Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

Featured Replies

Here's what I got in nginx

 

    	location /plexpy/ {
   		proxy_pass http://192.168.0.1:8181;
	include /config/nginx/proxy.conf;
      		proxy_bind $server_addr;
      		proxy_set_header X-Forwarded-Host $server_name;
	proxy_set_header X-Forwarded-Ssl     on;
	auth_basic "Restricted";
      		auth_basic_user_file /config/.htpasswd;
	}

 

Here's what I got in Plexpy

 

eEZNwwJ.png

And in my plexpy docker log

 

2016-12-11 15:25:11 - INFO :: MainThread : PlexPy WebStart :: Starting PlexPy web server on http://0.0.0.0:8181/plexpy/

  • Replies 6.2k
  • Views 1.5m
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running. For noobs like me, here's what I did: 1. Stop

  • I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

  • BigBoyMarky
    BigBoyMarky

    I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Posted Images

Thumbs up!

 

Finally working!

 

Time to start closing down some ports, and adding this to other dockers.

 

If you guys are interested, I could certainly try and put together some sort of generic tutorial on how to get this working.  Sometimes it's best understood coming from someone with minimal knowledge on the stuff so it's dumbed down.

I've gotten a few others working messing around with this.  I love it!

 

One issue I'm having is with Plex.

 

I can get it to work with https://server.com/plex.

 

But now, after removing the forwarding of port 32400 on my router, I can no longer access it through my apps.  Only through a web interface.  Is there a way to fix this?

I've gotten a few others working messing around with this.  I love it!

 

One issue I'm having is with Plex.

 

I can get it to work with https://server.com/plex.

 

But now, after removing the forwarding of port 32400 on my router, I can no longer access it through my apps.  Only through a web interface.  Is there a way to fix this?

 

No, sorry should have told you, Plex requires you to forward the port for apps.  You'd still be able to watch through the webui I think with the port closed, but the apps require the port open.

Yeah, the WEB GUI works, but apps don't.

 

Oh well!

 

I read some complicated stuff about attempting to resolve this, but far above what I can deal with.

Yeah, the WEB GUI works, but apps don't.

 

Oh well!

 

I read some complicated stuff about attempting to resolve this, but far above what I can deal with.

 

As far as I can work out it's because the apps are hardcoded to get your server address from the Plex site, which functions as a dynamic DNS essentially.  There's no way to tell the apps to "cut out the middle man" as it were.

Now attempting to configure letsencrypt to work with nextcloud.

 

I'm trying to piece things together from different posts.  This is what I have done:

 

1. On the nextcloud end:

 

Edit nextcloud/www/nextcloud/config/config.php

 

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'xxxxxxxxxx',
  'passwordsalt' => 'xxxxxxxxxxxxxxxxxxxxxxxxxx',
  'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  'trusted_domains' => 
  array (
    0 => '192.168.1.3:444',
    1 => 'server.com',
  ),
  'overwrite.cli.url' => 'https://server.com',
  'overwritehost'     => 'server.com',
  'overwriteprotocol' => 'https',
  'overwritewebroot'  => '/nextcloud',
  'dbtype' => 'mysql',
  'version' => '9.1.2.2',
  'dbname' => 'nextcloud',
  'dbhost' => '192.168.1.3:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_xxxxxx',
  'dbpassword' => 'xxxxxxxxxxxx',
  'logtimezone' => 'UTC',
  'installed' => true,
);

 

2. On the letsencrypt end

 

Edit letsencrypt/nginx/site-confs/default

 

location /nextcloud {
	proxy_pass https://192.168.1.3:444/nextcloud;
}

 

On a local machine I try to go to:

192.168.1.3:444

It auto redirects to https://server.com/nextcloud/index.php/apps/files

 

Y8ZJ4Yl.jpg

 

Same error for https://server.com/nextcloud.

 

Addtionally, if I edit the letsencrypt file and leave out the /nextcloud in the proxy_pass section, I get this error:

 

89049534981d4381b3ea97c3450ebae0.png

 

Thanks again for the help!  And don't forget my offer to write up a n00bie guide on how to do stuff.  Check my signature.  So severely outdated, but I wrote up a very basic how to back in the day on how to add mysql.

 

If you guys are interested, I could certainly try and put together some sort of generic tutorial on how to get this working.  Sometimes it's best understood coming from someone with minimal knowledge on the stuff so it's dumbed down.

 

Yes please, I am struggling to get out of the gate with this!

I can only recommend setting up nextcloud as nextcloud.server.com

 

Seen too many issues trying to set it up server.com/nextcloud tbh

 

To do the former.

 

Create a file called nextcloud in /config/nginx/site-confs/ containing this.

 

server {
       listen         80;
       server_name    nextcloud.server.com;
       return         301 https://$server_name$request_uri;
}

server {
listen 443 ssl;
server_name nextcloud.server.com;

root /config/www;
index index.html index.htm index.php;

###SSL Certificates
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

###Diffie–Hellman key exchange ###
ssl_dhparam /config/nginx/dhparams.pem;

###SSL Ciphers
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

###Extra Settings###
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

        ### Add HTTP Strict Transport Security ###
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header Front-End-Https on;

client_max_body_size 0;

location / {
    	proxy_pass https://192.168.0.1:444/;
  }
}

 

Edit config.php of nextcloud

 

<?php  
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'xxxxxxxxxxxx',
  'passwordsalt' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  'trusted_domains' => 
  array (
    0 => '192.168.0.1:444',
    1 => 'nextcloud.server.com',
  ),
  'overwrite.cli.url' => 'https://nextcloud.server.com',
  'overwritehost' => 'nextcloud.server.com',
  'overwriteprotocol' => 'https',
  'dbtype' => 'mysql',
  'version' => '9.0.52.0',
  'dbname' => 'nextcloud',
  'dbhost' => '192.168.0.1:3305',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_CHBMB1',
  'dbpassword' => 'xxxxxxxxxxxxxxxxxxxx',
  'logtimezone' => 'UTC',
  'installed' => true,
);

 

 

Both containers should obviously be stopped when editing..

We're close, but now a new error it seems.

 

When attempting to connect, I'm now faced with:

 

c6aERqB.jpg

 

With a different browser, I can bypass this, but it's not a secure https connection.

 

I checked to make sure that my certs were in the proper location mentioned in the new nextcloud file, and they are. 

You sure you got certs setup right in letsencrypt for nextcloud.server.com?

 

HbesEUu.png

Ah yes, that was it!  On the letsncrypt template, I never added "nextcloud" as a new subdomain.  Where does this actually make a change within one of the config files?

 

For uniformity purposes, do you have all of your dockers listed as docker.server.com?  Or do you have them mixed in with other server.com/docker?  I think I'm an all one way type of guy to try and keep things neat and not have to remember anything.

 

Also, sent you a PM, CHBMB.

Ah yes, that was it!  On the letsncrypt template, I never added "nextcloud" as a new subdomain.  Where does this actually make a change within one of the config files?

 

For uniformity purposes, do you have all of your dockers listed as docker.server.com?  Or do you have them mixed in with other server.com/docker?  I think I'm an all one way type of guy to try and keep things neat and not have to remember anything.

 

Also, sent you a PM, CHBMB.

 

I have most as server.com/app apart from nextcloud.  Occasionally you find that some things just work better that way.

Could someone provide me a cheat sheet for getting this to work with PlexRequests?  FWIW, I was able to setup my cert for requests.mydomain.com

 

Now I am a little unclear on the nginx config part.  I see everyone doing server.com/requests but I prefer to do subdomain since my main domain is pointed at a hosting site.

Could someone provide me a cheat sheet for getting this to work with PlexRequests?  FWIW, I was able to setup my cert for requests.mydomain.com

 

Now I am a little unclear on the nginx config part.  I see everyone doing server.com/requests but I prefer to do subdomain since my main domain is pointed at a hosting site.

Off the top of my head, I'd follow the instructions for nextcloud, but call the file requests....

 

Sent from my LG-H815 using Tapatalk

 

 

Could someone provide me a cheat sheet for getting this to work with PlexRequests?  FWIW, I was able to setup my cert for requests.mydomain.com

 

Now I am a little unclear on the nginx config part.  I see everyone doing server.com/requests but I prefer to do subdomain since my main domain is pointed at a hosting site.

Off the top of my head, I'd follow the instructions for nextcloud, but call the file requests....

 

Sent from my LG-H815 using Tapatalk

 

Thanks, I did copy that config but was still greeted with the letsncrpyt landing page.  Do I need to edit anything on the plex requests side?  I saw in another post by CHBMB that you can edit the docker template but that seemed to be for /request instead of request.

Errrr, I am CHBMB...

 

Problem is once you decide you want to do something other than what's posted is there are a lot of variables.  Impossible to just know what to do unless your an expert.  I just play around until I figure it out myself, only been using Nginx a couple of months and only learned Apache about a year ago and I'm no IT professional....

 

This works with this config.  As we know that we don't need the URL_BASE variable...

 

1. Remove the URL_BASE variable from the docker template of Plex Requests.

 

5cZLGDH.png

 

As we know Plex Requests proxys just fine with the previous config posted, create a new file called requests, copying the default config.  Make sure that only one is set as default.  So will need to edit this line in the new config

 

	listen 443 ssl default_server;

 

so change this to

 

	listen 443 ssl;

 

then just place this at the end.

 

	location / {
	proxy_pass http://192.168.0.1:3000;
	include /config/nginx/proxy.conf;
}

 

Which gives us:

 

server {
       listen         80;
       server_name    requests.server.com;
       return         301 https://$server_name$request_uri;
}

server {

listen 443 ssl;
server_name requests.server.com;

###Set root directory
root /config/www;
index index.html index.htm index.php;

###Turn off client checking of client request body size
client_max_body_size 0;

###SSL Certificates
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

###Diffie–Hellman key exchange ###
ssl_dhparam /config/nginx/dhparams.pem;

###Extra Settings###
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

        ### Add HTTP Strict Transport Security ###
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header Front-End-Https on;

###SSL Ciphers
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';


location ~ \.php$ {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	# With php5-cgi alone:
	fastcgi_pass 127.0.0.1:9000;
	# With php5-fpm:
	#fastcgi_pass unix:/var/run/php5-fpm.sock;
	fastcgi_index index.php;
	include /etc/nginx/fastcgi_params;

}

location / {
	proxy_pass http://192.168.0.1:3000;
	include /config/nginx/proxy.conf;
}
}

 

That works....

Errrr, I am CHBMB...  Could He Be More Bald? ;)

 

No, I am CHBMB!  Of that I'm quite certain, I've looked in the mirror and my head is indeed shiny.....  ;D

Errrr, I am CHBMB...  Could He Be More Bald? ;)

 

No, I am CHBMB!  Of that I'm quite certain, I've looked in the mirror and my head is indeed shiny.....  ;D

 

No confusion possible then, you're the one and only  :D

Errrr, I am CHBMB...

 

 

Yes, I know its you!  And I really appreciate the assistance.  I got it working with this config.  Many thanks.

Errrr, I am CHBMB...  Could He Be More Bald? ;)

 

No, I am CHBMB!  Of that I'm quite certain, I've looked in the mirror and my head is indeed shiny.....  ;D

daf25d47df50b20432486b4f3be8eb8004c324b02dcfe1e83ad8b9a4e5e0a445_1.jpg

Hi, thanks for this docker and all the others!

 

Sorry if this has been asked before but i do not find any search in thread function.

 

Is there a way to restart nginx from within the docker so i dont have to restart the entire thing every time i do a little change in the config file?

 

service nginx restart does not work :/

 

// Grasfer

Personally I would just restart the docker, but if you want to get a command prompt open in the docker container then it'll be

 

docker exec -it letsencrypt bash

Hi, thanks for this docker and all the others!

 

Sorry if this has been asked before but i do not find any search in thread function.

 

Is there a way to restart nginx from within the docker so i dont have to restart the entire thing every time i do a little change in the config file?

 

service nginx restart does not work :/

 

// Grasfer

s6-svc -h /var/run/s6/services/nginx

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.