jrdnlc Posted November 22, 2016 Share Posted November 22, 2016 @aptalca Is curl already installed or would I have to install it manually? can't remember off the top of my head but if it's not we will push an update Until then you can install with apk add --update curl if it's missing Thanks! Looks like today's update added curl. Can you also add GD? cURL and GD are the most used features and i'm surprised they were not included. In the meantime, I'll add gd manually. Thanks again! Yeah, there are a whole lot of php modules out there. I personally host an html5 site and a bunch of reverse proxies so don't really use php at all. If there are other modules that are commonly used and needed, let us know and we'll add them to this container. I'll go ahead and add php5-gd Thanks for adding GD. Will let you know if any other modules are needed but so far webpage is working great now! I would like to donate some money to you as a thank you for adding them so quickly and helping me out PM me your Paypal address. Thanks again!! Quote Link to comment
CHBMB Posted November 22, 2016 Share Posted November 22, 2016 @aptalca Is curl already installed or would I have to install it manually? can't remember off the top of my head but if it's not we will push an update Until then you can install with apk add --update curl if it's missing Thanks! Looks like today's update added curl. Can you also add GD? cURL and GD are the most used features and i'm surprised they were not included. In the meantime, I'll add gd manually. Thanks again! Yeah, there are a whole lot of php modules out there. I personally host an html5 site and a bunch of reverse proxies so don't really use php at all. If there are other modules that are commonly used and needed, let us know and we'll add them to this container. I'll go ahead and add php5-gd Thanks for adding GD. Will let you know if any other modules are needed but so far webpage is working great now! I would like to donate some money to you as a thank you for adding them so quickly and helping me out PM me your Paypal address. Thanks again!! No need for a PM, address is here... https://www.linuxserver.io/donations/ Quote Link to comment
jrdnlc Posted November 22, 2016 Share Posted November 22, 2016 @aptalca Is curl already installed or would I have to install it manually? can't remember off the top of my head but if it's not we will push an update Until then you can install with apk add --update curl if it's missing Thanks! Looks like today's update added curl. Can you also add GD? cURL and GD are the most used features and i'm surprised they were not included. In the meantime, I'll add gd manually. Thanks again! Yeah, there are a whole lot of php modules out there. I personally host an html5 site and a bunch of reverse proxies so don't really use php at all. If there are other modules that are commonly used and needed, let us know and we'll add them to this container. I'll go ahead and add php5-gd Thanks for adding GD. Will let you know if any other modules are needed but so far webpage is working great now! I would like to donate some money to you as a thank you for adding them so quickly and helping me out PM me your Paypal address. Thanks again!! No need for a PM, address is here... https://www.linuxserver.io/donations/ I would like to send it to him directly. Thanks Quote Link to comment
CHBMB Posted November 22, 2016 Share Posted November 22, 2016 Fair enough, your choice.... Quote Link to comment
aptalca Posted November 23, 2016 Share Posted November 23, 2016 Thanks for adding GD. Will let you know if any other modules are needed but so far webpage is working great now! I would like to donate some money to you as a thank you for adding them so quickly and helping me out PM me your Paypal address. Thanks again!! No need for a PM, address is here... https://www.linuxserver.io/donations/ I would like to send it to him directly. Thanks I recently joined the linuxserver team and this container was truly a team effort (still is). Feel free to donate to the team if you like. But I don't accept donations personally. Thanks Quote Link to comment
deuxcolors Posted November 23, 2016 Share Posted November 23, 2016 Trying to get Deluge and Transmission working... CHBMB provided me a configuration, but it doesn't use .htpasswd, and when I tried to modify the script it 404. Of course, the same setup doesn't work at all for Transmission. #HTPC server { listen 443 ssl; root /config/www; index index.html index.htm index.php; server_name htpc.*; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers ***** ssl_prefer_server_ciphers on; client_max_body_size 0; #Muximux location / { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.1.1:38095; } #Sonarr location ^~ /tv { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.1.1:38082/tv; } #Couchpotato location ^~ /movies { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.1.1:38083/movies; } #Deluge location ^~ /deluge { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.1.1:38085; proxy_set_header X-Deluge-Base "/deluge/"; } #PlexPy location ^~ /stats { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.1.1:38090/stats; } } Sonarr, CP, and PlexPy work fine within Muximux, and at /address on their own. Any ideas? Quote Link to comment
CHBMB Posted November 23, 2016 Share Posted November 23, 2016 Deux, you can use .htpasswd with it. I do myself. Sent from my LG-H815 using Tapatalk Quote Link to comment
Shamalamadindong Posted November 23, 2016 Share Posted November 23, 2016 Use the examples under "Setting up nginx" for Transmission. http://krisko210.blogspot.nl/2013/10/transmission-daemon-with-proxy-forward.html Quote Link to comment
deuxcolors Posted November 23, 2016 Share Posted November 23, 2016 Got them both working and with login requirement. Thanks. Quote Link to comment
deuxcolors Posted November 24, 2016 Share Posted November 24, 2016 Back to the VPN question. The VPN itself works fine (using OpenVPN-AS), but there is a possibility to have a webpage where I can login and get my configuration files when required. However, when I try to log in to it at vpn.example.com I get a "502 Bad Gateway". Here is the setup: server { listen 443 ssl; root /config/www; index index.html index.htm index.php; server_name vpn.*; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; client_max_body_size 0; location / { auth_basic off; include /config/nginx/proxy.conf; proxy_pass http://192.168.80.1:9443; } } I TRIED WITH 943 SAME ISSUE I'll post this in the OpenVPN-AS thread as well if it is determined that this isn't an NGINX issue. Thanks y'all! Quote Link to comment
CHBMB Posted November 24, 2016 Share Posted November 24, 2016 Security wise I think it's a bad idea. Essentially you end up securing your VPN via a Nginx reverse proxy which kind of removes the point of a VPN in the first place which is to provide more security to access certain services on your LAN than you would get from a reverse proxy. Sent from my LG-H815 using Tapatalk Quote Link to comment
deuxcolors Posted November 24, 2016 Share Posted November 24, 2016 I'm not sure I follow. I don't want VPN access through NGINX, I'm trying to get access to the OpenVPN-AS login page so that if I need to I can download the config file if I need it. If you go to the admin page you can set it up so that if you are outside your network you can only use the user login and not the admin one. Quote Link to comment
JonathanM Posted November 24, 2016 Share Posted November 24, 2016 I'm not sure I follow. I don't want VPN access through NGINX, I'm trying to get access to the OpenVPN-AS login page so that if I need to I can download the config file if I need it. If you go to the admin page you can set it up so that if you are outside your network you can only use the user login and not the admin one. I could be wrong, but what I think the bald one was getting at was the "out of band" encryption issue. If you allow your secret key to be accessible through an externally available web page, you have just potentially weakened your VPN by allowing a hack that penetrated NGINX to also access your VPN secret key. With any encryption scheme using a public / private key system, you should restrict access to the private key to the absolute minimum possible. Quote Link to comment
CHBMB Posted November 24, 2016 Share Posted November 24, 2016 That's exactly what the bald one was thinking... Sent from my LG-H815 using Tapatalk Quote Link to comment
deuxcolors Posted November 24, 2016 Share Posted November 24, 2016 I'm being stupid sorry. I still don't understand. You're saying that giving access to the login page is a potential security hole? Quote Link to comment
CHBMB Posted November 24, 2016 Share Posted November 24, 2016 Yes. You want to give access to your OpenVPN key via a reverse proxy. The weakest link in that chain is the reverse proxy. Get through that and potentially they have access to your VPN. Sent from my LG-H815 using Tapatalk Quote Link to comment
hooger Posted November 24, 2016 Share Posted November 24, 2016 Just looking into this for future use. How would I handle having multiple domains pointing to the same server? Ex: My current nginx setup has 4 totally different domains, all coming in on the same ip/port then gets sorted out by nginx. Is something like that possible with this container? (I'm 100% new to letsencypt, only switching because of chrome/google no longer recognizing startssl) Quote Link to comment
aptalca Posted November 25, 2016 Share Posted November 25, 2016 Just looking into this for future use. How would I handle having multiple domains pointing to the same server? Ex: My current nginx setup has 4 totally different domains, all coming in on the same ip/port then gets sorted out by nginx. Is something like that possible with this container? (I'm 100% new to letsencypt, only switching because of chrome/google no longer recognizing startssl) That's possible with letsencrypt, but not this container. This container only supports one domain with multiple subdomains Quote Link to comment
ChaOConnor Posted November 28, 2016 Share Posted November 28, 2016 Got them both working and with login requirement. Thanks. How did you end up getting Transmission to work? Did you modify Transmission to support a sub-directory? What did your Nginx config end up looking like? Thanks! Quote Link to comment
CHBMB Posted November 28, 2016 Share Posted November 28, 2016 Got them both working and with login requirement. Thanks. How did you end up getting Transmission to work? Did you modify Transmission to support a sub-directory? What did your Nginx config end up looking like? Thanks! Try this: location /transmission/ { proxy_pass_header X-Transmission-Session-Id; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://10.1.1.3:9091/transmission/web/; } location /rpc { proxy_pass http://10.1.1.3:9091/transmission/rpc; } Quote Link to comment
Bizmo Posted November 30, 2016 Share Posted November 30, 2016 managed to get myself completely confused here trying to set up a reverse proxy. have managed to get nginx setup and running and managed to configure the password security but cannot for the life of me seem to setup the reverse proxy. I have tried to use the examples in the default config file and also tried to copy over the ones from htpcguides but either way keep getting 502 bad gateway - I can't see what I am doing wrong! I have just spent 3 hours trying different options and am starting to feel like pulling why hair out! I can get to the site fine using the base url which displays the index.html page. Here is my config file: # redirect all traffic to https server { listen 80; server_name _; return 301 https://$host$request_uri; } # main server block server { listen 443 ssl default_server; root /config/www; index index.html index.htm index.php; server_name [removed].duckdns.org 192.168.1.28; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; client_max_body_size 0; location / { try_files $uri $uri/ /index.html /index.php?$args =404; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; # With php5-cgi alone: fastcgi_pass 127.0.0.1:9000; # With php5-fpm: #fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } # sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp" # notice this is within the same server block as the base # don't forget to generate the .htpasswd file as described on docker hub location ^~ /plexpy { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.1.28:8181/; } } # sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above # notice this is a new server block #server { # listen 443 ssl; # # root /config/www; # index index.html index.htm index.php; # # server_name cp.*; # # ssl_certificate /config/keys/letsencrypt/fullchain.pem; # ssl_certificate_key /config/keys/letsencrypt/privkey.pem; # ssl_dhparam /config/nginx/dhparams.pem; # ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; # ssl_prefer_server_ciphers on; # # client_max_body_size 0; # # location / { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; # include /config/nginx/proxy.conf; # proxy_pass http://192.168.1.50:5050; # } #} Quote Link to comment
CHBMB Posted November 30, 2016 Share Posted November 30, 2016 You generated the .htpasswd file? Some apps are more difficult than others, try this for plexpy location /plexpy/ { proxy_pass http://192.168.1.28:8181; include /config/nginx/proxy.conf; proxy_bind $server_addr; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Ssl on; auth_basic "Restricted"; auth_basic_user_file /config/.htpasswd; } Quote Link to comment
Bizmo Posted November 30, 2016 Share Posted November 30, 2016 Thanks for your help! Sorry for being thick Managed to get CouchPotato working using the default one and muximux as the homepage but can't seem to get other apps working The apps I wanted were Sonarr PlexPy PlexRequests NetData Deluge I've tried the PlexPy command and getting a 404 error, I think this might be down to my plexpy settings though Quote Link to comment
CHBMB Posted November 30, 2016 Share Posted November 30, 2016 Thanks for your help! Sorry for being thick Managed to get CouchPotato working using the default one and muximux as the homepage but can't seem to get other apps working The apps I wanted were Sonarr PlexPy PlexRequests NetData Deluge I've tried the PlexPy command and getting a 404 error, I think this might be down to my plexpy settings though # Sonar # https://github.com/linuxserver/docker-sonarr # # Edit the settings and set # Url Base to /sonarr location ^~ /sonarr { proxy_pass http://192.168.1.28:8989/sonarr; include /config/nginx/proxy.conf; } # PlexyPy # https://github.com/linuxserver/docker-plexpy # # Settings => Web Interface # Change http root to /plexpy # location ^~ /plexpy/ { proxy_pass http://192.168.1.28:8181; include /config/nginx/proxy.conf; proxy_bind $server_addr; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Ssl on; } # PlexRequests # https://github.com/linuxserver/docker-plexrequests # # Run container with -e "URL_BASE"="/plexrequests" # location ^~ /requests { proxy_pass http://192.168.1.28:3000/requests; include /config/nginx/proxy.conf; } # Deluge # https://github.com/linuxserver/docker-deluge # # No extra settings required # location ^~ /deluge { proxy_pass http://192.168.1.28:8112/; proxy_set_header X-Deluge-Base "/deluge/"; include /config/nginx/proxy.conf; } Netdata i've never heard of, you'll have to figure that one out yourself I'm afraid. Quote Link to comment
JonathanM Posted November 30, 2016 Share Posted November 30, 2016 Perhaps you could include the relevant apache and nginx sample reverse proxy configs in the documentation of each of the containers? Maybe even in the overview section of the template? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.