Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

Featured Replies

11 minutes ago, aptalca said:

 

I don't experience it. 

Please post your container settings and we'll take a look

 

Thanks!

 

Network Type: bridge

Privileged: on

http: 81

https: 444

email: registered email address for DuckDNS

Domain Name: duckdns.org

Subdomain(s): test

Only Subdomains: true

Diffle Hellman: 2048

AppData Config Path: /mnt/user/appdata/letsencrypt

PUID: 99

PGID: 100

 

all ports are being forwarded correctly, and the duckdns docker is set up correctly as well.

  • Replies 6.2k
  • Views 1.5m
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running. For noobs like me, here's what I did: 1. Stop

  • I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

  • BigBoyMarky
    BigBoyMarky

    I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Posted Images

2 hours ago, jamesp469 said:

 

Thanks!

 

Network Type: bridge

Privileged: on

http: 81

https: 444

email: registered email address for DuckDNS

Domain Name: duckdns.org

Subdomain(s): test

Only Subdomains: true

Diffle Hellman: 2048

AppData Config Path: /mnt/user/appdata/letsencrypt

PUID: 99

PGID: 100

 

all ports are being forwarded correctly, and the duckdns docker is set up correctly as well.

 

Try restarting the container (not reinstall). There is an intermittent bug that pops up every once in a while on first boot, but works on a reboot. If that doesn't work, post the full container log

On 7/21/2017 at 1:05 PM, aptalca said:

 

Try restarting the container (not reinstall). There is an intermittent bug that pops up every once in a while on first boot, but works on a reboot. If that doesn't work, post the full container log

 

This didn't work initially, but I just recently updated the container and now have the following in my letsencrypt log file:

 

<------------------------------------------------->

<------------------------------------------------->
cronjob running on Tue Jul 25 02:08:00 PDT 2017
Running certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/box3.duckdns.org.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/box3.duckdns.org/fullchain.pem (skipped)
No renewals were attempted.
No hooks were run.

I'm also getting the following readout in the nginx error log file (real IP address hidden):

2017/07/23 18:41:23 [crit] 742#742: *663 SSL_do_handshake() failed (SSL: error:14037085:SSL routines:ACCEPT_SR_KEY_EXCH:ccs received early) while SSL handshaking, client: xxx.xxx.xxx.xxx, server: 0.0.0.0:443

 

 
This didn't work initially, but I just recently updated the container and now have the following in my letsencrypt log file:
 
<-------------------------------------------------><------------------------------------------------->cronjob running on Tue Jul 25 02:08:00 PDT 2017Running certbot renewSaving debug log to /var/log/letsencrypt/letsencrypt.log-------------------------------------------------------------------------------Processing /etc/letsencrypt/renewal/box3.duckdns.org.conf-------------------------------------------------------------------------------Cert not yet due for renewalThe following certs are not due for renewal yet: /etc/letsencrypt/live/box3.duckdns.org/fullchain.pem (skipped)No renewals were attempted.No hooks were run.

I'm also getting the following readout in the nginx error log file (real IP address hidden):

2017/07/23 18:41:23 [crit] 742#742: *663 SSL_do_handshake() failed (SSL: error:14037085:SSL routines:ACCEPT_SR_KEY_EXCH:ccs received early) while SSL handshaking, client: xxx.xxx.xxx.xxx, server: 0.0.0.0:443

 

I don't understand what the issue is. The certs are there, and the nightly renewal script is running successfully. So the container is running fine.

The nginx error log has to do with a client that tried to access your site. It could be an issue on their end or an issue with your site config or contents. I have no information to determine that.

im getting this error on fix common problems

Template URL for docker application letsencrypt is not the as what the template author specified.

The template URL the author specified is https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/letsencrypt.xml. The template can be updated automatically with the correct URL.  , applying the fix dont fix it

 

anyone please know how to fix it, thanks in advanced

Just now, Squid said:

O.o

I thought the error was with the XML code and we've since pushed a fix, therefore don't fix it....

Just now, CHBMB said:

I thought the error was with the XML code and we've since pushed a fix, therefore don't fix it....

ah

5 minutes ago, CHBMB said:

Don't fix it...

so i just so i just ignore the error?

1 minute ago, mata7 said:

so i just so i just ignore the error?

If everything is working I would.

ok thanks for you help, everything is working fine so i will ignore 

Hi, 

 

Hoping someone can help me with regards to an ssl certificate problem I seem to have when using this docker to get certified. 

 

I used this docker to generate a ssl certificate for my duckdns address and everything went as planned. Even when I use various ssl certificate checking websites, they all show that the link is secure.

 

However, when I access my home through VPN using chrome, the green padlock does not show and I'm left with an (information logo inchrome) which shows I may be at risk. 

 

Does anyone know how I can resolve this issue? 

 

FYI, the domain address for me is [email protected] 

 

Can I also add that when I try to  access unraid locally at home, I don't get a 'green padlock' then either. I figure that doesn't matter since I'm at home locally but would love to have that special 'green padlock' when I try to access from elsewhere. 

 

Thanks a lot for the help :)

This won't have any affect on the Unraid webui, it's for an externally facing webserver.

 

Are you sure you're going to https:// not http://

That's the thing. I don't know how to get it to go to https:// on the docker install page of letsencrypt. 

 

I've attached my settings with this post. 

 

Of course, when I try to go to https:\\192. bla bla when connected to the VPN that page doesn't load. 

 

But when I type in just the IP of my server, it goes to it just fine (but at the cost of not being secure)

letsencrypt setup.PNG

I don't think you really understand what this does.  It installs an externally facing nginx webserver with certs from letsencrypt.

 

It's got nothing to do with local ip addresses like 192.168.... 

 

42 minutes ago, CHBMB said:

I don't think you really understand what this does.  It installs an externally facing nginx webserver with certs from letsencrypt.

 

It's got nothing to do with local ip addresses like 192.168.... 

 

 

I used this video posted by a popular member on this forum to setup a VPN to my home network so I can conect to unraid. 

For the latter half of the video, because I do not have my own domain name, I used duckdns and lets encrypt to create an SSL certificate. The docker did the job fine for what I needed it to do, I just needed advice on how to get the green lock when accessing my server from outside home.... I hope that makes sense :)

Edited by entourage2111

Ok, so that's not an issue with LE, you need to copy the certs to wherever you want and then specify that location in your VPN.

1 minute ago, CHBMB said:

Ok, so that's not an issue with LE, you need to copy the certs to wherever you want and then specify that location in your VPN.

 

I actually have done that and according to every cert checking website, the domain hamza219421.duckdns.org has a fully verified SSL certificate. Problem is, when I try to VPN into the server though, I still don't get the green lock despite the certificate being verified by every website I check. 

Then you don't have it set up right, but got no idea what you've done or what you're using, and it's more of an issue for the VPN than this container.

 

But without knowing what VPN you're using or how the hell you set it up, couldn't say.

 
I actually have done that and according to every cert checking website, the domain hamza219421.duckdns.org has a fully verified SSL certificate. Problem is, when I try to VPN into the server though, I still don't get the green lock despite the certificate being verified by every website I check. 

I don't quite understand where you expect to see the padlock icon in vpn.

Your server is set up at the address: https://hamza219421.duckdns.org
That is the address the cert checking websites are checking. That has nothing to do with vpn. Just go to that address in your browser while you're away from home and you'll see your website and the green padlock. If you want to access other services through that address, you'll have to set them up through reverse proxy. There is plenty of info on that in this thread.

Does anyone have an example config file I can reference? Also where do I save it?

Edited by firrae

Hi Guys, 


This is my ngix/letsencrypt site-conf default. I am trying to get Ombi remotely accessible using letsencrypt certificate. I have duckdns working properly with the default ngix page. I would like to craft a custom page with a link to the Ombi service (running locally at 192.168.1.225) and working fine

 

Here is the modified config; Any tweaks would be greatly appreciated as well

 

Thanks in advnace! 

upstream backend {
    server 192.168.1.255:19999;
    keepalive 64;
}
server {
    listen 443 ssl default_server;
    listen 80 default_server;
    root /config/www;
    index index.html index.htm index.php;
    server_name _;
    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
    ssl_dhparam /config/nginx/dhparams.pem;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_prefer_server_ciphers on;
    client_max_body_size 0;
    
    # PlexRequest
    location /ombi {
        # plex media request
        proxy_pass http://192.168.2.255:3579;
    }
    
    location ~ /netdata/(?<ndpath>.*) {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://backend/$ndpath$is_args$args;
        proxy_http_version 1.1;
        proxy_pass_request_headers on;
        proxy_set_header Connection "keep-alive";
        proxy_store off;
    }
}

 

Edited by riopgtmn

Has anyone managed to get DokuWiki working with Let's Encrypt? I did some Googling, but I haven't had much luck.

Edited by Pranker99

Has anyone been able to configure letsencrypt when ISP blocks port 80? 443 is open but unable to open 80. Any known workarounds? Is port 80 definitely needed?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.