DZMM Posted September 21, 2017 Share Posted September 21, 2017 Has anyone got this working with tvheadend? Quote Link to comment
aptalca Posted September 22, 2017 Share Posted September 22, 2017 7 hours ago, matthope said: Hello everyone, Recently, I have remarked a bunch of bot entries in my nginx access log file. Before that, fail2ban bot filter seemed to work fine. So I have looked in my fail2ban log file and it's full of error. It is the config by default, I've never modified it. I've tried to update fail2ban and ip6tables, but I cant find any package manager in the docker. I wonder if anyone know how to fix that. Here the error message: 2017-09-21 16:13:21,035 fail2ban.server [261]: INFO -------------------------------------------------- 2017-09-21 16:13:21,035 fail2ban.server [261]: INFO Starting Fail2ban v0.10.0a1 2017-09-21 16:13:21,035 fail2ban.server [261]: INFO Daemon started 2017-09-21 16:13:21,038 fail2ban.database [261]: INFO Connected to fail2ban persistent database '/config/fail2ban/fail2ban.sqlite3' 2017-09-21 16:13:21,039 fail2ban.jail [261]: INFO Creating new jail 'nginx-http-auth' 2017-09-21 16:13:21,040 fail2ban.jail [261]: INFO Jail 'nginx-http-auth' uses poller 2017-09-21 16:13:21,041 fail2ban.filter [261]: INFO Set jail log file encoding to UTF-8 2017-09-21 16:13:21,041 fail2ban.jail [261]: INFO Initiated 'polling' backend 2017-09-21 16:13:21,042 fail2ban.filter [261]: INFO Added logfile = /config/log/nginx/error.log (pos = 7134, hash = e98d121622aabfa4a1a34b1d636c2af5) 2017-09-21 16:13:21,043 fail2ban.filter [261]: INFO Set maxRetry = 5 2017-09-21 16:13:21,043 fail2ban.filter [261]: INFO Set jail log file encoding to UTF-8 2017-09-21 16:13:21,044 fail2ban.actions [261]: INFO Set banTime = 600 2017-09-21 16:13:21,044 fail2ban.filter [261]: INFO Set findtime = 600 2017-09-21 16:13:21,047 fail2ban.jail [261]: INFO Creating new jail 'nginx-botsearch' 2017-09-21 16:13:21,047 fail2ban.jail [261]: INFO Jail 'nginx-botsearch' uses poller 2017-09-21 16:13:21,047 fail2ban.filter [261]: INFO Set jail log file encoding to UTF-8 2017-09-21 16:13:21,048 fail2ban.jail [261]: INFO Initiated 'polling' backend 2017-09-21 16:13:21,049 fail2ban.filter [261]: INFO Added logfile = /config/log/nginx/access.log (pos = 480286, hash = 7cdbb6fa5cd3b6fb68a493f221b06792) 2017-09-21 16:13:21,049 fail2ban.filter [261]: INFO Set maxRetry = 2 2017-09-21 16:13:21,050 fail2ban.filter [261]: INFO Set jail log file encoding to UTF-8 2017-09-21 16:13:21,050 fail2ban.actions [261]: INFO Set banTime = 600 2017-09-21 16:13:21,050 fail2ban.filter [261]: INFO Set findtime = 600 2017-09-21 16:13:21,054 fail2ban.jail [261]: INFO Creating new jail 'nginx-badbots' 2017-09-21 16:13:21,054 fail2ban.jail [261]: INFO Jail 'nginx-badbots' uses poller 2017-09-21 16:13:21,054 fail2ban.filter [261]: INFO Set jail log file encoding to UTF-8 2017-09-21 16:13:21,054 fail2ban.jail [261]: INFO Initiated 'polling' backend 2017-09-21 16:13:21,055 fail2ban.filter [261]: INFO Added logfile = /config/log/nginx/access.log (pos = 480286, hash = 7cdbb6fa5cd3b6fb68a493f221b06792) 2017-09-21 16:13:21,056 fail2ban.filter [261]: INFO Set maxRetry = 2 2017-09-21 16:13:21,056 fail2ban.filter [261]: INFO Set jail log file encoding to UTF-8 2017-09-21 16:13:21,057 fail2ban.actions [261]: INFO Set banTime = 600 2017-09-21 16:13:21,057 fail2ban.filter [261]: INFO Set findtime = 600 2017-09-21 16:13:21,065 fail2ban.jail [261]: INFO Jail 'nginx-http-auth' started 2017-09-21 16:13:21,066 fail2ban.jail [261]: INFO Jail 'nginx-botsearch' started 2017-09-21 16:13:21,068 fail2ban.jail [261]: INFO Jail 'nginx-badbots' started 2017-09-21 16:13:21,113 fail2ban.utils [261]: ERROR ip6tables -w -N f2b-nginx-http-auth ip6tables -w -A f2b-nginx-http-auth -j RETURN ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-http-auth -- stderr: 2017-09-21 16:13:21,113 fail2ban.utils [261]: ERROR -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory" 2017-09-21 16:13:21,113 fail2ban.utils [261]: ERROR -- stderr: "ip6tables v1.6.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)" 2017-09-21 16:13:21,113 fail2ban.utils [261]: ERROR -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.' 2017-09-21 16:13:21,114 fail2ban.utils [261]: ERROR -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory" 2017-09-21 16:13:21,114 fail2ban.utils [261]: ERROR -- stderr: "ip6tables v1.6.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)" 2017-09-21 16:13:21,114 fail2ban.utils [261]: ERROR -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.' 2017-09-21 16:13:21,114 fail2ban.utils [261]: ERROR -- stderr: 'Could not open socket to kernel: Address family not supported by protocol' 2017-09-21 16:13:21,114 fail2ban.utils [261]: ERROR ip6tables -w -N f2b-nginx-http-auth ip6tables -w -A f2b-nginx-http-auth -j RETURN ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-http-auth -- returned 1 2017-09-21 16:13:21,114 fail2ban.actions [261]: ERROR Failed to start jail 'nginx-http-auth' action 'iptables-multiport': Error starting action Jail('nginx-http-auth')/iptables-multiport 2017-09-21 16:13:21,125 fail2ban.utils [261]: ERROR ip6tables -w -N f2b-nginx-botsearch ip6tables -w -A f2b-nginx-botsearch -j RETURN ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- stderr: 2017-09-21 16:13:21,126 fail2ban.utils [261]: ERROR -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory" 2017-09-21 16:13:21,126 fail2ban.utils [261]: ERROR -- stderr: "ip6tables v1.6.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)" 2017-09-21 16:13:21,126 fail2ban.utils [261]: ERROR -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.' 2017-09-21 16:13:21,126 fail2ban.utils [261]: ERROR -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory" 2017-09-21 16:13:21,126 fail2ban.utils [261]: ERROR -- stderr: "ip6tables v1.6.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)" 2017-09-21 16:13:21,126 fail2ban.utils [261]: ERROR -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.' 2017-09-21 16:13:21,126 fail2ban.utils [261]: ERROR -- stderr: 'Could not open socket to kernel: Address family not supported by protocol' 2017-09-21 16:13:21,126 fail2ban.utils [261]: ERROR ip6tables -w -N f2b-nginx-botsearch ip6tables -w -A f2b-nginx-botsearch -j RETURN ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- returned 1 2017-09-21 16:13:21,126 fail2ban.actions [261]: ERROR Failed to start jail 'nginx-botsearch' action 'iptables-multiport': Error starting action Jail('nginx-botsearch')/iptables-multiport 2017-09-21 16:13:21,138 fail2ban.utils [261]: ERROR ip6tables -w -N f2b-nginx-badbots ip6tables -w -A f2b-nginx-badbots -j RETURN ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-badbots -- stderr: 2017-09-21 16:13:21,138 fail2ban.utils [261]: ERROR -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory" 2017-09-21 16:13:21,138 fail2ban.utils [261]: ERROR -- stderr: "ip6tables v1.6.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)" 2017-09-21 16:13:21,138 fail2ban.utils [261]: ERROR -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.' 2017-09-21 16:13:21,138 fail2ban.utils [261]: ERROR -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory" 2017-09-21 16:13:21,138 fail2ban.utils [261]: ERROR -- stderr: "ip6tables v1.6.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)" 2017-09-21 16:13:21,138 fail2ban.utils [261]: ERROR -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.' 2017-09-21 16:13:21,138 fail2ban.utils [261]: ERROR -- stderr: 'Could not open socket to kernel: Address family not supported by protocol' 2017-09-21 16:13:21,139 fail2ban.utils [261]: ERROR ip6tables -w -N f2b-nginx-badbots ip6tables -w -A f2b-nginx-badbots -j RETURN ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-badbots -- returned 1 2017-09-21 16:13:21,139 fail2ban.actions [261]: ERROR Failed to start jail 'nginx-badbots' action 'iptables-multiport': Error starting action Jail('nginx-badbots')/iptables-multiport EDIT: Those errors are present since 2017-07-25 at least (no more log after this date). We have a PR waiting to be merged to fix that. Until then, see here: 1 Quote Link to comment
matthope Posted September 22, 2017 Share Posted September 22, 2017 19 minutes ago, aptalca said: We have a PR waiting to be merged to fix that. Until then, see here: Thanks, it's working properly with the added file. Quote Link to comment
wreave Posted September 23, 2017 Share Posted September 23, 2017 (edited) Letsencrypt docker won't start on 6.4.0-rc9f. I just get a fail to start message. I imagine this might have something to do with how unraid is starting to integrate certs as well. Any useful information I can provide to troubleshoot this? Edit: For anyone who runs into this, the issue is that under Settings > Identification unraid is binding port 80 and port 443 and Letsencrypt was set to also use 443. I changed the unraid port to resolve this. Edited September 23, 2017 by wreave Quote Link to comment
realies Posted September 23, 2017 Share Posted September 23, 2017 (edited) Having issues updating and starting on 6.4.0-rc9f. Edited February 3, 2018 by realies Quote Link to comment
CHBMB Posted September 23, 2017 Share Posted September 23, 2017 That's an issue with docker I think. Switch advanced on in the webui. Delete any letsencrypt containers & images including any orphan containers and try pulling again. Quote Link to comment
realies Posted September 23, 2017 Share Posted September 23, 2017 48 minutes ago, CHBMB said: That's an issue with docker I think. Switch advanced on in the webui. Delete any letsencrypt containers & images including any orphan containers and try pulling again. Removing the container and image (without orphan containers) and reinstalling worked. Although now I think I am having trouble with the built-in https support of 6.4.0.rc9f. Quote Link to comment
MowMdown Posted September 23, 2017 Share Posted September 23, 2017 3 hours ago, realies said: Removing the container and image (without orphan containers) and reinstalling worked. Although now I think I am having trouble with the built-in https support of 6.4.0.rc9f. Did you change the ports for the docker container to something like 80 -> 81 and 443 -> 444 (then forward ports 81 & 444 instead of 80 & 443)? Quote Link to comment
realies Posted September 24, 2017 Share Posted September 24, 2017 18 hours ago, MowMdown said: Did you change the ports for the docker container to something like 80 -> 81 and 443 -> 444 (then forward ports 81 & 444 instead of 80 & 443)? It is a valid workaround. Quote Link to comment
CHBMB Posted September 24, 2017 Share Posted September 24, 2017 18 hours ago, MowMdown said: Did you change the ports for the docker container to something like 80 -> 81 and 443 -> 444 (then forward ports 81 & 444 instead of 80 & 443)? That's what I've done. Quote Link to comment
MowMdown Posted September 24, 2017 Share Posted September 24, 2017 2 hours ago, realies said: It is a valid workaround. It is, because what you do on the router is tell it 192.169.1.200:81 -> port 80 & 192.168.1.200:444 -> port 443 (for example) Quote Link to comment
Gog Posted September 25, 2017 Share Posted September 25, 2017 (edited) Has anyone got the reverse proxy working with Piwigo? I'll admit, I'm far from understanding the proxy directives but the Google is failing me. I suspect it's because of the missing base directory for the Piwigo URL but I han't found how to change that either. Thanks Edit, this works but I still need to change the Piwigo root URL: location /piwigo { proxy_pass http://*unraid IP*:*piwigo port*/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } Edited September 27, 2017 by Gog Quote Link to comment
IamSpartacus Posted September 25, 2017 Share Posted September 25, 2017 Has anyone successfully converted a letsencrypt cert file for a subdomain (ie. emby.domain.com) into a pfx file for use with Emby https? First off, where are the subdomain cert keys even stored in the config as I'm having trouble finding it. Quote Link to comment
CHBMB Posted September 25, 2017 Share Posted September 25, 2017 1 hour ago, IamSpartacus said: Has anyone successfully converted a letsencrypt cert file for a subdomain (ie. emby.domain.com) into a pfx file for use with Emby https? First off, where are the subdomain cert keys even stored in the config as I'm having trouble finding it. I just use a script in the user.scripts plugin to copy the LE cert to my Emby appdata once a day. cp /mnt/cache/.appdata/nginx/keys/letsencrypt/privkey.pfx /mnt/cache/.appdata/emby/ssl/privkey.pfx Then in server setup in Emby, go to Expert => Advanced under custom certificate path use /config/ssl/privkey.pfx And specify your domain in External domain a little further down the page. Quote Link to comment
IamSpartacus Posted September 25, 2017 Share Posted September 25, 2017 4 minutes ago, CHBMB said: I just use a script in the user.scripts plugin to copy the LE cert to my Emby appdata once a day. cp /mnt/cache/.appdata/nginx/keys/letsencrypt/privkey.pfx /mnt/cache/.appdata/emby/ssl/privkey.pfx Then in server setup in Emby, go to Expert => Advanced under custom certificate path use /config/ssl/privkey.pfx And specify your domain in External domain a little further down the page. How did you go about getting the .pfx file created in the first place? Quote Link to comment
CHBMB Posted September 25, 2017 Share Posted September 25, 2017 I think it's already there iirc Quote Link to comment
IamSpartacus Posted September 25, 2017 Share Posted September 25, 2017 1 minute ago, CHBMB said: I think it's already there iirc And it applies to all subdomains? Quote Link to comment
IamSpartacus Posted September 25, 2017 Share Posted September 25, 2017 (edited) Ok I see it. Ok so I have the .pfx file now, I've copied it to my emby directory, and set that path in Emby > Advanced as well as my domain. Still unable to connect to my server though. I know it's a cert issue because I've confirmed a DNS lookup of my domain emby.mydomain.com resolves to my external IP and I see the connection passing through my firewall via the https port. Yet it never makes it to the Emby log which I'm told means it's a cert issue. This is from the Android app. If I just put in https://emby.mydomain.com into a browser it works fine. Was there anything else I haven't mentioned that you needed to setup to get this working through Emby apps? Edited September 25, 2017 by IamSpartacus Quote Link to comment
CHBMB Posted September 25, 2017 Share Posted September 25, 2017 I've got report https as external address checked if that helps And you still need to forward port 8920 on your router. https://server.com:8920 should take you to your Emby sign on page. Quote Link to comment
CHBMB Posted September 25, 2017 Share Posted September 25, 2017 If you want to reverse proxy Emby as well then here's a guide. I haven't tried this myself. Quote Link to comment
IamSpartacus Posted September 25, 2017 Share Posted September 25, 2017 Ok got it working. It was a port forwarding issue. I had to redirect incoming external connections that are using 8920 to 443 which is my internal port for my nginx reverse proxy. Works great now. Thanks for the help. Quote Link to comment
aptalca Posted September 25, 2017 Share Posted September 25, 2017 I simply mounted the letsencrypt key folder in the emby container. No need to copy anything Quote Link to comment
IamSpartacus Posted September 25, 2017 Share Posted September 25, 2017 2 minutes ago, aptalca said: I simply mounted the letsencrypt key folder in the emby container. No need to copy anything Yup I did the same. Works great. Quote Link to comment
markh Posted September 25, 2017 Share Posted September 25, 2017 (edited) Please disregard this post. Ive found the fault. My fault. Edited September 26, 2017 by markh issue resovled Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.