January 6, 20179 yr Not sure if this belongs here, but have you guys encountered a situation where you're unable to access pages from within your LAN? My nginx config routes all http traffic to https. When some machine in the LAN tries to access the server via mydomain.com, then the protocol can be seen to change to https (meaning server is reached), but then request times out. Everything is OK from outside the LAN and target service is reached. Checked router config - NAT loopback is enabled. What gives?
January 6, 20179 yr Not sure if this belongs here, but have you guys encountered a situation where you're unable to access pages from within your LAN? My nginx config routes all http traffic to https. When some machine in the LAN tries to access the server via mydomain.com, then the protocol can be seen to change to https (meaning server is reached), but then request times out. Everything is OK from outside the LAN and target service is reached. Checked router config - NAT loopback is enabled. What gives? I can access pages from my LAN just fine, but I know some people can't, it may well be something your ISP has implemented and out of your control. Could test by using a VPN client out your LAN and then access your site.
January 6, 20179 yr Not sure if this belongs here, but have you guys encountered a situation where you're unable to access pages from within your LAN? My nginx config routes all http traffic to https. When some machine in the LAN tries to access the server via mydomain.com, then the protocol can be seen to change to https (meaning server is reached), but then request times out. Everything is OK from outside the LAN and target service is reached. Checked router config - NAT loopback is enabled. What gives? I've seen that issue with loopback. Some routers don't like to play nice, do you have any loopback options you can play with? Try disabling loopback and see what happens.
January 6, 20179 yr Not sure if this belongs here, but have you guys encountered a situation where you're unable to access pages from within your LAN? My nginx config routes all http traffic to https. When some machine in the LAN tries to access the server via mydomain.com, then the protocol can be seen to change to https (meaning server is reached), but then request times out. Everything is OK from outside the LAN and target service is reached. Checked router config - NAT loopback is enabled. What gives? I've seen that issue with loopback. Some routers don't like to play nice, do you have any loopback options you can play with? Try disabling loopback and see what happens. Interesting. Turned NAT loopback off and now mydomain.eu resolves. But - no cert is detected and browser deems the page insecure. Edit: scrap that - just tried from incognito window & another device - now it routes to router configuration landing page.
January 6, 20179 yr Not sure if this belongs here, but have you guys encountered a situation where you're unable to access pages from within your LAN? My nginx config routes all http traffic to https. When some machine in the LAN tries to access the server via mydomain.com, then the protocol can be seen to change to https (meaning server is reached), but then request times out. Everything is OK from outside the LAN and target service is reached. Checked router config - NAT loopback is enabled. What gives? I've seen that issue with loopback. Some routers don't like to play nice, do you have any loopback options you can play with? Try disabling loopback and see what happens. Interesting. Turned NAT loopback off and now mydomain.eu resolves. But - no cert is detected and browser deems the page insecure. Edit: scrap that - just tried from incognito window & another device - now it routes to router configuration landing page. That's loopback in action..... try entering https://domain.com:443/
January 6, 20179 yr Not sure if this belongs here, but have you guys encountered a situation where you're unable to access pages from within your LAN? My nginx config routes all http traffic to https. When some machine in the LAN tries to access the server via mydomain.com, then the protocol can be seen to change to https (meaning server is reached), but then request times out. Everything is OK from outside the LAN and target service is reached. Checked router config - NAT loopback is enabled. What gives? I've seen that issue with loopback. Some routers don't like to play nice, do you have any loopback options you can play with? Try disabling loopback and see what happens. Interesting. Turned NAT loopback off and now mydomain.eu resolves. But - no cert is detected and browser deems the page insecure. Edit: scrap that - just tried from incognito window & another device - now it routes to router configuration landing page. That's loopback in action..... try entering https://domain.com:443/ Loopback turned off and navigating directly to https address does resolve the service again, but as mentioned previously, no certs are detected. And after entering the exception to enter anyways, I'm yet again greeted by the router landing page.
January 6, 20179 yr You rebooted the router? Only other thing I can think of. Might be your ISP is the issue not your router settings?
January 6, 20179 yr You rebooted the router? Only other thing I can think of. Might be your ISP is the issue not your router settings? Didn't reboot, as toggling the loopback obviously had an effect. Wouldn't ISP be to suspect when the service wasn't accessible from the WAN side, which is not my case?
January 6, 20179 yr You rebooted the router? Only other thing I can think of. Might be your ISP is the issue not your router settings? Didn't reboot, as toggling the loopback obviously had an effect. Wouldn't ISP be to suspect when the service wasn't accessible from the WAN side, which is not my case? I dunno? But if it's not working from changing the router setting then I can't think of anything else.
January 10, 20179 yr ok so im using the old docker by alptaca fine, i move over this to this (no copying of files etc) and all i get is this. Generating new certificate Failed authorization procedure. remote.cyanlabs.net (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: SERVFAIL looking up A for remote.cyanlabs.net IMPORTANT NOTES: - If you lose your account credentials, you can recover through e-mails sent to [email protected]. - The following errors were reported by the server: Domain: remote.cyanlabs.net Type: connection Detail: DNS problem: SERVFAIL looking up A for remote.cyanlabs.net To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. /var/run/s6/etc/cont-init.d/50-config: line 105: cd: /config/keys/letsencrypt: No such file or directory [cont-init.d] 50-config: exited 1. [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] syncing disks. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. now if i stop this docker and launch the old one everything works fine still, i don't use A records though as i use CNAME's pointing to my own DDNS service running on a VPS edit: port 80 external is forwarded to 81 internal and 443 to 443. edit2: ok it seems letsencrypt or docker doesn't like cnames. any way around this? i'll add a A record each time certificate expires if required but if there is a automated way let me know. final edit: ok so my DDNS was being weird, switched to duckdns and all good.
January 10, 20179 yr The old one was still working fine because the certs didn't need to be renewed yet. It would likely break when they expired unless the ddns issue was resolved
January 11, 20179 yr What version of nginx is included with this? does it support stream? I'd like to use this same docker to handle non http traffic as well. I'd like to have this handle vnc and ssh for certain domains. Is this possible?
January 11, 20179 yr What version of nginx is included with this? does it support stream? I'd like to use this same docker to handle non http traffic as well. I'd like to have this handle vnc and ssh for certain domains. Is this possible? https://pkgs.alpinelinux.org/package/v3.4/main/x86_64/nginx No stream mod in this version, but the next version will include it. No eta yet (currently testing it)
January 13, 20179 yr In Aptalca's docker I was able to load simplexml_load_file() but in this version it does not appear to be enabled. I get the following error: "PHP message: PHP Warning: simplexml_load_file(): Unable to find the wrapper "https" - did you forget to enable it when you configured PHP?" Can this be enabled?
January 13, 20179 yr In Aptalca's docker I was able to load simplexml_load_file() but in this version it does not appear to be enabled. I get the following error: "PHP message: PHP Warning: simplexml_load_file(): Unable to find the wrapper "https" - did you forget to enable it when you configured PHP?" Can this be enabled? It seems you need the php5-openssl package/module. We'll add it shortly.
January 13, 20179 yr Awesome. Thanks for the quick reply. I manually added it and that was what I was missing. Sent from my SM-G930U using Tapatalk
January 14, 20179 yr anyone have location settings for putting unraid behind nginx? No, and if you're thinking of publishing your Unraid webui over the internet. Don't do it. Setup a VPN instead.
January 14, 20179 yr Yea good point, I'll just ssh tunnel in if I need it. Thanks for your devoted support CHBMB, appreciate it.
January 15, 20179 yr Has anyone tried creating a webdav folder using this docker? Would you mind sharing your nginx config for the webdav location? I'm looking to share a few unraid shares behind an htpasswd file.
January 16, 20179 yr any chance stream got added to this new version? Still looking to be able to proxy connect to my VNC, etc.
January 16, 20179 yr I am trying to setup Nextcloud. I used the configuration below with the minor changes in port. When I try to access it at my subdomain, it forwards me to the default "Welcome to our server" page. In the nginx error log I see a bunch of 2017/01/16 14:58:51 [error] 329#0: *1 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 192.168.1.1, serv 1 er: _, request: "GET /status.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "owncloud.mattekure.com" The nginx documentation here https://docs.nextcloud.com/server/9/admin_manual/installation/nginx_examples.html suggests a lot of fastcgi configs in the server {} block. I didnt see these in the config below, so I havnt put any in yet. Edit: didnt need to see the whole quoted topic.
January 16, 20179 yr I am trying to setup Nextcloud. I used the configuration below with the minor changes in port. When I try to access it at my subdomain, it forwards me to the default "Welcome to our server" page. In the nginx error log I see a bunch of 2017/01/16 14:58:51 [error] 329#0: *1 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 192.168.1.1, serv 1 er: _, request: "GET /status.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "owncloud.mattekure.com" The nginx documentation here https://docs.nextcloud.com/server/9/admin_manual/installation/nginx_examples.html suggests a lot of fastcgi configs in the server {} block. I didnt see these in the config below, so I havnt put any in yet. Be more helpful if you posted more of your own config files than mine, I know those ones, I use them,
January 16, 20179 yr Edit, I just saw a stupid mistake, disregard for now Sorry, I didnt change much, but here goes. I didnt make any changes to nginx.conf File "nextcloud" in nginx site-confs 1 server { 2 listen 80; 3 server_name owncloud.server.com; 4 return 301 https://$server_name$request_uri; 5 } 6 7 server { 8 listen 443 ssl; 9 server_name owncloud.server.com; 10 11 root /config/www; 12 index index.html index.htm index.php; 13 14 ###SSL Certificates 15 ssl_certificate /config/keys/letsencrypt/fullchain.pem; 16 ssl_certificate_key /config/keys/letsencrypt/privkey.pem; 17 18 ###DiffieHellman key exchange ### 19 ssl_dhparam /config/nginx/dhparams.pem; 20 21 ###SSL Ciphers 22 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-S 22 HA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SH 22 A384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA2 22 56:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNU 22 LL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; 23 24 ###Extra Settings### 25 ssl_prefer_server_ciphers on; 26 ssl_session_cache shared:SSL:10m; 27 28 ### Add HTTP Strict Transport Security ### 29 add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; 30 add_header Front-End-Https on; 31 32 client_max_body_size 0; 33 34 location / { 35 proxy_pass https://192.168.0.1:4433/; 36 } 37 } config.php from nextcloud 1 <?php 2 $CONFIG = array ( 3 'memcache.local' => '\\OC\\Memcache\\APCu', 4 'datadirectory' => '/data', 5 'instanceid' => 'ocoh2ii67wmp', 6 'passwordsalt' => 'i+gdNt8CcyS8B+D7EKwTldfUxUDhYb', 7 'secret' => 'xxxx', 8 'trusted_domains' => 9 array ( 10 0 => '192.168.1.9:4433', 11 1 => 'owncloud.mattekure.com', 12 ), 13 'overwrite.cli.url' => 'https://owncloud.mattekure.com', 14 'overwritehost' => 'owncloud.mattekure.com', 15 'overwriteprotocol' => 'https', 16 'dbtype' => 'mysql', 17 'version' => '9.1.0.16', 18 'dbname' => 'nextcloud', 19 'dbhost' => '192.168.1.9', 20 'dbport' => '', 21 'dbtableprefix' => 'oc_', 22 'dbuser' => 'nextcloud', 23 'dbpassword' => 'xxxxxx', 24 'logtimezone' => 'UTC', 25 'installed' => true, 26 'mail_smtpmode' => 'smtp', 27 'mail_smtpsecure' => 'tls', 28 'mail_from_address' => 'xxxxxx', 29 'mail_domain' => 'gmail.com', 30 'mail_smtpauthtype' => 'LOGIN', 31 'mail_smtpauth' => 1, 32 'mail_smtphost' => 'xxxx', 33 'mail_smtpport' => '587', 34 'mail_smtpname' => 'xxxx', 35 'mail_smtppassword' => 'xxxxx', 36 );
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.