did any config to it, or watched any youtubes, just installed it one day, did the setup, then a few days later realised icloudPD container was not working. All other containers were working fine, just not that one. Uninstalled plugin, it works again, I tried installing it again to prove that was it, and it stopped again - never installed it again (I have tailscale with advertise routes on another always on machine (my home assistant and CCTV system) - so its not really needed on unraid.
July 21, 2025Jul 21 Running into an issue with swag on startup. seeing this error (redacted my domains and other private info) :Docker run:docker run -d --name='SWAG' --net='br2.80' --ip='10.168.80.50' --pids-limit 2048 --privileged=true -e TZ="America/New_York" -e HOST_OS="Unraid" -e HOST_HOSTNAME="XXXXXX" -e HOST_CONTAINERNAME="SWAG" -e 'TCP_PORT_80'='80' -e 'TCP_PORT_443'='443' -e 'EMAIL'='XXXXXXXX' -e 'URL'='st6.com' -e 'SUBDOMAINS'='XXXXXX,XXXXXX,XXXXXX' -e 'ONLY_SUBDOMAINS'='true' -e 'VALIDATION'='dns' -e 'DNSPLUGIN'='cloudflare' -e 'EXTRA_DOMAINS'='' -e 'STAGING'='false' -e 'DUCKDNSTOKEN'='' -e 'PROPAGATION'='30' -e 'MAXMINDDB_LICENSE_KEY'='XXXXXXXXXXXX' -e 'DOCKER_MODS'='linuxserver/mods:swag-maxmind' -e 'MAXMINDDB_USER_ID'='1190058' -e 'PUID'='99' -e 'PGID'='100' -l net.unraid.docker.managed=dockerman -l net.unraid.docker.webui='https://[IP]:[PORT:443]' -l net.unraid.docker.icon='https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver-ls-logo.png' -v '/mnt/user/appdata/joeproxy_2':'/config':'rw' -v '/mnt/user/remotelogs/XXXXXX/':'/var/log/':'rw' --cap-add=NET_ADMIN 'lscr.io/linuxserver/swag'Log output:Using Let's Encrypt as the cert providerSUBDOMAINS entered, processingSub-domains processed are: XXXXXXXXE-mail address entered: XXXXXXXXdns validation via cloudflare plugin is selectedGenerating new certificateERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file.Running CERTBOT by itself works:root@XXXXXX:/mnt/cache/appdata/cloudflare-ddns-config# docker exec -it XXXXXXX certbot certonly \ --dns-cloudflare \ --dns-cloudflare-credentials /config/dns-conf/cloudflare.ini \ --dns-cloudflare-propagation-seconds 30 \ -d joeflix.st6.com \ --email XXXXXXXX \ --agree-tos \ --non-interactiveSaving debug log to /var/log/letsencrypt/letsencrypt.logAccount registered.Requesting a certificate for XXXXXXXXWaiting 30 seconds for DNS changes to propagateSuccessfully received certificate.Certificate is saved at: /etc/letsencrypt/live/XXXXXXXX/fullchain.pemKey is saved at: /etc/letsencrypt/live/XXXXXXXXX/privkey.pemThis certificate expires on 2025-10-19.These files will be updated when the certificate renews.NEXT STEPS:- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -If you like Certbot, please consider supporting our work by:* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate* Donating to EFF: https://eff.org/donate-le- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -This tells me that my cloudflare.ini keys are correct and the file permissions are working. I'm at a loss on what could be happening. It has been working fine for a few years.
July 22, 2025Jul 22 Running into an issue with swag on startup. seeing this error (redacted my domains and other private info) :[docker run]-d--name='SWAG'--net='br2.80'--ip='10.168.80.50'--pids-limit 2048--privileged=true-e TZ="America/New_York"-e HOST_OS="Unraid"-e HOST_HOSTNAME="XXXXXX"-e HOST_CONTAINERNAME="SWAG"-e 'TCP_PORT_80'='80'-e 'TCP_PORT_443'='443'-e '[EMAIL'='XXXXXXXX]'-e 'URL'='XXXX.XXX'-e 'SUBDOMAINS'='XXXXXX,XXXXXX,XXXXXX'-e 'ONLY_SUBDOMAINS'='true'-e 'VALIDATION'='dns'-e 'DNSPLUGIN'='cloudflare'-e 'EXTRA_DOMAINS'=''-e 'STAGING'='false'-e 'DUCKDNSTOKEN'=''-e 'PROPAGATION'='30'-e 'MAXMINDDB_LICENSE_KEY'='XXXXXXXXXXXX'-e 'DOCKER_MODS'='linuxserver/mods:swag-maxmind'-e 'MAXMINDDB_USER_ID'='XXXXXXX'-e 'PUID'='99'-e 'PGID'='100'-l net.unraid.docker.managed=dockerman-l net.unraid.docker.webui='[IP]:[PORT:443]'-l net.unraid.docker.icon='linuxserver-ls-logo.png'-v '/mnt/user/appdata/joeproxy_2':'/config':'rw'-v '/mnt/user/remotelogs/XXXXXX/':'/var/log/':'rw'--cap-add=NET_ADMIN 'lscr.io/linuxserver/swag'Log output:Using Let's Encrypt as the cert providerSUBDOMAINS entered, processingSub-domains processed are: XXXXXXXXE-mail address entered: [XXXXXXXX]dns validation via cloudflare plugin is selectedGenerating new certificatecertbot: error: unrecognized arguments: --dns--propagation-seconds=30ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file.Running CERTBOT by itself works:root:/mnt/cache/appdata/cloudflare-ddns-config# docker exec -it XXXXXXX certbot certonly \--dns-cloudflare \--dns-cloudflare-credentials /config/dns-conf/cloudflare.ini \--dns-cloudflare-propagation-seconds 30 \-d XXXXXXXX \--email [XXXXXXXX] \--agree-tos \--non-interactiveSaving debug log to /var/log/letsencrypt/letsencrypt.logAccount registered.Requesting a certificate for XXXXXXXXWaiting 30 seconds for DNS changes to propagateSuccessfully received certificate.Certificate is saved at: /etc/letsencrypt/live/XXXXXXXX/fullchain.pemKey is saved at: /etc/letsencrypt/live/XXXXXXXXX/privkey.pemThis certificate expires on 2025-10-19.These files will be updated when the certificate renews.NEXT STEPS:- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Comments:This tells me that my cloudflare.ini keys are correct and the file permissions are working. I'm at a loss on what could be happening. It has been working fine for a few years. I can confirm the same error occurs when using ZeroSSL.
August 23, 2025Aug 23 I've been Googling my a$$ off and can't figure this one out. I already had a Cloudflare account, and created a new domain for a website that I'm wanting to host. I created an account with zerossl. I installed swag and set up the Cloudflare tunnels for the new site, ports 80 & 443, for both mydomain.net and www.mydomain.net.Initially, I was getting "too many redirects" when I tried to open the new site (nothing uploaded to it yet - just straight up SWAG). It loads fine if I go to the local ip. I had previously set Cloudflare SSL to "Full (Strict)" as a suggested fix. Still too many redirects. I solved the redirects by commenting out the port 80 section of the 'default.conf' file, but now I'm getting a 502-Bad Gateway error when using the domain name for the site. I've since uncommented out those lines, but am back to the Bad Gateway issue.This seems to be a common issue, but the suggested fixes are all over the place. Any help would be fantastic.
September 27, 2025Sep 27 I finally RESOLVED my Swag dashboard issue with repeated '504 Gateway Time-out'. I simply had to increase the timeout in my 'dashboard.subdomain.conf' file. I do wish this mod was faster at reloading, typically takes ~2 minutes to load every time. proxy_read_timeout 300s; proxy_send_timeout 300s; proxy_connect_timeout 300s;
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.