July 7, 20178 yr 2 hours ago, aptalca said: FYI, the new version of this image supports multiple domains through a new environment variable. Details are on the docker hub page I've updated my docker how do I add the new variable?
July 7, 20178 yr I do have that, pfsense does it for me. I can do a nslookup from outside my home network and it will reply with the correct ip. But when the docket runs it just says no valid ip for my Google domains. If you need help setting this up with Google Domains let me know. I just switched my domains to Google and took me a about a day to figure things out. All good now though
July 7, 20178 yr 7 hours ago, jrdnlc said: If you need help setting this up with Google Domains let me know. I just switched my domains to Google and took me a about a day to figure things out. All good now though sure send me the info, i like to use the domain i paid for.
July 7, 20178 yr 7 hours ago, jrdnlc said: If you need help setting this up with Google Domains let me know. I just switched my domains to Google and took me a about a day to figure things out. All good now though Thanks! I'm going to try what ijuarez suggested, but I think it should all be pretty automated right? I mean, I run a ddclient docker to update my google domain with my current IP. Then the letsencrypt docker should reference that domain and be good to go. Right now I'd have to do it manually every time the IP changes. Appreciate seeing how you managed it!
July 7, 20178 yr For google domains dns setting, see the link, second paragraph: https://haskovec.com/ssl-certificates-google-domains/
July 7, 20178 yr 2 hours ago, ChaOConnor said: Thanks! I'm going to try what ijuarez suggested, but I think it should all be pretty automated right? I mean, I run a ddclient docker to update my google domain with my current IP. Then the letsencrypt docker should reference that domain and be good to go. Right now I'd have to do it manually every time the IP changes. Appreciate seeing how you managed it! I don't use the ddclient docker. I use my router dynamic dns service to update my IP. Let me know how that goes. Feel free to message me
July 7, 20178 yr thanks to aptalca for the link, it took me several reads to understand how he set it up but i finally got it. No ip needed. on goolge domains, select the domain you want to use, select DNS, create a dynamic dns entry for you domain. us the @. whatever your domain is and add it then create a cname record www cname 1H yourdomain,com then add it. For DynamicDNS, setup whatever you want router, ddclient, whatever and use the new creds for the dynamic dns run the docker and boom its good
July 7, 20178 yr On 7/4/2017 at 1:12 PM, Ezro said: Does anyone know how to get this to work with the gitlab docker? (https://forums.lime-technology.com/topic/48653-support-gitlab-ce/) I set my letsencrypt\nginx\site-confs to the following location /gitlab { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.207:9080/gitlab; } When I go to my server.duckdns.org/gitlab, I get a '404 not found' error. Anyone have an idea how to fix this? Sorry to bump, but I'm still having issues with Gitlab routing. Also, I tried getting Nextcloud to work using this guide, and when I try to access https://192.168.1.207:444 I receive an "Insecure Connection" error. When I try to access server.duckdns.org/nextcloud/ I get a 502 bad gateway. Does anyone know what I should look at in order to fix the Nextcloud routing?
July 8, 20178 yr On 7.7.2017 at 6:11 AM, ijuarez said: I've updated my docker how do I add the new variable? Hi, I am also interested how to add the new variable. Br, Johannes
July 8, 20178 yr Hi, I am also interested how to add the new variable. Br, JohannesClick on "Add another Path, Port or Variable"
July 8, 20178 yr Like this? Key should be EXTRA_DOMAINS and don't forget the underscore in the middleIf you go to edit one of the other variables like the PUID, you can see the format
July 8, 20178 yr I want to restart nginx, without restarting the whole docker, prefferably by using docker exec letsencrypt nginx -s reload But all i get is nginx: [error] open() "/run/nginx/nginx.pid" failed (2: No such file or directory) Is there any easy fix i can do on my end?
July 8, 20178 yr I want to restart nginx, without restarting the whole docker, prefferably by using docker exec letsencrypt nginx -s reload But all i get is nginx: [error] open() "/run/nginx/nginx.pid" failed (2: No such file or directory) Is there any easy fix i can do on my end?s6-svc -h /var/run/s6/services/nginx
July 10, 20178 yr On 8.7.2017 at 5:41 PM, aptalca said: Key should be EXTRA_DOMAINS and don't forget the underscore in the middle If you go to edit one of the other variables like the PUID, you can see the format Thanks, it is working. Br, Johannes
July 10, 20178 yr All, First of all ThanX!, I have been watching this thread for a while. it has helped me get letsencrypt/nginx running on my (Unraid)server with no real issues till now. I have a working nextcloud confg and I can get to my index page. (which I have modified slightly just so I know its mine) and can get my instance of couch potato running on my server. So now I am having issues with getting a rev proxy to my instance of home-assistant, I followed a thread bite from feb 17 about this but have tried the included config file with no success. So just looking for a little help. So here is what I have also done: copied my working nextcloud file an changed it accordingly. added the necessary stuff to the ha config file. Now what I get is "502 Bad Gateway" when I go to https://subdomain.my_server.com Here is a portion from the error log file: 2017/07/10 14:47:06 [error] 347#347: *1 SSL_do_handshake() failed (SSL: error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number) while SSL handshaking to upstream, client: ISP, server: SUBDOMAIN.myserver.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://0.0.0.0:port/favicon.ico", host: "SUBDOMAIN.myserver.com", referrer: "https://SUBDOMAIN.myserver.com/" And here is the "site-confs" file:( just the one that seems to be the issue): # This is the virtual host part that allows a subdomain include server { listen 443 ssl; server_name subdomain.my_server.com; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'there is really a key here'; ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass https://0.0.0.0:port/; proxy_max_temp_file_size 2048m; include /config/nginx/proxy.conf; } } hopefully I didn't redact too much info for it to make sense but here it is. I am sure it is something that I missed, so I would appreciate some extra eyes. ThanX in advance Mikey
July 11, 20178 yr I just read that LetsEncrypt recently announced that starting in Jan 2018, they will offer wildcard certificates for free. so you could have one for all the subdomains https://arstechnica.com/information-technology/2017/07/lets-encrypt-to-start-offering-free-wildcard-certificates-for-https/
July 11, 20178 yr 19 hours ago, mikeyw said: All, First of all ThanX!, I have been watching this thread for a while. it has helped me get letsencrypt/nginx running on my (Unraid)server with no real issues till now. I have a working nextcloud confg and I can get to my index page. (which I have modified slightly just so I know its mine) and can get my instance of couch potato running on my server. So now I am having issues with getting a rev proxy to my instance of home-assistant, I followed a thread bite from feb 17 about this but have tried the included config file with no success. So just looking for a little help. So here is what I have also done: copied my working nextcloud file an changed it accordingly. added the necessary stuff to the ha config file. Now what I get is "502 Bad Gateway" when I go to https://subdomain.my_server.com Here is a portion from the error log file: 2017/07/10 14:47:06 [error] 347#347: *1 SSL_do_handshake() failed (SSL: error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number) while SSL handshaking to upstream, client: ISP, server: SUBDOMAIN.myserver.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://0.0.0.0:port/favicon.ico", host: "SUBDOMAIN.myserver.com", referrer: "https://SUBDOMAIN.myserver.com/" And here is the "site-confs" file:( just the one that seems to be the issue): # This is the virtual host part that allows a subdomain include server { listen 443 ssl; server_name subdomain.my_server.com; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'there is really a key here'; ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass https://0.0.0.0:port/; proxy_max_temp_file_size 2048m; include /config/nginx/proxy.conf; } } hopefully I didn't redact too much info for it to make sense but here it is. I am sure it is something that I missed, so I would appreciate some extra eyes. ThanX in advance Mikey A couple of thing I noticed. . . I am not sure if 0.0.0.0 is the real ip you are trying to reverse proxy or if that's your redaction. If former, that is incorrect. 0.0.0.0 in net=bridge will refer only to the letsencrypt container, not the host and not other containers. You can use the server ip to connect to a different container. Also, you are trying to reverse proxy an https page. That is likely the reason you are getting the ssl handshake error (or a combination with a nonexistent service on 0.0.0.0 as referenced above). Try to use an http address for the reverse proxy. Edited July 11, 20178 yr by aptalca
July 11, 20178 yr 15 hours ago, mattekure said: I just read that LetsEncrypt recently announced that starting in Jan 2018, they will offer wildcard certificates for free. so you could have one for all the subdomains https://arstechnica.com/information-technology/2017/07/lets-encrypt-to-start-offering-free-wildcard-certificates-for-https/ DNS challenge only https://community.letsencrypt.org/t/wildcard-certificates-coming-january-2018/37567/8
July 11, 20178 yr I just switched back to unRAID, and am working on getting the LE+Nginx docker setup. Nginx starts, but the logs are constantly being populated with the following: 2017/07/11 16:25:04 [emerg] 366#366: bind() to 0.0.0.0:82 failed (98: Address in use) 2017/07/11 16:25:04 [emerg] 366#366: bind() to 0.0.0.0:444 failed (98: Address in use) No matter what I put the port to in the docker config, or in the nginx.conf, these errors just stream across with the port I specified. Nothing is using those ports except for nginx. I'm able to access most of the proxy_pass (except plex, working on that too), but within just a few minutes, my error.log is growing huge. Anyone come across this before?
July 11, 20178 yr I just switched back to unRAID, and am working on getting the LE+Nginx docker setup. Nginx starts, but the logs are constantly being populated with the following:2017/07/11 16:25:04 [emerg] 366#366: bind() to 0.0.0.0:82 failed (98: Address in use)2017/07/11 16:25:04 [emerg] 366#366: bind() to 0.0.0.0:444 failed (98: Address in use) No matter what I put the port to in the docker config, or in the nginx.conf, these errors just stream across with the port I specified. Nothing is using those ports except for nginx. I'm able to access most of the proxy_pass (except plex, working on that too), but within just a few minutes, my error.log is growing huge. Anyone come across this before?I suspect you highly modified the nginx. conf and perhaps removed the "daemon off" setting so it's trying to launch a second instance unsuccessfully. Did you by any chance copy your nginx settings over from another install? If so, go back to defaults by deleting them and restarting the container. Then modify the defaults as needed. If that doesn't work, post your container settings along with nginx and site configs and we'll take a look.
July 12, 20178 yr 1 hour ago, aptalca said: I suspect you highly modified the nginx. conf and perhaps removed the "daemon off" setting so it's trying to launch a second instance unsuccessfully. Did you by any chance copy your nginx settings over from another install? If so, go back to defaults by deleting them and restarting the container. Then modify the defaults as needed. If that doesn't work, post your container settings along with nginx and site configs and we'll take a look. Should I not be editing the nginx.conf then? Just put my config in the site-confs/default? I use a subdomain map for my proxy pass, with some nifty logic that has worked on other boxes, e.g.: map $subdomain $proxy_url { pr "http://192.168.1.103:3000"; py "http://192.168.1.103:8181"; cp "http://192.168.1.103:5050"; pms "http://192.168.1.103:32400"; nzb "http://192.168.1.103:6789"; down "http://192.168.1.103:9091"; } if ($host ~* ^([a-z0-9-\.]+)\.mydomain.tld$) { set $subdomain $1; } location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; if ($subdomain) { proxy_pass $proxy_url; } } if ($subdomain = "pms") { rewrite ^/$ $1/web; } if ($subdomain = "down") { rewrite ^/$ $1/transmission; } This has worked on other servers no problem, although I'm not used to running things in a docker, and haven't used unRAID in almost a year. Edited July 12, 20178 yr by sethrd
July 12, 20178 yr You can edit the nginx.conf but don't overwrite it with a config from another server or you'll break it. Nginx package from the ubuntu repo has very different defaults than this container which is alpine based, and uses s6 as the supervisor. What you posted is just a snippet of the site config. And not related to the error you're getting.
July 12, 20178 yr Got it. Removed my custom stuff, and added most of my config to the site-confs/default file and the errors are no longer showing. Still working on getting some of the proxy_pass working, mainly for plex access. Thanks aptalca!
July 12, 20178 yr 5 hours ago, aptalca said: DNS challenge only https://community.letsencrypt.org/t/wildcard-certificates-coming-january-2018/37567/8 I tried to read through and figure out what the implications are, but it goes beyond me. It seems like if I own my domain yyyyy.com, I can get the wildcard certificate for *.yyyyy.com. Is that right? or am I totally off base?
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.