Homer-S Posted May 14, 2017 Share Posted May 14, 2017 Hello, after solving issues with Pydio I am facing strange things with a wordpress container which should be accessed similar. I am using same conf file as for pydio/nextcloud for wordpress. localhost access is working perfectly. if I am adding subdomain.myserver.de browsertools show me a address like this subdomain:90 90 is the port I want to forward to but I can not figure out why it is not using my proxy_pass http://192.168.100.10:90/; command? Does anybody has an idea what is wrong or a working nginx-rev-proxy-config for wordpress container? many thanks, and I am promising, after that my whole server is setup completely Quote Link to comment
CHBMB Posted May 14, 2017 Share Posted May 14, 2017 2 hours ago, Homer-S said: Hello, after solving issues with Pydio I am facing strange things with a wordpress container which should be accessed similar. I am using same conf file as for pydio/nextcloud for wordpress. localhost access is working perfectly. if I am adding subdomain.myserver.de browsertools show me a address like this subdomain:90 90 is the port I want to forward to but I can not figure out why it is not using my proxy_pass http://192.168.100.10:90/; command? Does anybody has an idea what is wrong or a working nginx-rev-proxy-config for wordpress container? many thanks, and I am promising, after that my whole server is setup completely Couple of things. Pydio others have been having trouble with so if you could post your config that may be helpful for others. Secondly, no way can I work out what the hell is going on with that wordpress container. Got a link to the container you're using? Quote Link to comment
Homer-S Posted May 15, 2017 Share Posted May 15, 2017 He comes my Pydio config server { listen 443 ssl; server_name pydio.dyndns.myserver.com; root /config/www; index index.html index.htm index.php; access_log /config/log/nginx/access_pydio.log; error_log /config/log/nginx/error_pydio.log; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass http://192.168.1.11:84/; } } Now back to my wordpress issue. This is the official container from wordpress: docker run -it -d \ --name wordpress \ --restart=always \ -p 90:80 \ -e PUID=33 -e PGID=33 \ -e TZ=Europe/Berlin \ -v /docker/data/wordpress:/var/www/html \ wordpress it is working with local ip 192.168.1.11:90 mariadb is successfully set up with wordpress db if I am going to access it via nginx reverse proxy I am entering this https://subdomain.myserver.de and this is after a short time displayed in url bar: subdomain:90 and a "server not found" page appears. this is my wordpress config file: server { listen 443 ssl; server_name wordpress.dyndns.myserver.com; root /config/www; index index.html index.htm index.php; access_log /config/log/nginx/access_wordpress.log; error_log /config/log/nginx/error_wordpress.log; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass http://192.168.1.11:90/; } } Quote Link to comment
CHBMB Posted May 15, 2017 Share Posted May 15, 2017 @Homer-S Are you using Unraid? Quote Link to comment
Homer-S Posted May 15, 2017 Share Posted May 15, 2017 4 minutes ago, CHBMB said: @Homer-S Are you using Unraid? No, ubuntu server 16.04 Quote Link to comment
CHBMB Posted May 15, 2017 Share Posted May 15, 2017 This is the Unraid forum. We only support Unraid stuff here, as they're hosting it. We've got our own forums for other operating systems and IRC. I'll take a look at Wordpress when I get a minute. Quote Link to comment
Homer-S Posted May 15, 2017 Share Posted May 15, 2017 oh, I am sorry. Thanks in advance for your help!!! Quote Link to comment
b0mb Posted May 17, 2017 Share Posted May 17, 2017 Hi! I´m trying to use this nice container but it kills itself because of an error right after start Failed authorization procedure. xxx.4irc.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested Does any1 have a tipp for me? I´ve entered "4irc.com" in the domain field of the template and xxx into the subdomain field. I´ve also set only subdomains to true. Thx! b0mb Quote Link to comment
Malykai Posted May 17, 2017 Share Posted May 17, 2017 I could be mistaken but I can't find an A record for your sub domain...https://mxtoolbox.com/SuperTool.aspx?action=a%3axxx.4irc.com&run=toolpageI would make sure you can lookup your sub domain then try restarting letsencrypt so it can try again.Sent from my iPad using Tapatalk Quote Link to comment
b0mb Posted May 17, 2017 Share Posted May 17, 2017 The XXX was just a placeholder ... The domain it's listed on the site you've posted Gesendet von meinem Redmi Note 3 mit Tapatalk Quote Link to comment
Malykai Posted May 17, 2017 Share Posted May 17, 2017 I was hoping it wasn't that simple and should have done some more checking before I posted and went to bed lol. 4irc.com is just a dynamic dns service? If that is the case I believe you would use xxx.4irc.com as the domain with no sub domain for it? Quote Link to comment
b0mb Posted May 17, 2017 Share Posted May 17, 2017 2 hours ago, Malykai said: I was hoping it wasn't that simple and should have done some more checking before I posted and went to bed lol. 4irc.com is just a dynamic dns service? If that is the case I believe you would use xxx.4irc.com as the domain with no sub domain for it? Got it working now Port 443 was in use fore remote service of my router... changed the port now and forwarded 443 to the unraid server Quote Link to comment
CHBMB Posted May 17, 2017 Share Posted May 17, 2017 Remote access of a router should be banished in my opinion. One of the parts of my network I'll never expose to any form of remote admin.... 2 Quote Link to comment
b0mb Posted May 17, 2017 Share Posted May 17, 2017 Just now, CHBMB said: Remote access of a router should be banished in my opinion. One of the parts of my network I'll never expose to any form of remote admin.... you might be right Quote Link to comment
JonathanM Posted May 17, 2017 Share Posted May 17, 2017 1 hour ago, CHBMB said: Remote access of a router should be banished in my opinion. One of the parts of my network I'll never expose to any form of remote admin.... Keys to the kingdom. The router is the only thing keeping the baddies out, yet tends to be one of the least maintained pieces of equipment. I've migrated to pfsense, at least I can be reasonably sure it's being updated in a timely fashion, unlike netgear, linksys, etc. Quote Link to comment
Homer-S Posted May 18, 2017 Share Posted May 18, 2017 Hello, another question (not related to reverse proxying I received an email from letsencrypt that my man URI will expire within 9 days. I exec then letsencrypt container with bash /app/le-renew.sh by hand and it tells me The following certs are not due for renewal yet: /path/path/path/fullchain.pem The option subdomain only is set to false. Do you have any idea? Quote Link to comment
aptalca Posted May 18, 2017 Share Posted May 18, 2017 Hello, another question (not related to reverse proxying [emoji4] I received an email from letsencrypt that my man URI will expire within 9 days. I exec then letsencrypt container with bash /app/le-renew.sh by hand and it tells me The following certs are not due for renewal yet: /path/path/path/fullchain.pem The option subdomain only is set to false. Do you have any idea?The email is for a cert that is no longer used. You likely reinstalled this container and deleted the old appdata without revoking the old certs. Nothing to worry about. Letsencrypt lets you get multiple certs for the same domain without revoking the old ones (albeit with limits on number and frequency) 1 Quote Link to comment
StanC Posted May 26, 2017 Share Posted May 26, 2017 On 4/18/2017 at 5:57 PM, heytcass said: Hey guys, I've been banging my head against the wall trying to get this going. But I'm having a bear of a time. I checked in the logs and found a couple errors: certbot: error: argument --cert-path: No such file or directory and Detail: Failed to connect to 192.64.119.116:443 for tls-sni-01 I have ports 443 and 80 passed to 81 on my unRAID box, so that shouldn't be an issue. Is there a way to test that those are going through fine? Any thoughts? Thanks in advance. I have this same issue and have not been able to figure it out how to fix it? Quote Link to comment
CHBMB Posted May 26, 2017 Share Posted May 26, 2017 Port 443 is not connected.Sent from my LG-H815 using Tapatalk Quote Link to comment
CHBMB Posted May 26, 2017 Share Posted May 26, 2017 Or DNS is not correct.Sent from my LG-H815 using Tapatalk Quote Link to comment
StanC Posted May 26, 2017 Share Posted May 26, 2017 (edited) 12 hours ago, CHBMB said: Or DNS is not correct. Sent from my LG-H815 using Tapatalk Dang it - you are right. I just checked my Alias in the firewall and I typo'd the IP address now it shows it up and running. Thx. Edited May 26, 2017 by StanC Quote Link to comment
noja Posted May 29, 2017 Share Posted May 29, 2017 (edited) FOUND MY FIX! It was issue of not knowing NGINX very well and I've learned a lot more. The correct usage should be: server { listen 443 ssl; server_name shaarli.domain.com; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers xxxxxxxxxxxxxx; ssl_prefer_server_ciphers on; client_max_body_size 0; location / { proxy_pass http://192.168.1.1:8383; add_header X-Frame-Options "ALLOW-FROM https://domain.com/"; } } -----------------------------------------------(Original Post)----------------------------- OK - so I'm not sure if I have a letsencrypt issue or if I'm just unsure of how to make nginx work. I've been working with a new docker called Shaarli, which is interesting, but Shaarli's chrome extension keeps getting blocked due to x-frame headers being denied. One of the comments on the Shaarli Chrome plugin noted: Quote I had the same issue. Traced the problem to the fact that my Shaarli server (running nginx) had "add x-frame-options DENY" set. I needed to set the nginx settings to not add that header, in order for this chrome extension to load the shaarli interface. So I ran through what I could on Google and generally failed. Currently, I've added: server { listen 443 ssl; server_name shaarli.domain.com; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'xxxxxxxxxxxxxxxxxx'; ssl_prefer_server_ciphers on; add_header X-Frame-Options SAMEORIGIN; client_max_body_size 0; location / { proxy_pass http://192.168.1.1:8383; } } However, I've also tried changing that X-Frame-Options to ALLOW-FROM https://domain.com/ and ALLOW-FROM https://shaarli.domain.com/ Both of those options keep generating an error in the docker and don't allow access to the webpage. First, is my issue with the docker since it won't start with that "ALLOW-FROM" option? Or do I need to keep learning nginx? Second, anyone have a good idea? Thank you! Edited May 30, 2017 by noja Quote Link to comment
Jonny190 Posted May 29, 2017 Share Posted May 29, 2017 Hi Guys, I'm trying to initially power the docker container but its giving me the error: Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the cert. certbot: error: argument --cert-path: No such file or directory Generating new certificate WARNING: The standalone specific supported challenges flag is deprecated. any ideas ? Quote Link to comment
CHBMB Posted May 29, 2017 Share Posted May 29, 2017 harmless, mentioned a few days ago if you look back.Sent from my LG-H815 using Tapatalk Quote Link to comment
fc0712 Posted May 30, 2017 Share Posted May 30, 2017 (edited) This looks very promising. I'm completely new to Nginx and reverse proxy. I have a static ip at my ISP and have my own domain name. Can you guys recommend any reading material/Guides to learn how to set up reverse proxy. As I understand it when I have a static ip a DDNS is obsolete. Currently my domain's DNS is hosted at Cloudflare with only DNS activated. Can someone if possible briefly explain or link to an article or guide etc on what to add on my domains DNS record (how it works). I assume DNS A records pointing to my public ip. Thanks in advance Which DNS would you guys recommend im only using Google for business and reverse proxy through this docker As followup to my original question every application this docker need to make reverse proxy is hosted in containers on my unraid machine Edited May 30, 2017 by fc0712 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.