aptalca Posted October 11, 2017 Share Posted October 11, 2017 On 10/9/2017 at 12:09 AM, FreeMan said: I'm getting very slow response times from my LE/NGINX server. Slow to the point that it times out. I have shows.mydomain.ddns.us pointed at my binhex-libresonic docker on port 4040. That times out before I ever get the NGNIX login. However, when I reopen port 4040 at the router and direct it to my server, I get near instant access to my music/video library on my phone with WiFi turned off (i.e., ensuring I'm accessing externally) or with the phone on WiFi. Therefore I believe that it's an issue with the LE/N container, not with my internet connection in general (though Comcrap has been less than reliable the last couple of weeks), my internal network, or the server itself. I have it working (some installation issues were resolved around pages 30-32ish), and I've accessed it via my phone and my computer at work, however, it's always been sluggish. I'm not sure what you might need for diagnosis, so I'm attaching Diagnostics, let me know what else might be needed for trouble shooting. nas-diagnostics-20171009-1808.zip You can start by posting your site config. And then provide more concrete info such as what address you're trying to access, domain or ip. Also clarify whether it's timing out every time, which would mean no access as opposed to slow loading. Also try each case through lan and wan to make sure it's not a dns loopback issue. There are too many possibilities and not enough info to diagnose. Quote Link to comment
FreeMan Posted October 11, 2017 Share Posted October 11, 2017 7 minutes ago, aptalca said: You can start by posting your site config. And then provide more concrete info such as what address you're trying to access, domain or ip. Also clarify whether it's timing out every time, which would mean no access as opposed to slow loading. Also try each case through lan and wan to make sure it's not a dns loopback issue. There are too many possibilities and not enough info to diagnose. Default and specific shows configs attached. URL: shows.bds.ddns.us It started out being reachable but slow - I've been able to access via my phone & desktop machine at home via WiFi & wired networks. I've also been able to access via phone & work computer from off the home network. For the last couple of weeks, it's been totally unreachable - a timeout every time. The connection has timed out The server at shows.bds.ddns.us is taking too long to respond. This is what I'm getting from my wired PC on the home network and on my phone via cell service (WiFi off). default shows Quote Link to comment
aptalca Posted October 11, 2017 Share Posted October 11, 2017 3 hours ago, FreeMan said: Default and specific shows configs attached. URL: shows.bds.ddns.us It started out being reachable but slow - I've been able to access via my phone & desktop machine at home via WiFi & wired networks. I've also been able to access via phone & work computer from off the home network. For the last couple of weeks, it's been totally unreachable - a timeout every time. This is what I'm getting from my wired PC on the home network and on my phone via cell service (WiFi off). default shows If you go to http://192.168.1.5:4040 on lan, it connects fine? Nothing jumps out at me in the site config. You should check the nginx logs in the config folder to see what's going on Quote Link to comment
FreeMan Posted October 11, 2017 Share Posted October 11, 2017 (edited) Correct - no issues from 192.168.1.5:4040. Also, no issues and speedy response when accessing the Libresonic server via the Ultrasonic (so many sonics!) client app on my phone either on the home network or away from home (when I've opened the port at the router). Attaching the access.log, in which I see the following lines that give me pause: Quote 155.94.88.58 - - [08/Oct/2017:02:24:22 -0400] "GET / HTTP/1.0" 301 185 "-" "sysscan/1.0 (https://github.com/robertdavidgraham/sysscan)" 67.229.34.210 - - [08/Oct/2017:10:04:49 -0400] "POST https://unite.nike.com/loginWithSetCookie?appVersion=315&experienceVersion=276&uxid=com.nike.commerce.snkrs.web&locale=zh_CN&backendEnvironment=identity&browser=Google Inc.&os=undefined&mobile=false&native=false&visit=1&visitor=ae1c713a-b9e0-4f44-bdfe-df2891d2d3e9&lifetime=session HTTP/1.1" 405 575 "https://www.nike.com/cn/launch/t/nikecourt-zoom-vapor-rf-aj3-atmos" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" 62.210.209.201 - - [08/Oct/2017:10:15:23 -0400] "POST //%63%67%69%2D%62%69%6E/%70%68%70?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" 301 185 "-" "-" 164.52.0.141 - - [08/Oct/2017:12:06:19 -0400] "USER test +iw test :Test Wuz Here" 400 173 "-" "-" 54.81.171.165 - - [09/Oct/2017:21:16:55 -0400] "GET / HTTP/1.1" 301 185 "-" "Cloud mapping experiment searching for shoutcast servers. Contact [email protected]" 185.84.137.56 - - [10/Oct/2017:15:11:27 -0400] "GET /index.php?m=Home&c=Index&a=login&language=zh-cn HTTP/1.1" 301 185 "-" "-" 67.229.34.210 - - [10/Oct/2017:21:22:06 -0400] "GET https://api.nike.com/deliver/available_skus/v1/?filter=productIds(5c24911c-6161-5dc2-8bfb-b96fccb7c5af) HTTP/1.1" 200 430 "https://www.nike.com/cn/launch/t/air-jordan-1-retro-high-flyknit-black-game-royal" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" I don't know enough about these logs to know if I should be seriously concerned, since they're in the access.log. This one: "sysscan/1.0 (https://github.com/robertdavidgraham/sysscan)" occurs several times. There doesn't appear to be a "robertdavidgraham" on github, but there are 4 results for sysscan. I didn't look into any of the 4, so I'm not sure what's there. I don't think any of my family would be shopping at nike.com - none of us are big fans of Nike, but, of course, those are inbound attempts, not outbound. Also attaching error.log and error.log.1 - there's not much in either for the last 2 weeks or so. All assistance is appreciated! Anything further I can provide? access.log error.log error.log.1 Edited October 11, 2017 by FreeMan Quote Link to comment
FreeMan Posted October 12, 2017 Share Posted October 12, 2017 Anyone have any ideas? Quote Link to comment
izarkhin Posted October 17, 2017 Share Posted October 17, 2017 Hi guys, If anyone here uses Nginx as reverse proxy for dockerized Krusader or DokuWiki, can you please share your config? For Krusader I have the following: location /krusader { include /config/nginx/proxy.conf; rewrite ^/krusader$ /krusader/ redirect; proxy_pass http://XXX.XXX.XX.XXX:8084/; } and all I get is a page with a rolling gear For DokuWIki I have: location /dokuwiki/ { index doku.php; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; include /config/nginx/proxy.conf; proxy_pass http://XXX.XXX.XX.XXX:8087/; } I see the landing page (doku.php), but there is no CSS and none of the links work Please help! Quote Link to comment
izarkhin Posted October 17, 2017 Share Posted October 17, 2017 Alright, apparently I need more help. Previous post still applies, but I now switched from aptalca's old container to the new one and I can't seem to get certificates issued. Here is what I see in the logs: [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... 2048 bit DH parameters present SUBDOMAINS entered, processing Sub-domains processed are: -d www.mydomain.mynetgear.com E-mail address entered: [email protected] Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for mydomain.mynetgear.com tls-sni-01 challenge for www.mydomain.mynetgear.com Waiting for verification... Cleaning up challenges IMPORTANT NOTES: Failed authorization procedure. www.mydomain.mynetgear.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for www.mydomain.mynetgear.com here is the docker run command: root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="America/Los_Angeles" -e HOST_OS="unRAID" -e "EMAIL"="[email protected]" -e "URL"="mydomain.mynetgear.com" -e "SUBDOMAINS"="www," -e "ONLY_SUBDOMAINS"="false" -e "DHLEVEL"="2048" -e "PUID"="99" -e "PGID"="100" -p 8083:80/tcp -p 443:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt mydomain.mynetgear.com is a fake domain, but the real one exists and worked fine with the old container. router is configured with dyndns and can see it. port 443 is forwarded on the router. what could be the problem?! Quote Link to comment
aptalca Posted October 17, 2017 Share Posted October 17, 2017 2 hours ago, izarkhin said: Alright, apparently I need more help. Previous post still applies, but I now switched from aptalca's old container to the new one and I can't seem to get certificates issued. Here is what I see in the logs: [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... 2048 bit DH parameters present SUBDOMAINS entered, processing Sub-domains processed are: -d www.mydomain.mynetgear.com E-mail address entered: [email protected] Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for mydomain.mynetgear.com tls-sni-01 challenge for www.mydomain.mynetgear.com Waiting for verification... Cleaning up challenges IMPORTANT NOTES: Failed authorization procedure. www.mydomain.mynetgear.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for www.mydomain.mynetgear.com here is the docker run command: root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="America/Los_Angeles" -e HOST_OS="unRAID" -e "EMAIL"="[email protected]" -e "URL"="mydomain.mynetgear.com" -e "SUBDOMAINS"="www," -e "ONLY_SUBDOMAINS"="false" -e "DHLEVEL"="2048" -e "PUID"="99" -e "PGID"="100" -p 8083:80/tcp -p 443:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt mydomain.mynetgear.com is a fake domain, but the real one exists and worked fine with the old container. router is configured with dyndns and can see it. port 443 is forwarded on the router. what could be the problem?! I don't see anything wrong with the container settings. Likely a dns setting issue. Both containers use the same exact method to validate Quote Link to comment
izarkhin Posted October 17, 2017 Share Posted October 17, 2017 21 minutes ago, aptalca said: I don't see anything wrong with the container settings. Likely a dns setting issue. Both containers use the same exact method to validate I don't think so. I just created a new DNS record with noip.com: https://www.whatsmydns.net/#A/izarkhin.hopto.org. And in the log i still see: Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for izarkhin.hopto.org tls-sni-01 challenge for www.izarkhin.hopto.org Waiting for verification... Cleaning up challenges IMPORTANT NOTES: Failed authorization procedure. izarkhin.hopto.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for izarkhin.hopto.org, www.izarkhin.hopto.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for www.izarkhin.hopto.org Any other ideas? Quote Link to comment
izarkhin Posted October 18, 2017 Share Posted October 18, 2017 OK, so noip.com really sucks when it comes to validating certificates. I used duckdns.org instead and everything worked. My other question still stands: did anyone here have success configuring dockerized Dokuwiki or Krusader? I'm trying with subfolder / baseurl, but no luck! Quote Link to comment
napalmyourmom Posted October 19, 2017 Share Posted October 19, 2017 I am interested in setting up logic for a php script to execute every time this particular docker starts, including when it is started, restarted, updated with or without dynamix.docker.manager. I want the docker to wait until certain parameters are returned to start then run through its initialization. Is there a way for me to set this up only for this containers and not for all dockers in my instance? Thanks! Quote Link to comment
Leondre Posted October 20, 2017 Share Posted October 20, 2017 (edited) Would you be able to enable the Exif and XMLReader PHP extensions? Edited October 20, 2017 by Leondre Quote Link to comment
Deadpan110 Posted October 23, 2017 Share Posted October 23, 2017 (edited) On 10/21/2017 at 9:12 AM, Leondre said: Would you be able to enable the Exif and XMLReader PHP extensions? I second this! I use nginx a lot and this docker is pretty awesome (thank you), but I don't just use nginx as a reverse proxy... Yes I could use another docker for nextcloud, however this docker is small and practically complete (I can completely go nuts with what I want to do when I want). I am unsure of what PHP modules are installed within but it would be total goodness not having to do: docker exec -it letsencrypt apk --no-cache add php7-xmlreader As well as other PHP mod extensions that a lot of PHP web apps would commonly use Keep up the good work! Edited October 23, 2017 by Deadpan110 Quote Link to comment
endiz Posted October 26, 2017 Share Posted October 26, 2017 Anyone have a working config entry for organizr? Quote Link to comment
RAINMAN Posted October 27, 2017 Share Posted October 27, 2017 (edited) So I upgraded to the beta to try it out and of course with the SSL features in that it broke my letsencrypt docker. I tried to turn SSL/TLS to No and even changed the SSL port to 445 (for unraid) but it seems like its still holding 443 for some reason. Anyone else run into this? Edit: I'm an idiot, I had 445 already in use for something else lol. All good... Move along. Edited October 27, 2017 by RAINMAN Quote Link to comment
jrdnlc Posted October 28, 2017 Share Posted October 28, 2017 Is fail2ban enabled by default? Quote Link to comment
poldim Posted October 29, 2017 Share Posted October 29, 2017 Does anyone have LE running with a pihole (pi-hole) container? I'm trying to get something like this https://hub.docker.com/r/diginc/pi-hole/ running but not sure how to setup LE / nginx config to prevent breaking my existing forwards. I have a wordpress site that externally hosted on 80 and also want to have the pihole Quote Port 80 is highly recommended because if you have another site/service using port 80 by default then the ads may not transform into blank ads correctly. To make sure docker-pi-hole plays nicely with an existing webserver you run you'll probably need a reverse proxy webserver config if you don't have one already. Pi-Hole has to be the default web app on said proxy e.g. if you goto your host by IP instead of domain then pi-hole is served out instead of any other sites hosted by the proxy. This is the 'default_server' in nginx or 'default' virtual host in Apache and is taken advantage of so any undefined ad domain can be directed to your webserver and get a 'blocked' response instead of ads. You can still map other ports to pi-hole port 80 using docker's port forwarding like this -p 8080:80, but again the ads won't render propertly. Changing the inner port 80 shouldn't be required unless you run docker host networking mode. Here is an example of running with jwilder/proxy (an nginx auto-configuring docker reverse proxy for docker) on my port 80 with pihole on another port. Pi-hole needs to be DEFAULT_HOST env in jwilder/proxy and you need to set the matching VIRTUAL_HOST for the pihole's container. Please read jwilder/proxy readme for more info if you have trouble. I tested this basic example which is based off what I run. Quote Link to comment
aptalca Posted October 29, 2017 Share Posted October 29, 2017 2 hours ago, poldim said: Does anyone have LE running with a pihole (pi-hole) container? I'm trying to get something like this https://hub.docker.com/r/diginc/pi-hole/ running but not sure how to setup LE / nginx config to prevent breaking my existing forwards. I have a wordpress site that externally hosted on 80 and also want to have the pihole Why not reverse proxy both on port 80? Quote Link to comment
poldim Posted October 30, 2017 Share Posted October 30, 2017 5 hours ago, aptalca said: Why not reverse proxy both on port 80? I'd love to do that, but I can't seem to get it working. Basically it would be two services that come in on port 80 but would need to go to two different locations. Do you have any hints/guides/examples? Quote Link to comment
aptalca Posted October 30, 2017 Share Posted October 30, 2017 7 hours ago, poldim said: I'd love to do that, but I can't seem to get it working. Basically it would be two services that come in on port 80 but would need to go to two different locations. Do you have any hints/guides/examples? The services would be at different ports. Port 80 would go to the letsencrypt container. Based on the address, subdomain.yourdomain.com or yourdomain.com/yourapp the requests would be forwarded to those services. This thread has a ton of info on that. I suggest starting with Googling nginx reverse proxy to get the general idea, then read through this thread to figure out how to configure it Quote Link to comment
Fredrick Posted October 31, 2017 Share Posted October 31, 2017 On 26/10/2017 at 10:12 PM, endiz said: Anyone have a working config entry for organizr? #ORGANIZR UPSTREAM upstream organizr-upstream { #This is the local ip and port to Organizr server 192.168.1.7:9512; keepalive 32; } And in the main server block: #Custom Organizr error pages error_page 400 401 402 403 404 500 502 /error.php?error=$status; #Authentication location /auth-admin { internal; proxy_pass http://192.168.1.7:9512/auth.php?admin; proxy_set_header Content-Length ""; } location /auth-user { internal; proxy_pass http://192.168.1.7:9512/auth.php?user; proxy_set_header Content-Length ""; } #ORGANIZR CONTAINER location / { proxy_pass http://organizr-upstream; include /config/nginx/proxy.conf; } Quote Link to comment
Darksurf Posted November 1, 2017 Share Posted November 1, 2017 Sorry, I'm clueless as to how this docker works. no matter how I set it up, it denies any connection ERR_CONNECTION_REFUSED I've tried using ports 81 and 444. I just can't seem to connect.. Quote Link to comment
aptalca Posted November 1, 2017 Share Posted November 1, 2017 8 hours ago, Darksurf said: Sorry, I'm clueless as to how this docker works. no matter how I set it up, it denies any connection ERR_CONNECTION_REFUSED I've tried using ports 81 and 444. I just can't seem to connect.. Logs? Quote Link to comment
phiyuku Posted November 1, 2017 Share Posted November 1, 2017 (edited) Hi, I took a look at the logs of the letsencrypt docker and noticed a lot of these: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use)nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address in use) constantly. The thing is it works perfectly fine and any changes I make to the listen directives makes it change there as well. All the servers work and I have tested each one individually so I'm not sure what is going on and how to get rid of these. As far as I can tell there are no issues. I even changed each listen directive to a different port and it just throws one for each port I state. Edited November 1, 2017 by phiyuku Quote Link to comment
aptalca Posted November 1, 2017 Share Posted November 1, 2017 1 hour ago, phiyuku said: Hi, I took a look at the logs of the letsencrypt docker and noticed a lot of these: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use)nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address in use) constantly. The thing is it works perfectly fine and any changes I make to the listen directives makes it change there as well. All the servers work and I have tested each one individually so I'm not sure what is going on and how to get rid of these. As far as I can tell there are no issues. I even changed each listen directive to a different port and it just throws one for each port I state. What exactly are you doing? It seems like you're trying to start up a second instance of nginx Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.