isvein Posted September 16, 2017 Share Posted September 16, 2017 thanks, just need to find where Minio store the logs, it does not put anything in Appdata share so looks to me its all inside the docker image Quote Link to comment
Guest dranani Posted September 16, 2017 Share Posted September 16, 2017 I't trying to set letsencrypt up in conjunction with duckdns, organizr, and my own personal domain. I am following this guide. I have my domain through namecheap and their dns was not working correctly for some reason with letsencrypt. I went ahead and created a DuckDNS subdomain to use directly with letsencrypt and then just insert a CNAME into namecheap that is the DuckDNS subdomain. (I think that will work) My main issues right now is I cannot get the NGINX splash to come up when i go to http://MYSERVER:81 but it will come up when i navigate to https://192.168.1.105. And it wont work when i navigate to my purchased domain. I have very little knowledge when it comes to web hosting and that is my main issue. IMGUR POST WITH ALL SETTINGS Quote Link to comment
CHBMB Posted September 16, 2017 Share Posted September 16, 2017 Try creating A-Names with Dynamic DNS address. Then you won't have to use DuckDNS Quote Link to comment
Guest dranani Posted September 16, 2017 Share Posted September 16, 2017 (edited) 5 minutes ago, CHBMB said: Try creating A-Names with Dynamic DNS address. Then you won't have to use DuckDNS I tried that but it wasn't working well for me. I will try it again though. Do the other settings look right? Edited September 16, 2017 by dranani Quote Link to comment
CHBMB Posted September 16, 2017 Share Posted September 16, 2017 (edited) I'm going to assume your domain name is dranani.com , so this is how I'd set it up... Top URL = dranani.com Subdomains = www Certs for certain subdomains = false EDIT: Turn off DNSSEC, you've put internal IP addresses in there anyway, so that won't work. How are you updating your dynamic DNS records with Namecheap? Edited September 16, 2017 by CHBMB Quote Link to comment
Guest dranani Posted September 16, 2017 Share Posted September 16, 2017 2 minutes ago, CHBMB said: I'm going to assume your domain name is dranani.com , so this is how I'd set it up... Top URL = dranani.com Subdomains = www Certs for certain subdomains = false stupid question, how should i forward my IP? just [Aname --@--public IP] & [Aname --www--public IP]? Quote Link to comment
CHBMB Posted September 16, 2017 Share Posted September 16, 2017 If you have a dynamic IP then you need some way of monitoring that and notifying namecheap if it changes. Do you have a dynamic IP or Static? Quote Link to comment
Guest dranani Posted September 16, 2017 Share Posted September 16, 2017 1 minute ago, CHBMB said: If you have a dynamic IP then you need some way of monitoring that and notifying namecheap if it changes. Do you have a dynamic IP or Static? I'm fairly certain it is static but have never paid much attention Quote Link to comment
CHBMB Posted September 16, 2017 Share Posted September 16, 2017 If it's static then just put the IP into namecheap and no need to worry about it as it won't change. Quote Link to comment
Guest dranani Posted September 16, 2017 Share Posted September 16, 2017 1 minute ago, CHBMB said: If it's static then just put the IP into namecheap and no need to worry about it as it won't change. 10-4 Now I am just waiting on DNS to update to see if letsencrypt will work Quote Link to comment
CHBMB Posted September 16, 2017 Share Posted September 16, 2017 It should work as long as your ports are forwarded correctly. Quote Link to comment
Guest dranani Posted September 16, 2017 Share Posted September 16, 2017 1 minute ago, CHBMB said: It should work as long as your ports are forwarded correctly. in the picture above in one of my earlier posts the layout is Internal - External So i think they are Quote Link to comment
CHBMB Posted September 16, 2017 Share Posted September 16, 2017 I mean on your router not the container/host ports Quote Link to comment
Guest dranani Posted September 16, 2017 Share Posted September 16, 2017 (edited) 1 minute ago, CHBMB said: I mean on your router not the container/host ports yeah, these are my forwarded port. I didnt explain that very well Edited September 16, 2017 by dranani Quote Link to comment
CHBMB Posted September 16, 2017 Share Posted September 16, 2017 Gotcha, my eyes thought that was part of the namecheap screen. One thing you may want to do now is change 443 on the host and router to 442, as future releases of Unraid will be able to use 443 to connect to the webui using https (internally) Then on your router forward external 443 => 442 on 192.168.1.105 Just a thought Quote Link to comment
Guest dranani Posted September 16, 2017 Share Posted September 16, 2017 4 minutes ago, CHBMB said: Gotcha, my eyes thought that was part of the namecheap screen. One thing you may want to do now is change 443 on the host and router to 442, as future releases of Unraid will be able to use 443 to connect to the webui using https (internally) Then on your router forward external 443 => 442 on 192.168.1.105 Just a thought Went ahead and did just that Quote Link to comment
CHBMB Posted September 16, 2017 Share Posted September 16, 2017 Just now, dranani said: Went ahead and did just that The suspense is killing me..... So is it working? Quote Link to comment
Guest dranani Posted September 16, 2017 Share Posted September 16, 2017 Just now, CHBMB said: The suspense is killing me..... So is it working? Nope, i am still getting DNS errors in the logs of LetsEncrypt. Quote Link to comment
Guest dranani Posted September 16, 2017 Share Posted September 16, 2017 2 minutes ago, CHBMB said: The suspense is killing me..... So is it working? https://pastebin.com/ADQp5yLk Quote Link to comment
DZMM Posted September 16, 2017 Share Posted September 16, 2017 20 hours ago, DZMM said: Can you help me out please as this didn't quite work for me. Here's what I have: http: api_password: redacted # Uncomment this if you are using SSL/TLS, running in Docker container, etc. base_url: redacted.duckdns.org:8123 use_x_forwarded_for: True ip_ban_enabled: True login_attempts_threshold: 5 map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { # Update this line to be your domain server_name redacted.duckdns.org; # These shouldn't need to be changed listen 80 default_server; #listen [::]:80 default_server ipv6only=on; return 301 https://$host$request_uri; } server { # Update this line to be your domain server_name redacted.duckdns.org; # Ensure these lines point to your SSL certificate and key ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; # Use these lines instead if you created a self-signed certificate # ssl_certificate /etc/nginx/ssl/cert.pem; # ssl_certificate_key /etc/nginx/ssl/key.pem; # Ensure this line points to your dhparams file ssl_dhparam /config/nginx/dhparams.pem; # These shouldn't need to be changed listen 443 ssl ; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; ssl on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; proxy_buffering off; location / { # Update this line to be your HA servers local ip and port proxy_pass http://xxx.xx.xx.2:8123; proxy_set_header Host $host; proxy_redirect http:// https://; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } } For the certificate addresses, I copied the lines from default - was this right? Thanks in advance shamelessly bumping Quote Link to comment
CHBMB Posted September 16, 2017 Share Posted September 16, 2017 @DZMM I got no idea about HA tbh Quote Link to comment
DZMM Posted September 16, 2017 Share Posted September 16, 2017 1 hour ago, CHBMB said: @DZMM I got no idea about HA tbh no worries mate - I just got it to work. Thanks @ritalin - a big help Quote Link to comment
Muff Posted September 18, 2017 Share Posted September 18, 2017 On 2017-09-15 at 7:42 PM, CHBMB said: For Nextcloud I'd suggest my guide tbh. Can find it on the ls.io site. Hi, I suppose you are talking about this guide?https://www.linuxserver.io/2016/07/28/installing-nextcloud-on-unraid/https://www.linuxserver.io/2017/05/10/installing-nextcloud-on-unraid-with-letsencrypt-reverse-proxy/ I just got NextCloud working. I forgot this part: Changing the default file of nextcloud I thank everyone who helped me with this Quote Link to comment
matthope Posted September 21, 2017 Share Posted September 21, 2017 (edited) Hello everyone, Recently, I have remarked a bunch of bot entries in my nginx access log file. Before that, fail2ban bot filter seemed to work fine. So I have looked in my fail2ban log file and it's full of error. It is the config by default, I've never modified it. I've tried to update fail2ban and ip6tables, but I cant find any package manager in the docker. I wonder if anyone know how to fix that. Here the error message: 2017-09-21 16:13:21,035 fail2ban.server [261]: INFO -------------------------------------------------- 2017-09-21 16:13:21,035 fail2ban.server [261]: INFO Starting Fail2ban v0.10.0a1 2017-09-21 16:13:21,035 fail2ban.server [261]: INFO Daemon started 2017-09-21 16:13:21,038 fail2ban.database [261]: INFO Connected to fail2ban persistent database '/config/fail2ban/fail2ban.sqlite3' 2017-09-21 16:13:21,039 fail2ban.jail [261]: INFO Creating new jail 'nginx-http-auth' 2017-09-21 16:13:21,040 fail2ban.jail [261]: INFO Jail 'nginx-http-auth' uses poller 2017-09-21 16:13:21,041 fail2ban.filter [261]: INFO Set jail log file encoding to UTF-8 2017-09-21 16:13:21,041 fail2ban.jail [261]: INFO Initiated 'polling' backend 2017-09-21 16:13:21,042 fail2ban.filter [261]: INFO Added logfile = /config/log/nginx/error.log (pos = 7134, hash = e98d121622aabfa4a1a34b1d636c2af5) 2017-09-21 16:13:21,043 fail2ban.filter [261]: INFO Set maxRetry = 5 2017-09-21 16:13:21,043 fail2ban.filter [261]: INFO Set jail log file encoding to UTF-8 2017-09-21 16:13:21,044 fail2ban.actions [261]: INFO Set banTime = 600 2017-09-21 16:13:21,044 fail2ban.filter [261]: INFO Set findtime = 600 2017-09-21 16:13:21,047 fail2ban.jail [261]: INFO Creating new jail 'nginx-botsearch' 2017-09-21 16:13:21,047 fail2ban.jail [261]: INFO Jail 'nginx-botsearch' uses poller 2017-09-21 16:13:21,047 fail2ban.filter [261]: INFO Set jail log file encoding to UTF-8 2017-09-21 16:13:21,048 fail2ban.jail [261]: INFO Initiated 'polling' backend 2017-09-21 16:13:21,049 fail2ban.filter [261]: INFO Added logfile = /config/log/nginx/access.log (pos = 480286, hash = 7cdbb6fa5cd3b6fb68a493f221b06792) 2017-09-21 16:13:21,049 fail2ban.filter [261]: INFO Set maxRetry = 2 2017-09-21 16:13:21,050 fail2ban.filter [261]: INFO Set jail log file encoding to UTF-8 2017-09-21 16:13:21,050 fail2ban.actions [261]: INFO Set banTime = 600 2017-09-21 16:13:21,050 fail2ban.filter [261]: INFO Set findtime = 600 2017-09-21 16:13:21,054 fail2ban.jail [261]: INFO Creating new jail 'nginx-badbots' 2017-09-21 16:13:21,054 fail2ban.jail [261]: INFO Jail 'nginx-badbots' uses poller 2017-09-21 16:13:21,054 fail2ban.filter [261]: INFO Set jail log file encoding to UTF-8 2017-09-21 16:13:21,054 fail2ban.jail [261]: INFO Initiated 'polling' backend 2017-09-21 16:13:21,055 fail2ban.filter [261]: INFO Added logfile = /config/log/nginx/access.log (pos = 480286, hash = 7cdbb6fa5cd3b6fb68a493f221b06792) 2017-09-21 16:13:21,056 fail2ban.filter [261]: INFO Set maxRetry = 2 2017-09-21 16:13:21,056 fail2ban.filter [261]: INFO Set jail log file encoding to UTF-8 2017-09-21 16:13:21,057 fail2ban.actions [261]: INFO Set banTime = 600 2017-09-21 16:13:21,057 fail2ban.filter [261]: INFO Set findtime = 600 2017-09-21 16:13:21,065 fail2ban.jail [261]: INFO Jail 'nginx-http-auth' started 2017-09-21 16:13:21,066 fail2ban.jail [261]: INFO Jail 'nginx-botsearch' started 2017-09-21 16:13:21,068 fail2ban.jail [261]: INFO Jail 'nginx-badbots' started 2017-09-21 16:13:21,113 fail2ban.utils [261]: ERROR ip6tables -w -N f2b-nginx-http-auth ip6tables -w -A f2b-nginx-http-auth -j RETURN ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-http-auth -- stderr: 2017-09-21 16:13:21,113 fail2ban.utils [261]: ERROR -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory" 2017-09-21 16:13:21,113 fail2ban.utils [261]: ERROR -- stderr: "ip6tables v1.6.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)" 2017-09-21 16:13:21,113 fail2ban.utils [261]: ERROR -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.' 2017-09-21 16:13:21,114 fail2ban.utils [261]: ERROR -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory" 2017-09-21 16:13:21,114 fail2ban.utils [261]: ERROR -- stderr: "ip6tables v1.6.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)" 2017-09-21 16:13:21,114 fail2ban.utils [261]: ERROR -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.' 2017-09-21 16:13:21,114 fail2ban.utils [261]: ERROR -- stderr: 'Could not open socket to kernel: Address family not supported by protocol' 2017-09-21 16:13:21,114 fail2ban.utils [261]: ERROR ip6tables -w -N f2b-nginx-http-auth ip6tables -w -A f2b-nginx-http-auth -j RETURN ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-http-auth -- returned 1 2017-09-21 16:13:21,114 fail2ban.actions [261]: ERROR Failed to start jail 'nginx-http-auth' action 'iptables-multiport': Error starting action Jail('nginx-http-auth')/iptables-multiport 2017-09-21 16:13:21,125 fail2ban.utils [261]: ERROR ip6tables -w -N f2b-nginx-botsearch ip6tables -w -A f2b-nginx-botsearch -j RETURN ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- stderr: 2017-09-21 16:13:21,126 fail2ban.utils [261]: ERROR -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory" 2017-09-21 16:13:21,126 fail2ban.utils [261]: ERROR -- stderr: "ip6tables v1.6.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)" 2017-09-21 16:13:21,126 fail2ban.utils [261]: ERROR -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.' 2017-09-21 16:13:21,126 fail2ban.utils [261]: ERROR -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory" 2017-09-21 16:13:21,126 fail2ban.utils [261]: ERROR -- stderr: "ip6tables v1.6.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)" 2017-09-21 16:13:21,126 fail2ban.utils [261]: ERROR -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.' 2017-09-21 16:13:21,126 fail2ban.utils [261]: ERROR -- stderr: 'Could not open socket to kernel: Address family not supported by protocol' 2017-09-21 16:13:21,126 fail2ban.utils [261]: ERROR ip6tables -w -N f2b-nginx-botsearch ip6tables -w -A f2b-nginx-botsearch -j RETURN ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- returned 1 2017-09-21 16:13:21,126 fail2ban.actions [261]: ERROR Failed to start jail 'nginx-botsearch' action 'iptables-multiport': Error starting action Jail('nginx-botsearch')/iptables-multiport 2017-09-21 16:13:21,138 fail2ban.utils [261]: ERROR ip6tables -w -N f2b-nginx-badbots ip6tables -w -A f2b-nginx-badbots -j RETURN ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-badbots -- stderr: 2017-09-21 16:13:21,138 fail2ban.utils [261]: ERROR -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory" 2017-09-21 16:13:21,138 fail2ban.utils [261]: ERROR -- stderr: "ip6tables v1.6.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)" 2017-09-21 16:13:21,138 fail2ban.utils [261]: ERROR -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.' 2017-09-21 16:13:21,138 fail2ban.utils [261]: ERROR -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory" 2017-09-21 16:13:21,138 fail2ban.utils [261]: ERROR -- stderr: "ip6tables v1.6.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)" 2017-09-21 16:13:21,138 fail2ban.utils [261]: ERROR -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.' 2017-09-21 16:13:21,138 fail2ban.utils [261]: ERROR -- stderr: 'Could not open socket to kernel: Address family not supported by protocol' 2017-09-21 16:13:21,139 fail2ban.utils [261]: ERROR ip6tables -w -N f2b-nginx-badbots ip6tables -w -A f2b-nginx-badbots -j RETURN ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-badbots -- returned 1 2017-09-21 16:13:21,139 fail2ban.actions [261]: ERROR Failed to start jail 'nginx-badbots' action 'iptables-multiport': Error starting action Jail('nginx-badbots')/iptables-multiport EDIT: Those errors are present since 2017-07-25 at least (no more log after this date). Edited September 21, 2017 by matthope Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.